Compliance with data protection has the utmost priority at ITB Consulting GmbH. In order to ensure compliance with the data protection requirements, there is an appointed data protection officer and a data protection concept. For all services offered by ITB Consulting GmbH, there are internal procedural guidelines for compliance with data protection. The services provided by ITB Consulting are in conformity with the legal data protection regulations, the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
All of our employees who are in contact with personal data are prohibited from collecting, processing or using personal data without authorization. On the basis of § 53 BDSG and in accordance with Article 28 (3) (b) GDPR, all employees have been obliged in writing to comply with data secrecy. In addition, our employees receive regular training in compliance with information security and the individual requirements for data protection at ITB Consulting GmbH (information security).
Information obligations for the collection of personal data in accordance with Article 13 EU GDPR
The handling of your personal data should always be comprehensible and transparent for you. In the following, we inform you in accordance with Article 13 GDPR about how we collect and process your data in compliance with the law.
Processing of personal data
Pursuant to Article 4 (1) GDPR, “personal data” means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Purpose and legal basis of data processing (Article 13 (1) (c) GDPR)
The use of our website is largely possible without providing personal data. We process personal data on our website only in the following cases:
- if you use our contact form
- if you use the chat
- if you write an article for the ITB blog
- if you subscribe to our newsletter
- if you contact us by e-mail
You provide your personal data on a purely voluntary basis. The personal data provided by you will be used only to contact you or, as applicable, to send you our e-mail newsletter.
As a visitor to our website, you can send us your enquiry using the contact form. In this case it is in our legitimate interest within the meaning of Article 6 (1) s. 1 (f) GDPR to process the personal data provided by you in order to contact you regarding your enquiry.
If you write an article in our ITB blog, the legal basis for the data processing is also Article 6 (1) s. 1 (f) GDPR. As you want to take part in a discussion with your blog article, it is in our legitimate interest to process your personal data in order to be able to communicate with you.
If you are not yet our customer, you can subscribe to our newsletter after granting a declaration of consent (Article 6 (1) s. 1 (a) in conjunction with Article 7 GDPR). To confirm the consent, an e-mail confirmation of the consent by the data subject is required (“double opt-in procedure”). You can cancel the newsletter at any time using the unsubscribe link at the end of every e-mail. Alternatively, you can withdraw your consent at any time by writing us a simple e-mail.
In the case of direct e-mail contact, we process the personal data which you have voluntarily provided. These data are processed and stored only for the purpose of contacting you. An internal procedural instruction governs how the sent contact data can be used in compliance with data protection law, and when they have to be deleted.
If you would like to subscribe to the newsletter offered on the website, we need an e-mail address for you as well as information that allows us to check that you are the owner of the given e-mail address and agree to the receipt of the newsletter.
To ensure a consensual newsletter subscription, we use the so-called double opt-in procedure. In the course of this procedure, the potential recipient allows themself to be entered in a mailing list. Then the user receives a confirmation e-mail giving them the option of confirming the subscription with legal effect. Only when the confirmation has been made is the address activated in the mailing list. We use these data only to send the requested information and offers.
We use the newsletter software Newsletter2Go. Your data are sent to the company Newsletter2Go GmbH. Newsletter2Go is not permitted to sell your data or to use them for any purpose other than to send the newsletters. Newsletter2Go is a certified German service provider that was selected subject to the requirements of the GDPR and the German Federal Data Protection Act. For further information, go to: https://www.newsletter2go.de/informationen-newsletter-empfaenger/
Transfer of personal data to third parties / recipients of the data (Article 13 (1) (e) GDPR)
Personal data that you send to us by e-mail, or that we process as described above directly on our website in the context of the use of our contact form, our blog, or the sending of our newsletter, will not be transferred by ITB Consulting to third parties without your explicit consent.
In addition, our website contains links to the websites of various test procedures developed by ITB Consulting, in particular for aptitude and suitability tests. This includes, for example, BT-WISO and TM-WISO. The evaluation of such a test enables the college or institution to which you have applied to make a qualified selection from among the applicants to the respective courses of studies. Due to a tightening of data protection law, in order to participate in such a test procedure, every participant must grant a qualified declaration of consent to the processing of their personal data in the course of online registration for the respective test procedure. This declaration of consent fulfils the requirements of Article 7 GDPR. You will be fully informed about all details of the declaration of consent during the online registration for the corresponding test procedure on the respective website. You can view your declaration of consent there, and withdraw it if you wish, at any time.In our collaboration with other institutions, e.g. our service providers, within the framework of services we offer, we take the following precaution to ensure the protection of your personal data: personal data may generally be passed on to third parties only if those parties have the required data protection suitability according to our test and a processing contract in accordance with Article 28 GDPR has been signed.
The authority to issue instructions regarding the data protection-compliant handling of personal data provided lies with ITB Consulting GmbH.
Duration of storage and erasure of the data; right to object and right to information (Article 13 (2) (a) and (b) GDPR)
The duration of storage depends on the legal stipulations and the purpose of the data storage. If the purpose of the data processing no longer applies, the data are erased. Otherwise, collected personal data are always erased if the consent is withdrawn, the data are verifiably false, the data were collected illegally, or if legal requirements no longer demand data storage. If there is no legal reason for storage, every data subject has the right to rectification or erasure (Article 16, 17 GDPR), the right to restrict the processing (Article 20 GDPR) of their personal data as well as the right to object (Article 21 GDPR).
If the data subject has granted a declaration of consent, they can withdraw it at any time without affecting the lawfulness of processing based on consent before its withdrawal (Article 13 (2) (c) in conjunction with Article 7 (3) GDPR).
On request, every data subject shall have the right to obtain from ITB-Consulting GmbH confirmation as to whether or not we process personal data concerning them (Article 15 GDPR).
Your personal data are not subject to automated decision-making, including profiling, in the course of our processing (Article 13 (2) (f) GDPR).
The right to lodge a complaint with a supervisory authority (Article 13 (2) (d) GDPR)
Notwithstanding any other legal remedies, every data subject has the right to lodge a complaint with the relevant supervisory authority. (The State Data Protection and Freedom of Information Officer NRW
The controller (Article 13 (1) (a) GDPR)
ITB Consulting GmbH
Koblenzer Str. 77
Phone: +49 228 82090-0
Fax: +49 228 82090-38
Managing Director Dr. Kristine Heilmann
Data protection officer (Article 13 (1) (b) GDPR)
datenschutz süd GmbH
E-mail correspondence runs on the unsecured internet. We hereby draw attention to the fact that the internet is subject to many security risks, and it is not possible to guarantee absolutely secure transmission. We therefore request that you do not send us any confidential information by e-mail. At the current state of the art, it cannot be ruled out that third parties gain illegal access to the e-mail information sent.
Links and integration of social networks
In some cases, a link to our YouTube channel and our Facebook account can be generated from our website. In addition, our website contains links to other websites for which we are not responsible. We have no influence on their content or on whether the operators are compliant with the data protection regulations. Please contact these companies directly to find out about their data protection policy.
Technical and organizational measures (Article 32 GDPR)
ITB Consulting GmbH uses technical and organizational methods within the meaning of Article 32 EU GDPR to protect the personal data made available by you against destruction, loss, unauthorized access and deliberate or negligent manipulation. The compliance of the technical and organizational measures is documented, and is reviewed at regular intervals by ITB Consulting GmbH’s data protection officer.
Use of web fonts
In order to learn how our website is received by users, we use the evaluation tool Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses so-called cookies, text files that are stored on your computer and that allow an analysis of your use of the website.
The information about your use of this website generated by the cookie is generally transferred to and saved on a Google server in the USA. When IP anonymization is activated on this website, your IP address will be truncated in advance within Member States of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transferred to a Google server in the USA and truncated there. Google will use this information on behalf of the operator of this website to evaluate your usage of the website, to create reports on website activities, and to provide other services related to website and internet usage to the website operator. The IP address transmitted by your browser within the context of Google Analytics will not be combined with any other data held by Google. You can prevent cookies being stored on your computer by making the corresponding setting in your browser software. We would like to point out, however, that in this case you may not be able to use all of this website’s functions without restriction. You can also prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) as well as the processing of this data by Google by downloading and installing the browser plug-in available at the following link::
We provide our webinars via the online platform of Webinaris GmbH, Bussardstr. 5.2, 82166 Gräfelfing, hereinafter referred to as „Webinaris“. We are the so-called „user“ who has a paid Webinaris membership with the Webinaris online platform in order to be able to register and conduct webinars via this platform. Webinaris processes all data on German servers.
Registration is required to participate in our webinars. Registration for the webinar takes place via a registration form linked to Webinaris. Provided you register for or attend one of our webinars, Webinaris will process the following data from you on our behalf:
- Email address
- First name
- Last name
- Browser and system data
- IP address
- Time zone
- All data provided by the participant in the chat
- All data provided by the user or participant to Webinaris in other ways, such as in the context of a support ticket or an email request to Webinaris.
Userlike chat software
We use a live chat software produced by the company Userlike UG (haftungsbeschränkt), Probsteigasse 44-46, 50670 Cologne, Germany. You can use Userlike to chat with our employees in real-time. At the start of the chat, the following personal data is collected:
- Date and time of the chat,
- amount of data sent,
- if provided by you: first name, surname, and e-mail address
- additional Data you may send via the chat system.
Depending on the course of the conversation with our employees, further personal data may be provided by you in the chat. The nature of this information depends heavily on your request or the problem you are describing.
All our employees have been trained in data protection and in the handling of customer data. All our employees are obliged to maintain confidentiality and have accordingly signed an addendum to their employment contracts which obliges them to maintain confidentiality and observe data protection.
In addition, the ITB Consulting GmbH stores the history of live chats for the duration of 90 days. The purpose of this is to save our customers from having to go through a long history of requests, and for us to constantly monitor the quality of our live chat service. Processing is permitted pursuant to Art. 6 Para. 1 Book f, GDPR. If you do not wish your live chat history to be stored, please do not hesitate to contact us using the contact details listed below. Stored live chats and any other of your data will then be deleted by us immediately.
The storage of chat data also serves the purpose of ensuring the security of our information technology systems. This is also our legitimate interest, which is why processing is permitted under Art. 6 Para. 1 Book f, GDPR. The legal basis for the processing of the data provided in the chat is also Art. 6 Para. 1 Books b and f, GDPR.
Objection to unsolicited advertising e-mails
We hereby expressly object to any use of contact data on our internet pages by third parties for the sending of advertising information material that has not been explicitly requested. ITB Consulting GmbH explicitly reserves the right to take legal steps in the event of unsolicited sending of advertising information, for example spam.