Privacy policy.

This Privacy Policy aims to explain in a clear, transparent, and concise manner how we process your personal data and to provide further relevant information in this context. Protecting your personal rights is our highest priority, and we do our utmost to safeguard and uphold these rights.

This Privacy Policy was last updated on December 2, 2024.

If you have any questions or other inquiries concerning data protection at our company, you can contact our Data Protection Officer at the following email address: dataprotection@psvdl.com.

1. Controller

PSvdL Consulting GmbH, Nördliche Münchner Straße 47, 82031 Grünwald, Germany (hereinafter referred to as “we” or “PSvdL”), is the Controller within the meaning of Article 4(7) of the EU General Data Protection Regulation (GDPR).

2. Data Protection Officer

PSvdL has appointed a Data Protection Officer in accordance with Article 37 GDPR. You can reach the Data Protection Officer at any time by emailing dataprotection@psvdl.com.

3. Rights of Data Subjects

Depending on your specific circumstances, you may have the following data protection rights, which you can exercise at any time by contacting us using the contact details provided in sections 1 and 2:

3.1 Right of Access
You have the right to obtain information about which of your personal data we process, as well as to request access to and/or copies of this data. This includes details of the purpose for which it is used, the categories of data used, their recipients and individuals authorized to access them, and, if possible, the planned retention period for the data or, if that is not possible, the criteria used to determine such a period.

3.2 Right to Rectification
You have the right to request that we promptly correct any inaccurate personal data concerning you. Taking into account the purposes of the processing, you also have the right to request the completion of any incomplete personal data—this may include providing a supplementary statement.

3.3 Right to Object
Where the processing of your personal data is based on Article 6(1)(f) GDPR, you have the right, on grounds relating to your particular situation, to object at any time to the processing of such data. In that case, we will no longer process the relevant personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or unless the processing is necessary to establish, exercise, or defend legal claims.

3.4 Right to Withdraw Consent
If the processing is based on your consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing carried out before the withdrawal. You can contact us at any time using the contact details provided above to withdraw your consent.

3.5 Right to Erasure
You have the right to request the immediate deletion of personal data concerning you. We are obliged to delete these personal data without delay if one of the following reasons applies:

• • The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
  • You object to the processing as set out in section 3.3, and there are no overriding legitimate grounds for the processing.
  • The personal data have been processed unlawfully.
  • Deletion of the personal data is required to comply with a legal obligation under European Union or Member State law to which we are subject.

This does not apply where the processing is necessary:

• • For compliance with a legal obligation that requires processing under EU or Member State law to which we are subject.
  • For the establishment, exercise, or defense of legal claims.

3.6 Right to Restrict Processing
You have the right to request that we restrict processing if any of the following conditions apply:

• • • You contest the accuracy of the personal data for a period that enables us to verify its accuracy.
    • The processing is unlawful, and you refuse the deletion of the personal data and instead request the restriction of its use.
    • We no longer need the personal data for the purposes of the processing, but you require it for the establishment, exercise, or defense of legal claims, or;
    • You have objected to processing pursuant to section 3.3, pending verification of whether our legitimate grounds override yours.

  Where processing has been restricted, such personal data—apart from storage—may only be processed with your consent or for the establishment, exercise, or defense of legal claims, for the protection of another natural or legal person’s rights, or for reasons of important public interest of the European Union or a Member State. If you have obtained a restriction of processing, we will inform you before this restriction is lifted.

3.7 Right to Lodge a Complaint
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence, place of work, or the place of the alleged infringement, if you believe that the processing of your personal data violates the GDPR.

4. Hosting

We host the content of our website with the following provider:

1&1 IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany (hereinafter “IONOS”).

IONOS collects the following data from website visitors, which are immediately anonymized and subsequently deleted:

• • Referrer (previously visited webpage)
  • Requested webpage or file
  • Browser type and version
  • Operating system used
  • Device type used
  • Time of access
  • IP address in anonymized form (only used to determine the location of access)

In addition, processing is carried out by WebAnalytics. In WebAnalytics, your data is collected solely for statistical evaluation and technical optimization of the website. The data is captured either via a pixel or a logfile. To protect personal data, WebAnalytics does not use cookies. The data is stored for 8 weeks and is not disclosed to any third parties, including those outside the EU.

4.1 Legal Basis for Processing
The use of IONOS is based on Article 6(1)(f) GDPR. We have a legitimate interest in the most reliable possible presentation of our website. Where appropriate consent has been obtained, processing takes place solely on the basis of Article 6(1)(a) GDPR and Section 25(1) TDDDG, insofar as the consent covers the storage of cookies or access to user information on the end device (e.g., device fingerprinting) in the sense of the TDDDG. This consent can be revoked at any time.

4.2 Processing on Our Behalf (Data Processing Agreement)
We have entered into a data processing agreement (DPA) with the aforementioned service provider. This legally required agreement ensures that the service provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

5. Cookies

Use of Cookies
We collect and store usage data on this website in anonymized form. We may use what are referred to as “cookies” for this purpose. A cookie is a small file stored on your computer or mobile device. Each cookie has a unique ID assigned to your device, allowing the website to store your actions and preferences (e.g., location, language, font size, and other display settings) for a certain period. This way, you do not need to re-enter this information each time you return to the website or navigate from page to page. Cookies can also help improve your browsing experience. They are not used to identify you personally and are not combined with data about the holder of the pseudonym. We use this information to gauge the attractiveness of our website and to continuously improve its content. On our website, we distinguish between technically necessary cookies and those that are not technically necessary.

Technically Non-Essential Cookies
Cookies that are not strictly necessary for the operation of our website are generally used only with your prior express consent (for more information, see our cookie banner). Cookie-Banner).

Technically Necessary Cookies
This website uses the “Borlabs Cookie,” which sets a technically necessary cookie (borlabs-cookie) to store your cookie consents. Borlabs Cookie does not process personal data.
The borlabs-cookie stores the consents you gave upon visiting the website. If you wish to revoke these consents, simply delete this cookie in your browser. When you revisit or reload the website, you will be asked again for your cookie preferences.

6. Social Media

6.1 General
On the basis of our legitimate interest under Article 6(1)(f) GDPR, we maintain online presences on social networks and platforms in order to communicate with our customers, interested parties, and applicants who are active there, and to inform you about our current portfolio and job offers. On our website, we currently link to the social networks Instagram, XING, and LinkedIn via the corresponding social buttons. These services are operated by: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Instagram"), New Work SE, Am Strandkai 1, 20457 Hamburg, Germany ("XING"), LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland ("LinkedIn"). Each of these providers has its own privacy policy.

To prevent unwanted transmission of your usage data (e.g., the URL of the page you are currently on) to these providers, you will only be transferred to these services after you have clicked on the link behind the social buttons. Once on the provider’s site, these social networks may collect usage data and possibly user data.

Note: We have no influence on the data collected or the data processing operations of these providers, nor are we aware of the full scope of data collection, the purposes of processing, or the storage periods.
You can learn more about the purposes and scope of the data collection and the further processing and use of your data—as well as your rights in this regard and the settings available to protect your privacy—in these providers’ respective privacy notices:

Meta Privacy Notice:: https://www.facebook.com/privacy/policy

New Work SE Privacy Notice:Data Privacy at XING

LinkedIn Privacy Notice:: https://www.linkedin.com/legal/privacy-policy

Note: The data collected about you by Instagram may be transferred to countries outside the European Union.

If you have any questions about data protection on our social media profiles, you can contact our Data Protection Officer at dataprotection@psvdl.com.

6.2 Statistical Evaluations Provided by Social Networks
Some of the data that Meta, LinkedIn, and New Work SE collect during use is also provided to PSvdL in the form of anonymized statistical evaluations. These evaluations refer only to visitors to our respective profiles. They are aggregated values that do not allow any inferences about individual users; consequently, we have no access to personal data processed by Meta, LinkedIn, or New Work SE.

However, this does not necessarily mean that the data processing by Meta, LinkedIn, or New Work SE themselves is carried out on an anonymous basis (see the respective data policies in section 6.1).

6.3 Visibility of Users’ Personal Data for PSvdL and Other Users
When you use certain interactive features on Instagram or LinkedIn (e.g., the comment function or the “Like” button), additional personal information may become visible to PSvdL, as comments or likes are visible to other users and the profile provider. This can allow direct identification of the user.

PSvdL has no influence on these interactive functions or on the visibility of comments, likes, or other user activities on the respective profile. In this regard, PSvdL is not considered the Controller under data protection law. The type, scope, and duration of storing “likes” and comments are determined by Instagram or LinkedIn; likewise, Instagram and LinkedIn bear responsibility for ensuring that such processing is lawful.

How much personal data is collected when visiting an Instagram or LinkedIn profile also depends on user behavior and can be partly controlled by the user (e.g., you can visit our profiles without leaving comments or clicking “like”).

You can also reduce the extent to which your personal data is processed when you visit our Instagram or LinkedIn profile by logging out of other services such as Facebook or Threads and/or deactivating the “stay logged in” feature, deleting any existing cookies on your device, and closing and restarting your browser. This approach largely removes directly identifiable information. In this way, you can use the Instagram or LinkedIn profile without disclosing, for instance, your Facebook ID.

Please note that using the interactive features of our Instagram, XING, and LinkedIn profiles typically requires you to be logged in to these networks. When you access interactive functions on the page (like, comment, share, send messages, etc.), a login window will appear. After logging in, you are again identifiable by that network as a particular user.

6.4 Communicating with PSvdL by Private or Public Message
You can send us a public or private message via our Instagram, XING, and LinkedIn profiles. This lets you contact us with questions about PSvdL, about our profiles, or for other inquiries.

When you contact us, we process your username and the text of your inquiry, as well as any other information you provide in the message, in order to address your inquiry and answer your questions.

Processing takes place on the basis of legal provisions that allow us to process personal data when necessary to respond to your inquiry (e.g., Article 6(1)(b) GDPR) or on the basis of our legitimate interest in providing you the requested information (Article 6(1)(f) GDPR).
If you send a public message, the data you provide is also visible to all other visitors to our page.

Data arising from your inquiry/contact will be deleted six months after the last message. If there are any statutory retention obligations, the data will be stored for the duration of the legal retention period. Public messages can only be deleted by you.

7. Contact via Form, Email, or Telephone

If you contact us via our contact form (name, email, phone, message), or by email or phone, your information is processed with your voluntary consent and awareness for the purpose of handling your inquiry and its resolution in the context of contractual or pre-contractual relationships pursuant to Article 6(1)(b) GDPR and on the basis of our legitimate interest pursuant to Article 6(1)(f) GDPR.

We initially store the data collected and then use it solely to fulfill your contact request. Once your inquiry has been addressed, the data is deleted unless there is a legal obligation to retain it. You have the right to revoke your consent to data processing at any time, with effect for the future.

7.1 Use of Google reCAPTCHA
For our contact form, we use the Google “reCAPTCHA” service.
This service collects various types of data to determine whether a user is human or a bot. As reCAPTCHA is a Google technology, data deemed personal is collected. An overview of the data reCAPTCHA collects:

1. 1. The user’s IP address
   2. Mouse movements and interactions with the website
   3. Information about input behavior (e.g., typing speed and patterns)
   4. Potential Google cookies, which may also be stored across devices
   5. Browser and device data (e.g., operating system, installed add-ons)
   6. Possibly existing Google cookies from previous Google sign-ins

Because these data are collected by Google, using reCAPTCHA entails sending data to a third party (Google).
The legal basis is our legitimate interest in ensuring individual responsibility on the Internet and preventing misuse and spam (Article 6(1)(f) GDPR).
We have entered into a data processing agreement with the provider to ensure that our site visitors’ data is protected and to prohibit unauthorized disclosure to third parties. For data transfers to the U.S., the provider has joined the EU-US Data Privacy Framework, which, based on the European Commission’s adequacy decision, guarantees compliance with European data protection standards.

8. Data Protection Information for Applicants

We collect and use your personal data that you provide to us in the context of the application process. Your personal data will be processed and used solely for the purpose of selecting applicants.
We only process your personal data if a legal basis exists (Articles 5 and 6 GDPR). In particular, we process your data to fulfill our (pre)contractual obligations in the application process under Article 6(1)(b) GDPR and Article 6(1)(f) GDPR if data processing is required in legal proceedings, for example (in Germany, Section 26 BDSG also applies).
Your data is stored in systems located exclusively in Europe and may be processed by third-party service providers on our behalf.

8.1 Categories of Personal Data
“Personal data” refers to information about an identified or identifiable person. The following categories of data may be stored if you provide them in your application:

• • Personal identification – e.g., name, date of birth, gender, nationality
  • Contact details – e.g., home address, telephone number, email address
  • Qualifications and résumé – qualifications, memberships in professional associations, degrees, language skills, competencies, abilities
  • Immigration and work-authorization information – e.g., ID card number, social security number, visa or work permit
  • Equal opportunity and diversity data – where permissible under local law and on a voluntary basis, data on race and ethnicity (stored anonymously to monitor equal opportunities)
  • Information about your application process – e.g., interview notes, assessment results
  • Background checks and other verifications – e.g., certificates, birth certificate, driver’s license, reliability checks (including publicly accessible information and public profiles on social networks such as XING, LinkedIn)
  • Other personal data you voluntarily provide during the application process or in interviews, including information from your CV
  • Informal data – e.g., opinions shared during the application process or interviews

8.2 Retention of Personal Data
Generally, we retain applicant personal data only as long as necessary to fulfill the purpose for which it was collected or provided by you.

In some instances, we must retain certain records for a specific period to meet our legal or regulatory obligations, even after the conclusion of the hiring process. Your personal data will be fully anonymized once it is no longer required for that purpose—at the latest six months following the conclusion of the application process. Application documents provided during the process will be destroyed by PSvdL in compliance with data protection requirements.

8.3 Use of Social Media and Email in the Application Process
On the basis of our legitimate interest (Article 6(1)(f) GDPR), we maintain online presences on social networks and platforms to communicate with applicants and job seekers who are active on these platforms and to inform you about our current job opportunities. When visiting these networks and platforms, the respective operators’ terms and conditions and data processing policies apply.
Unless otherwise stated, we process your data in accordance with our Data Protection Information for Applicants for the purpose of applicant selection.

Below is a list of third-party providers and their content, along with links to their privacy policies, which contain further information about data processing and options to object:

• • LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, Privacy Policy: https://www.linkedin.com/legal/privacy-policy

You may also submit your application documents to us via email. Please note, however, that emails are generally not encrypted, and you as the sender are responsible for any encryption. We cannot assume responsibility for the path of transmission between the sender and our server. Alternatively, you may still send us your application documents via postal mail.

8.4 Right to Information and Right to Withdraw
You may withdraw your application at any time, request information about the data we have stored, and revoke any consent you have given to PSvdL. If you wish to exercise any of these rights or have general questions regarding data protection, please send your request to dataprotection@psvdl.com.

9. Security Measures

We use technical and organizational security measures to protect your personal data from manipulation, loss, destruction, or unauthorized access. Our security measures are continuously improved in line with technological developments. However, it cannot be ruled out that data provided without encryption may be viewed by third parties. Please note that data transmission over the internet (e.g., email communication) cannot be guaranteed to be secure. Consequently, you should refrain from sending sensitive data, or only send it via a secure (SSL) connection.

10. Links to Other Websites

This Privacy Policy applies to the online presence of PSvdL Consulting GmbH at www.psvdl-consulting.com.Once you leave this website, we recommend you carefully read the privacy policy of any other website that collects personal data.