Data Security

Name and Contact Details of the Controller
This privacy policy provides information about the processing of personal data on the website of:
Controller:
Vermehren Consulting
Owner: Isabela Vermehren
Augustenstr. 87
80798 Munich
Germany
Email: info@vermehren-consulting.de
Phone: +49 173 323 45 328
2. Scope and Purpose of the Processing of Personal Data
 

2.1 Visiting the Website
When you access this website at www.vermehren-consulting.de, the internet browser used on your device automatically sends data to the server of this website and temporarily stores it in a log file. Until automatic deletion, the following data is stored without any further input from the visitor:

• IP address of the visitor’s device

• Date and time of access

• Name and URL of the page accessed

• Website from which the visitor accessed our site (referrer URL)

• Browser and operating system used on the device as well as the name of the access provider used by the visitor

The processing of this personal data is justified under Art. 6 (1) sentence 1 lit. f GDPR. Vermehren Consulting has a legitimate interest in processing this data for the purpose of:

• quickly establishing a connection to the website,

• enabling a user-friendly experience,

• recognising and ensuring the security and stability of the systems, and

• facilitating and improving the administration of the website.

The data is expressly not processed for the purpose of drawing conclusions about the identity of the visitor.

2.2 Contact Form
Visitors can send messages to Vermehren Consulting via an online contact form on the website. To receive a reply, at least a valid email address is required. Any additional information can be provided voluntarily. By sending the message via the contact form, the visitor consents to the processing of the personal data transmitted.
The data is processed exclusively for the purpose of handling and responding to enquiries submitted via the contact form. This processing is based on the voluntarily granted consent pursuant to Art. 6 (1) sentence 1 lit. a GDPR. The personal data collected for the use of the contact form will be automatically deleted as soon as the enquiry has been completed and there are no reasons for further storage (e.g. subsequent engagement of Vermehren Consulting).

2.3 Newsletter
By subscribing to the newsletter, the visitor expressly consents to the processing of the personal data provided. To subscribe, only the visitor’s email address needs to be entered. The legal basis for the processing of personal data for the purpose of sending newsletters is the consent pursuant to Art. 6 (1) sentence 1 lit. a GDPR.
The visitor can unsubscribe from future newsletters at any time. This can be done via a dedicated link at the end of each newsletter or by sending an email to info@vermehren-consulting.de.

Disclosure of Data
Personal data is transmitted to third parties if:

• the data subject has expressly consented to this under Art. 6 (1) sentence 1 lit. a GDPR,

• the disclosure is necessary for the establishment, exercise or defence of legal claims in accordance with Art. 6 (1) sentence 1 lit. f GDPR and there is no reason to assume that the data subject has an overriding legitimate interest in the non-disclosure of their data,

• there is a legal obligation to transfer the data pursuant to Art. 6 (1) sentence 1 lit. c GDPR, and/or

• it is necessary under Art. 6 (1) sentence 1 lit. b GDPR for the performance of a contractual relationship with the data subject.

In all other cases, personal data will not be passed on to third parties.

Cookies
This website uses so-called cookies. These are data packets exchanged between the server of our website and the visitor’s browser. They are stored on the visitor’s device (PC, notebook, tablet, smartphone, etc.) when accessing the website. Cookies cannot cause any damage to the device used. In particular, they do not contain viruses or other malware. Cookies store information that is related to the specific device used. Vermehren Consulting can in no way directly identify the visitor from this information.
By default, most browsers accept cookies automatically. Browser settings can be configured so that cookies are either not accepted on the device used, or a special notice appears before a new cookie is set. However, please note that disabling cookies may result in not all functions of the website being fully usable.
The use of cookies serves to make the use of the website more convenient. For example, session cookies can be used to recognise whether a visitor has already accessed individual pages of the website. These session cookies are automatically deleted after leaving the website.
To improve user-friendliness, temporary cookies are used. They are stored on the visitor’s device for a specified period of time. If the website is visited again, it is automatically recognised that the visitor has already been on the site and which entries and settings were made, so they do not need to be entered again.
Depending on your consent, cookies are also used to analyse visits to the website for statistical purposes and to improve the offer. These cookies make it possible to automatically recognise repeat visitors. The cookies are automatically deleted after a defined period.
The data processed by technically necessary cookies is justified for the purposes mentioned above in order to safeguard the legitimate interests of Vermehren Consulting pursuant to Art. 6 (1) sentence 1 lit. f GDPR.

Web Analytics and Tracking
5.1 Google Analytics
This website uses features of the web analytics service Google Analytics. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google Analytics uses so-called “cookies”. These are text files stored on your computer that enable an analysis of your use of the website. The information generated by the cookie about your use of this website is generally transmitted to a Google server in the USA and stored there.
The storage of Google Analytics cookies is based on your consent under Art. 6 (1) lit. a GDPR. You can withdraw this consent at any time.
We have activated IP anonymisation on this website. This means that your IP address is shortened by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to analyse your use of the website, compile reports on website activities and provide further services relating to website and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

5.2 Google Ads
We use the Google Ads service on our website. Google Ads is an online advertising service that allows ads to be displayed both in Google’s search engine results and in the Google advertising network. The provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The legal basis for this data processing is your consent pursuant to Art. 6 (1) sentence 1 lit. a GDPR. When visiting our website, you have the option to consent to data processing through cookies for analytics and marketing purposes. This consent is voluntary and can be withdrawn at any time. If you do not give consent, no cookies for marketing or analytics purposes will be set.

5.3 Google Web Fonts
This site uses so-called web fonts provided by Google to ensure a uniform display of fonts. When you access a page, your browser loads the required web fonts into its cache to display texts and fonts correctly.
For this purpose, the browser you use must connect to Google’s servers. This informs Google that our website was accessed via your IP address. The use of Google Web Fonts is in the interest of a uniform and appealing presentation of our online services and therefore constitutes a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. If your browser does not support web fonts, a standard font from your computer will be used.
Further information on Google Web Fonts can be found at
https://developers.google.com/fonts/faq
and in Google’s privacy policy: https://www.google.com/policies/privacy/.

5.4 Google Maps
This site uses the Google Maps map service via an API. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
To use the features of Google Maps, your IP address must be stored. This information is generally transmitted to a Google server in the USA and stored there. Vermehren Consulting has no influence on this data transmission. The use of Google Maps is in the interest of presenting our online offerings in an attractive manner and making it easy to locate the places indicated on the website. This constitutes a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR.
More information on how user data is handled can be found in Google’s privacy policy: https://www.google.de/intl/de/policies/privacy/.

Social Network Plugins (Social Plugins)
Social plugins from the following social networks are integrated on our website: Facebook, Instagram, Twitter, LinkedIn.
The legal basis for the use of social plugins is your consent pursuant to Art. 6 (1) sentence 1 lit. a GDPR. You can withdraw this consent at any time. The social networks are responsible for ensuring that they handle their users’ data in compliance with data protection law.
Social networks such as Facebook and Twitter can usually comprehensively analyse your user behaviour when you visit their websites or a website with integrated social media content (e.g. like buttons or advertising banners). Visiting our social media presences triggers various data processing operations. Specifically:
If you are logged into your social media account and visit our social media presence, the operator of the social media platform can associate this visit with your user account. Your personal data may also be collected even if you are not logged in or do not have an account with the respective platform. In this case, the data may be collected, for example, via cookies stored on your device or by recording your IP address.
Using the data collected in this way, the platform operators can create user profiles in which your preferences and interests are stored. This allows interest-based advertising to be displayed to you both within and outside the respective social media presence. If you have an account with the relevant social network, this interest-based advertising can be shown on all devices on which you are or were logged in.
Please also note that we cannot track all processing activities carried out on the social media platforms. Depending on the provider, additional processing operations may therefore be carried out by the operators of the platforms. Details can be found in the terms of use and privacy policies of the respective social media platforms.

6.1 Facebook
We maintain a profile on Facebook. The provider is Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. According to Facebook, the data collected is also transferred to the USA and other third countries.
We have concluded an agreement with Facebook on joint processing (Controller Addendum). This agreement specifies which data processing operations we or Facebook are responsible for when you visit our Facebook page. This agreement can be viewed at:
https://www.facebook.com/legal/terms/page_controller_addendum.
You can adjust your advertising settings independently in your user account. To do so, click on the following link and log in:
https://www.facebook.com/settings?tab=ads.
Data transfers to the USA are based on the EU Commission’s standard contractual clauses. Details can be found here:
https://www.facebook.com/legal/EU_data_transfer_addendum and
https://de-de.facebook.com/help/566994660333381.
Further details are available in Facebook’s privacy policy:
https://www.facebook.com/about/privacy/.

6.2 Twitter
We use the short messaging service Twitter. The provider is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.
You can adjust your Twitter privacy settings independently in your user account. To do so, click on the following link and log in:
https://twitter.com/personalization.
Data transfers to the USA are based on the EU Commission’s standard contractual clauses. Details can be found here:
https://gdpr.twitter.com/en/controller-to-controller-transfers.html.
For more information, please see Twitter’s privacy policy:
https://twitter.com/de/privacy.

6.3 Instagram
We maintain a profile on Instagram. The provider is Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA.
Data transfers to the USA are based on the EU Commission’s standard contractual clauses. Details can be found here:
https://www.facebook.com/legal/EU_data_transfer_addendum,
https://help.instagram.com/519522125107875 and
https://de-de.facebook.com/help/566994660333381.
Further information on how Instagram handles your personal data can be found in Instagram’s privacy policy:
https://help.instagram.com/519522125107875.

6.4 LinkedIn
We maintain a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.
If you want to deactivate LinkedIn advertising cookies, please use the following link:
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Data transfers to the USA are based on the EU Commission’s standard contractual clauses. Details can be found here:
https://www.linkedin.com/legal/l/dpa and
https://www.linkedin.com/legal/l/eu-sccs.
Further details on how LinkedIn handles your personal data can be found in LinkedIn’s privacy policy:
https://www.linkedin.com/legal/privacy-policy.
Your Rights as a Data Subject
If your personal data is processed in connection with your visit to our website, you are a “data subject” within the meaning of the GDPR and have the following rights:

7.1 Right of Access
You may request information from us as to whether personal data concerning you is being processed by us. There is no right of access if providing the requested information would breach a legal duty of confidentiality or if the information must otherwise be kept secret for other reasons, notably due to an overriding legitimate interest of a third party. By way of exception, a duty to provide information may nevertheless exist if your interests outweigh the interest in confidentiality, in particular taking into account any imminent damage.
The right of access is also excluded if data is stored solely because it cannot be deleted due to legal or statutory retention periods or is used exclusively for purposes of data backup or data protection monitoring, and the provision of information would require disproportionate effort and processing for other purposes is excluded by appropriate technical and organisational measures.
If your right of access is not excluded in your particular case and your personal data is processed by us, you may request the following information from us:

• purposes of processing,

• categories of personal data processed,

• recipients or categories of recipients to whom your personal data has been or will be disclosed, in particular recipients in third countries,

• where possible, the planned duration of storage of your personal data or, if this is not possible, the criteria used to determine that duration,

• the existence of a right to rectification or erasure or restriction of processing of personal data concerning you or a right to object to such processing,

• the existence of a right to lodge a complaint with a data protection supervisory authority,

• where the personal data is not collected from you as the data subject, any available information as to their source,

• the existence of automated decision-making, including profiling, and meaningful information about the logic involved as well as the significance and envisaged consequences of such processing,

• in the case of transmission to recipients in third countries where there is no adequacy decision by the EU Commission under Art. 45 (3) GDPR, information about what appropriate safeguards pursuant to Art. 46 (2) GDPR have been put in place to protect the personal data.

​

7.2 Rectification and Completion
If you discover that personal data concerning you is incorrect, you may request that we rectify such incorrect data without delay. If your personal data is incomplete, you may request that it be completed.
7.3 Erasure
You have the right to erasure (“right to be forgotten”), provided that processing is not required for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, or for the performance of a task carried out in the public interest, and one of the following grounds applies:

• The personal data is no longer necessary for the purposes for which it was processed.

• The sole legal basis for processing was your consent, which you have withdrawn.

• You have objected to the processing of your personal data that we have made public.

• You have objected to the processing of personal data not made public by us and there are no overriding legitimate grounds for processing.

• Your personal data has been unlawfully processed.

• The erasure of personal data is necessary to comply with a legal obligation to which we are subject.

There is no right to erasure if, in the case of lawful non-automated data processing, erasure is not possible or only possible with disproportionate effort due to the specific nature of storage and your interest in erasure is considered low. In this case, processing will instead be restricted.

7.4 Restriction of Processing
You may request restriction of processing if one of the following conditions applies:

• You contest the accuracy of your personal data. Restriction can then be requested for the duration that enables us to verify the accuracy of the data.

• The processing is unlawful and you request restriction of the use of your personal data instead of erasure.

• We no longer need your personal data for the purposes of processing, but you require it for the establishment, exercise or defence of legal claims.

• You have objected to processing pursuant to Art. 21 (1) GDPR. Restriction can then be requested while it is not yet clear whether our legitimate grounds override yours.

Restriction of processing means that personal data may only be processed (apart from being stored) with your consent or for the establishment, exercise or defence of legal claims or to protect the rights of another natural or legal person or for reasons of important public interest. Before lifting the restriction, we have a duty to inform you.
7.5 Data Portability
You have the right to data portability provided that processing is based on your consent (Art. 6 (1) sentence 1 lit. a or Art. 9 (2) lit. a GDPR) or on a contract to which you are a party and that processing is carried out by automated means.
In this case, the right to data portability includes the following rights, insofar as the rights and freedoms of others are not adversely affected: You may request that we provide you with the personal data that you have made available to us in a structured, commonly used and machine-readable format. You have the right to transmit this data to another controller without hindrance from us. Where technically feasible, you may also request that we transfer your personal data directly to another controller.

7.6 Objection
If processing is based on Art. 6 (1) sentence 1 lit. e GDPR (performance of a task carried out in the public interest or in the exercise of official authority) or on Art. 6 (1) sentence 1 lit. f GDPR (legitimate interests of the controller or a third party), you have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data. This also applies to profiling based on Art. 6 (1) sentence 1 lit. e or f GDPR.
After an objection has been lodged, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing which override your interests, rights and freedoms, or processing serves the establishment, exercise or defence of legal claims.
You may at any time object to the processing of your personal data for direct marketing purposes. This also applies to profiling in connection with direct marketing. After an objection to processing for direct marketing purposes, we will no longer use the relevant personal data for such purposes.
You can submit your objection informally by telephone, email or to our postal address stated at the beginning of this privacy policy.

7.7 Withdrawal of Consent
You have the right to withdraw any consent granted with effect for the future at any time. The withdrawal of consent can be communicated informally by telephone, email or to our postal address. The lawfulness of data processing carried out on the basis of consent until withdrawal remains unaffected. Once we receive the withdrawal, data processing based solely on your consent will be discontinued.

7.8 Complaint
If you believe that the processing of your personal data is unlawful, you may lodge a complaint with a data protection supervisory authority that is responsible for your place of residence, your place of work, or the place of the alleged infringement.
Status and Updates of this Privacy Policy
This privacy policy is dated 1 July 2024. We reserve the right to update this privacy policy in due course in order to improve data protection and/or adapt it to changes in administrative practice or case law.