Privacy Policy

 

This privacy policy describes how we use the personal data that we collect on our website. Personal data means data that relate directly to you, for example, your name, address, email addresses and user behaviour. If we rely on service providers for individual functions of our website or would like to use your data for commercial purposes, we will inform you in detail below about the respective transactions. In doing so, we will also state the specified criteria for the duration of storage.

 

1. Name and contact information of the entity responsible for the data processing and of the company Data Protection Officer

 

Responsible entity according to Article 4(7) of GDPR for data processing is:

Strategy & Action International GmbH

Lebacher Straße 4

D-66113 Saarbrücken

Phone +49 (0) 681 99630

info@strategy-action.com

You can contact our Data Protection Officer at the email address above, or via our postal address; in this case, please state “For the attention of the Data Protection Officer”.

 

2. Communication by e-mail or contact form

 

We will store the data provided by you when you contact us by e-mail or using a contact form (e.g. your e-mail address, your name and your telephone number) in order to answer your questions. We will erase the data arising in this context after storage is no longer necessary, or we will restrict processing if there are any legal archiving obligations.

 

3. Collection and storage of personal data, as well as form and purpose of its use

 

Personal data will be collected and stored when you visit our website.

The browser on your device automatically sends messages to the website’s server if you go to our website, www.strategy-action.com. We temporarily and automatically store the following information without your intervention in a so-called log file:

  • IP address of the accessing computer or device,
  • date and time of the request,
  • time zone difference to Greenwich Mean Time (GMT),
  • contents of the requests (specific page),
  • access status/http status code,
  • data volume transferred,
  • website from which the request originates,
  • browser,
  • operating system and its interface,
  • language and version of the browser software.

This information is stored until it is automatically erased.

 

Data processing is done for the following purposes:

  • ensuring a flawless connection to the website,
  • ensuring comfortable use of our website,
  • evaluating system security and stability, as well as
  • for other administrative purposes.

The processing takes place on the basis of Article 6(1), clause 1, point (f) of GDPR. We have a legitimate interest in the collection and processing of data. This results from the purposes listed above. Under no circumstances will data processing and collection lead to conclusions being drawn about your person.

 

4. Disclosure of data

 

We transfer your personal data to third parties only in the following circumstances:

  • you have given your express consent to this,
  • disclosure is necessary to establish or exercise claims against you or to defend ourselves against one, and there are therefore no prevailing interests worthy of protection for us to adopt non-disclosure,
  • we are legally obliged to share the data,
  • the disclosure is necessary for the execution of our contract with you.

 

5. Your rights as a data subject in the sense of GDPR

 

You have the right:

  • to information about the personal data processed by us, including the right to information about the purposes of processing, the categories of the personal data, the categories of recipients of your data, intended storage period, existence of a right to rectification, erasure, restriction of processing or objection, the existence of the right to lodge a complaint, the origin of your data if they were not collected by us, as well as the existence of an automated decision-making process including profiling and, where applicable, conclusive information regarding their particulars;
  • to the immediate rectification of inaccurate personal data stored by us, or the completion of your personal data stored by us;
  • to the erasure of your personal data stored by us, unless its processing is required in order to exercise the right to freedom of expression and information, to comply with a legal obligation, for reasons of public interest, or in order to establish, exercise or defend legal claims;
  • to the restriction of processing of your personal data insofar as you challenge their accuracy, if processing is unlawful, but you object to their erasure and if we no longer require the data, but you require them to establish, exercise or defend legal claims or if you have objected to processing pursuant to Article 21 of GDPR, so long as it is not yet certain whether the legitimate reasons of the Controller outweighs yours;
  • to receive the personal data which you have provided to us in a structured, commonplace and machine-readable format, or to its transfer to another Controller;
  • to withdraw your consent at any time with the consequence that we will no longer be allowed to continue any data processing that was based on this consent in the future and
  • to lodging a complaint with a data protection supervisory authority of your choice. For this purpose, you can generally contact the supervisory authority at your habitual place of residence or the supervisory authority of our business.

The supervisory authority in our location is:

Unabhängige Datenschutzzentrum Saarland
Landesbeauftragte für Datenschutz und Informationsfreiheit

Monika Grethel

P.O. Box 10 26 31
66026 Saarbrücken

Fritz-Dobisch-Straße 12
66111 Saarbrücken

Tel: (0681) 94781-0
Fax: (0681) 94781-29

Email: poststelle@datenschutz.saarland.de
Website: www.datenschutz.saarland.de

 

6. Right to object

 

Pursuant to Article 21 of GDPR, you have the right to submit an objection to the processing of your personal data, which is based on Article 6 (1) point e) or f) of GDPR, at any time, as long as the reasons for the objection are based on your particular situation. In relation to direct advertising, you have a general right to object that we will implement without indication of a particular situation.

To exercise your right to withdrawal or objection, an email to info@strategy-action.com is sufficient.

 

7. Data security

 

(1) For our website we use the popular SSL/TLS method (Secure Socket Layer/ Transport Layer Security) in connection with the respective highest levels of encryption supported by your browser. This usually is a 256-bit encryption. If your browser does not support 256-bit encryption, we will use the 128-bit v3 technology instead. You can see if the transfer of your data is encrypted by looking out for “https://” in the address bar of your browser, or by the ‘closed’ icon of the key or lock symbol on the status bar of your browser.

 

(2) Further, we are employing technical and organisational safety measures suited to protecting your data from manipulation, unauthorised access, being lost, or being destroyed.

 

8. Cookies

 

In addition to the data mentioned in section 3, cookies will be stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive, as assigned accordingly by the browser that you use, which allow the entity that places the cookies (in this case, us) to then receive certain information. Cookies cannot run programmes or transmit viruses to your computer. Their purpose is to make the website user-friendly and more effective overall.

Use of Cookies:

This website uses the following types of cookie, the scope and functionality of which are explained as follows:

 

(1) Transient cookies

Transient cookies are automatically erased when you close your browser. These include, in particular, session cookies. These store what is referred to as the “session ID”, with which various requests from your browser can be assigned to the shared session. This will allow your computer to be recognised if you return to our website. Session cookies are erased as soon as you log out or close your browser.

 

(2) Persistent cookies

Persistent cookies are automatically erased after a set period of time, which may differ depending on the cookie. You can erase the cookies in the security settings of your browser at any time.

 

(3) Browser settings

You can configure your browser settings according to your requirements and decline the acceptance of third party cookies or all cookies, for example. Please note that in this case, you may not be able to use all of the functions of this website.

 

(4) Identification by cookies

We use cookies so that we can identify you on subsequent visits you make to our website if you have an account with us. Otherwise, you have to log on again for every visit.

 

(5) Flash cookies

The Flash cookies used are not recorded by your browser but by your Flash plug-in. Furthermore, we use HTML5 storage objects, which are stored on your device. These objects store the necessary data independent of the browser you’re using, and do not have an automatic expiry date. If you do not want Flash cookies to be processed, you have to install an Add On for your browser. You can prevent the use of HTML5 storage objects by putting your browser in private browsing mode. Apart from that, we recommend regularly erasing your cookies and browser history manually.

 

9. Google Analytics

 

(1) We use the analytic tool Google Analytics on our website. The provider of this analytic tool is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

 

(2) Google Analytics uses so-called “cookies”. Cookies are small text files stored on your computer, consequently enabling an analysis of how you use our website. This analysis data will usually be transferred to a Google server in the US and stored there.

 

(3) The legal foundation for data processing is Article 6 (1) point f) of the General Data Protection Regulation (GDPR), which enables us to process data in the case of a legitimate interest. In this case, our legitimate interest is the analysis of user behaviour in order to optimise our website and adverts.

 

(4) Please note that Google Analytics was extended by the code “_anonymizeIp();” on this website to ensure anonymised collection of IP addresses (so-called IP masking). Thanks to the activation of IP anonymisation, your IP address is abbreviated by Google within European Union member states or other states which are part of the European Economic Area before it is transmitted to the US. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google will, on our behalf, use this information to analyse your use of the website, to compile reports on website activity and to provide further services that are connected to the use of this website and of the internet.

 

(5) IP addresses which Google Analytics transmits from your web browser will not be cross-checked with other data from Google.

 

(6) You can prevent the storage of cookies in your web browser’s settings. Please note, however, that in this case you may not be able to use all the features of this website to their full extent.

 

(7) You can prevent data collection by Google Analytics by downloading and installing the following Browser Plug-in: http://tools.google.com/dlpage/gaoptout?hl=en

 

(8) Information of the third-party service provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland,

Fax: +353 (1) 436 1001.

Terms of use: https://support.google.com/analytics/answer/6004245?hl=en

You’ll also find more information about Google’s Data Protection Regulations at the following link:

https://support.google.com/analytics/answer/6004245?hl=en

 

10. Social Media Plug-ins

 

(1) We currently use the following social-media plug-ins: Twitter, LinkedIn. We use what is referred to as the “double click solution”. This means that when you visit our website, categorically no personal data will initially be forwarded to the providers of the plug-ins. You can recognise the provider of the plug-in by hovering over the logo. We provide you with the possibility to communicate directly with the plug-in provider by clicking on the logo. Only when you click the logo, thereby enabling it, does the plug-in provider receive the information that you have accessed our website. The data specified in section 3 of this privacy notice is also transferred. By activating the plug-in, your personal data will be transferred to the respective plug-in providers and stored there (in the case of the American (USA) providers, in the USA). As the plug-in provider mainly carries out the data collection using cookies, we recommend erasing all cookies with the use of the security settings of your browser before clicking on its logo.

 

(2) We have no influence on the collected data or the data processing procedures, nor are we aware of the full extent of the data that is collected, the purposes of the processing or the retention periods. Further, we do not have any information on the erasure of the data that is collected by the providers of the plug-ins.

 

(3) The plug-in provider will store the data collected about you as a user profile and use it for the purposes of advertising, market research and/or the custom configuration of their website. Data (including data of users who are not logged in) are for example evaluated in this way to provide custom advertising and to inform other users of the social network about your use of our website. You have the right to object to the creation of such user profiles; if you intend to exercise this right, you must contact the respective plug-in provider. With the plug-ins, we offer you the possibility to interact with social networks and other users so that we can improve our website and make it more interesting for you the user. The legal basis for the use of plug-ins is Article 6(1) clause 1 of GDPR.

 

(4) The forwarding of data takes place regardless of whether you have an account with the plug-in provider and are logged in or not. If you are logged in with the plug-in provider, the data collected by us about you will be associated with your existing account with the plug-in provider. If you click on the logo of the plug-in provider and link to the page for example, the plug-in provider will also store this information in your user account and shares it publicly with your contacts. We recommend that you regularly log out after using a social network, especially before clicking on the logo, as this will allow you to prevent the plug-in provider from linking something to your profile.

 

(5) Further information on the purpose and scope of data collection and processing by the plug-in provider is available in the following privacy policies of these providers. There, you will also find further information about your rights regarding this topic and your privacy settings options.

 

(6) Addresses of the plug-in providers and URL with their respective privacy policy

     a) Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; twitter.com/en/privacy. Twitter has agreed to comply with the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

     b) LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA; http://www.linkedin.com/legal/privacy-policy. LinkedIn has agreed to comply with the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

 

11. YouTube

 

(1) Our website uses plug-ins from the YouTube website operated by Google. The operator of the website is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

 

(2) When you visit the website, YouTube receives information that you have accessed the relevant sub-page of our website. The data specified in section 3 of this privacy notice is also transferred. This will take place regardless of whether YouTube provides a user account into which you are logged in or if no user account exists. If you are logged in to Google, your data will be linked directly to your account. If you do not want the data to be assigned to your YouTube profile, you must log out before activating the button. YouTube will store your data as a user profile and use it for the purposes of advertising, market research and/or the custom configuration of its website. Data (including the data of users who are not logged in) are evaluated in this way to provide custom advertising and to inform other users of the social network about your use of our website. You have the right to object to the creation of such user profiles; if you intend to exercise this right, you will have to contact YouTube.

 

(3) Further information on the purpose and scope of the data collection and its processing by YouTube is provided in the data protection declaration. There, you will also find further information about your rights regarding this topic and your privacy settings options. https://www.google.de/intl/en/policies/privacy. Google may process your personal data in the USA and has agreed to comply with the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

 

12. Newsletter

 

(1) You can consent to subscribe to our newsletter, which will provide you with information about our current interesting offers. The advertised products and services are named in the declaration of consent.

 

(2) For the registration for our newsletter, we use the so-called double opt-in procedure. This means that after your registration, we will send an email to the specified email address in which we ask you to confirm that you want to receive the newsletter. If you fail to confirm subscription within 72 hours, your data will be blocked and automatically erased after a month. Further, we always store the IP address used and the time of the registration and confirmation. This serves as a means of proof of your registration and, if applicable, to clarify any potential misuse of your personal data.

 

(3) The only information required for sending the newsletter is your email address. More, separately marked data can be specified voluntarily. We recommend you provide your name and a phone number, so that we can address you personally and increase your protection against fake emails. The legal basis is Article 6(1) clause 1 point a) of GDPR.

 

(4) You can withdraw your consent to receive the newsletter and unsubscribe at any time. You can withdraw your consent by clicking the link provided in any newsletter email, or by sending a message to info(at)strategy-action.com.

 

13. Jobportal

 

We also offer a job portal on our website. To apply for any of the positions listed there or send us a speculative application, you will need to set up an account first. Here you will be asked to communicate the required personal data (for example: e-mail address, name, postal address, gender, telephone number, date of birth, nationality).

Your personal data will be processed for the application process and shared with third parties within this process. Third parties in this sense are those companies which place job advertisements on our job portal as well as employers who are interested in unsolicited applications.

Processing of these applications will proceed according to Art. 6 Para. 1 S. 1 lit. b DSGVO, since it is required for completing the application process.

After concluding the application process or by speculative application, your data will be stored for six months (§. 6 Para. 1 S. 1 lit. f DSGVO). Should you perform no further activity on our website during six months, we will contact you by e-mail and only continue to save your personal data if you give your consent. If you refuse consent or we receive no response to this e-mail, we will delete your profile with all of your personal data 4 weeks after sending the email.

 

14. Recency of and amendments to this privacy policy

 

This Privacy Policy was created in June 2018 and is currently valid.