Dr. Reinhard Schmitt Führungs- und Organisationsberatung

Menu
Privacy Policy

Note: This English version is for informational purposes only. In case of legal questions or discrepancies, the German version shall prevail.

Privacy Policy

1. Data Protection at a Glance

General Information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data refers to all data that can personally identify you. Detailed information on data protection can be found in the privacy policy listed below this text.

Data Collection on This Website (see also Section 4):

Who is responsible for data collection on this website?

The data processing on this website is carried out by the website operator. Their contact details can be found in the section "Note on the Responsible Entity" in this privacy policy.

How do I collect your data?

Your data is collected, for example, when you provide it to me. This may include data you enter into a contact form. Other data is collected automatically or with your consent when you visit the website through IT systems. This primarily includes technical data (e.g., internet browser, operating system, or time of page access). This data is collected automatically as soon as you enter this website.

What do I use your data for?

Some of the data is collected to ensure the website is provided without errors. Other data may be used to analyze your user behavior.

What rights do you have regarding your data?

You have the right to receive information about the origin, recipient, and purpose of your stored personal data at any time, free of charge. You also have the right to request the correction or deletion of this data. If you have given consent to data processing, you can revoke this consent at any time for the future. Additionally, under certain circumstances, you have the right to request the restriction of the processing of your personal data. Furthermore, you have the right to lodge a complaint with the competent supervisory authority. For this and other questions regarding data protection, you can contact me at any time.

Analysis Tools and Third-Party Tools

When visiting this website, your surfing behavior may be statistically evaluated. This is primarily done using so-called analysis programs. Detailed information on these analysis programs can be found in this privacy policy.

2. Hosting

I host the content of my website with the following provider:

Strato

The provider is Strato AG, Otto-Ostrowski-Straße 7, 10249 Berlin (hereinafter referred to as "Strato"). When you visit my website, Strato collects various log files, including your IP addresses. Further information can be found in Strato's privacy policy: https://www.strato.de/datenschutz/. The use of Strato is based on Art. 6(1)(f) GDPR. I have a legitimate interest in ensuring the reliable presentation of my website. If appropriate consent has been requested, processing is carried out exclusively based on Art. 6(1)(a) GDPR and § 25(1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Data Processing Agreement

I have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract required by data protection law, ensuring that the provider processes the personal data of my website visitors only according to my instructions and in compliance with the GDPR.

3. General Information and Mandatory Disclosures

Data Protection

The operator of these pages takes the protection of your personal data very seriously. I treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy. When you use this website, various personal data is collected. Personal data is data that can personally identify you. This privacy policy explains what data I collect and what I use it for. It also explains how and for what purpose this happens. I point out that data transmission over the Internet (e.g., when communicating via email) can have security vulnerabilities. A complete protection of data from access by third parties is not possible.

Note on the Responsible Entity

The responsible entity for data processing on this website is:

Reinhard Schmitt
Flößaustr. 122
90763 Fürth
Phone: +491728807183
Email:

The responsible entity is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g., names, email addresses, etc.).

Storage Duration

Unless a more specific storage period is specified within this privacy policy, your personal data will remain with me until the purpose for data processing ceases to apply. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless I have other legally permissible reasons for storing your personal data (e.g., tax or commercial retention periods); in the latter case, deletion will occur after these reasons cease to apply.

General Information on the Legal Basis for Data Processing on This Website

If you have consented to data processing, I process your personal data based on Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR, if special data categories according to Art. 9(1) GDPR are processed. In the case of explicit consent to the transfer of personal data to third countries, data processing is also based on Art. 49(1)(a) GDPR. If you have consented to the storage of cookies or access to information in your end device (e.g., via device fingerprinting), data processing is additionally based on § 25(1) TDDDG. Consent can be revoked at any time. If your data is required to fulfill a contract or to carry out pre-contractual measures, I process your data based on Art. 6(1)(b) GDPR. Furthermore, I process your data if it is necessary to fulfill a legal obligation based on Art. 6(1)(c) GDPR. Data processing may also be based on my legitimate interest according to Art. 6(1)(f) GDPR. The respective legal basis in each individual case is informed in the following paragraphs of this privacy policy.

Recipients of Personal Data

In the course of my business activities, I work with various external entities. In some cases, the transmission of personal data to these external entities is necessary. I only pass on personal data to external entities if this is necessary within the framework of contract fulfillment, if I am legally obliged to do so (e.g., data transfer to tax authorities), if I have a legitimate interest in the transfer according to Art. 6(1)(f) GDPR, or if another legal basis permits the data transfer. When using processors, I only pass on personal data of my customers based on a valid data processing agreement. In the case of joint processing, a contract for joint processing is concluded.

Revocation of Your Consent to Data Processing

Many data processing operations are only possible with your explicit consent. You can revoke consent already given at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to Object to Data Collection in Special Cases and to Direct Advertising (Art. 21 GDPR)

IF DATA PROCESSING IS BASED ON ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, I WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS I CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS OR THE PROCESSING SERVES TO ASSERT, EXERCISE, OR DEFEND LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21(1) GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR SUCH ADVERTISING; THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS ASSOCIATED WITH SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR DIRECT ADVERTISING PURPOSES (OBJECTION PURSUANT TO ART. 21(2) GDPR).

Right to Lodge a Complaint with the Competent Supervisory Authority

In the event of a violation of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work, or place of the alleged infringement. This right exists without prejudice to any other administrative or judicial remedies.

Right to Data Portability

You have the right to receive data that I process automatically based on your consent or in performance of a contract, in a commonly used, machine-readable format, or to have it transferred to another controller, where technically feasible.

Right of Access, Rectification and Erasure

You have the right, in accordance with applicable legal provisions, to request free information at any time about your stored personal data, its origin, recipients, and the purpose of data processing. You also have the right to request the rectification or erasure of this data. You may contact me at any time regarding this and any other questions relating to personal data.

Right to Restriction of Processing

You have the right to request the restriction of the processing of your personal data. You may contact me at any time to do so. The right to restrict processing applies in the following cases:

  • If you contest the accuracy of your personal data stored with me, I usually need time to verify this. For the duration of the verification process, you have the right to request the restriction of processing of your personal data.
  • If the processing of your personal data was or is unlawful, you may request the restriction of data processing instead of erasure.
  • If I no longer need your personal data, but you need it for the establishment, exercise or defense of legal claims, you have the right to request restriction of processing instead of erasure.
  • If you have objected pursuant to Article 21(1) GDPR, a balance must be made between your interests and mine. As long as it is not yet clear whose interests prevail, you have the right to request the restriction of processing of your personal data.
  • If you have restricted the processing of your personal data, such data – apart from being stored – may only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.

SSL or TLS Encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries you send to me as the site operator. You can recognize an encrypted connection by the browser’s address line changing from "http://" to "https://" and by the lock icon in your browser bar. When SSL or TLS encryption is activated, the data you transmit to me cannot be read by third parties.

Objection to Promotional Emails

The use of contact data published within the scope of the legal notice obligation for the purpose of sending unsolicited advertising and informational material is hereby expressly prohibited. The operator of this website expressly reserves the right to take legal action in the event of the unsolicited sending of promotional information, such as spam emails.

4. Other Data Collection on This Website (by Third Parties)

Use of WordPress

My website uses the content management system (CMS) WordPress, which processes data in order to manage and publish content. In doing so, technical data such as IP addresses and log data is collected to ensure the security and functionality of the website. I also use Dashicons on my website, which are part of the WordPress software. These icons are used to display certain graphic elements. When the icons are loaded, connection data such as your IP address may be transmitted to WordPress servers. The processing of this data is carried out in accordance with the WordPress privacy policy (https://wordpress.org/about/privacy/).

Use of Elementor Pro

My website uses Elementor Pro, a plugin for designing and customizing web pages. Elementor Pro stores and processes technical data such as IP addresses and usage information in order to ensure the functionality and user-friendliness of the website. For more information about data processing by Elementor Pro, please refer to Elementor’s privacy policy at https://elementor.com/about/privacy/.

Use of Polylang

I use the WordPress plugin Polylang on my website to offer content in multiple languages. Polylang operates exclusively on my local server and does not use cookies for tracking purposes. No personal data is transmitted to third parties through this plugin. Language selection is either determined automatically based on the browser language or manually by you – in either case, no personal data is stored or transmitted.

Use of Google Translate

To provide additional translation of my content, I offer the option to use Google Translate. This service is provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. If you activate Google Translate, it is possible that data such as your IP address may be transmitted to Google servers in the United States. I would like to point out that the USA does not provide a level of data protection equivalent to that of the EU. Use of this service is voluntary. Further information can be found in Google’s privacy policy (https://policies.google.com/privacy).

Protection Against Spam Messages

To prevent misuse of my online forms and to ensure the security of my website, I implement technical measures for spam detection. These measures automatically analyze specific input patterns (e.g. filling out invisible fields) to block unwanted or automated submissions. No personal data is transmitted to third parties, and no user profiles are created. The processing is based on my legitimate interest in ensuring the functionality and security of my website in accordance with Art. 6(1)(f) GDPR.

Cookies

My website uses so-called “cookies.” Cookies are small data packages that do not harm your device. They are either stored temporarily for the duration of a session (session cookies) or permanently (persistent cookies) on your device. Session cookies are automatically deleted after your visit ends. Persistent cookies remain stored on your device until you delete them yourself or they are automatically deleted by your web browser.

Cookies may originate from me (first-party cookies) or from third-party companies (third-party cookies). Third-party cookies allow the integration of certain services provided by third-party companies within websites (e.g., cookies for processing payment services).

Cookies serve various purposes. Many cookies are technically necessary since certain website functions would not work without them (e.g., shopping cart functionality or video display). Other cookies may be used to analyze user behavior or for advertising purposes.

Cookies required to carry out the electronic communication process, to provide certain functions you request (e.g., for the shopping cart function), or to optimize the website (e.g., cookies to measure web audience) are stored on the basis of Art. 6(1)(f) GDPR unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of its services. If consent for the storage of cookies and comparable recognition technologies has been requested, the processing takes place exclusively on the basis of this consent (Art. 6(1)(a) GDPR and § 25(1) TDDDG); the consent can be revoked at any time.

You can configure your browser to notify you about the setting of cookies, to allow cookies only in individual cases, to exclude the acceptance of cookies for specific cases or in general, and to enable the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website.

Details on which cookies and services are used on this website can be found in this privacy policy.

Real Cookie Banner

My website uses the consent management technology Real Cookie Banner to obtain your consent to store certain cookies on your device or to use certain technologies in a manner compliant with data protection law. This technology is provided by devowl.io GmbH, Tannet 12, 94539 Grafling, Germany (“Real Cookie Banner”).

Real Cookie Banner is installed locally on our servers, so no connection to the provider's servers is made. Real Cookie Banner stores a cookie in your browser to associate the given consents or revocations with your session. The data collected in this way will be stored until you request its deletion, delete the Real Cookie Banner cookie yourself, or the purpose for the data storage no longer applies. Mandatory statutory retention obligations remain unaffected.

The use of Real Cookie Banner is intended to obtain the legally required consents for the use of cookies. The legal basis for this is Art. 6(1)(c) GDPR.

Contact Form

If you send me inquiries via the contact form, your details from the inquiry form, including the contact data you provide, will be stored by me for the purpose of processing the inquiry and in case of follow-up questions. I do not pass on this data without your consent.

The processing of this data is based on Art. 6(1)(b) GDPR, if your inquiry is related to the performance of a contract or is necessary for pre-contractual measures. In all other cases, processing is based on my legitimate interest in the effective processing of inquiries directed to me (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR), if this has been requested; the consent can be revoked at any time.

The data you enter in the contact form remains with me until you request its deletion, revoke your consent for storage, or the purpose for data storage no longer applies (e.g., after the processing of your inquiry has been completed). Mandatory legal provisions – in particular retention periods – remain unaffected.

Use of Cloud Services to Process Personal Data

I use Office 365, a service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA, to process and store customer data. Personal data such as contact details, communication content, and documents are processed in this context. The use of Office 365 is based on fulfilling my contractual obligations as well as my legitimate interest in efficient and secure management of customer data in accordance with Art. 6(1)(b) and (f) GDPR.

Transmitting personal data to the USA may occur in the context of using Office 365. Microsoft is committed to compliance with the EU Standard Contractual Clauses to ensure an adequate level of data protection. Further information on data processing by Microsoft can be found at https://privacy.microsoft.com/privacystatement.

5. Audio and Video Conferences

Data Processing

To communicate with my clients, I use online conferencing tools. The tools I use are listed below. When you communicate with me via video or audio conference, your personal data is collected and processed by me and by the provider of the respective conferencing tool.

These tools collect all the data you provide or use to participate in the meeting (e.g., email address and/or telephone number). In addition, the tools process the duration of the conference, start and end times, number of participants, and other “contextual information” related to the communication (metadata).

The tool provider also processes all technical data necessary for handling the online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system version, client version, camera type, microphone, speaker, and connection type.

If content is exchanged, uploaded, or otherwise made available within the tool, it is also stored on the servers of the tool providers. This content includes, but is not limited to, cloud recordings, chat messages, voicemails, uploaded files, whiteboards, and other shared information.

Please note that I have limited influence over the data processing procedures of the tools used. My options depend largely on the policies of the respective provider. For details on data processing by the conferencing tools, please consult the privacy policies of the respective providers listed below.

Purpose and Legal Basis

The conferencing tools are used to communicate with prospective or existing contractual partners or to offer specific services to my customers (Art. 6(1)(b) GDPR). In addition, their use serves the general simplification and acceleration of communication with me and my company (legitimate interest as per Art. 6(1)(f) GDPR). If consent was requested, the tools are used based on this consent; the consent may be withdrawn at any time with effect for the future.

Retention Period

The data directly collected by me via the video and conferencing tools is deleted from my systems as soon as you request deletion, withdraw your consent for storage, or the purpose for data storage no longer applies. Cookies remain on your device until you delete them. Statutory retention obligations remain unaffected. I have no control over the storage duration of your data retained by the tool providers for their own purposes. For details, please contact the tool providers directly.

Tools Used

I use Microsoft Teams. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. You can find details on data processing in the Microsoft Teams privacy policy: https://privacy.microsoft.com/privacystatement. The company is certified under the “EU-US Data Privacy Framework” (DPF), an agreement between the EU and the USA ensuring compliance with European data protection standards for data processing in the US. Companies certified under this framework commit to adhering to these standards. More information can be found here: Data Privacy Framework Listing.

6. External Links

My website contains links to external social networks such as LinkedIn and potentially to websites of other third-party providers. Additionally, my website may offer PDF documents for download, which may include links to external third-party websites. If you follow such a link, you leave my website and are redirected to the respective website of the social network or third-party provider. Please note that I have no control over the content and data protection practices of those external websites, and I assume no responsibility for them or for the security and confidentiality of your data on such websites. The data protection policies of the respective third-party providers apply to data processing on those websites.