Data collection on our website
Who is responsible for the data collection on this website?
The controller responsible for processing the data on this website is:
Neuburger Straße 40
90451 Nuremberg, Germany
Telephone: +49 (0)911-9636-5
How do we collect your data?
On the one hand, your data will be collected when you communicate it to us. This may, for example, be data you enter on a contact form.
Other data is collected automatically by our IT systems when you visit the website. This data is primarily technical data such as the browser and operating system you are using or when you accessed the page. This data is collected automatically as soon as you visit our website.
What do we use your data for?
Part of the data is collected to ensure the proper functioning of the website. Other data may be used to analyze how you use the site so that we can improve its functionality.
We use the data that you voluntarily provide, for example, in the contact form, in order to process your request or address your concern.
Why do we process your data?
We process your data on the basis of Art. 6 para. 1 lit. b of the EU General Data Protection Regulation (GDPR), which allows the processing of data to fulfill contractual obligation or to undertake measures leading to such a contract. We use data to optimize the website on the basis of Art. 6 para. 1 lit. f GDPR.
What rights do you have regarding your data?
(1) You always have the right to request information about your stored data, its origin, its recipients, and the purpose of its collection at no charge. If you have given consent for the use of data, you may revoke it at any time. You also have the right to request that it be corrected, blocked, or deleted.
(2) You have the right to have data which we process on the basis of your consent or in fulfillment of a contract automatically delivered to yourself or to a third party in a standard, machine-readable format. If you request the direct transfer of data to another data controller, this shall only take place to the extent that is technically feasible.
(3) In the case of violations of data protection law, you also have the right of appeal to the competent supervisory authority.
A list of supervisory authorities and their addresses can be found at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
(4) The data protection officer for our company is Mr. Georg Möller. The data protection officer can be reached as follows:
SK-Consulting Group GmbH
Osterweg 2, 32549 Bad Oeynhausen, Germany
Analytics and third-party tools
2. General and mandatory information
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the enquiries you send to us as site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://”, and by the lock symbol in your browser bar. If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.
3. Data collection on our website
Most of the cookies we use are “session cookies.” They are automatically deleted after your visit. Other cookies remain in your device’s memory until you delete them. These cookies make it possible to recognize your browser when you next visit the site.
To stop your visit from being tracked and to review/change your cookie settings
We use the Matomo open source software to analyze and statistically evaluate the use of the website. Cookies are used for this purpose. The information generated by the cookie about website usage is transmitted to our servers and combined in pseudonymous user profiles. The information is used to evaluate the use of the website and to enable a demand-oriented design of our website. This data will not be transferred to third parties. Under no circumstances will the IP address be linked to other data relating to the user. The IP addresses are anonymized, so that an assignment to a specific individual is not possible (IP masking). Your visit to this website is currently being recorded by Matomo web analytics.
To stop your visit from being tracked and to review/change your cookie settings
Use of script libraries and Google fonts
For correct cross-browser font display, the Google Fonts external font library is used. The fonts are then cached in the browser to avoid further latency due to loading. The operator of Google Fonts is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google collects, processes, and uses data obtained when accessing its servers.
Server log files
The website provider automatically collects and stores information in “server log files”, which your browser automatically transmits to us. These are:
- Browser type and browser version
- Your operating system
- Requested website or file
- Type of device used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
- Search term, if the query was made via Google or Bing.
Who can obtain my Data?
In order to be able to process your request, we send your Data to the department in our group of companies responsible for processing it. As part of the processing, your anonymized Data may be viewed by our website providers who are contractually bound to secrecy. No further disclosure takes place.
Will you transfer my data to countries outside the European Union?
We have no plans to do this.
How long will you store my data?
Your data will be stored until we addressed any concerns fully and until any statutory retention periods expire.
Do I have to provide my data?
In order for you to use our website offers or for us to process a request from you, you will need to provide us with personal data. If you are in or plan to enter into a contractual relationship with us, such data must be provided and/or may be required by law. If you fail to provide the required data, we cannot enter into a contractual relationship with you and/or transmit any offer to you.
If you have any complaints about the way we handle your data, you can always contact the responsible supervisory authority. The supervisory authority for our company and its contact details is listed under : https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
You have the right to seek effective judicial remedy against a supervisory authority (Art. 78 GDPR) and/or us (Art. 79 GDPR).
We do not use any automatic decision-making/profiling processes.
4. Your rights
As a Data subject, these are some of the rights you have under the General Data Protection Regulation (GDPR):
Right of access under Art. 15 GDPR
You have the right to request information about whether we are processing personal information about you or not. When we process personal information from you, you are entitled to find out
- why we are processing your Data;
- what types of Data we are processing about you;
- the categories of recipients who will or can receive Data about you;
- where possible, how long we will store your data provided that in case
- where it is not possible we shall inform you about the criteria used to determine that storage period (e.g. in accordance with the statutory retention periods);
- that you have a right to request the erasure and/or rectification of your data, including the
- right to restrict its processing and/or to object to its processing;
- that you have a right to lodge a complaint with a supervisory authority;
- data where the data are not collected from you, any available information as to their source;
- whether your data will be used for automatic decision-making, and, if so, we have to provide you with meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you;
- whether we transmit data about you to a country outside the European Union or to an international organisation and
- what kinds of safeguards we have required of the recipients in order to ensure an adequate level of protection for your data;
- that you have the right to request a copy of the personal data we have on file about you. Copies of the data we have on file are, as a rule, always provided in electronic form. The first copy is free of charge; we may charge a reasonable fee for additional copies. We can only provide a copy if the rights of other persons are not affected.
Right to rectification of the data under Art. 16 GDPR
You are entitled to ask us to correct your data if it is incorrect and/or incomplete. This right also includes the right to complete it with further information or supplementary statements. A correction and/or supplement must be implemented without undue delay.
Right to erasure of your data deleted per Art. 17 GDPR
You are entitled to request that we delete your personal data
- if the personal data is no longer required for the purposes for which it as collected and processed;
- if data you withdraw your consent on which the processing is based;
This does not apply, however, if
- there is another legal basis for its continued data processing;
- if you have lodged an objection to the processing of the data based on your legitimate interest per Art. 6 para. 1 lit. e or lit. f;
- if there are legitimate grounds for the processing overriding your legitimate interests;
- if you have objected to the processing of your data for direct marketing purposes;
- if the personal data has been improperly processed;
- if the data considered are the data of a child and have been collected by Information Society services (= electronic service) on the basis of consent per Art. 8 para. 1 GDPR.
A right to have your personal data deleted does not exist
- if the right to freedom of expression and information conflicts with the deletion;
- if the personal data is being processed
- to fulfill a legal obligation, e.g. statutory retention requirements;
- to perform public duties and interests under applicable law (including “public health”);
- is required for archiving and / or research purposes; or
- the personal data is required to assert, exercise, or defend legal claims.
The deletion must be carried out immediately (without undue delay). If we have made personal data public (e.g. by posting it online), we must ensure, as far as is technically possible and reasonable, that other data processors are also informed about the request for its deletion, including the deletion of any links, copies, and/or replicas.
The right to restrict data processing per Art. 18 GDPR
You are entitled to restrict the processing of your personal data in the following cases:
- If you have any doubt as to the accuracy of the data about you processed by us, you can require that we no longer use such data and restrict its processing until such time as its accuracy is verified.
- If the data has been unlawfully processed, you can opt to restrict its further processing instead of requesting it to be deleted
- If you need the personal data to assert, exercise, or defend legal claims, but we no longer need it, you may require us to restrict its processing as you pursue said legal rights.
- If you have objected to data processing per Art. 21 para. 1 GDPR and it is not yet clear whether our legitimate grounds to continue its processing override your interests, you can demand that your data not be used for any other purposes until such time as this question is answered.
- If you have restricted the further processing of your personal data, it may subsequently only be processed (with the exception of the storage):
– with your consent;
- to assert, exercise, or defend legal claims;
- to protect the rights of other natural or legal persons; or
- for reasons of important public interest.
If the restriction of the processing is repealed, you will be notified before any processing resumes.
The right to data portability per Art. 20 GDPR.
You are entitled to request the data you have made available to us in a common electronic format (e.g. as a PDF or Excel document).
You may also require us to transfer this information directly to another company specified by you, to the extent it is technically feasible for us.
This may occur only if you are entitled to do so, and if the processing has taken place on the basis of your consent or to fulfill a contract and has taken place via automated means.
The exercise of this right to data portability shall not affect the rights and freedoms of others. If you exercise this right, this does not affect your right to obtain the deletion of your data under Art. 17 GDPR.
Right to object to certain types of data processing per Art. 21 GDPR
If your data is processed for the purposes of legitimate interests pursued by us or by a third party or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us, you may nevertheless object to such processing. You must explain to us the reasons for this objection that arise from your particular situation. This may include for example special family circumstances or legitimate interests in keeping said data secret.
If you so object to the processing of your data, we shall then no longer process such data, unless:
there are compelling, legitimate grounds for processing which override your interests, rights, and freedoms; or the processing is necessary to assert, exercise, or defend legal claims.
You may object to the use of your data for the purpose of direct marketing at any time; this also applies to profiling insofar as it is associated with direct marketing measures. If you object, we shall no longer use your data for direct marketing purposes.
We never initiate or engage in any direct marketing and/or profiling.
Prohibition of automated decision-making/profiling per Art. 22 GDPR
Decisions we make that may have legal consequences or significantly affect you must not be based solely on the automated processing of your personal data. This includes profiling.
This prohibition does not apply if the automated decision
- is required to enter into or fulfill a contractual relationship with you;
- is permitted by law, provided adequate
measures to safeguard your rights and freedoms and your legitimate interests are ensured; or is based on your express consent.
Decisions based exclusively on automated processing of special categories of personal data (= sensitive data) are only permitted if made on the basis of your express consent or if there is a significant public interest in its processing and if adequate measures have been taken to protect your rights and freedoms and your legitimate interests.
Exercising your rights
To exercise your rights, please contact the persons listed in §1. Requests submitted electronically are usually answered electronically. The information, communications, and measures to be provided under GDPR, including the exercise of your rights are generally provided free of charge. Only in the case of manifestly unfounded or excessive claims are we entitled to levy an appropriate fee for processing your request or otherwise refrain to act on the request (Art. 12 para. 5 GDPR).
If there are reasonable doubts about your identity, we may request additional information from you for identification purposes. If an identification is not possible for us, we may refuse to process your request. We will, to the extent possible, notify you separately if we require further proof of identity (see Art. 12 para. 6 and Art. 11 GDPR).
Information and information requests are usually processed immediately (within one month) after receipt of the request. The deadline may be extended for a further two months, to the extent necessary and taking into account the complexity and/or the number of requests. In the event of an extension, we will inform you of the reasons for the delay within one month of receipt of your request. If we fail to act upon your request, we will promptly notify you of the reasons for doing so within one month of receipt of the request, and inform you of your option to lodge a complaint with a regulatory authority or to seek judicial remedy. (Art. 12 para. 3 and 4 GDPR).
Please note that you can only exercise your rights with regard to the restrictions permitted in the EU or the member states. (Art. 23 GDPR)