Privacy Policy

Foreword

Mandat Managementberatung GmbH (hereinafter “Mandat”) attaches great importance to the protection of privacy and observes the legal data protection regulations. Mandat collects, stores or processes data only for its own business purposes. In the following we explain how we handle your personal data and what rights you have.

The Mandat website can be used without the need to provide any personal data. However, if you wish to make use of special services provided by our company via our website, it may be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the data subject (the purposes and legal bases for processing are listed below).

Mandat, as data controller, has implemented numerous technical and organisational measures to ensure the most complete possible protection of the processed personal data. Nevertheless, Internet-based data transmissions can have security gaps, so that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.

Definitions

Mandat’s data protection information is based on the terms used by the European legislator of directives and regulations when adopting the basic data protection regulation (DSGVO). Our data protection information should be easy to read and understand both for the public and for our customers and business partners. To ensure this, we would like to explain the terms used in advance.

We use the following terms, among others, in this data protection information:

  • Personal data is all information relating to an identified or identifiable natural person (hereinafter “data subject”). Identifiable is a natural person who can be identified directly or indirectly, in particular by assignment to an identifier such as a name, an identification number, location data, an online identifier or one or more special characteristics that express the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
  • Data subject is any identified or identifiable natural person whose personal data are processed by the controller.
  • Processing means any operation or series of operations carried out with or without the aid of automated procedures in connection with personal data such as the collection, collection, organisation, arrangement, storage, adaptation or modification, reading, retrieval, use, disclosure by transmission, dissemination or any other form of provision, comparison or linking, restriction, deletion or destruction.
  • Restriction of processing is the marking of stored personal data with the aim of restricting their future processing.
  • The data controller or controller is the natural or legal person, public authority, institution or other body which alone or jointly with others decides on the purposes and means of processing personal data. Where the purposes and means of such processing are laid down by Union law or by the law of the Member States, the controller or the specific criteria for his appointment may be laid down in accordance with Union law or the law of the Member States.
  • Processor is a natural or legal person, authority, institution or other body that processes personal data on behalf of the data controller.
  • Recipient is a natural or legal person, authority, institution or other body to which personal data is disclosed, regardless of whether it is a third party or not. However, authorities which may receive personal data under Union law or the law of the Member States within the framework of a particular investigation mandate shall not be regarded as recipients.
  • A third party is a natural or legal person, authority, institution or other body other than the data subject, the data processor, the data processor and the persons authorised to process the personal data under the direct responsibility of the data processor or the data processor.
  • Consent means any informed and unequivocal statement of intent, in the form of a statement or other clear affirmative act, voluntarily given by the data subject for the particular case, indicating that the data subject agrees to the processing of his/her personal data.

Name and contact details of the controller

The controller within the meaning of the Basic Data Protection Regulation, other data protection laws in force in the Member States of the European Union and other provisions of a data protection nature is:

Mandat Managementberatung GmbH
Emil-Figge-Straße 80
44227 Dortmund
Germany

Tel.: +49 231 9742-390
E-Mail: info@mandat.de
Website: www.mandat.de

Managing Director: Prof. Dr. Guido Quelle

Your rights

You have the right, upon request and free of charge, to request information about the personal data stored by us and/or to request correction, blocking or deletion. Exceptions: This is the prescribed data storage for business transactions or the data is subject to the legal obligation to store.

To be able to consider a data lock at any time, it is necessary to keep the data in a lock file for control purposes. If there is no legal archiving obligation, you can also request the deletion of the data. Otherwise we block the data if you wish.

You have the right to object at any time to the processing of personal data concerning you, which is based on our legitimate interests. Mandat no longer processes personal data in the event of an objection for the purposes pursued with the legitimate interests – this also includes direct marketing.

Furthermore, you have the right to revoke your consent to the processing of personal data at any time and free of charge. The revocation can be made via the corresponding link in each newsletter, by e-mail to abmeldung@mandat.de and directly on our website. The processing based on the consent up to this point in time will then be discontinued.

We will process your request immediately and are obliged to comply at the latest one month after receipt of your request.

If you believe that the processing of your data violates data protection law or your data protection claims have otherwise been violated in any way, you can complain to the responsible supervisory authority:

Landesbeauftragte für Datenschutz und Informationsfreiheit
Nordrhein-Westfalen
Postfach 20 04 44
40102 Düsseldorf
Deutschland

Tel.: +49 211/38424-0
Fax: +49 211/38424-10
E-Mail: poststelle@ldi.nrw.de

Purposes and legal bases of the processing

Processing of orders in the e-shop
If you order articles in the e-shop, we need your personal data. We collect and process your name and address (in the case of physical products such as books) or your name and e-mail (in the case of intangible products such as whitepapers) for the purpose of processing your order. The legal basis for this is the necessity to fulfil the contract in accordance with Art. 6 para. 1 lit. b) DSGVO.

In principle, the data will not be passed on to third parties, unless this is necessary to fulfil the above-mentioned purposes. This could be a parcel service provider, for example, which also uses the personal data exclusively for the fulfilment of the above-mentioned purpose.

Contact by the data subject
If you contact Mandat via e-mail or contact form on the website or via social media, we will store your details for the purpose of processing the enquiry and for possible follow-up questions. The legal basis for this is our legitimate interest pursuant to Art. 6 Para. 1 letter f) DSGVO – namely the continuation of the dialogue initiated by you. This personal data is not passed on to third parties.

Newsletter and dialogue
On the Mandat website, users are given the opportunity to subscribe to newsletters. For this we need your e-mail address. You can only receive the newsletters if you explicitly agree to receive them. A confirmation e-mail will be sent to your registered e-mail address. This confirmation e-mail serves to check whether you as the owner of the e-mail address authorize the receipt of the newsletter (double opt-in).

We use the personal data provided by you for the dispatch of our newsletters with impulses on the subject of “profitable growth” by e-mail as well as for the purpose of relationship management and direct advertising by e-mail, post or telephone. The legal basis for this is your consent pursuant to Art. 6 para. 1 lit. a) DSGVO.

You can revoke your consent to the storage and processing of this data for this purpose at any time. In each newsletter you will find a corresponding link. You can also contact abmeldung@mandat.de or unsubscribe directly from the newsletter on our website.

In principle, the data will not be passed on to third parties, unless this is necessary to fulfil the above-mentioned purposes. This could be a parcel service provider, for example, which also uses the personal data exclusively for the fulfilment of the above-mentioned purpose.

Dialog after purchasing our products and services
If we receive your personal data in connection with the sale of a product or service and you have not objected to this, we process the data for the purpose of relationship management and direct advertising by e-mail, post or telephone for offers that are similar to the product or service already purchased. The legal basis for this is Section 7 (3) UWG. You will be informed of this processing when purchasing or ordering. You can object to this use of your contact data at any time and free of charge by sending a message to the contact option described or via a link provided for this purpose in the e-mail.

Contact by Mandat
With the purpose of opening the conversation with new contacts and expanding our network, we contact our target group on our own initiative. The channel through which this contact is made also depends on the contact data available to us (post, e-mail, telephone). We use publicly accessible data (e.g. in the imprint).

The legal basis for this is our legitimate interest in expanding the business in accordance with Art. 6 para. 1 lit. f) DSGVO. The data subjects can reasonably expect their public, personal data to be processed. The target group’s interest in not receiving any uninteresting or inappropriate advertising/offers is protected by the fact that the approach is very targeted.

Administration and office organization
We process data as part of administrative tasks and for the organisation of our business (e.g. e-mail traffic, calendar maintenance), financial accounting and for compliance with legal obligations (e.g. reporting to authorities). We process the same data that we process in the course of providing our contractual services for the purpose of maintaining our business activities, performing our tasks and providing our services.

The legal basis for this is the necessity to fulfil the contract in accordance with Art. 6 para. 1 lit. b) DSGVO or our legal obligation in accordance with Art. 6 para. 1 lit. c) DSGVO.

Public relations
We conduct public relations work with the purpose of expanding our business. We may process personal data such as names and photos.

The legal basis for this is the consent of the data subjects pursuant to Art. 6 para. 1 lit. a) DSGVO or – if the data were published by the data subject himself (Art. 9 para. 2 lit e) DSGVO) – our legitimate interest pursuant to Art. 6 para. 1 lit. f) DSGVO.

Applications
Mandat collects and processes the personal data of applicants for the purpose of handling the application procedure. If Mandat concludes an employment contract with an applicant, the transmitted data will be processed for the purpose of processing the employment relationship in compliance with the statutory provisions. The legal basis for this is the implementation of pre-contractual measures pursuant to Art. 6 para. 1 lit. b) DSGVO. If no employment contract is concluded with the applicant, the application documents will be deleted two months after notification of the rejection decision, provided that there are no other legitimate interests on the part of Mandat in the way of deletion. Other legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).

Detailed information about the website

Collection of general data and information
When you access our Internet pages, the provider of the Internet pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are: Browser type/ browser version, operating system used, referrer URL (the page from which you accessed our website), host name of the accessing computer, time of the server request and IP address.

We cannot assign these data to specific persons. In addition, this data is also generated when accessing any other website on the Internet. It is therefore not a special function of our website. Without these data it would not be technically possible to deliver and display the contents of the website. It is therefore imperative that they are recorded. We also reserve the right to subsequently check the server log files in case of suspicion of illegal use of our offer.

The anonymous data of the server log files are stored separately from all personal data provided by a data subject.

Cookies
The Internet pages use cookies. This standard technology consists of small text files that are stored on the device you are using.

By using cookies, Mandat can make visiting the Internet pages more comfortable or secure and provide users with more user-friendly services that would not be possible without cookies. An example is the cookie of a shopping basket in the online shop. The online shop remembers the items that a customer has placed in the virtual shopping basket via a cookie.

Most of the cookies we use are so-called “session cookies”. They are automatically deleted at the end of your visit. Other cookies remain stored on your device until you delete them. These cookies enable us to recognize your browser the next time you visit our website.

You can decide yourself whether your browser allows cookies or not. Please note that website functionality may be limited or even disabled if cookies are not allowed. Furthermore, cookies that have already been set can be deleted at any time via an Internet browser or other software programs. This is possible in all common internet browsers.

This data will not be passed on to third parties or linked to other personal data without your consent.

YouTube-Videos
Mandat has also embedded videos from YouTube on its website.

YouTube is operated by YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. Further information can be found in the imprint at https://www.youtube.com/t/impressum?hl=de&gl=DE.

In order for these videos to be viewed and displayed in your browser, the transmission of the IP address is mandatory. So YouTube will perceive your IP address.

Although we make every effort to use only third-party providers who only need the IP address to deliver content, we have no influence on whether the IP address may be stored. Further information on data protection can be found in Google’s data protection information at https://policies.google.com/privacy. There you can also adjust your personal data protection settings yourself.

Twitter-Plugin
Mandat has integrated components of Twitter on its website. Everyone, including people who are not registered on Twitter, can access the short messages distributed there.

Twitter is operated by Twitter, Inc. Further information can be found in the imprint at https://legal.twitter.com/imprint.

If you use the Twitter function on our websites, the websites you visit will be linked to your Twitter account and, if necessary, made known to other users. Data is also transmitted to Twitter.

We as provider are not aware of the content of the transmitted data and its use by Twitter. For more information, please see Twitter’s privacy policy at http://twitter.com/privacy. Twitter offers you the possibility to define your own data protection settings under the following link: http://twitter.com/account/settings.

PayPal as payment method
Mandat has integrated components of PayPal on its website.

The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A.. Further information can be found in the imprint at https://www.paypal.com/de/webapps/mpp/imprint.

If you select “PayPal” as a payment option in our online shop during the order process, your data will be automatically transmitted to PayPal. By selecting this payment option, you consent to the transfer of personal data required for payment processing.

The personal data transmitted to PayPal is usually the data necessary for payment processing in connection with the respective order.

The purpose of data transmission is to process payments and prevent fraud. Mandat will transmit personal data to PayPal in particular if there is a legitimate interest in the transmission. Personal information exchanged between PayPal and Mandat may be transferred by PayPal to credit agencies. The purpose of this transmission is to verify identity and creditworthiness.

PayPal may pass on personal data to affiliated companies and service providers or subcontractors if this is necessary to fulfil contractual obligations or if the data is to be processed on behalf of PayPal.

You have the possibility to revoke your consent to PayPal to handle your personal data at any time. A revocation does not affect personal data which must be processed, used or transmitted for (contractual) payment processing.

PayPal’s current privacy policy can be found at https://www.paypal.com/de.

Storage time and deletion

We adhere to the principles of data avoidance and data economy. We therefore only store your personal data for as long as is necessary to achieve the purposes pursued or as provided for in the various storage periods provided for by law. After the respective purpose or expiry of these periods, the corresponding data will be blocked or deleted as a matter of routine and in accordance with statutory regulations.

Changes to our privacy policy

We reserve the right to adapt this data protection information so that it always complies with current legal requirements or to implement changes to our services in the data protection information, e.g. when introducing new services. The new data protection information will then apply for your next visit.