PB-Consult Data Protection

Data Protection

Privacy Policy of PB Consult Planungs- und Betriebsberatungsgesellschaft mbH

Welcome to our website and thank you for your interest in our company. We take the protection of your personal data very seriously. We process your data in accordance with applicable personal data protection legislation, in particular the GDPR and our country-specific implementation laws, which provide comprehensive information about the processing of your personal data by PB Consult Planungs- und Betriebsberatungsgesellschaft mbH and your rights.

Personal data is any information that makes it possible to identify a natural person. This includes, in particular, your name, date of birth, address, telephone number, email address and IP address. Anonymous data is available if no personal reference to the individual/user can be made.

Responsible body and data protection officer

Company address:
PB Consult Planungs- und Betriebsberatungsgesellschaft mbH
Rothenburger Straße 5
90443 Nürnberg

Company’s contact information and data protection officer:
Phone: 0049-911 3 22 39-0
fax: 0049-911 3 22 39-10
datenschutz@pbconsult.de

Your rights as a data subject

We would first like to notify you of your rights as a data subject. These rights are set out in Articles 15 – 22 GDPR, and include:

• The right of access (Art. 15 GDPR),
• The right to rectification (Art. 16 GDPR),
• The right to data portability (Art. 20 GDPR),
• The right to object to data processing (Art. 21 GDPR),
• The right to erasure / right to be forgotten (Art. 17 GDPR),
• The right to restriction of data processing (Art. 18 GDPR).

To exercise these rights, please contact: datenschutz@pbconsult.de. The same applies if you have any questions regarding data processing in our company or when you withdraw your consent. You also have a right of appeal to the relevant data protection supervisory authority.

Right to object

Please note the following with respect to your right to object:
When we process your personal data for the purpose of direct marketing, you have the right to object to this data processing at any time without providing the reasons for such objection. This also applies to profiling insofar as it is associated with direct marketing.

If you object to the processing for direct marketing, we will no longer process your personal data for such purposes. The objection is free of charge and can be made informally, where appropriate to: datenschutz@pbconsult.de.

Should we process your data to protect legitimate interests, you may object to such processing at any time for reasons that arise from your specific situation; this also applies to profiling based on these provisions.

We will then cease to process your personal information unless we can demonstrate compelling legitimate grounds for processing such information that outweigh your interests, rights and freedoms, or the processing is intended to assert, exercise or defend legal claims.

Purposes and legal bases of data processing

The processing of your personal data complies with the provisions of the GDPR and all other applicable data protection regulations. Legal bases for data processing arise in particular from Art. 6 GDPR.

We use your data to initiate business, to fulfil contractual and legal obligations, to conduct the contractual relationship, to offer products and services and to consolidate customer relationships, which may include marketing and direct marketing.

Your consent also constitutes a data protection regulation. In this respect, we will inform you of the purposes of data processing and the right to withdraw your consent. If the consent also relates to the processing of special categories of personal data, we will explicitly notify you in the consent process.

Processing of special categories of personal data within the meaning of Art. 9 (1) GDPR may only take place where necessary on the grounds of legal regulations and there is no reason to assume that your legitimate interests should prevail to the exclusion of processing such data.

Data transfers / Disclosure to third parties

We will only transmit your data to third parties within the scope of given statutory provisions or based on consent. In all other cases, information will not be transferred to third parties unless we are obliged to do so owing to mandatory legal regulations (disclosure to external bodies, including the supervisory authorities or law enforcement authorities).

Data recipients / categories of recipients

In our organisation, we ensure that only individuals who are required to process the relevant data to fulfil their contractual and legal obligations are authorised to handle personal data.
In many cases, service providers assist our specialist departments to fulfil their tasks. The necessary data protection contract has been concluded with all service providers.

Transfers of personal data to third countries

A transfer of data to third countries (outside the European Union or the European Economic Area) shall only take place if required by law or if you have provided your consent for such a transfer.
We do not transfer your personal data to any service provider outside the European Economic Area.

Period of data storage

We store your data for as long as such is required for the relevant processing purposes. Please note that numerous retention statutory periods require that data must be stored for a specific period of time. This relates in particular to retention obligations for commercial or fiscal purposes (e.g. commercial code, tax code, etc.). The data will be routinely deleted after use unless a further period of retention is required.

We may also retain data if you have given us your permission to do so, or in the event of any legal disputes and we use the evidence within the statutory limitation period, which may be up to 30 years; the standard limitation period is 3 years.

Secure transfer of data

We implement the appropriate technical and organisational security measures to ensure the optimal protection of the data stored by us against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. The security levels are continuously reviewed in collaboration with security experts and adapted to new security standards.

The data exchange to and from our website is encrypted. We provide https as a transfer protocol for our website, and always use the current encryption protocols. In addition, we offer our users content encryption in our contact forms and applications. We alone can decrypt this data. It is also possible to use alternative communication channels (e.g. surface mail).

Obligation to provide data

A range of personal data is required to establish, implement and terminate the obligation and the fulfilment of the relevant contractual and legal obligations. The same applies to the use of our website and the various functions we provide.

We have summarised the relevant details in the above point. In some cases, legal regulations require data to be collected or made available. Please note that it will not be possible to process your request or execute the underlying contractual obligation without this information.

Data categories, sources and origin of data

The data we process is defined by the relevant context: it depends on whether, for example, you place an order online, enter a request on our contact form or if you want to send us an application or submit a complaint.

Please note that we may also provide information at specific points for specific processing situations separately where appropriate, e.g. when uploading application documents or when making a contact request.

We collect and process the following data when you visit our website:

• Name of the Internet service provider
• Web browser and operating system used
• Information on the website from which you visited us
• The IP address by your allocated Internet service provider
• Files accessed, volume of data transferred, downloads/file export
• Information on websites accessed on our site, including date and time

For reasons of technical security (in particular to safeguard against attempts to attack of our web server), this data is stored in accordance with Article 6 (1) lit f GDPR. Anonymisation takes place no later than after seven days by abbreviating the IP address so that no reference is made to the user.

we collect and process the following data as part of a contact request:

• Company, name
• Email
• Info on wishes and interests

we collect and process the following data as part of online applications:
• Last name, first name
• Contact information
• Any data you send us as part of your application, e.g. application photo, data on school/vocational education, etc.

Automated decisions in individual cases

We do not use purely automated processing to make decisions.

Cookies (Art. 6 Para. 1 S. 1 lit. a, f GDPR, Section 25 Para. 1, 2 TTDSG – The German Federal Law on Data Protection and the Protection of Privacy in Telecommunications and Telemedia)

On our website, we are using so-called cookies. Cookies use to make our content more user-friendly, effective and secure. Cookies are small text-files which are stored (locally) in your devices´ browser. Cookies are containing pseudonymous data only, in most cases even only anonymous data. Some cookies are persisting for a single browsing session (so-called session-cookies), others are active for a longer period of time (so-called persistent cookies, such as e.g. the ones used to save consent-settings). The latter kind of cookies is subject to auto-deletion after its pre-set expiration (usually 6 months). Besides our own cookies, we are also making use of cookies controlled by third parties. These may use the information contained in the cookies to, e.g. show you content or to track the sites you have visited.

Based on our legitimate interest (Art. 6 Para 1, S.1 lit a GDPR), we are using technically required cookies, which are mandatory to operate the website as such and to operate it technically perfect. Additionally, and again without your consent, we use cookies which´s sole purpose is to store or access information for transmitting messages or to offer services you expressly request, Section 25 II TTDSG.

With your consent, further cookies may be used, which enable us respectively third parties to analyze how our services are used. So, we can design our content according to our users´ preferences. Additionally, we may measure a single ad´s effectiveness and to place it according to the users´ interest in certain themes. The legal basis, here, is your express consent (Art. 6 Para 1 S.1 lit a GDPR, Section 25 Para 1 TTDSG).

You may revoke your consent anytime and with effect for the future, as well as you may change your cookie-settings via our consent-banner. Please remember, that all changes must be made per device.

Should you have accounts with the third party providers of ours and be logged into these while sufing our website, your data may be linked to your respective account. Such linking may be prevented by refusing to consent into the use of the respective cookies, to withdraw such consent if previously declared or by logging off the respective accounts before surfing our website.

Most browsers accept cookies automatically. However, you may deactivate, restrict or delete cookies manually by your browsers´ settings or software-based. Should cookies be deactivated, our website may eventually not be used anymore or to a limited extent, only.

Please check also our information on cookies located in our privacy statements´ respective part on the single service using cookies.

Google AJAX Search API

We use Ajax on these pages. Google AJAX Search API is a service provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. This tool is used to optimize loading speeds. For this purpose, program libraries are called from Google servers and Google’s CDN (content delivery network) is used. If you have previously used jQuery on another page from the Google CDN, your browser will fall back on the cached copy. If this is not the case, this will require a download, whereby data from your browser will reach Google Inc (“Google”). Your data will be transferred to the USA. You can find out more in the provider’s privacy policy here.

Google Maps

Our website uses plugins of the Google Maps page operated by Google. The operator of the pages is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. If you visit one of our pages equipped with a Google Maps plugin, a connection to the Google Maps servers is established after your consent. In doing so, the Google Maps server is informed which of our pages you have visited. Before you have given your consent, no transmission of data to Google (Maps) takes place.
If you are logged into your Google account, you enable Google to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your Google account.
For more information on the handling of user data, please see Google`s privacy policy at:
https://policies.google.com/privacy?hl=en&gl=en

Xing Referral

We use components of the XING.com network on our site. These components are a service of XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany.
With each individual call-up of our website that is equipped with such a component, this component causes the browser you are using to download a corresponding representation of the component from XING.

XING does not store any personal data of the user about the call of our website. Likewise, XING does not store any IP addresses. In addition, there is also no evaluation of usage behavior via the use of cookies in connection with the “XING Share button”. Further information on this can be found in the data protection information for the XING Share button at:
https://privacy.xing.com/en/privacy-policy

YouTube

Our website uses plugins from the YouTube site operated by Google. The operator of the pages is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. If you visit one of our pages equipped with a YouTube plugin, a connection to the YouTube servers is established after your consent. In the process, the YouTube server is informed which of our pages you have visited. Before you have given your consent, no transmission of data to YouTube takes place.

If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.

For more information on the handling of user data, please refer to YouTube’s privacy policy at:
https://www.google.de/intl/en/policies/privacy

Privacy notices social media

On our website you will find links to the social media services of Facebook, LinkedIn, Xing and YouTube. You can recognize links to the websites of the social media services by the respective company logo. If you follow these links, you will reach the company presence of PB Consult Planungs- und Betriebsberatungsgesellschaft mbH at the respective social media service. When you click on a link to a social media service, a connection to the servers of the social media service is established. This transmits to the servers of the social media service that you have visited our website. In addition, further data is transmitted to the provider of the social media service. These are, for example:

– Address of the website on which the activated link is located.
– Date and time when the website was called up or the link was activated
– Information about the browser and operating system used
– IP address

If you are already logged in to the corresponding social media service at the time the link is activated, the provider of the social media service may be able to determine your username and possibly even your real name from the transmitted data and assign this information to your personal user account with the social media service. You can exclude this possibility of assignment to your personal user account if you log out of your user account beforehand.

The servers of the social media services are partly located in the USA and other countries outside the European Union. The data may therefore also be processed by the provider of the social media service in countries outside the European Union. Please note that companies in these countries are subject to data protection laws that do not generally protect personal data to the same extent as is the case in the member states of the European Union.

In addition to the PB Consult Planungs- und Betriebsberatungsgesellschaft mbH, the following companies are responsible for the company appearances within the meaning of the GDPR and other data protection regulations:

• Facebook
(Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)

• LinkedIn
(LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland)

• Xing
(New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany)

• Youtube
(Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland)

However, you use these platforms and their functions on your own responsibility. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating).

We would also like to point out that your data may be processed outside the European Union.

Purpose and legal basis

We ourselves maintain the fan pages in order to communicate with visitors to these pages and to inform them about our offers in this way.

In addition, we collect data for statistical purposes to be able to further develop and optimize the content and to make our offer more attractive. The data required for this purpose (e.g. total number of page views, page activity and data provided by visitors, interactions) are processed by the social networks and made available to us. We have no influence on the generation and presentation of this data.

In addition, your personal data will be processed by the social media providers for market research and advertising purposes. It is possible, that profiles are created based on your usage behaviour and the resulting interests. This allows, among other things, advertisements to be placed within and outside the platforms that correspond to your interests. Cookies are usually stored on your computer for this purpose. Independently of this, data that is not collected directly on your end devices may also be stored in your profiles. The storage and analysis also take place across devices; this applies in particular, but not exclusively, if you are registered as a member and logged in to the respective platforms.

The processing of your personal data by the PB Consult Planungs- und Betriebsberatungsgesellschaft mbH is based on our legitimate interests in effective information and communication pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR.

If you are asked for consent to data processing, i.e. if you declare your consent by confirming a button or similar (opt-in), the legal basis of the processing is Art. 6 para. 1 sentence 1 lit. a, Art. 7 GDPR.

Your rights / right to object

If you are a member of a social network and do not want the network to collect data about you via our website and link it to your stored membership data with the respective network, you have to

• log out of the respective network before visiting our fan page,
• delete the cookies stored on your device and
• close and restart your browser.
After logging in again, however, you will once more be recognizable to the network as a specific user.

For a detailed description of the respective processing and the opt-out options, please refer to the information linked below:

• Facebook
Privacy policy: https://www.facebook.com/about/privacy/;
Opt-out: https://www.facebook.com/settings?tab=ads and
http://www.youronlinechoices.com;

• LinkedIn
Privacy policy: https://www.linkedin.com/legal/privacy-policy;
Opt-out: https://www.linkedin.com/legal/cookie-policy and
http://www.youronlinechoices.com;

• Xing
Privacy policy: https://privacy.xing.com/en/privacy-policy;
Opt-out: http://www.youronlinechoices.com

• Youtube
Privacy policy: https://policies.google.com/privacy;
Opt-out: https://tools.google.com/dlpage/gaoptout?hl=en and
http://www.youronlinechoices.com.

Overall, you have the following rights regarding the processing of your personal data:
Right to information; Right to rectification; Right to erasure; Right to restriction of processing; Right to object; Right to data portability; Right to complain about unlawful processing of your personal data to the competent data protection authority.

However, since the PB Consult Planungs- und Betriebsberatungsgesellschaft mbH does not have complete access to your personal data, you should contact the providers of the social media directly if you wish to assert your rights, as they each have access to the personal data of their users and can take appropriate measures and provide information.

If you still need help, we will of course try to support you. Please contact: datenschutz@pbconsult.de.

Contact form / Contact via email (Article 6 (1) lit a, b GDPR)

A contact form is available on our website which can be used to contact us electronically. If you write to us using the contact form, we will process the data you submitted in the contact form to respond to your queries and requests.

In so doing, we respect the principle of data minimisation and data avoidance, such that you only have to provide the information we require to contact you, which is your company or your name, your mail address and the message field itself. Your IP address will also be processed for technical reasons and for legal protection. Any other data is voluntary, and additional fields are optional (e.g. to provide a more detailed response to your questions).

To protect the security and confidentiality of your data as best as possible, we implement appropriate security measures. Your request is transmitted to us in encrypted form.

If you contact us by email, we will process the personal information provided in the email solely for the purpose of processing your request.

Application via email (Article 6 (1) lit a, b GDPR)

Thank you for your interest in the activities of PB Consult Planungs- und Betriebsberatungsgesellschaft mbH. We are aware of the importance of your data and process the personal data you provide on the application form solely for the purposes of the effective and correct execution of the application process and for contacting you during the application process. We shall not disclose data to third parties without your consent.

As part of the application form you will be asked to provide personal information. In so doing, we respect the principle of data minimisation and data avoidance, such that you only have to provide the information we require to carry out a review your application documents, e.g.: your curriculum vitae or if we are legally obliged to collect such information.

Unfortunately, we cannot review your application documents without this data. You can, of course, submit voluntary information.

We store your data for the above purpose until the application process has been completed and the relevant deadlines have expired, which will be no later than six months after receipt of a decision. However, you may allow us to store your application documents for a longer period to review them for other vacancies that match your profile.

Links to other providers

Our website also contains clearly identifiable links to the Internet sites of other companies. Although we provide links to websites of other providers, we have no influence on their content, and no guarantee or liability can therefore be assumed for such. The content of these pages is always the responsibility of the respective provider or operator of the pages.

The linked pages were checked at the time of linking for potential legal violations and identifiable infringements. No illegal content was identified at the time of linking. However, a permanent content control of the linked pages is not reasonable without concrete evidence of an infringement and, upon notification of a violation of rights, such links will be promptly removed.