We are grateful for your visit to the web site of the BVO Consult GmbH (hereafter also referred to as “we” or “us”). In the following we will inform you about the processing of your personal data (hereinafter also referred to as “data”), if you are using this website.
Personal data is any information that relates to an identified or identifiable person, such as your name, address and email address.
We process personal data in accordance statutory provisions, in particular the EU General Data Protection Regulation (“GDPR”) and the Federal Data protection Act (“BDSG”).

1. General provisions

1.1. Name and contact data of the controller
The controller for the purpose of the General Data Protection Regulation (GDPR), and the service provider for the purpose of the German Telemedia Act (Telemediengesetz; TMG), is

BVO Consult GmbH
Esplanade 40
20354 Hamburg
Germany
0049 40 5330 1944 0
info@bvoconsult.com

1.2. Rights of the data subject

1.2.1. Access, rectification, erasure, restriction of processing, and data portability
Under the GDPR, you are among others entitled to the following rights:

Art. 15 GDPR: Data subject’s right of access
You have the right to obtain as to whether or not personal data concerning you are being processed by us.

Art. 16 GDPR: Right to rectification
You may demand that inaccurate data concerning you be rectified and incomplete data completed.

Art. 17 GDPR: Right to erasure
Under the conditions of Art. 17 GDPR, you are entitled that your personal data be erased. Your claim to erasure depends, among other things, on whether we still need the data concerning you to fulfil our contractual and legal obligations.

Art. 18 GDPR: Right to restriction of processing
Under the conditions of Art. 18 GDPR, you have the right to obtain the restriction of the processing of your personal data.

Art. 20 GDPR: Right to data portability
Under the conditions of Art. 20 GDPR, you may demand that the personal data you have disclosed be provided to you, or transmitted to another controller, in a structured, commonly used and machine-readable format.

1.2.2. Revocation of consent
If you have consented to the processing of your data, you can withdraw your consent at any time. Doing so will affect only the lawfulness of the processing of your personal data that occurs after you have notified us of such withdrawal. Moreover, the lawfulness of any processing of the data on other legal bases will not be affected. Where your consent was the sole basis for the processing of your data, and in particular, where we do not have a legitimate interest in the processing of your data under Art. 6 (1) (f) GDPR, we will erase the data without undue delay when you withdraw your consent.

1.2.3. Objection to specific processing under Art. 21 GDPR
If we support the processing of your personal data for the purposes of legitimate interests (Art. 6 (1) (e or f) GDPR), you may lodge an objection against that processing for grounds relating to your particular situation. This is the case, in particular, if the processing is not required for the performance of a contract with you, which is described by us in each case in the following. When you make such an objection, we are asking you to state the reasons why you no longer allow us to process your personal data as we have done before. In case you provide a reason for your objection, we will review the situation and either stop or modify the processing of your data, or we will demonstrate compelling legitimate grounds of which we will continue processing your data.

1.2.4. Right to lodge a complaint with a supervisory authority
You have the right to complain to the regulatory authority if you consider that your data has been processed illegally. The address for our competent supervisory authority is: The Hamburg Commissioner for Data Protection and Freedom of Information, Ludwig-Erhard-Str 22, 7. OG.

1.3. Recipient
We sometimes use external service providers to process your data. Those service providers have been carefully selected and appointed by us, are bound by our instructions, and are supervised periodically. This can entail the following categories of recipients: IT service providers.

1.4. Transmission to third countries
We do not intend to transmit your personal data to countries outside the European Union, but do not rule this out (provided it is lawful).

1.5. Storage duration
We shall erase your personal data as soon as the reason for their storage no longer applies.
We may also store data if provided for by the European or national legislator in EU regulations, national laws, or other provisions by which we are governed. Exceptions to the principle of erasure after achievement of purpose can arise, for example, from the provisions of the GDPR and of federal German law, especially the BDSG. For example, no erasure will occur as long as retention obligations exist under commercial or tax law.
In individual cases, a longer storage can be required due to the assertion or possible assertion of claims against us which relate to a contract or pre-contractual measures.

1.6. Obligation to provide personal data
You are not legally or contractually obligated to transmit personal data to us. But you will need to do so if you wish to conclude a contract with us. If you do not transmit personal data to us in individual cases, you will be unable to conclude a contract with us.
1.7. Data security

Unfortunately, the transfer of information via the internet is not completely safe. For this reason we are unable to guarantee the safety of the data transferred via the internet to our web site. However, we protect our website and other systems with technical and organizational measures against loss, destruction, unauthorized access, changes, or distribution of your data.

2. Collection of data during website visits

2.1. Processing of data transmitted in the background
The type and scope of the processing of your personal data is distinguished by whether you visit our website only to retrieve information, or to use the site to write us an email. If you are using the website only for information, and thus will not be registering or otherwise transmitting information to us, we will collect the following data and store them in our systems log files. These data include the following:

• IP address,
• Data and time of the request,
• Time zone difference with Greenwich Mean Time (GMT),
• Content of the request (specific page),
• Access status / HTTP status code,
• The quantity of any transmitted data,
• The website from which the request comes,
• The operating system and its interface,
• The browser, language and version of the browser software.

The legal basis for processing the personal data (IP address) is Art. 6 (1) (f) GDPR. Processing personal data helps us show you our website and guarantee its stability and security. This also constitutes our legitimate interest in processing those data.
The anonymous data of the log files are stored separately from all the personal data you have provided. These anonymously collected data and information are evaluated for statistical purposes and to increase data protection and data security, so we can ensure an optimal level of protection for the personal data we process.

2.2. Cookies
In addition to the aforementioned data, we will store cookies on your computer when you use our website. Cookies are small text files that are stored by your browser on your hard drive and send certain information to the entity placing the cookie (in this case, us). These session cookies contain no personal data and expire at the end of the session. Techniques which make it possible to trace the access behaviour of users, are not used. Cookies cannot execute programs or transmit viruses to your computer. They only help make the website more user-friendly and effective overall.
You can configure your browser settings to suit your preferences – to reject third-party cookies or all cookies, for instance. But keep in mind that if you do so, you may not be able to use all of this website’s functions.

2.3. Email contact
You can contact us via email address provided on our site. In this case, the personal data you transmit to us in the email will be stored.
The legal basis for processing data transmitted by email is Art. 6 (1) (f) GDPR. If the email contact aims to conclude a contract, the processing is also based on Art. 6 (1) (b) GDPR.
Personal data entered into your email, are processed only to execute the contract or processing your enquiry. This is also our legitimate interest in a processing of the data.
We will erase your data in accordance with section 1.5.