data (usually referred to just as "data" below) will only be
processed by us to the extent necessary and for the purpose of providing a
functional and user-friendly website, including its contents, and the services
Per Art. 4 No. 1 of Regulation (EU) 2016/679, i.e. the General Data Protection Regulation (hereinafter referred to as the "GDPR"), "processing" refers to any operation or set of operations such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, or combination, restriction, erasure, or destruction performed on personal data, whether by automated means or not.
Information about us as controllers of your data
II. The rights of users and data subjects
III. Information about the data processing
I. Information about us as controllers of your data
The party responsible for this website (the "controller") for purposes of data protection law is:
Dr. Heimeier & Partner Management- und Personalberatung GmbH
Telefon: 0711 78076-0
The controller's data protection officer is available via:
Dr. Heimeier & Partner
Management- und Personalberatung GmbH
Telefon: 0711 78076-0
II. The rights of users and data subjects
With regard to the data processing to be described in more detail below, users and data subjects have the right
- to confirmation of whether data concerning them is being processed, information about the data being processed, further information about the nature of the data processing, and copies of the data (cf. also Art. 15 GDPR);
- to correct or complete incorrect or incomplete data (cf. also Art. 16 GDPR);
- to the immediate deletion of data concerning them (cf. also Art. 17 DSGVO), or, alternatively, if further processing is necessary as stipulated in Art. 17 Para. 3 GDPR, to restrict said processing per Art. 18 GDPR;
- to receive copies of the data concerning them and/or provided by them and to have the same transmitted to other providers/controllers (cf. also Art. 20 GDPR);
- to file complaints with the supervisory authority if they believe that data concerning them is being processed by the controller in breach of data protection provisions (see also Art. 77 GDPR).
In addition, the controller is obliged to inform all recipients to whom it discloses data of any such corrections, deletions, or restrictions placed on processing the same per Art. 16, 17 Para. 1, 18 GDPR. However, this obligation does not apply if such notification is impossible or involves a disproportionate effort. Nevertheless, users have a right to information about these recipients.
Likewise, under Art. 21 GDPR, users and data subjects have the right to object to the controller's future processing of their data pursuant to Art. 6 Para. 1 lit. f) GDPR. In particular, an objection to data processing for the purpose of direct advertising is permissible.
III. Information about the data processing
Your data processed when using our website will be deleted or blocked as soon as the purpose for its storage ceases to apply, provided the deletion of the same is not in breach of any statutory storage obligations or unless otherwise stipulated below.
For technical reasons, the following data sent by your internet browser to us or to our server provider will be collected, especially to ensure a secure and stable website: These server log files record the type and version of your browser, operating system, the website from which you came (referrer URL), the webpages on our site visited, the date and time of your visit, as well as the IP address from which you visited our site.
The data thus collected will be temporarily stored, but not in association with any other of your data.
The basis for this storage is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in the improvement, stability, functionality, and security of our website.
The data will be deleted within no more than seven days, unless continued storage is required for evidentiary purposes. In which case, all or part of the data will be excluded from deletion until the investigation of the relevant incident is finally resolved.
Use and disclosure of personal data
Insofar as the user of our website has provided personal data or personal data was freely available to us by collecting it from the Internet, specialist articles or other publications (active sourcing), we use these data to carry out personnel consulting assignments and related activities. Insofar as the user of our website has provided personal data to us, we also use the data to answer inquiries from users of the website and / or customers, to process contracts concluded with users of the website and / or customers and for technical administration. In this context, we will collect personal data, keep data in files and save data in a database. Personal data will only be passed or transmitted by us to third parties (in the case of personnel consulting contracts to possible future employers, taking into account any blocking notes) if this is necessary for the purpose of carrying out the application, processing the contract or for billing purposes and / or the applicant and / or the customer has previously consented.
The user of the website and / or customer has the right to revoke any consent, at any time. References will only be addressed with prior consent. There is no automated decision-making or profiling.
As a consulting company, we are contractually commissioned by companies to provide qualified consulting services. In the course of the consulting service, we collect personal data such as first name, last name, email address, office address, telephone number as well as information that is necessary for the processing of the mandate (including correspondence and Invoicing) are necessary.
According to Art. 6 Abs. 1 S. 1 Lit. b DSGVO, data processing is necessary for the purposes mentioned for the appropriate processing of the mandate and for the mutual fulfillment of obligations from the consulting contract.
The customers master data is stored for 10 years, other personal data with tax and commercial law relevance - depending on the constellation and type of document - for six to a maximum of 10 years.
Insofar as it is necessary in accordance with Art. 6 Abs. 1 S. 1 Lit. b DSGVO for processing the consulting service, personal data will be passed on to third parties. A transfer outside the European Union only takes place if there are suitable guarantees in accordance with Art. 46 GDPR, such as
a) Binding corporate rules (Art. 46 Para. 2 lit. b, Art. 47)
b) Standard data protection clauses of the Commission or a supervisory authority (Art. 46 Para. 2 lit. c and d)
c) Approved rules of conduct and approved certification mechanism (Art. 46 Paragraph 2 lit. e and f)
Stored personal data will be deleted if the user of the website and / or customer revokes their consent to storage, if knowledge of them is no longer required to fulfill the purpose for which they were stored or if their storage is not permitted for other legal reasons. Data for billing and accounting purposes are not affected by a request for deletion.
a) Session cookies
This processing makes our website more user-friendly, efficient, and secure, allowing us, for example, to display our website in different languages or to offer a shopping cart function.
The legal basis for such processing is Art. 6 Para. 1 lit. b) GDPR, insofar as these cookies are used to collect data to initiate or process contractual relationships.
If the processing does not serve to initiate or process a contract, our legitimate interest lies in improving the functionality of our website. The legal basis is then Art. 6 Para. 1 lit. f) GDPR.
When you close your browser, these session cookies are deleted.
b) Third-party cookies
Please refer to the following information for details, in particular for the legal basis and purpose of such third-party collection and processing of data collected through cookies.
c) Disabling cookies
If you prevent or restrict the installation of cookies, not all of the functions on our site may be fully usable.
If you contact us via email or the contact form, the data you provide will be used for the purpose of processing your request. We must have this data in order to process and answer your inquiry; otherwise we will not be able to answer it in full or at all.
The legal basis for this data processing is Art. 6 Para. 1 lit. b) GDPR.
Your data will be deleted once we have fully answered your inquiry and there is no further legal obligation to store your data, such as if an order or contract resulted therefrom.
We maintain an online presence on LinkedIn to present our company and our services and to communicate with customers/prospects. LinkedIn is a service of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Irland, a subsidiary of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA.
We would like to point out that this might cause user data to be processed outside the European Union, particularly in the United States. This may increase risks for users that, for example, may make subsequent access to the user data more difficult. We also do not have access to this user data. Access is only available to LinkedIn.
LinkedIn Insight Tag
Within our online offer the so-called LinkedIn Insight tag is used. LinkedIn is a professional network of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. You can find more information about LinkedIn under "Social Media Fan Sites".
The LinkedIn Insight tag allows us to track visits to our website by LinkedIn members. The LinkedIn Insight tag sets cookies that collect the following information: Referrer URL, IP address, device and browser characteristics, timestamp and page view.
This information is encrypted before it is sent to LinkedIn.
This technology allows visitors to this website to receive personalized advertisements on LinkedIn. Accordingly, we use the LinkedIn Insight tag to ensure that the ads we serve are only delivered to LinkedIn users who have expressed interest in our online services.
LinkedIn itself does not
provide us with any personal data, but only anonymous evaluations of the website target group and ad performance.
To advertise our products and services as well as to communicate with interested parties or customers, we have a presence on the Facebook platform.
On this social media platform, we are jointly responsible with Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland.
The data protection officer of Facebook can be reached via this contact form:
We have defined the joint responsibility in an agreement regarding the respective obligations within the meaning of the GDPR. This agreement, which sets out the reciprocal obligations, is available at the following link:
The legal basis for the processing of the resulting and subsequently disclosed personal data is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the analysis, communication, sales, and promotion of our products and services.
The legal basis may also be your consent per Art. 6 para. 1 lit. a GDPR granted to the platform operator. Per Art. 7 para. 3 GDPR, you may revoke this consent with the platform operator at any time with future effect.
When accessing our online presence on the Facebook platform, Facebook Ireland Ltd. as the operator of the platform in the EU will process your data (e.g. personal information, IP address, etc.).
This data of the user is used for statistical information on the use of our company presence on Facebook. Facebook Ireland Ltd. uses this data for market research and advertising purposes as well as for the creation of user profiles. Based on these profiles, Facebook Ireland Ltd. can provide advertising both within and outside of Facebook based on your interests. If you are logged into Facebook at the time you access our site, Facebook Ireland Ltd. will also link this data to your user account.
If you contact us via Facebook, the personal data your provide at that time will be used to process the request. We will delete this data once we have completely responded to your query, unless there are legal obligations to retain the data, such as for subsequent fulfillment of contracts.
Facebook Ireland Ltd. might also set cookies when processing your data.
If you do not agree to this processing, you have the option of preventing the installation of cookies by making the appropriate settings in your browser. Cookies that have already been saved can be deleted at any time. The instructions to do this depend on the browser and system being used. For Flash cookies, the processing cannot be prevented by the settings in your browser, but instead by making the appropriate settings in your Flash player. If you prevent or restrict the installation of cookies, not all of the functions of Facebook may be fully usable.
It cannot be excluded that the processing by Facebook Ireland Ltd. will also take place in the United States by Facebook Inc., 1601 Willow Road, Menlo Park, California 94025.
With the help of the Facebook
pixel, Facebook is able to determine the visitors of our online offer as a
target group for the presentation of ads (so-called "Facebook ads").
Accordingly, we use the Facebook pixel in order to display the Facebook ads
placed by us only to those users on Facebook and within the services of
partners cooperating with Facebook (so-called "Audience Network" https://www.facebook.com/audiencenetwork/ ) who have also shown
an interest in our online offering or exhibit certain characteristics (e.g.
interest in certain topics or products that can be seen from the websites
visited) that we transmit to Facebook (so-called "Custom Audiences").
With the help of the Facebook pixel, we also want to ensure that our Facebook
Ads correspond to the potential interest of users and do not appear to be
annoying. The Facebook pixel allows us to track the effectiveness of Facebook
ads for statistical and market research purposes by seeing whether users have
been directed to our website after clicking on a Facebook ad.
Data types processed: Usage data (e.g., web pages visited, interest in content, access times), meta/communication data (e.g., device information, IP addresses), location data (data indicating the location of an end user's end device), contact data (e.g., email, phone numbers).
Data subjects: Users (e.g., website visitors, users of online services), prospects, customers.
Security measures: IP-Masking (pseudonymization of the IP address).
Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a DSGVO), legitimate interests (Art. 6 para. 1 p. 1 lit. f. DSGVO).
Possibility of objection (Opt-Out): We refer to the data protection information of the respective providers and the possibilities of objection (so-called "Opt-Out") indicated for the providers. If no explicit opt-out option has been specified, it is possible to deactivate cookies in the settings of your browser. However, this may restrict the functions of our online offer. We therefore recommend the following additional opt-out options, which are offered in summary form for the respective areas:
a) Europe: https://www.youronlinechoices.eu
b) Canada: https://www.youradchoices.ca/choices
d) Transnational: https://optout.aboutads.info
We use Google Analytics on our website. This is a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland (hereinafter: Google).
The Google Analytics service is used to analyze how our website is used. The legal basis is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in the analysis, optimization, and economic operation of our site.
Usage and user-related information, such as IP address, place, time, or frequency of your visits to our website will be transmitted to a Google server in the United States and stored there. However, we use Google Analytics with the so-called anonymization function, whereby Google truncates the IP address within the EU or the EEA before it is transmitted to the US.
The data collected in this way is in turn used by Google to provide us with an evaluation of visits to our website and what visitors do once there. This data can also be used to provide other services related to the use of our website and of the internet in general.
Google states that it will not connect your IP address to other data. In addition, Google provides further information with regard to its data protection practices at
including options you can exercise to prevent such use of your data.
In addition, Google offers an opt-out add-on at
We use YouTube on our website. This is a video portal operated by YouTube LLC, 901 Cherry Ave, 94066 San Bruno, CA, USA, hereinafter referred to as "YouTube".
YouTube is a subsidiary of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland, hereinafter referred to as "Google".
We use YouTube in its advanced privacy mode to show you videos. The legal basis is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in improving the quality of our website. According to YouTube, the advanced privacy mode means that the data specified below will only be transmitted to the YouTube server if you actually start a video.
Without this mode, a connection to the YouTube server in the USA will be established as soon as you access any of our webpages on which a YouTube video is embedded.
This connection is required in order to be able to display the respective video on our website within your browser. YouTube will record and process at a minimum your IP address, the date and time the video was displayed, as well as the website you visited. In addition, a connection to the DoubleClick advertising network of Google is established.
If you are logged in to YouTube when you access our site, YouTube will assign the connection information to your YouTube account. To prevent this, you must either log out of YouTube before visiting our site or make the appropriate settings in your YouTube account.
For the purpose of functionality and analysis of usage behavior, YouTube permanently stores cookies on your device via your browser. If you do not agree to this processing, you have the option of preventing the installation of cookies by making the appropriate settings in your browser. Further details can be found in the section about cookies above.
Liability for links
Our offer contains links to external third-party websites. We have no influence on that external content. Therefore we cannot accept any liability for this external content. The respective provider or operator of the pages is always responsible for the content of the linked pages. The linked pages were checked for possible legal violations at the time they were linked. No illegal content was found at the time the link was created.
Permanent monitoring of the content of the linked pages is not reasonable without concrete evidence of a violation of the law. If we become aware of legal violations, we will remove such links immediately.
The content on our pages created by the website operator are subject to German copyright law. The reproduction, processing, distribution and any kind of exploitation outside the limits of copyright require the written consent of the respective author or creator. Downloads and copies of this website are only permitted for private, non-commercial use.
Insofar as the content on this site was not created by the operator, the copyrights of third parties are observed. In particular contents of third parties are marked as such. Should you nevertheless become aware of a copyright infringement, we would ask you to notify us accordingly. As soon as we become aware of legal violations, we will remove such content immediately.
The European Commission provides a platform for online dispute resolution (OS):
You can find our e-mail address in the legal notice.
We are neither willing nor obliged to take part in dispute settlement proceedings discussed in a consumer arbitration board.
Sample data protection declaration from the law firm Weiß & Partner