Mandat’s privacy notices are based on the terminology used by the European regulators when the General Data Protection Regulation (GDPR) was adopted. Our privacy notices are designed to be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we wish to explain the terms we use in advance.
We use the following terms, among others, in this privacy notice:
- Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, on-line identifier, or to one or more special characteristics specific to the physical, physiological, genetic, mental, commercial or cultural or social identity of that natural person.
- Data subject means any identified or identifiable natural person whose personal data are processed by the controller.
- Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.
- The controller or person in control of processing means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
- Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
- Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
- Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
- Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Name and Contact Details of the Controller
The controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is:
Mandat Managementberatung GmbH
Tel.: 0231 9742-390
Prof. Dr. Guido Quelle (Chairman), Fabian Vollberg, Linda Vollberg
You have the right to request information about the personal data stored by us free of charge and/or to demand correction, blocking or deletion. Exceptions: data subject to the prescribed data storage for business purposes or data subject to the statutory retention obligation.
In order to accommodate data blocking at any time, it is necessary to keep the data in a blocked file for control purposes. If there is no legal archiving obligation, you can also request that the data be deleted. Otherwise, we will block the data if you so wish.
You have the right to object at any time to the processing of your personal data carried out on the basis of our legitimate interests. In the event of an objection, Mandat will no longer process your personal data for the purposes of our legitimate interests, including direct marketing.
Furthermore, you have the right to revoke your consent to the processing of personal data at any time and free of charge. This revocation can be made by telephone, or directly on our website via the corresponding link in every newsletter, by e-mail to firstname.lastname@example.org. We will then discontinue processing based on the consent up to this point.
We will process your request immediately and are obligated to honor your request no later than one month after receiving it.
If you believe that the processing of your data violates data protection law or your data protection rights have otherwise been violated in any way, you may lodge a complaint with the supervisory authority responsible:
Landesbeauftragte für Datenschutz und Informationsfreiheit
Postfach 20 04 44
Purposes and Legal Basis of Processing Activity
Processing Orders in the Web Shop
If you order items in the web shop, we need your personal data. For the purpose of order processing, we collect and process your name and address (in the case of physical products such as books) or your name and e-mail (in the case of non-physical products such as white papers). The legal basis for this is the necessity to fulfill the contract in accordance with art. 6 para. 1 lit. b) GDPR.
In principle, the data is not passed on to third parties, unless this is necessary to fulfill the above-mentioned purposes. For example, a parcel service provider could be such a company, which also uses the personal data exclusively for the fulfillment of the above-mentioned purpose.
Contact Initiated by the Data Subject
If you contact Mandat via e-mail, the contact form on the website or via social media with Mandat, we will store the information you provide for the purpose of processing your request and for possible follow-up questions. The legal basis for this is our legitimate interest according to art. 6 para. 1 lit. f) GDPR – namely the continuation of the dialogue initiated by you. This personal data will not be passed on to third parties.
Newsletter and Dialogue
On the Mandat website, users are offered the opportunity to subscribe to newsletters. For this purpose we need your e-mail address. You can only receive the newsletters if you explicitly agree to receive them. For this purpose, a confirmation e-mail will be sent to the registered e-mail address. This confirmation mail is used to check whether you, as the owner of the e-mail address, authorize the receipt of the newsletter (double opt-in).
We use the personal data you provide us to send our newsletters with ideas for “profitable growth” by e-mail and for the purpose of relationship management and direct marketing by e-mail, postal mail or telephone. The legal basis for this is your consent in accordance with art. 6 para. 1 lit. a) GDPR.
You can revoke your consent to store and process this data for this purpose at any time. You can find a corresponding link in every newsletter. In addition, you can also contact email@example.com or unsubscribe from the newsletter directly on our website.
In principle, the data will not be passed on to third parties, unless this is necessary to fulfill the above-mentioned purposes. For example, this might be a parcel service provider, which also uses the personal data exclusively for the fulfillment of the above-mentioned purpose.
Dialogue After the Purchase of Our Products and Services
If we receive your personal data in connection with the sale of a product or service and you have not objected to this, we will process the data for the purpose of customer relations management and direct advertising by e-mail, postal mail or telephone for offers that are similar to the product or service you have already purchased. The legal basis for this is sec. 7 para. 3 UWG (German Act against Unfair Competition). You will be informed of this processing upon purchase or commissioning. You can object to this use of your contact data at any time and free of charge by sending a message to the contact option described or via a link provided for this purpose in the e-mail.
Contact by Mandat
For the purpose of initiating dialogue with new contacts and expanding our network, we take the initiative to contact our primary contact persons. The channel through which this contact is established also depends on the contact data available to us (post, e-mail, or telephone). In doing so, we make use of publicly available data (e.g. in the legal notice).
The legal basis for this is our legitimate interest in developing business in accordance with art. 6 para. 1 lit. f) GDPR. Data subjects can reasonably expect their public personal data to be processed. We safeguard the interest of the target group, if possible, in not receiving uninteresting or unsuitable advertisements/offers by addressing them in a very targeted manner.
Administration and Office Management
We process data in the context of administrative tasks as well as for the organization of our business (e.g. e-mail traffic, calendar maintenance), financial accounting and for compliance with legal obligations (e.g. reporting to authorities). In this connection, we process the same data that we process in the context of providing our contractual services, for the purpose of maintaining our business activities, performing our tasks and providing our services.
The legal basis for this is the necessity to fulfill the contract in accordance with art. 6 para. 1 lit. b) GDPR and our legal obligation in accordance with art. 6 para. 1 lit. c) GDPR.
For the purpose of expanding our business, we conduct public relations work. In doing so, we may process personal data such as names and photos.
The legal basis for this is the consent of the data subjects pursuant to art. 6 para. 1 lit. a) GDPR or – if the data has been published by the data subject himself/herself (art. 9 para. 2 lit. e) GDPR) – our legitimate interest pursuant to art. 6 para. 1 lit. f) GDPR.
Mandat collects and processes the personal data of applicants for the purpose of processing the application procedure. If Mandat concludes an employment contract with an applicant, the data transferred is processed for the purpose of administering the employment relationship in accordance with statutory regulations. The legal basis for this is the implementation of pre-contractual actions in accordance with art. 6 para. 1 lit. b) GDPR. If no employment contract is concluded with the applicant, the application documents will be deleted two months after notification of the decision to decline the application, provided there are no other legitimate interests on the part of Mandat. Other legitimate interests in this sense include, for example, a duty of proof in proceedings under the General Act on Equal Treatment (AGG).
Detailed Information About the Website
Collection of General Data and Information
When you access our website, the website provider automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are: Browser type/browser version, operating system used, referrer URL (the page from which you accessed our website), host name of the accessing computer, time of the server request and IP address.
We cannot associate this data with specific persons. Furthermore, this data is also generated when accessing any other website on the internet. It is therefore not a special function of our website. Without this data it would not technically be possible to deliver and display the contents of the website in their entirety. To that extent, their collection is absolutely necessary. We also reserve the right to check the server log files retrospectively if we suspect an illegal use of our services.
Anonymous server log file data is stored separately from all personal data provided by a data subject.
Most of the cookies we use are so-called “session cookies”. They are automatically deleted at the end of your visit. Other cookies are stored on your device until you delete them. These cookies enable us to recognize your browser on your next visit.
You are free to decide whether your browser allows cookies or not. Please note that the functionality of websites may be limited or even disabled if cookies are not allowed. Furthermore, cookies that have already been stored can be deleted at any time via an web browser or other software programs. This is possible in all common web browsers.
We do not pass this data to third parties or link it to other personal data without your consent.
Cookie Consent with Borlabs Cookie
Our website uses the Borlabs cookie consent technology to obtain your consent to the storage of certain cookies in your browser and for their data privacy protection compliant documentation. The provider of this technology is Borlabs – Benjamin A. Bornschein, Georg-Wilhelm-Str. 17, 21107 Hamburg, Germany (hereinafter referred to as Borlabs).
Whenever you visit our website, a Borlabs cookie will be stored in your browser, which archives any declarations or revocations of consent you have entered. These data are not shared with the provider of the Borlabs technology.
The recorded data shall remain archived until you ask us to eradicate them, delete the Borlabs cookie on your own or the purpose of storing the data no longer exists. This shall be without prejudice to any retention obligations mandated by law. To review the details of Borlabs’ data processing policies, please visit https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/
Mandat has also embedded videos from YouTube on its website.
YouTube is operated by YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. Further information can be found on the YouTube legal notice at https://www.youtube.com/t/impressum?hl=de&gl=DE.
In order for these videos to be called up and displayed on your browser, it is absolutely necessary to transmit the IP address. YouTube therefore receives your IP address.
Mandat has integrated components of Twitter on its website. The short messages disseminated via Twitter can be accessed by anyone, including people who are not registered with Twitter.
Twitter is operated by Twitter, Inc. Further information can be found in the legal notice at https://legal.twitter.com/imprint.
If you use the Twitter function on our websites, the websites you visit will be linked to your Twitter account and, where applicable, made known to other users. This also involves the transfer of data to Twitter.
Payment Through PayPal
Mandat has integrated components of PayPal into its website.
The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. Further information can be found in its legal notice at https://www.paypal.com/de/webapps/mpp/imprint.
If you select “PayPal” as payment option during the ordering process in our web shop, your data will be automatically transmitted to PayPal. By selecting this payment option, you agree to the transmission of personal data required for payment processing.
The personal data transmitted to PayPal is generally the data necessary for payment processing and is related to the respective order.
The transmission of the data is intended for payment processing and fraud prevention. Mandat transmits personal data to PayPal in particular when there is a legitimate interest for the transmission. The personal data exchanged between PayPal and Mandat may be transmitted by PayPal to credit agencies. The purpose of this transmission is to check identity and creditworthiness.
PayPal may share personal information with affiliates and service providers or subcontractors as necessary to fulfill contractual obligations or to process the data on behalf of PayPal.
You have the option of withdrawing your consent to PayPal to handle personal data at any time. Revocation of consent does not affect personal data that must be processed, used or transmitted for the contractual handling of payments.
This website uses functions of the web analysis service Google Analytics. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google Analytics uses so-called cookies. These are text files which are stored on your computer and which enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there.
The storage of Google Analytics cookies is based on art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the analysis of user behavior in order to optimize both its website and its advertising.
We have activated the IP anonymization function on this website. As a result, your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before it is transmitted to the USA. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. On behalf of the operator of this website, Google uses this information to evaluate your use of the website, to compile reports on website activities and to provide further services to the website operator in connection with website and internet use. The IP address transmitted by your browser in the context of Google Analytics is not merged with other data from Google.
You can prevent the storage of cookies via your browser software settings; however, we would like to point out that, if cookies are blocked, you may not be able to use all functions of this website to their full extent. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and Google’s processing of this data by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
Objection to Data Collection
You can prevent Google Analytics from collecting your data by clicking on the following link. An opt-out cookie will then be set to prevent the collection of your information on future visits to this site: disable Google Analytics.
Commissioned Data Processing
We have concluded a contract with Google commissioning it to process data and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
Storage Duration and Deletion
We comply with the principles of data avoidance and data economy. We therefore only store your personal data for as long as is necessary to fulfill the intended purposes or as required by the various storage periods prescribed by law. After the respective purpose has ceased to apply or once these periods have expired, the corresponding data is routinely blocked or deleted in accordance with the statutory provisions.