Privacy statement

Privacy policy

This data protection notice informs you about how we handle your personal data and about your rights under the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). Management-Institut Dr. A. Kitzmann GmbH & Co KG (hereinafter referred to as "we" or "us") is responsible for data processing.

General information

  1. Contact us

If you have any questions or suggestions regarding this information or would like to contact us to assert your rights, please send your request to

Management Institute Dr. A. Kitzmann GmbH & Co. KG

Dorpatweg 10

48159 Münster

Germany

Phone +49 251 202050

E-mail: info@kitzmann.biz

  1. Legal basis

The data protection term "personal data" refers to all information relating to an identified or identifiable person. We process personal data in compliance with the relevant data protection regulations, in particular the GDPR and the BDSG. Data processing by us only takes place on the basis of legal permission. We only process personal data with your consent (Section 25 (1) TTDSG or Art. 6 (1) (a) GDPR), to fulfill a contract to which you are a party or at your request to carry out pre-contractual measures (Art. 6 (1) (b) GDPR), to fulfill a legal obligation (Art. 6(1)(c) GDPR) or if processing is necessary for the purposes of our legitimate interests or the legitimate interests of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data (Art. 6(1)(f) GDPR).

If you apply for an open position in our company, we will also process your personal data to decide on the establishment of an employment relationship (Section 26 (1) sentence 1 BDSG).

  1. Duration of storage

Unless otherwise stated in the following information, we only store the data for as long as is necessary to achieve the purpose of processing or to fulfill our contractual or legal obligations. Such statutory retention obligations may arise in particular from commercial or tax law regulations. From the end of the calendar year in which the data was collected, we will store such personal data contained in our accounting data for ten years and store personal data contained in commercial letters and contracts for six years. In addition, we will retain data in connection with consents requiring proof and with complaints and claims for the duration of the statutory limitation periods. We will delete data stored for advertising purposes if you object to processing for this purpose.

  1. Categories of recipients of the data

We use processors in the context of processing your data. The processing operations carried out by such processors include, for example, hosting, e-mail dispatch, maintenance and support of IT systems, customer and order management, order processing, accounting and billing, marketing measures or file and data carrier destruction. A processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. Processors do not use the data for their own purposes, but carry out the data processing exclusively for the controller and are contractually obliged to guarantee suitable technical and organizational measures for data protection. We may also transfer your personal data to bodies such as postal and delivery services, your bank, tax consultants/auditors or the tax authorities. Data may be transferred to the responsible public health department for infection tracking purposes. Further recipients may result from the following information.

  1. Data transfer to third countries

Our data processing may involve the transfer of certain personal data to third countries, i.e. countries in which the GDPR is not applicable law. Such a transfer is permissible if the European Commission has determined that an adequate level of data protection is required in such a third country. If there is no such adequacy decision by the European Commission, personal data will only be transferred to a third country if there are suitable guarantees in accordance with Art. 46 GDPR or if one of the requirements of Art. 49 GDPR is met.

Unless otherwise stated below, we use the EU standard data protection clauses as appropriate safeguards for the transfer of personal data to third countries. You have the option of receiving or viewing a copy of these EU standard data protection clauses. Please contact us at the address given under Contact.

If you consent to the transfer of personal data to third countries, the transfer takes place on the legal basis of Art. 49 para. 1 letter a GDPR.

  1. Processing when exercising your rights

If you exercise your rights in accordance with Art. 15 to 22 GDPR, we process the personal data transmitted for the purpose of implementing these rights by us and to be able to provide proof of this. We will only process data stored for the purpose of providing and preparing information for this purpose and for the purposes of data protection monitoring and will otherwise restrict processing in accordance with Art. 18 GDPR.

This processing is based on the legal basis of Art. 6 para. 1 lit. c GDPR in conjunction with. Art. 15 to 22 GDPR and § 34 para. 2 BDSG.

  1. Your rights

As a data subject, you have the right to assert your data subject rights against us. In particular, you have the following rights:

  • In accordance with Art. 15 GDPR and Section 34 BDSG, you have the right to request information as to whether or not we process personal data relating to you and, if so, to what extent.
  • You have the right to demand that we rectify your data in accordance with Art. 16 GDPR.
  • You have the right to demand that we erase your personal data in accordance with Art. 17 GDPR and Section 35 BDSG.
  • You have the right to restrict the processing of your personal data in accordance with Art. 18 GDPR.
  • In accordance with Art. 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and to transmit those data to another controller.
  • If you have given us separate consent to process your data, you can withdraw this consent at any time in accordance with Art. 7 (3) GDPR. Such a revocation does not affect the legality of the processing that was carried out on the basis of the consent until the revocation.
  • If you believe that the processing of your personal data violates the provisions of the GDPR, you have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR.
  1. Right of objection

In accordance with Art. 21 (1) GDPR, you have the right to object to processing based on the legal basis of Art. 6 (1) (e) or (f) GDPR on grounds relating to your particular situation. If we process personal data about you for the purpose of direct marketing, you can object to this processing in accordance with Art. 21 (2) and (3) GDPR.

  1. Data Protection Officer

You can reach our data protection officer using the following contact details:

E-mail: datenschutz@kitzmann.biz

brainosphere 1 GmbH

Witzlebenstrasse 21a

14057 Berlin

General data processing on our website

When you use the website, we collect information that you provide yourself. We also automatically collect certain information about your use of the website during your visit. Under data protection law, the IP address is also considered personal data. An IP address is assigned to every device connected to the Internet by the Internet provider so that it can send and receive data.

  1. Processing of server log files

When using our website for purely informational purposes, general information that your browser transmits to our server is initially stored automatically (i.e. not via registration). By default, this includes: browser type/version, operating system used, page accessed, the previously visited page (referrer URL), IP address, date and time of the server request and HTTP status code. The processing is carried out to protect our legitimate interests and is based on the legal basis of Art. 6 para. 1 letter f GDPR. This processing serves the technical administration and security of the website. The stored data will be deleted after 14 days unless there is a justified suspicion of unlawful use based on concrete evidence and further examination and processing of the information is necessary for this reason. We are not in a position to identify you as a data subject on the basis of the stored information. Art. 15 to 22 GDPR therefore do not apply in accordance with Art. 11 para. 2 GDPR, unless you provide additional information that enables your identification in order to exercise your rights set out in these articles.

  1. Registration for seminars

You can register for our seminars on our website. The required information can be found in the registration form. All data fields marked as mandatory are required to register for the seminar. If you do not provide this data, we will not be able to process your registration. The legal basis for your processing is Art. 6 para. 1 letter b GDPR.

The provision of further data is voluntary. We process such voluntarily provided data on the basis of Art. 6 para. 1 letter f GDPR.

We pass on the registration information for the seminar to freelance seminar trainers.

  1. Contact options and inquiries

Our website contains contact forms that you can use to send us messages. The transfer of your data is encrypted (recognizable by the "https" in the address line of the browser). All data fields marked as mandatory are required to process your request. If you do not provide this data, we will not be able to process your request. The provision of further data is voluntary. Alternatively, you can also send us a message via the contact e-mail.

We process the data for the purpose of responding to your request. If your request is aimed at the conclusion or execution of a contract with us, Art. 6 para. 1 letter b GDPR is the legal basis for data processing. Otherwise, we process the data on the basis of our legitimate interest in contacting inquiring persons. The legal basis for data processing is then Art. 6 para. 1 letter f GDPR.

  1. Newsletter

On our website, we offer you the opportunity to subscribe to our newsletter. Once you have registered, we will inform you regularly about the latest news on our offers. A valid e-mail address is required to register for the newsletter. To verify your e-mail address, you will first receive a registration e-mail, which you must confirm via a link (double opt-in).

If you subscribe to the newsletter on our website, we process personal data such as your email address and your name on the basis of the consent you have given. The processing is based on the legal basis of Art. 6 para. 1 letter a GDPR. You can revoke your consent at any time with effect for the future, for example via the "unsubscribe" link in the newsletter or by contacting us via the above-mentioned channels. The legality of the data processing operations that have already taken place remains unaffected by the revocation.

When registering for the newsletter, we also store the IP address and the date and time of registration. The processing of this data is necessary in order to be able to prove that consent has been given.

The legal basis arises from our legal obligation to document your consent (Art. 6 para. 1 letter c in conjunction with Art. 7 para. 1 GDPR).

We also analyze the reading behavior and opening rates of our newsletter. We evaluate the data generated when our emails are delivered and retrieved in aggregated and anonymized form (delivery rate, open rate, click rates, unsubscribe rate, bounce rate, visits, completions) in order to measure the use and success of the emails.

The legal basis for the analysis of our newsletter is Art. 6 para. 1 letter f GDPR and the processing serves our legitimate interest in optimizing our newsletter. You can object to this at any time by contacting one of the contact channels listed above.

On the other hand, we also evaluate the data generated when you access and use these e-mails (time of opening, hyperlinks clicked on, documents downloaded) as well as transaction data on downstream websites in connection with your e-mail address in order to provide you with personalized information on this basis in the future, which takes your interests and needs into account in the best possible way. We use the anonymous and personal data collected to provide you with personalized content and individualized information in our advertising emails and downstream websites.

The legal basis for data processing in the context of e-mails is Art. 6 para. 1 letter a GDPR. You can revoke your consent at any time with effect for the future, for example via the "unsubscribe" link in the newsletter or by contacting us via the channels mentioned above.

We use the HubSpot service from HubSpot Inc (USA) to manage subscriptions, send the newsletter and analyze it. Your e-mail address and name are therefore transmitted by us to the service provider. If you do not want your data to be processed by this service provider, you should not subscribe to the newsletter or unsubscribe from it.

  1. Payment service provider

To pay for our services, you can choose between various options. We work together with various payment providers for this purpose.

  • Payment by credit card

We offer you the option of paying by credit card. Please note that the respective payment information is collected and processed by the relevant payment service providers on their own responsibility.

  • Payment via PayPal

You also have the option of paying via PayPal. Please note that the relevant payment information is collected and processed by PayPal (Europe) S.à r.l. et Cie, S.C.A. (Luxembourg, EU) on its own responsibility. PayPal transmits to us your address data stored with PayPal, which we process exclusively for contract processing.

The legal basis is Art. 6 (1) (b) GDPR.

Further information on data protection at PayPal can be found at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE#r5.

  1. Applications

You have the opportunity to apply for a job via our website in the Jobs section. For this purpose, we collect personal data from you, including in particular your name, CV, letter of application and other content provided by you. Your personal application data will only be processed for purposes related to your interest in current or future employment with us and the processing of your application. Your application will only be processed and acknowledged by the relevant contact persons at our company. All employees entrusted with data processing are obliged to maintain the confidentiality of your data. If we are unable to offer you employment, we will retain the data you have submitted for up to six months after completion of the application process for the purpose of answering questions in connection with your application and rejection. This does not apply if statutory provisions prevent deletion, if further storage is necessary for the purpose of providing evidence or if you have expressly consented to longer storage.

The legal basis for data collection is Section 26 (1) sentence 1 BDSG.

If we retain your applicant data for a period of six months and you have expressly consented to this, we would like to point out that this consent can be freely revoked at any time in accordance with Art. 7 para. 3 GDPR. Such a revocation does not affect the legality of the processing that took place until the revocation on the basis of the consent.

  1. Cookies

We use cookies and similar technologies ("cookies") on our website. Cookies are small data records that are stored by your browser when you visit a website. This identifies the browser used and can be recognized by web servers. You have full control over the use of cookies through your browser. You can delete cookies at any time in the security settings of your browser. You can object to the use of cookies through your browser settings in principle or for certain cases.

The use of cookies is in part technically necessary for the operation of our website and is therefore permitted without the user's consent. We may also use cookies to offer special functions and content and for analysis and marketing purposes. These may also include cookies from third-party providers (so-called third-party cookies). We only use such technically unnecessary cookies with your consent in accordance with Section 25 (1) TTDSG and, if applicable, Art. 6 (1) (a) GDPR. Information on the purposes, providers, technologies used, stored data and the storage duration of individual cookies can be found in the cookie settings of our Consent Management Tool.

  1. Consent Management Tool

This website uses the consent management tool Cookiebot from Cybot A/S /(Denmark, EU) to control cookies and the processing of personal data. The consent banner enables users of our website to give consent to certain data processing processes or to revoke consent that has been given. By confirming the "I accept" button or by saving individual cookie settings, you consent to the use of the associated cookies. The legal basis under data protection law is your consent within the meaning of Art. 6 para. 1 letter a GDPR.

The banner also helps us to provide evidence of the declaration of consent. For this purpose, we process information about the declaration of consent and further log data for this declaration. Cookies are also used to collect this data.

The processing of this data is necessary in order to be able to prove that consent has been given. The legal basis arises from our legal obligation to document your consent (Art. 6 para. 1 letter c in conjunction with Art. 7 para. 1 GDPR).

You can revoke your consent for cookies here

  1. Tracking & Retargeting
  • Google Ads

We use the online advertising program Google Ads from Google Ireland Limited (Ireland, EU) on our website, through which we place advertisements on the Google search engine. If you reach our website via a Google ad, Google places a cookie on your end device ("conversion cookie"). A different conversion cookie is assigned to each Google Ads customer so that the cookies are not tracked across the websites of different Ads customers. The information collected with the help of the cookie is used to create conversion statistics. This tells us the total number of users who have clicked on one of our Google ads. However, we do not receive any information that can be used to personally identify users.

Your data is processed on the basis of your consent in accordance with Art. 6 (1) (a) GDPR.

Cookies are set with your consent, which you can revoke at any time with effect for the future via the Consent Management Tool. Further information on data protection at Google can be found in Google's privacy policy at https://policies.google.com/privacy#infocollect.

  • Google Optimize

We use the Google Optimize service on our website, which is offered by Google Ireland Limited (Ireland, EU - "Google Optimize"). Google Optimize allows us to test various designs and settings of our website and use the results to adapt our website to the needs and wishes of website visitors. To analyze the test results, the Google Optimize service is linked to the Google Analytics analysis service. Your IP address is transmitted to Google Ireland Limited.

We only process your personal data with your consent.

The legal basis for the processing of personal data as part of the measurement procedure described here is Article 6(1)(a) GDPR.

Cookies are set and read on your end device in order for the service to function. Such storage of information or access to information that is already stored on your device only takes place with your consent. The legal basis for data processing is therefore § 25 para. 1 TTDSG.

Further information on these processing activities, the technologies used, stored data and the storage period can be found in the settings of our Consent Management Tool.

Further information on data processing can be found at: https://policies.google.com/privacy

  • Google Analytics

We use the Google Analytics service of the provider Google Ireland Limited (Ireland, EU) on our website.

Google Analytics is a web analytics service that enables us to collect and analyze data about the behavior of visitors to our website. Google Analytics uses cookies for this purpose, which enable us to analyze the use of our website. Personal data is processed in the form of online identifiers (including cookie identifiers), IP addresses, device identifiers and information about interaction with our website.

Some of this data is information that is stored on the device you are using. In addition, further information is stored on your device via the cookies used. Such storage of information by Google Analytics or access to information that is already stored on your device only takes place with your consent.

Google Ireland will process the data collected in this way on our behalf in order to evaluate the use of our website by users, to compile reports on the activities within our website and to provide us with further services associated with the use of our website and the use of the Internet. Pseudonymous user profiles can be created from the processed data.

The setting of cookies and the further processing of personal data described here takes place with your consent. The legal basis for data processing in connection with the Google Analytics service is therefore Article 6(1)(a) GDPR. You can revoke this consent at any time via our Consent Management Tool with effect for the future.

We use the Google Analytics 4 variant, which enables us to track interaction data from different devices and different sessions. This allows us to put individual user actions into context and analyze long-term relationships. 14 months of user action data is stored and then automatically deleted. All other event data is stored for 2 months and then automatically deleted. Data whose storage period has expired is automatically deleted once a month.

We also use the Google Analytics advertising functions (remarketing). This function enables us, in conjunction with Google's cross-device functions, to display advertisements in a more targeted manner and to present users with advertisements tailored to their interests. Remarketing is used to show users ads and products for which interest has been identified on other websites in the Google network. The function allows us to link advertising target groups created via Google Analytics Remarketing with the cross-device functions of Google Ads. In this way, interest-based, personalized advertising messages that have been adapted to a user depending on previous usage and surfing behavior on one device (e.g. cell phone) can also be displayed on another of the user's devices (e.g. tablet or PC).

If you have given your consent, Google will link your web and app browsing history to your Google account for this purpose. In this way, the same personalized advertising messages can be displayed on every device on which you sign in with your Google account. The aggregation of the data collected in your Google Account is based solely on your consent, which you can give or withdraw from Google. For these linked services, data is then collected for advertising purposes via Google Analytics. To support the remarketing function, Google Analytics collects the Google-authenticated IDs of users, which are temporarily linked to our Google Analytics data. This is used to define and create target groups for cross-device advertising.

The personal data processed on our behalf for the provision of Google Analytics may be transferred to any country in which Google Ireland or Google Ireland's sub-processors maintain facilities. Please refer to the information in the section "Data transfer to third countries".

We only use Google Analytics with activated IP anonymization. This means that the IP address of users is shortened by Google Ireland within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. The IP address transmitted by the user's browser is not merged with other data. Further information on the use of data for advertising purposes can be found in Google's privacy policy at: www.google.com/policies/technologies/ads/

  • Facebook pixel

We use the Facebook pixel on our website, a meta business tool from Meta Platforms Ireland Limited (Ireland, EU). Information on the contact details of Meta Platforms Ireland Ltd. and the contact details of the data protection officer of Meta Platforms Ireland Ltd. can be found in the data policy of Meta Platforms Ireland Ltd. at https://www.facebook.com/about/privacy.

The Facebook pixel is a JavaScript code snippet that enables us to track the activities of visitors to our website. This tracking is called conversion tracking. The Facebook pixel collects and processes the following information (so-called event data) for this purpose:

  • Information on the actions and activities of visitors to our website, such as searching for and viewing a product or purchasing a product;
  • Specific pixel information such as the pixel ID and the Facebook cookie;
  • Information on buttons clicked by visitors to the website;
  • Information present in the HTTP headers, such as IP addresses, information about the web browser, the location of the page and the referrer;
  • Information on the status of the deactivation/restriction of ad tracking.

Some of this event data is information that is stored on the device you are using. In addition, the Facebook pixel also uses cookies to store information on the device you are using. Such storage of information by the Facebook pixel or access to information that is already stored on your device only takes place with your consent.

Tracked conversions appear in the dashboard of our Facebook Ads Manager and Facebook Analytics. We can use the tracked conversions there to measure the effectiveness of our ads, to define custom audiences for ad targeting, for Dynamic Ads campaigns and to analyze the effectiveness of our website's conversion funnels. The functions we use via the Facebook pixel are described in more detail below.

Processing of event data for advertising purposes

The event data collected via the Facebook pixel is used to target our ads and improve ad delivery, personalize features and content, and improve and secure meta-products.

For this purpose, event data is collected on our website using the Facebook pixel and transmitted to Meta Platforms Ireland Ltd. This only takes place if you have given your prior consent. The legal basis for the collection and transmission of personal data by us to Meta Platforms Ireland Ltd. is therefore Art. 6 para. 1 lit. a GDPR.

This collection and transmission of event data is carried out by us and Meta Platforms Ireland Ltd. as joint controllers. We have entered into a joint controllership agreement with Meta Platforms Ireland Ltd. which sets out the allocation of data protection obligations between us and Meta Platforms Ireland Ltd. In this agreement, we and Meta Platforms Ireland Ltd. have agreed, among other things

  • that we are responsible for providing you with all information in accordance with Art. 13, 14 GDPR on the joint processing of personal data;
  • that Meta Platforms Ireland Ltd. is responsible for enabling the rights of data subjects under Art. 15 to 20 GDPR with regard to the personal data stored by Meta Platforms Ireland Ltd. following joint processing.

You can access the agreement concluded between us and Meta Platforms Ireland Ltd. at https://www.facebook.com/legal/controller_addendum.

Meta Platforms Ireland Ltd. is solely responsible for the subsequent processing of the submitted Event Data. For more information on how Meta Platforms Ireland Ltd. processes personal data, including the legal basis on which Meta Platforms Ireland Ltd. relies and how to exercise your rights against Meta Platforms Ireland Ltd., please refer to Meta Platforms Ireland Ltd.'s Data Policy at https://www.facebook.com/about/privacy.

Processing of event data for measurement solutions and analysis services

We have also commissioned Meta Platforms Ireland Ltd. to prepare reports on the impact of our advertising campaigns and other online content (campaign reports) and to create analyses and insights about users and their use of our website, products and services (analyses) on the basis of the event data collected via the Facebook pixel. For this purpose, we transmit personal data contained in the event data to Meta Platforms Ireland Ltd. The personal data transmitted is processed by Meta Platforms Ireland Ltd. as our processor in order to provide us with the campaign reports and analyses.

Personal data will only be processed to create analyses and campaign reports if you have given your prior consent. The legal basis for this processing of personal data is therefore Article 6(1)(a) GDPR.

The data processed on our behalf will be transferred by Meta Platforms Ireland Ltd. to Meta Platforms, Inc. in the USA. Meta Platforms Ireland Ltd. transfers the data to Meta Platforms, Inc. on the basis of processor-to-processor standard contractual clauses, but reserves the right to use an alternative means of transfer recognized by the GDPR and other applicable data protection laws in the European Economic Area, the United Kingdom and Switzerland.

  • Microsoft Advertising

We use the Microsoft Advertising (formerly Bing Ads) service from Microsoft Ireland Operations Limited (Ireland, EU) on our website. Microsoft Advertising is an online marketing service that uses the Universal Event Tracking (UET) tool to help us display targeted advertisements via the search engines Microsoft Bing, Yahoo, Aol, other search partners (e.g. Ecosia, DuckDuckGo) and the Microsoft Audience Network. Microsoft Advertising uses cookies for this purpose. Personal data is processed in the form of online identifiers (including cookie identifiers), IP addresses, device identifiers and information about device and browser settings.

Microsoft Advertising collects data via UET with which we can track target groups thanks to remarketing lists. For this purpose, a cookie is stored on the end device used when you visit our website. This enables Microsoft Advertising to recognize that our website has been visited and to display an advertisement when the above-mentioned services are used at a later date.

The information is also used to create conversion statistics, i.e. to record how many users have reached our website after clicking on an ad. This tells us the total number of users who clicked on our ad and were redirected to our website. However, we do not receive any information with which users can be personally identified.

Your data is processed on the basis of your consent in accordance with Art. 6 (1) (a) GDPR.

Cookies are set with your consent, which you can revoke at any time with effect for the future via our Consent Management Tool. Further information on data protection at Microsoft can be found in Microsoft's privacy policy at https://privacy.microsoft.com/de-de/privacystatement.

  • LinkedIn Insight Tag

We use the LinkedIn Insight tag on our website, a marketing product of LinkedIn Ireland Unlimited Company (Ireland, EU - "LinkedIn"). For information on LinkedIn Ireland's contact details and the contact details of LinkedIn Ireland's data protection officer, please refer to LinkedIn's data policy at https://www.linkedin.com/legal/privacy-policy.

The LinkedIn Insight tag is a JavaScript code snippet that is triggered by LinkedIn when you visit our website and stores a cookie on the device you are using. Such storage of information by the LinkedIn Insight tag or access to information that is already stored on your device and any further processing of personal data in connection with the LinkedIn Insight tag will only take place with your consent.

The legal basis for the collection and transmission of personal data by us to LinkedIn Ireland is therefore Art. 6 para. 1 letter a GDPR.

We can perform various functions via the LinkedIn Insight tag, which we describe in detail below.

LinkedIn conversion tracking is an analysis function that is supported by the LinkedIn Insight tag. The LinkedIn Insight tag enables the collection of data on visits to our website, including URL, referrer URL, IP address, device and browser characteristics (user agent) and timestamp. The IP addresses are shortened or (if they are used to reach members across devices) hashed. LinkedIn does not provide us with any personal data, but only offers reports (in which you are not identified) about the website target group and ad performance. This allows us to measure the effectiveness of LinkedIn ads for statistical and market research purposes.

The direct identifiers of the members are removed by LinkedIn within seven days in order to pseudonymize the data. LinkedIn then deletes this remaining pseudonymized data within 180 days.

This processing is carried out for the purpose of obtaining information about our website target group and a report on the effectiveness of LinkedIn campaigns.

We have entered into a joint controllership agreement with LinkedIn, which sets out the allocation of data protection obligations between us and LinkedIn. You can view this here: https://legal.linkedin.com/pages-joint-controller-addendum

Further information on data processing by LinkedIn can be found here: https://www.linkedin.com/help/lms/answer/a427660/linkedin-insight-tag-haufig-gestellte-fragen and https://de.linkedin.com/legal/privacy-policy.

Please note that in accordance with the LinkedIn Privacy Policy, personal data is also processed by LinkedIn in the USA or other third countries. LinkedIn only transfers personal data to countries for which the European Commission has issued an adequacy decision in accordance with Art. 45 GDPR or on the basis of suitable guarantees in accordance with Art. 46 GDPR.

  • HubSpot

We use HubSpot, a service provided by HubSpot Inc (USA), to analyze visits to our website. HubSpot uses cookies and similar technologies that enable your use of our website to be analyzed. This involves processing personal data in the form of online identifiers (including cookie identifiers), IP addresses and device identifiers. HubSpot will use this information on our behalf to evaluate the use of our online offer by users and to compile reports for us on the activities within our website. Usage profiles can be created from the processed data.

Cookies are set on your end device to integrate the HubSpot service. Cookies are set with your consent, which you can revoke at any time with effect for the future via our Consent Management Tool.

Your data is processed on the basis of your consent in accordance with Art. 6 (1) (a) GDPR.

This may also result in the transfer of personal data to the USA. Please note the information in the section "Data transfer to third countries".

Further information on data protection at HubSpot can be found in HubSpot's privacy policy at https://legal.hubspot.com/de/privacy-policy.

  1. Social plugin - LinkedIn

We use the Linkedin social network plugin from LinkedIn Ireland Unlimited Company, (Ireland, EU). These plugins allow you to share the content of our website on the LinkedIn social network. For this purpose, the program code of the respective provider is transmitted directly from the provider's servers when you visit our website. If you are logged into your LinkedIn user account when you visit our website or interact with the plugin, further data may be transmitted.

The processing of personal data only takes place with your consent and is therefore based on Art. 6 para. 1 letter a GDPR.

Furthermore, cookies may be set on your end device when using the plugins. This also only takes place with your consent. Section 25 (1) TTDSG serves as the legal basis.

Further information on the processing of personal data by LinkedIn can be found at https://de.linkedin.com/legal/privacy-policy.

  1. External media and third-party services
  • Google Tag Manager

We use the Google Tag Manager of the provider Google Ireland Limited (Ireland, EU) on our website. Google Tag Manager is used to manage our website tags via an interface. The Google Tag Manager is a cookie-free domain to which the IP address is transmitted for technical reasons. The Google Tag Manager merely triggers other tags, which in turn may collect data without accessing this data themselves. If deactivation has been carried out at domain or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager.

Art. 6(1)(f) GDPR serves as the legal basis for the transmission of the IP address. Our legitimate interest is the administration of our website services and the triggering of other tags.

Further information on data processing can be found at: https://support.google.com/tagmanager/answer/7157428

  • Adobe Fonts

We use Adobe Fonts from Adobe Systems Software Ireland Limited (Ireland, EU) on our website for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. For such integration, it is technically necessary to process your IP address so that the content can be sent to your browser. Your IP address is therefore transmitted to Adobe. For licensing reasons, it is necessary for the page views to be counted, which is why your browser transmits our Adobe customer ID as the website operator, among other things. No cookies are set in the process. You can object to this data processing at any time via the settings of the browser used or certain browser extensions. One such extension is the Matrix-based firewall uMatrix for the Firefox and Google Chrome browsers. Please note that this may result in functional restrictions on the website. If your browser does not support web fonts, a standard font will be used by your computer.

Your data is processed on the basis of Art. 6 para. 1 letter f GDPR and is based on our legitimate interest in the uniform and appealing presentation of our website.

Further information on data protection at Adobe can be found in Adobe's privacy policy at https://www.adobe.com/de/privacy/policies/adobe-fonts.html.

  • Google Maps

We use Google Maps from Google Ireland Limited (Ireland, EU) on our website to display maps and for virtual tours. For such integration, it is technically necessary to process your IP address so that the content can be sent to your browser. Your IP address is therefore transmitted to Google and Google may set its own cookies.

Your data is processed on the basis of your consent in accordance with Art. 6 (1) (a) GDPR.

Further information on data protection at Google can be found in Google's privacy policy at https://www.google.com/policies/privacy.

  • YouTube

We use the YouTube service of Google Ireland Limited (Ireland, EU) on our website to integrate videos. For such integration, it is technically necessary to process your IP address so that the content can be sent to your browser. Your IP address is therefore transmitted to Google and Google may set its own cookies. We use YouTube in "extended data protection mode" so that no cookies are set by YouTube to analyze user behavior.

Your data is processed on the basis of your consent in accordance with Art. 6 (1) (a) GDPR.

Further information on data protection at Google can be found in Google's privacy policy at https://www.google.com/policies/privacy.

  • Chat service

We have integrated the chat service Zendesk from the provider Zendesk Inc (USA) on our website. This allows you to ask us questions or leave a request and contact details. All data fields marked as mandatory are required to process your request. If you do not provide them, we will not be able to process your request. Alternatively, you can also send us a message via the contact e-mail. We process the data for the purpose of answering your request.

Your IP address and technical device and browser information must be transmitted to the chat service provider in order for the chat service to be displayed and function properly.

If your request is aimed at the preparation or execution of a contract with us, Art. 6 para. 1 letter b GDPR is the legal basis for data processing. In addition, it serves our legitimate interest in accordance with Art. 6 para. 1 letter f GDPR in the fast and targeted processing of questions from website visitors and companies.

Cookies may be set on your end device to integrate the service. Cookies are set with your consent in accordance with Section 25 (1) TTDSG, which you can revoke at any time with effect for the future via our Consent Management Tool.

When using the service, a transfer of your data to the USA cannot be ruled out. Please note the information in the section "Data transfer to third countries". Further information on data protection at Zendesk can be found in Zendesk's privacy policy at https://www.zendesk.de/company/agreements-and-terms/privacy-notice/#georedirect.

  • Weather widget

We have implemented an application on our website that shows you the weather and time depending on whether you agree to the localization of your location. For this purpose, current weather data from the provider openweathermap.org of Openweather Ltd (United Kingdom) is displayed.

The transmission of the IP address to Openweather Ltd. is technically necessary to display the weather data and the time. The weather forecast is displayed in the interest of an appealing and informative presentation of our website. This constitutes a legitimate interest and the transmission of the IP address is therefore based on Art. 6 para. 1 letter f GDPR.

The United Kingdom is a third country within the meaning of the GDPR. However, the transfer of personal data to Openweather Ltd. is based on an adequacy decision of the European Union within the meaning of Art. 45 GDPR. Further information on data protection at Openweather Ltd. can be found in the data protection information of Openweather Ltd. at: https://openweather.co.uk/privacy-policy.

Data processing for the organization of seminars

  1. Transmission of personal data to the lecturers

We pass on personal data - e.g. the names of the participants and contact details - to our lecturers in order to carry out the event. The lecturers provide us with information about the participants' attendance so that we can send them the relevant certificates or confirmations of attendance following the event.

The legal basis for data processing is Art. 6 (1) (b) GDPR.

  1. Video streaming services

We use various video streaming services to communicate with prospective or existing contractual partners or to provide services to our customers. Your personal data is collected and processed by us and the provider of the respective conference tool for communication purposes.

The provider of the tool processes all technical data required to handle online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker and the type of connection.

If content is exchanged, uploaded or provided in any other way within the tool, it cannot be ruled out that this content will also be stored on the provider's servers. Such content includes, in particular, cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files and other information that is shared while using the service.

Insofar as the video streaming service is used to conduct the seminar, the data processing is based on Art. 6 para. 1 letter b GDPR. Furthermore, the use of the tools serves to generally simplify and accelerate communication with us or our company, so that we process personal data on the basis of our legitimate interest within the meaning of Art. 6 para. 1 letter f GDPR.

Online meetings will only be recorded if we have informed you of this in advance and you have consented to the recording. The legal basis in this case is Art. 6 (1) (a) GDPR.

We use the following video streaming services:

  • Zoom

Zoom is a service of Zoom Video Communications, Inc (USA - "Zoom"). With Zoom, the transfer of data to the USA cannot be ruled out. Please note the information in the section "Data transfer to third countries". Further information on data protection at Zoom can be found in Zoom's privacy policy: https://explore.zoom.us/de/privacy/.

  • Teams

We use the Teams service of Microsoft Ireland Operations Limited (Ireland, EU - "Teams"). You can find more information on data protection at Teams at: https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA.

  • Webex

Webex is a video streaming service of Cisco Systems, Inc (USA - "Webex"). With Webex, the transfer of data to the USA cannot be ruled out. Please refer to the information in the section "Data transfer to third countries". Further information on data protection at Webex can be found at: https://www.cisco.com/c/de_de/about/legal/privacy-full.html.

  • Skype

We also use the Skype service provided by Microsoft Ireland Operations Limited (Ireland, EU - "Skype"). You can find further information on data protection at Skype at: https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA.

  • GoToMeeting

We use the GoToMeeting service of LogMeIn Ireland Unlimited Company (Ireland, EU - "GoToMeeting"). Further information on data protection at Teams can be found at: https://www.goto.com/de/company/legal/privacy.

Data processing on the learning world platform

  1. Registration

We offer e-learning products on the Lernwelt platform ("Lernwelt") in connection with our seminars, in particular for the preparation and follow-up of the events. This requires registration via the website. The required information can be found in the registration form. The provision of the information marked as mandatory is mandatory in order for the registration to be completed. The data provided will be processed for the purpose of providing the service.

The e-learning offer is part of the contractual services, so that the processing of personal data is carried out in this respect for the execution of the contract and is based on Art. 6 para. 1 letter b GDPR.

The provision of further data is voluntary. We process such voluntarily provided data on the basis of Art. 6 para. 1 letter f GDPR.

  1. Use of e-learning products

We work together with Materna GmbH (Germany) to use the videos and various e-learning products on the Lernwelt platform. It is therefore technically necessary to transmit your IP address to Materna GmbH in order to display the videos and various e-learning products.

The e-learning products are part of the contractual service. Therefore, the transmission of the IP address is based on Art. 6 para. 1 letter b GDPR.

Further information on data processing can be found at: https://www.materna-tmt.de/datenschutz#weitere-informationen.

Data processing on our social media pages

We have a company page on several social media platforms. In this way, we would like to offer further opportunities for information about our company and for exchange.

When you visit or interact with a profile on a social media platform, personal data about you may be processed. The information associated with a social media profile used also regularly constitutes personal data. This also includes messages and statements made using the profile. In addition, certain information is often automatically collected during your visit to a social media profile, which may also constitute personal data.

  1. Visiting a social media page
  • Facebook and Instagram

When you visit our Facebook or Instagram page, which we use to present our company or individual products from our range, certain information about you is processed. The sole controller for this processing of personal data is Meta Platforms Ireland Limited (Ireland, EU - "Meta"). For more information about Meta's processing of personal data, please visit https://www.facebook.com/privacy/explanation. Meta offers the possibility to object to certain data processing; information and opt-out options in this regard can be found at https://www.facebook.com/settings?tab=ads.

Meta provides us with anonymized statistics and insights for our Facebook and Instagram page, which help us gain insights into the types of actions people take on our site (so-called "page insights"). These Page Insights are created on the basis of certain information about people who have visited our page. This processing of personal data is carried out by Meta and us as joint controllers. The processing serves our legitimate interest in evaluating the types of actions taken on our site and improving our site based on these findings.

The legal basis for this processing is Art. 6 (1) (f) GDPR.

We cannot attribute the information obtained via Page Insights to individual user profiles that interact with our Facebook and Instagram pages. We have entered into a joint controllership agreement with Meta, which sets out the allocation of data protection obligations between us and Meta. Details of the processing of personal data for the creation of Page Insights and the agreement concluded between us and Meta can be found at https://www.facebook.com/legal/terms/information_about_page_insights_data. With regard to this data processing, you have the option of asserting your data subject rights (see "Your rights") against Meta. Further information on this can be found in Meta's privacy policy at https://www.facebook.com/privacy/explanation.

Please note that, in accordance with Meta's privacy policy, user data is also processed in the USA or other third countries. Meta only transfers user data to countries for which the European Commission has issued an adequacy decision in accordance with Art. 45 GDPR or on the basis of suitable guarantees in accordance with Art. 46 GDPR.

  • LinkedIn

In principle, LinkedIn Ireland Unlimited Company (Ireland, EU - "LinkedIn") is solely responsible for the processing of personal data when you visit our LinkedIn page. Further information on the processing of personal data by LinkedIn can be found at https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy.

When you visit our LinkedIn company page, follow this page or engage with the page, LinkedIn processes personal data to provide us with statistics and insights in anonymized form. This gives us insights into the types of actions that people take on our site (so-called page insights). In particular, LinkedIn processes data that you have already provided to LinkedIn via the information in your profile, such as data on function, country, industry, seniority, company size and employment status. In addition, LinkedIn will process information about how you interact with our LinkedIn company page, e.g. whether you are a follower of our LinkedIn company page. With the Page Insights, LinkedIn does not provide us with any personal data about you. We only have access to the summarized Page Insights. It is also not possible for us to draw conclusions about individual members from the information in the Page Insights. This processing of personal data in the context of Page Insights is carried out by LinkedIn and us as joint controllers. The processing serves our legitimate interest in evaluating the types of actions taken on our LinkedIn company page and improving our company page based on these findings.

The legal basis for this processing is Art. 6 (1) (f) GDPR.

We have entered into an agreement with LinkedIn on processing as joint controllers, which sets out the allocation of data protection obligations between us and LinkedIn. The agreement is available at: https://legal.linkedin.com/pages-joint-controller-addendum. The following applies:

  • LinkedIn and we have agreed that LinkedIn is responsible for enabling you to exercise your rights under the GDPR. You can contact LinkedIn online via the following link (https://www.linkedin.com/help/linkedin/ask/PPQ?lang=de) or reach LinkedIn via the contact details in the Privacy Policy. You can contact the Data Protection Officer at LinkedIn Ireland via the following link: https://www.linkedin.com/help/linkedin/ask/TSO-DPO. You can also contact us using the contact details provided to exercise your rights in connection with the processing of personal data in the context of Page Insights. In such a case, we will forward your request to LinkedIn.
  • LinkedIn and we have agreed that the Irish Data Protection Commission is the lead supervisory authority overseeing processing for Page Insights. You always have the right to lodge a complaint with the Irish Data Protection Commission (see www.dataprotection.ie) or any other supervisory authority.

Please note that in accordance with the LinkedIn Privacy Policy, personal data is also processed by LinkedIn in the USA or other third countries. LinkedIn only transfers personal data to countries for which the European Commission has issued an adequacy decision in accordance with Art. 45 GDPR or on the basis of suitable guarantees in accordance with Art. 46 GDPR.

  1. Comments and direct messages

We also process information that you have made available to us via our company page on the respective social media platform. Such information may include the username used, contact details or a message to us. This processing is carried out by us as the sole controller. We process this data on the basis of our legitimate interest in contacting people who make inquiries.

The legal basis for data processing is Art. 6 (1) (f) GDPR. Further data processing may take place if you have given your consent (Art. 6 para. 1 letter a GDPR) or if this is necessary to fulfill a legal obligation (Art. 6 para. 1 letter c GDPR).

  1. Comment management service

We use the Trello Boards service from Trello Inc (USA - "Trello") to manage comments on our company social media pages. If a user posts a comment via the comment function on one of our company pages, the social media ID (e.g. the Facebook user name), the comment content and the date/time of the comment are displayed via the software. This data is also transmitted to the provider of the software.

We process this personal data in order to moderate the comments on our company pages and to be able to identify violations of the netiquette rules and criminal content. The processing of personal data therefore takes place on the basis of Art. 6 para. 1 lit. c and Art. 6 para. 1 letter f GDPR for the fulfillment of legal obligations.

With Trello, the transfer of data to the USA cannot be ruled out. Please note the information in the section "Data transfer to third countries". Further information on data protection at Trello can be found in Trello's privacy policy: https://www.atlassian.com/legal/product-specific-terms#trello-specific-terms.

Further data processing

  1. Contact by e-mail

If you send us a message via the contact email provided, we will process the data transmitted for the purpose of responding to your request. We process this data on the basis of our legitimate interest in contacting inquiring persons. The legal basis for data processing is Art. 6 para. 1 letter f GDPR.

  1. Customer and interested party data

When you contact our company as a customer or prospective customer, we process your data to the extent necessary to establish or implement the contractual relationship. This regularly includes the processing of the personal master data, contract data and payment data provided to us, as well as the contact and communication data of our contact persons for commercial customers and business partners. The legal basis for this processing in the case of contracts with end customers is Article 6(1)(b) GDPR and Article 6(1)(f) GDPR in the case of a contact person for commercial customers.

We also process customer and interested party data for evaluation and marketing purposes. This processing is carried out on the legal basis of Art. 6 para. 1 letter f GDPR and serves our interest in further developing our offer and informing you specifically about our offers. Further data processing may take place if you have given your consent (Art. 6 para. 1 letter a GDPR) or if this is necessary to fulfill a legal obligation (Art. 6 para. 1 letter c GDPR).

  1. Use of the e-mail address for marketing purposes

We may use the e-mail address you provide when registering or ordering to inform you about our own similar products and services. The legal basis is Art. 6 para. 1 lit. f GDPR in conjunction with. § Section 7 para. 3 UWG. You can object to this at any time without incurring any costs other than the transmission costs according to the basic rates. To do so, you can unsubscribe by clicking on the unsubscribe link contained in each mailing or by sending an email to info@kitzmann.biz.

Status: June 2024