The following information is intended to provide you with an overview of the processing of your personal data by hillpoint partners GmbH and your rights under data protection law. Which data is processed in detail and how it is used depends largely on your relationship with us, whether as a client, applicant, employee, website visitor or other data subject. For this reason, not all parts of this information will apply to you.
For reasons of better readability, we use the masculine form (generic masculine), e.g. "client". We always mean all genders in the sense of equal treatment. The abbreviated language form is used for editorial reasons and is non-judgmental.
WHO IS RESPONSIBLE FOR DATA PROCESSING AND WHO CAN I CONTACT?
Verantwortlich ist:
Florian Hoffmann
hillpoint partners GmbH
Brienner Str. 1
80333 Munich
ffh@hillpoint.de
WHAT DATA AND SOURCES DO WE USE?
We process personal data that we receive from our clients as part of our business relationship and from our applicants and employees, from visitors to our website or other data subjects for the purpose of establishing or implementing employment relationships. In addition, we process - to the extent necessary for the provision of our services - personal data that we legitimately obtain from publicly accessible sources (e.g. commercial and company registers, land registers, press, Internet) or that are legitimately transmitted to us by third parties (e.g. a credit agency).
Relevant personal data are personal details (name, address and other contact data, date and place of birth and nationality) and identification data (e.g. ID card data). In addition, this may also include order data (e.g. from our order letter), data from the fulfillment of our contractual obligations (e.g. from our payment transactions), documentation data (e.g. consultation protocol) and other data comparable to the categories mentioned.
WHAT DO WE PROCESS YOUR DATA FOR AND ON WHAT LEGAL BASIS?
We process personal data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
(1) IN THE CONTEXT OF THE EMPLOYMENT RELATIONSHIP (ART. 26 PARA. 1 SENTENCE 1 GDPR)
We process the personal data of our employees to establish, implement and terminate the respective employment relationship.
(2) ON THE BASIS OF CONSENT (ART. 6 PARA. 1 SENTENCE 1 (A) GDPR)
If you have given us your consent to process personal data for specific purposes (e.g. contacting you, sending newsletters, registering for events, etc.), this processing is lawful on the basis of your consent. You can withdraw your consent at any time. This also applies to the revocation of declarations of consent that were given to us before the GDPR came into force, i.e. before May 25, 2018. The withdrawal of consent is only effective for the future and does not affect the legality of the data processed until the withdrawal.
(3) FOR THE FULFILLMENT OF (PRE)CONTRACTUAL OBLIGATIONS (ART. 6 PARA. 1 SENTENCE 1 (B) GDPR)
The processing of personal data of our business partners takes place for the provision of our services in the context of the execution of our contracts with our business partners or for the implementation of pre-contractual measures, which take place upon request. Further details on the data processing purposes can be found in the relevant contractual documents and terms and conditions.
(4) DUE TO LEGAL OBLIGATIONS (ART. 6 PARA. 1 SENTENCE 1 (C) GDPR)
We are also subject to various legal obligations (e.g. from the German Commercial Code, German Stock Corporation Act, Securities Trading Act, Money Laundering Act, tax laws). The purposes of processing include the identification obligation for the prevention of money laundering, the obligation to create and store reference files and the fulfillment of reporting obligations under tax law.
(5) ON THE BASIS OF A BALANCING OF INTERESTS (ART. 6 PARA. 1 SENTENCE 1 (F) GDPR)
If necessary, we process your data beyond the above-mentioned purposes to protect our legitimate interests, in particular for
WHO RECEIVES MY DATA?
At hillpoint partners GmbH, access to your data is granted to those persons who need it to fulfill our contractual and legal obligations. Service providers used by us outside our company (in particular freelancers and IT service providers) and vicarious agents may also receive data for these purposes and are contractually obliged to maintain confidentiality and comply with data protection regulations in this regard. If the requirements for this are met, we also conclude order processing contracts with our service providers. Other data recipients may be those entities for which you have given us your consent to transfer data or to which we are authorized to transfer personal data on the basis of a balancing of interests.
IS DATA TRANSFERRED TO A THIRD COUNTRY?
In principle, data is not transferred to bodies in countries outside the European Union (so-called third countries) unless
HOW LONG WILL MY DATA BE STORED?
We process and store your personal data for as long as this is necessary for the fulfillment of our contractual and legal obligations.
If the data is no longer required for the fulfillment of contractual or legal obligations, it is regularly deleted, unless you have given your express consent to longer processing or its (temporary) further processing is necessary for the following purposes:
WHAT DATA PROTECTION RIGHTS DO I HAVE?
Every data subject has the
The restrictions under Sections 34 and 35 BDSG apply to the right to information and the right to erasure. In addition, there is a right to lodge a complaint with a competent data protection supervisory authority in accordance with Art. 77 GDPR in conjunction with § SECTION 19 BDSG. The data protection supervisory authority responsible for hillpoint partners GmbH is the Bavarian State Commissioner for Data Protection. This can be reached at the following contact details
Der Bayerische Landesbeauftragte für den Datenschutz (BayLfD), Wagmüllerstraße 18, 80538 Munich, poststelle@datenschutz-bayern.de, Tel: +49 89 212672 0.
You can withdraw your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent given to hillpoint partners GmbH before the GDPR came into force, i.e. before May 25, 2018. Please note that the revocation only takes effect for the future. Processing that took place before the revocation is not affected.
HOW IS THE RIGHT TO OBJECT IN ACCORDANCE WITH ART. 21 GDPR?
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on a weighing of interests (Art. 6 para. 1 sentence 1 lit. f GDPR); this also applies to profiling based on this provision within the meaning of Art. 4 no. 4 GDPR. In so-called "profiling", we process your data partly automatically with the aim of evaluating certain personal aspects, for example in order to be able to inform and advise you about our products and services in a targeted manner. This enables us to provide needs-based communication, advertising and market research.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.
In individual cases, we process your personal data for direct marketing purposes. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.
If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.
The objection can be made informally with the subject "Objection", stating your name, address and date of birth, and should be addressed to our controller (see above).
AM I OBLIGED TO PROVIDE DATA?
As part of your business relationship with hillpoint partners GmbH, you must provide the personal data that is necessary for the establishment, execution and termination of a business relationship and for the fulfillment of the associated contractual obligations or that we are legally obliged to collect. Without this data, we will generally not be able to conclude, execute and terminate a contract with you.
In particular, we are obliged under money laundering regulations to identify you using your identity document before establishing the business relationship and to collect and record your name, place of birth, date of birth, nationality, address and identification data (see Section 11 (1), (4) of the Money Laundering Act). To enable us to comply with this legal obligation, you must provide us with the necessary information and documents in accordance with the Money Laundering Act and notify us immediately of any changes that arise in the course of the business relationship. If you do not provide us with the necessary information and documents, we may not enter into or continue the business relationship you have requested.
TO WHAT EXTENT DOES AUTOMATED DECISION-MAKING OR PROFILING TAKE PLACE?
hillpoint partners GmbH does not use fully automated decision-making in accordance with Art. 22 GDPR to establish and conduct business relationships.
We process your data partially automatically with the aim of evaluating certain personal aspects (so-called profiling), for example to inform and advise you about our products and services in a targeted manner. This enables us to provide needs-based communication, advertising and market research.
WHAT DATA IS COLLECTED, PROCESSED OR USED FOR WHAT PURPOSE ON THE HILLPOINT PARTNERS GMBH WEBSITE?
(1) LOGGING
The hillpoint partners GmbH website collects a range of general data and information each time it is accessed. This general data and information is stored in the server log files. The following can be recorded
When using these general data and information, the hillpoint partners GmbH does not draw any conclusions about the data subject. Rather, this information is required in order to
Therefore, the hillpoint partners GmbH analyzes anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.
(2) LOGIN DATA
In order to contact you as offered on our website, to send you newsletters, etc., we ask for your name, address and e-mail address via a form-based input mask. By entering your data, you give us your consent to store the data and use it for the above-mentioned purpose. You can revoke your consent at any time.
(3) CONTACT FORM AND CONTACT BY E-MAIL
You can contact us via a form provided on our website or by e-mail. The data you provide (in particular your e-mail address, your first and last name and the text of your request as well as any other information you have provided in the contact form or by e-mail) will be stored by us when you contact us in order to process your request and answer your inquiry. The data processing is justified in accordance with Art. 6 para. 1 lit. f) GDPR. We have an interest in contacting you via the website in order to respond to your request. Insofar as your request is aimed at the fulfillment of a contractual or pre-contractual measure with you as a natural person, Art. 6 para. 1 lit. b) GDPR is the legal basis for data processing. The data collected in the context of your enquiry/contact will be deleted by us as soon as it is no longer required for the processing of your inquiry. Insofar as statutory retention obligations exist, the data will be stored for the duration of the statutory retention obligation. The use of the contact form is completely voluntary for you.
(4) GOVERNING LAW
This data protection policy is a voluntary courtesy translation provided to the viewer. In any dispute the German original version of this policy shall prevail.