Zeichnung einer Hand mit ausgestrcktem Zeigefinger auf einem grünen Hintergrund

Data Privacy Policy

Compliance with data protection has the utmost priority at ITB Consulting GmbH. In order to ensure compliance with the data protection requirements, there is an appointed data protection officer and a data protection concept. For all services offered by ITB Consulting GmbH, there are internal procedural guidelines for compliance with data protection. The services provided by ITB Consulting are in conformity with the legal data protection regulations, the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

All of our employees who are in contact with personal data are prohibited from collecting, processing or using personal data without authorization. On the basis of § 53 BDSG and in accordance with Article 28 (3) (b) GDPR, all employees have been obliged in writing to comply with data secrecy. In addition, our employees receive regular training in compliance with information security and the individual requirements for data protection at ITB Consulting GmbH (information security).

Information obligations for the collection of personal data in accordance with Article 13 EU GDPR

The handling of your personal data should always be comprehensible and transparent for you. In the following, we inform you in accordance with Article 13 GDPR about how we collect and process your data in compliance with the law.

Processing of personal data

Pursuant to Article 4 (1) GDPR, “personal data” means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Purpose and legal basis of data processing (Article 13 (1) (c) GDPR)

The use of our website is largely possible without providing personal data. We process personal data on our website only in the following cases:

  • if you use our contact form
  • if you use the chat
  • if you write an article for the ITB blog
  • if you subscribe to our newsletter
  • if you contact us by e-mail

You provide your personal data on a purely voluntary basis. The personal data provided by you will be used only to contact you or, as applicable, to send you our e-mail newsletter.

As a visitor to our website, you can send us your enquiry using the contact form. In this case it is in our legitimate interest within the meaning of Article 6 (1) s. 1 (f) GDPR to process the personal data provided by you in order to contact you regarding your enquiry.

If you write an article in our ITB blog, the legal basis for the data processing is also Article 6 (1) s. 1 (f) GDPR. As you want to take part in a discussion with your blog article, it is in our legitimate interest to process your personal data in order to be able to communicate with you.

If you are not yet our customer, you can subscribe to our newsletter after granting a declaration of consent (Article 6 (1) s. 1 (a) in conjunction with Article 7 GDPR). To confirm the consent, an e-mail confirmation of the consent by the data subject is required (“double opt-in procedure”). You can cancel the newsletter at any time using the unsubscribe link at the end of every e-mail. Alternatively, you can withdraw your consent at any time by writing us a simple e-mail.

In the case of direct e-mail contact, we process the personal data which you have voluntarily provided. These data are processed and stored only for the purpose of contacting you. An internal procedural instruction governs how the sent contact data can be used in compliance with data protection law, and when they have to be deleted.

If you would like to subscribe to the newsletter offered on the website, we need an e-mail address for you as well as information that allows us to check that you are the owner of the given e-mail address and agree to the receipt of the newsletter.

To ensure a consensual newsletter subscription, we use the so-called double opt-in procedure. In the course of this procedure, the potential recipient allows themself to be entered in a mailing list. Then the user receives a confirmation e-mail giving them the option of confirming the subscription with legal effect. Only when the confirmation has been made is the address activated in the mailing list. We use these data only to send the requested information and offers.

This website uses CleverReach to send newsletters. The provider is CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede. The data you enter for the purpose of receiving newsletters (e.g. e-mail address) is stored on CleverReach’s servers in Germany or Ireland. CleverReach is prohibited from selling your data and using it for purposes other than sending newsletters. For more details, please refer to the CleverReach privacy policy at: https://www.cleverreach.com/en/privacy-policy/

You can revoke the granted consent to storage of the data and the e-mail address as well as their use to send the newsletter at any time, for example by using the “unsubscribe” link in the newsletter. The data protection measures are subject to ongoing technical upgrades. For this reason, we request that you keep yourself informed about our data protection measures by consulting our data privacy policy at regular intervals.

Transfer of personal data to third parties / recipients of the data (Article 13 (1) (e) GDPR)

Personal data that you send to us by e-mail, or that we process as described above directly on our website in the context of the use of our contact form, our blog, or the sending of our newsletter, will not be transferred by ITB Consulting to third parties without your explicit consent.

In addition, our website contains links to the websites of various test procedures developed by ITB Consulting, in particular for aptitude and suitability tests. This includes, for example, BT-WISO and TM-WISO. The evaluation of such a test enables the college or institution to which you have applied to make a qualified selection from among the applicants to the respective courses of studies. Due to a tightening of data protection law, in order to participate in such a test procedure, every participant must grant a qualified declaration of consent to the processing of their personal data in the course of online registration for the respective test procedure. This declaration of consent fulfils the requirements of Article 7 GDPR. You will be fully informed about all details of the declaration of consent during the online registration for the corresponding test procedure on the respective website. You can view your declaration of consent there, and withdraw it if you wish, at any time.In our collaboration with other institutions, e.g. our service providers, within the framework of services we offer, we take the following precaution to ensure the protection of your personal data: personal data may generally be passed on to third parties only if those parties have the required data protection suitability according to our test and a processing contract in accordance with Article 28 GDPR has been signed.

The authority to issue instructions regarding the data protection-compliant handling of personal data provided lies with ITB Consulting GmbH.

Duration of storage and erasure of the data; right to object and right to information (Article 13 (2) (a) and (b) GDPR)

The duration of storage depends on the legal stipulations and the purpose of the data storage. If the purpose of the data processing no longer applies, the data are erased. Otherwise, collected personal data are always erased if the consent is withdrawn, the data are verifiably false, the data were collected illegally, or if legal requirements no longer demand data storage. If there is no legal reason for storage, every data subject has the right to rectification or erasure (Article 16, 17 GDPR), the right to restrict the processing (Article 20 GDPR) of their personal data as well as the right to object (Article 21 GDPR).

If the data subject has granted a declaration of consent, they can withdraw it at any time without affecting the lawfulness of processing based on consent before its withdrawal (Article 13 (2) (c) in conjunction with Article 7 (3) GDPR).

On request, every data subject shall have the right to obtain from ITB-Consulting GmbH confirmation as to whether or not we process personal data concerning them (Article 15 GDPR).

Your personal data are not subject to automated decision-making, including profiling, in the course of our processing (Article 13 (2) (f) GDPR).

The right to lodge a complaint with a supervisory authority (Article 13 (2) (d) GDPR)

Notwithstanding any other legal remedies, every data subject has the right to lodge a complaint with the relevant supervisory authority. (The State Data Protection and Freedom of Information Officer NRW

The controller (Article 13 (1) (a) GDPR)

ITB Consulting GmbH
Koblenzer Str. 77
53177 Bonn

Phone: +49 228 82090-0
Fax: +49 228 82090-38
E-mail: info@itb-consulting.de
Managing Director Dr. Kristine Heilmann

Data protection officer (Article 13 (1) (b) GDPR)

datenschutz süd GmbH
Wörthstraße 15
97082 Würzburg


E-mail correspondence runs on the unsecured internet. We hereby draw attention to the fact that the internet is subject to many security risks, and it is not possible to guarantee absolutely secure transmission. We therefore request that you do not send us any confidential information by e-mail. At the current state of the art, it cannot be ruled out that third parties gain illegal access to the e-mail information sent.

Links and integration of social networks

In some cases, a link to our YouTube channel and our Facebook account can be generated from our website. In addition, our website contains links to other websites for which we are not responsible. We have no influence on their content or on whether the operators are compliant with the data protection regulations. Please contact these companies directly to find out about their data protection policy.

Technical and organizational measures (Article 32 GDPR)

ITB Consulting GmbH uses technical and organizational methods within the meaning of Article 32 EU GDPR to protect the personal data made available by you against destruction, loss, unauthorized access and deliberate or negligent manipulation. The compliance of the technical and organizational measures is documented, and is reviewed at regular intervals by ITB Consulting GmbH’s data protection officer.

Use of web fonts

In order to provide the visitors to our website a uniform display of our contents on all devices, and to minimize loading times, external fonts – Google fonts – are used on this website. Google Fonts is a service provided by Google Inc. (“Google”). These web fonts are downloaded from a server, generally a server of Google in the USA. This tells the server which of our internet pages you have visited. The IP address of the browser of the end device you use to visit these internet pages is also stored by Google. For further information please see the data privacy policy of Google, which you can access here:

Google Analytics

In order to learn how our website is received by users, we use the evaluation tool Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses so-called cookies, text files that are stored on your computer and that allow an analysis of your use of the website.

The information about your use of this website generated by the cookie is generally transferred to and saved on a Google server in the USA. When IP anonymization is activated on this website, your IP address will be truncated in advance within Member States of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transferred to a Google server in the USA and truncated there. Google will use this information on behalf of the operator of this website to evaluate your usage of the website, to create reports on website activities, and to provide other services related to website and internet usage to the website operator. The IP address transmitted by your browser within the context of Google Analytics will not be combined with any other data held by Google. You can prevent cookies being stored on your computer by making the corresponding setting in your browser software. We would like to point out, however, that in this case you may not be able to use all of this website’s functions without restriction. You can also prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) as well as the processing of this data by Google by downloading and installing the browser plug-in available at the following link::


We provide our webinars via the online platform of Webinaris GmbH, Bussardstr. 5.2, 82166 Gräfelfing, hereinafter referred to as „Webinaris“. We are the so-called „user“ who has a paid Webinaris membership with the Webinaris online platform in order to be able to register and conduct webinars via this platform. Webinaris processes all data on German servers.

You can view the Webinaris privacy policy here:  https://www.webinaris.com/en/privacy-policy/

Registration is required to participate in our webinars. Registration for the webinar takes place via a registration form linked to Webinaris. Provided you register for or attend one of our webinars, Webinaris will process the following data from you on our behalf:

  • Email address
  • First name
  • Last name
  • Browser and system data
  • IP address
  • Language
  • Time zone
  • All data provided by the participant in the chat
  • All data provided by the user or participant to Webinaris in other ways, such as in the context of a support ticket or an email request to Webinaris.

We have concluded an order processing contract with Webinaris in accordance with Article 28 GDPDR, in which we oblige Webinaris to protect our customers‘ data and not to pass it on to third parties. The legal basis for this processing is Article 6 (1) GDPDR. Further information can be found in the Webinaris privacy policy at https://www.webinaris.com/privacy-policy/?lang=en

Userlike chat software

We use a live chat software produced by the company Userlike UG (haftungsbeschränkt), Probsteigasse 44-46, 50670 Cologne, Germany. You can use Userlike to chat with our employees in real-time. At the start of the chat, the following personal data is collected:

  • Date and time of the chat,
  • amount of data sent,
  • if provided by you: first name, surname, and e-mail address
  • additional Data you may send via the chat system.

Depending on the course of the conversation with our employees, further personal data may be provided by you in the chat. The nature of this information depends heavily on your request or the problem you are describing.

All our employees have been trained in data protection and in the handling of customer data. All our employees are obliged to maintain confidentiality and have accordingly signed an addendum to their employment contracts which obliges them to maintain confidentiality and observe data protection.

By accessing the our web page, the chat widget is loaded as a JavaScript file from AWS Cloudfront. The chat widget technically represents the source code executed on your computer that enables the chat.

In addition, the ITB Consulting GmbH stores the history of live chats for the duration of 90 days. The purpose of this is to save our customers from having to go through a long history of requests, and for us to constantly monitor the quality of our live chat service. Processing is permitted pursuant to Art. 6 Para. 1 Book f, GDPR. If you do not wish your live chat history to be stored, please do not hesitate to contact us using the contact details listed below. Stored live chats and any other of your data will then be deleted by us immediately.

The storage of chat data also serves the purpose of ensuring the security of our information technology systems. This is also our legitimate interest, which is why processing is permitted under Art. 6 Para. 1 Book f, GDPR. The legal basis for the processing of the data provided in the chat is also Art. 6 Para. 1 Books b and f, GDPR.

Further information can be found in the Data processing terms of Userlike UG (haftungsbeschränkt).

Objection to unsolicited advertising e-mails

We hereby expressly object to any use of contact data on our internet pages by third parties for the sending of advertising information material that has not been explicitly requested. ITB Consulting GmbH explicitly reserves the right to take legal steps in the event of unsolicited sending of advertising information, for example spam.

Icon User
Any questions? We are happy to help.

We appreciate your interest. Leave a message using the form below. An employee will contact you as soon as possible.