I. Controller
The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection provisions is:
HILDERTS Interim Management & Management Consulting
Frank Hilderts
Holsteinische Straße 7
D-10717 Berlin, Germany
Phone: +49 (0) 172 – 16 55 601
E-mail: Frank.Hilderts@Hilderts.de
II. General information on data processing
1. Scope
I process personal data of users only to the extent necessary to provide a functional website and my content and services. Processing generally takes place only with the user's consent, except where prior consent cannot be obtained for factual reasons and the processing is permitted by law.
2. Legal basis
The legal basis is Art. 6 (1) (a) GDPR for consent, Art. 6 (1) (b) GDPR for the performance of a contract or pre-contractual measures, Art. 6 (1) (c) GDPR for compliance with a legal obligation, and Art. 6 (1) (f) GDPR for safeguarding legitimate interests, provided the interests, fundamental rights and freedoms of the data subject do not prevail.
3. Erasure and storage period
Personal data is erased or blocked as soon as the purpose of storage ceases to apply. Storage beyond this only occurs where provided for by European or national regulations to which the controller is subject.
III. Provision of the website and log files
Each time the website is accessed, the system automatically collects data from the accessing device: browser type and version, operating system, internet service provider, IP address, date and time of access, and the websites visited before and after. The legal basis is Art. 6 (1) (f) GDPR. Temporary storage of the IP address is required to deliver the website; the data is also stored to ensure functionality and security. No marketing analysis takes place in this context. Log files are deleted or anonymised after seven days at the latest.
IV. Cookies
This website uses only technically necessary cookies to ensure functionality (e.g. storing the confirmation of the privacy notice). No third-party marketing or tracking cookies are set for advertising purposes. The legal basis for technically necessary cookies is Art. 6 (1) (f) GDPR and Section 25 (2) TDDDG. You can disable or restrict the storage of cookies in your browser settings; cookies already stored can be deleted at any time.
V. Web analytics / statistics
To improve my offering, I use privacy-compliant, anonymised analytics ({{ANALYTICS}}). Only pseudonymised or anonymised usage data is recorded (e.g. page views, referrer, PDF downloads). No merging with other personal data takes place. The legal basis is Art. 6 (1) (f) GDPR (legitimate interest in analysing and optimising the offering).
VI. Contact by e-mail and phone
This website has no contact form. Contact is made via the e-mail address provided or by phone. When you contact me by e-mail, the personal data transmitted is stored and used solely to process the conversation. No disclosure to third parties takes place. The legal basis is Art. 6 (1) (f) GDPR or, where the contact is aimed at concluding a contract, Art. 6 (1) (b) GDPR. The data is deleted once the respective conversation has ended and the matter has been conclusively clarified.
VII. Scheduling and communication via Microsoft services
For online scheduling, Microsoft Bookings is embedded; for ad-hoc communication, Microsoft Teams and, for a non-disclosure agreement, Microsoft Forms may be used (Microsoft Ireland Operations Ltd.). When using these services, the data you enter (e.g. name, e-mail, requested appointment) is transmitted to and processed by Microsoft. The legal basis is Art. 6 (1) (b) and (f) GDPR. Microsoft's privacy statement applies in addition: privacy.microsoft.com.
VIII. Embedding of third-party content (video, fonts)
On the basis of my legitimate interests (Art. 6 (1) (f) GDPR), I embed third-party content. This requires the third-party providers to perceive the user's IP address, as they could not deliver the content without it.
Video: The introduction video is provided via {{VIDEO-HOST}} and is only loaded after you actively click the preview image (“two-click solution”); no data is transmitted to the video provider before that click.
Fonts: This website loads fonts via Google Fonts (Google Ireland Ltd.). The IP address is transmitted to Google. (Note: not applicable once the fonts are hosted locally — then delete this paragraph.)
LinkedIn: The website contains links to my LinkedIn profile. Merely placing a link does not transmit any personal data to LinkedIn; this only happens when you actively click the link.
IX. Rights of the data subject
If your personal data is processed, you are a data subject within the meaning of the GDPR and have the following rights vis-à-vis the controller: right of access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20) and a right to object (Art. 21). You may withdraw any consent given at any time with effect for the future (Art. 7 (3)).
You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR), in particular in the Member State of your residence, place of work or place of the alleged infringement. The authority responsible for Berlin is the Berlin Commissioner for Data Protection and Freedom of Information.
There is no automated decision-making — including profiling — that produces legal effects concerning you.
Copyright © Frank Hilderts. All rights reserved.