GAIN MORE INSIGHT
WITH MIWAY®.

GET A CLEAR
UNDERSTANDING OF
MOTIVATION, MOTIVES
AND VALUES.

Miway request

Privacy statement

In this data protection declaration, we inform you about which personal data we process when you visit our website and what rights you have. We therefore ask you to read the information below carefully.

Personal data refers to any information relating to an identified or identifiable natural person. This includes, for example, your name, address and communication data or your e-mail address.

Processing refers to any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of data.

Data subject refers to any identified or identifiable natural person whose personal data are processed on behalf of the person responsible for the processing.

Person responsible or "data controller" refers to the natural or legal person, public authority, agency, or any other body which alone or jointly with others determines the purposes and means of the processing of personal data.

Users includes all categories of people who are subject to data processing. They include our business partners and other website visitors.

For the terms used, we also refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR). The terms used, such as "user", are to be understood as gender-neutral.

 

1 Name and address of the responsible party

O+P Consult GmbH
Waldhofer Straße 102
69123 Heidelberg
Tel: +49 6221 43 337 0
bunt[at]op-consult.de

The organisation’s representative is the managing directors Thomas Frey.

 

2 Data protection supervisor

You may contact our data protection officer by e-mail at datenschutz[at]op-consult.de or via our postal address with the addition of “data protection officer”.

 

3 Processing of personal data

3.1 Provision of the website and log files

3.1.1 Scope of data processing

When visiting our website, your browser transmits certain data to our web server for technical reasons. This includes the following data (so-called server log files):

  • IP-address
  • Date and time of the request
  • Content of the request (specific page)
  • Operating system and its access status / HTTP status code
  • Amount of data transferred
  • Website from which the request was made ("referrer URL")
  • Browser, language and version of the browser software
  • Files retrieved

This data is not stored together with other personal data of the user.

3.1.2 Purpose of the data processing

The temporary storage of the user's IP address by our web server is required for technical reasons to be able to display the website. For this purpose, the user's IP address must necessarily remain stored for the duration of the session. The storage of the above-mentioned data in the log files is performed in order to ensure the functionality of our website. This data is also used to optimise the website and to ensure the security of our information technology systems (e.g. for attack detection). An evaluation of the data for marketing purposes does not take place in this context.

3.1.3 Legal basis for data processing

The legal basis for the temporary storage of this data and the log files is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest is to operate and ensure the security of our website.

3.1.4 Duration of data storage

The above-mentioned data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of collection of data for the provision of the website, this is the case when the respective session has ended.

In the case of data stored in the log files, this is the case after a maximum of seven days. Storage beyond this period is possible if this data is required for e.g. clarification of attacks, acts of misuse or fraud. Data whose further storage is required for evidentiary purposes is exempt from deletion until the respective incident has been finally clarified.

3.1.5 Possibility of objection and data removal

The collection of data for the provision of the website and its storage in log files is indispensable for the operation of our website for technical reasons. Consequently, you have no possibility to object.

3.2 Contacting

3.2.1 Contact by e-mail

3.2.1.1 Scope of data processing

You may contact us via our e-mail address provided. In this case, we store your personal data transmitted with the enquiry.

3.2.1.2 Purpose of data processing

We process your personal data in order to address your request.

3.2.1.3 Legal basis for data processing

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f) GDPR (legitimate interests of us as the responsible party). If the purpose of the contact is to conclude a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b) GDPR (performance of a contract).

3.2.1.4 Recipient of the data

Your personal data will be transferred to the internal departments responsible for processing the request.

3.2.1.5 Data disclosure to a third country

Your personal data will not be transferred to a third country nor to an international organisation.

3.2.1.6 Duration of data storage

The data transmitted to us will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent by e-mail, this is the case when the respective conversation with the user has ended and it is clear from the circumstances that the matter in question has been clarified conclusively and that there are no legal obligations to retain the data.

3.2.1.7 Possibility of objection and data removal

You have the option to revoke the processing of your personal data at any time. In such a case, the conversation cannot be continued. Please send your revocation to bunt[at]op-consult.de. All personal data stored in the course of contacting you will be deleted in this case, unless there is a legal obligation to keep records.

3.2.2 Contact by telephone

3.2.2.1 Scope of data processing

If you contact us by telephone, we process the data you provide (name, telephone number, your company, if applicable e-mail address and request) in order to process your request for contact and to answer your questions.

3.2.2.2 Purpose of data processing

We process your personal data in order to deal with your request and to provide you with the information requested.

3.2.2.3 Legal basis for data processing

The legal basis for processing the data transmitted in the course of the telephone call is Art. 6 para. 1 lit. f) GDPR in the case of general enquiries. Our legitimate interest is to process your request. If the telephone call is aimed at concluding a contract, the legal basis for the processing is Art. 6 para 1 lit. b) GDPR.

3.2.2.4 Recipient of the data

Your personal data will be transferred to our internal departments responsible for the processing of the request.

3.2.2.5 Data disclosure to a third country

Your personal data will not be transferred to a third country nor to an international organisation.

3.2.2.6 Duration of data storage

We delete personal data if it is no longer required to achieve the purpose for which it was collected or restrict it if there are legal obligations to retain it. For personal data that you have provided us by telephone, this is the case when the circumstances indicate that the matter in question or the request has been conclusively clarified.

3.2.2.7 Possibility of objection and data removal

You have the option to revoke the processing of your personal data at any time. In such a case, the conversation cannot be continued. Please send your revocation to bunt[at]op-consult.de.

4 Cookie Declaration

5 Applications

5.1 Scope of data processing

If you are interested in working for our company, you can apply by e-mail or by post. We will process the data you provide to us.

5.2 Purpose and legal basis for data processing

We process your personal data for the recruitment process of suitable candidates and the administrative implementation of the application process to be able to make a decision on the establishment of an employment relationship. The legal basis for this is §26 para. 1 BDSG.

5.3 Recipient of the data

Recipients of your personal data are the HR department and the supervisor responsible for filling the position. As a matter of principle, only those persons have access to your data who require this for the appropriate conduct of the application procedure.

We do not pass on your personal data to third parties unless you have expressly consented to the transfer of data or we are obliged to do so by law and/or by official or court orders . Data will not be transferred to a third country or to an international organisation.

5.4 No automated decision making

We do not employ automated decision making.

5.5 Duration of data storage

If your application does not lead to an employment relationship, we will delete your personal data, taking into account the time limit for legal action under the AGG, no later than 4 months after the end of the application process (e.g. the announcement of the rejection decision), unless you have given us your consent in accordance with Art. 6 para. 1 lit. a) GDPR to store your personal data for a longer period to enable us to consider you for new job offers, if applicable. In this case, we will ask you for a separate consent according to Art. 6 para. 1 lit. a) GDPR.

If your application is successful and leads to an employment relationship with us, we will enter your application documents into our personnel administration system and into your personnel file as necessary on the basis of Art. 6 para. 1 lit. b) GDPR and § 26 para. 1 BDSG for the purpose of implementing the employment relationship. In this case, your application documents will only be deleted once your employment relationship has ended and a period of three years has passed since the end of the year in which you were employed.

5.6 Possibility of objection and data removal

You may renew or delete the personal data you have provided to us at any time upon request. To do so, send an e-mail to bunt[at]op-consult.de.

This does not apply if you have applied for a specific position with us in an ongoing application process. In this case, we store the information you have provided for this position until the expiry of the statutory time limits for legal action (in particular § 15 AGG).

6  Web analysis Matomo

6.1 Scope of data processing

We use the open source tool Matomo (formerly Piwik) on our website. The software solution uses cookies and is deactivated when you visit our website. Only if you actively consent, your usage behaviour is recorded anonymously. The following data is stored:

  • Two bytes of the IP address of the user's calling,
  • the website visited,
  • the website from which the user accessed the website (referrer),
  • the sub-pages accessed from the accessed website,
  • the time spent on the website,
  • the frequency with which the website is accessed.

6.2 Purpose of data processing

We use Matomo for the statistical evaluation and analysis of the browsing behaviour of our website visitors. The evaluation of the data obtained enables us to compile information about the use of the individual components of our website and to improve its user-friendliness. By anonymising the IP address, the interest of users in their personal data protection is sufficiently taken into account.

6.3 Legal basis for data processing

The legal basis for the processing of personal data is Art. 6 para. 1 lit. a) GDPR (consent).

6.4 Duration of data storage

The data is deleted as soon as it is no longer required for our recording purposes. In our case, this is the case after 12 months.

6.5 Recipient

Matomo runs exclusively on the servers of our website. Personal user data is only stored there.

6.6 Possibility of objection and removal

You may prevent the storage of cookies by selecting the appropriate settings in your browser software (refer to section 4 of this privacy policy).

You may find more detailed information on the privacy settings of the Matomo software under the following link: https://matomo.org/docs/privacy/.

7 YouTube

We use the YouTube video platform of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Parent company: Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA.

On some pages of our website, we use our own videos stored on YouTube. This is a so-called "framing", i.e. content is displayed in parts of the browser window during integration. However, the videos are only called up by clicking on them separately. In this case, a connection to the YouTube servers is established. Data such as date, time and IP address are exchanged.

As the data collection is carried out by means of cookies, we require your consent in accordance with Art. 6 para. 1 lit. a) GDPR, which also constitutes our legal basis. We have described what cookies are and how you can object to their use in section 4 of this privacy policy.

If you are logged into YouTube at the same time, this information will be assigned to your YouTube member account. You can prevent this by logging out of your member account before visiting our website.

It may be that the provider processes information for its own additional purposes. However, as we have no influence on the data collected by third parties and its processing by them, we cannot provide any binding information on the purpose and scope of the processing of your data. For further information on the purpose and scope of the collection and processing of your data, please refer to the data protection notices and objection options at: https://policies.google.com/privacy; as well as: https://tools.google.com/dlpage/gaoptout?hl=de.

8 Google Fonts

We use Google Fonts for the uniform display of fonts on our website. This is a service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; the responsible service provider in the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

To integrate the fonts we use, your browser establishes a connection to a Google server and downloads the font required for our website. Google can thereby obtain the information that our website was accessed from your IP address.

We use Google Fonts to design our website in accordance with your needs. This is our interest in data processing pursuant to Art. 6 para. 1 lit. f) GDPR (legitimate interests of us as the responsible party).

Google is responsible for further data processing. Further information on the handling of your data by Google is available at: https://policies.google.com/privacy.

9 Social media plugins

Our website contains plugins with hyperlinks to the social networks XING and LinkedIn, in which we maintain publicly accessible profiles. You can recognise the respective providers by their logo. We use these platforms to communicate with users and inform them about our offers and professional opportunities.

When you visit our website, no personal data is initially transmitted to these social media platforms. Only when you click on the respective button, data will be transmitted to them. In this case, the respective provider receives the information that you have accessed the corresponding website of our online offer (e.g. date, time, IP address, website accessed).

If you are logged in to the social media provider, the data we collect may be directly assigned to your account with the provider. We recommend that you log out regularly after using a social network, but especially before activating the button, as this will help you avoid being assigned to your profile with the plugin provider.

It may be that the provider of the respective services or content processes your data for further, own purposes. However, as we have no influence on the data collected by third parties and its processing by them, we cannot provide any binding information on the purpose and scope of the processing of your data. For further information on the purpose and scope of the collection and processing of your data, please refer to the data protection notices of the respective providers responsible for data protection. Here you will also find further information on the processing of data and the possibility to object. For a detailed description of the respective processing and the options to object (opt-out), please refer to the information of the providers linked below.

Xing (New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany); Privacy Policy: https://privacy.xing.com/de/datenschutzerklaerung.

LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland); Privacy Policy: https://www.linkedin.com/legal/privacy-policy.

10 Data disclosure to third parties

Data is only passed on to third parties within the framework of legal requirements. We only pass on users' data to third parties if they have given their consent (Art. 6 para. 1 lit. a) GDPR), the data transfer is necessary for contractual purposes (Art. 6 para. 1 lit. b) GDPR), or we have a legitimate interest in the economic and effective operation of our business (Art. 6 para. 1 lit. f) GDPR).

Within the framework of commissioned processing under data protection law in accordance with Art. 28 GDPR, we use service providers for the operation, maintenance and servicing of our website and information technology systems, who may gain knowledge of your personal data in the context of the maintenance and servicing of the IT systems. We have therefore taken appropriate legal, technical and organisational measures with them to ensure the protection of personal data in accordance with the relevant legal provisions.

11 Data security

We take technical and organisational measures to ensure the security of data processing in accordance with the latest state of technology. In this way, we ensure that the provisions of the data protection laws, in particular the General Data Protection Regulation, are complied with and that the data processed by us is protected against destruction, loss, modification and unauthorised access. These security measures also include the encrypted transmission of data between your browser and our web server. Please note that SSL/TLS encryption is only activated for transmissions carried out via the Internet if the key symbol appears in the bottom menu bar of your browser window and the address begins with https://. SSL/TLS uses encryption technology to protect data transmission from illegal access by third parties. If this option is not available, you may also choose not to send certain data over the Internet.

Our webserver is located in the Federal Republic of Germany.

12 Your rights

If we process personal data about you, you are a data subject within the meaning of the General Data Protection Regulation (GDPR) and you have the following rights in respect of the personal data relating to you:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object to processing (Art. 21 GDPR)

Furthermore, you have the right to complain to a data protection supervisory authority (Art. 77 GDPR). You can find an overview of the German supervisory authorities at: https://www.datenschutzkonferenz-online.de/datenschutzaufsichtsbehoerden.html.

The supervisory authority responsible for us is:

The State Commissioner for Data Protection and Freedom of Information
Königstrasse 10 a
D-70173 Stuttgart

Website with further contact details: https://www.baden-wuerttemberg.datenschutz.de.  

13 Changes to the data protection declaration

We reserve the right to change the data protection declaration in order to adapt it to amended legal situations or in the event of changes to the service as well as the data processing. However, this only applies with regard to declarations on data processing. As user consent is required or components of the data protection declaration contain provisions of the contractual relationship with the users, the changes will only be made with the consent of the users.

Please inform yourself regularly about the content of the data protection declaration.

Current status of the data protection declaration: 22.01.2021