Data Protection information/privacy policy
Welcome to the website of high impact – make your mark. In the following data protection information (privacy policy), you will be informed what happens to your data, the so-called personal data, and above all why this happens. We also inform you how we protect your data, when the data is deleted and what rights you have due to data protection.
First of all, we comply with data protection laws and the European General Data Protection Regulation and protecting your privacy as much as possible.
But we want to be completely open: The internet thrives on data exchange and still has many security gaps. Even if your data is encrypted when you visit our website, there is always a residual risk when exchanging data with external websites. If you visit other websites – for example via a link on our website – please note that this data protection information does not apply to these external websites. We would also like to point out that e-mails are an unencrypted and therefore fundamentally insecure communication medium. Should you wish to exchange personal data with us, please agree the transmission method with us in advance.
However, we believe that education and knowledge about data protection help to assess possible dangers and risks better. For this reason, we have prepared this data protection information and compiled all relevant information. The compilation has been made to the best of our knowledge and in accordance with the requirements of Article 13 GDPR. It is most important to us, that you know, your trust is appreciated.
Business purpose and processing of personal data
We process personal data (in the following: “data”) of our customers, suppliers, employees and business partners exclusively to provide our service, support and consulting, to give it to you in highest quality and with highest reliability. The processing of the data is carried out in automated and as well as in non-automated form.
The following data are involved: Name and address/address as well as e-mail address, bank account details and telephone numbers (fixed and mobile). In addition, within the scope of our services, especially in personnel-relevant and logistical processes, data of the special category is also processed. This always under the aspect of necessity, legality and purpose appropriate, in accordance with Article 5 GDPR.
By “processing of data” we mean, for example, the following operations: The collection, recording, organization, storage, use, transmission, dissemination and deletion of data (Article 4 No. 2 of the Basic Data Protection Regulation – GDPR).
We process data which are necessary for the justification and fulfilment of the contractual services and point out the necessity of their disclosure. Disclosure to external parties is only made if it is really necessary within the scope of an order. When processing the data provided to us within the scope of an order, we act in accordance with the instructions of the client and the legal requirements of an order processing in accordance with Art. 28 GDPR and do not process the data for any other purpose than the purpose specified in the order.
Who can you contact?
The responsible authority within the meaning of the data protection laws, in particular the EU General Data Protection Regulation (GDPR), is
High Impact Europe Limited
Company No. 7053161
54 King Edwards Road, Malvern, Worcestershire
WR14 4AJ
United Kingdom
Fon: +44 (0) 1234 / 1234 – 100
Fax: +44 (0) 1234 / 1234 – 300
E-Mail: info@high-impact.eu
Responsible for data processing: Grant Aylward as data processing controller.
What are your rights?
You can contact us at any time if you have any questions about your rights in data protection or if you wish to assert one of your subsequent rights:
The competent and valid authority is:
Get more information at the information commissioners office https://ico.org.uk/global/contact-us/
Categories of affected persons
Visitors and users of our online presence (in the following we also refer to the data subjects as “users”). Furthermore, customers, suppliers, service providers and business partners who work with us in a spirit of trust. As well as our employees.
Purpose of processing
– Providing the online presence, its functions and contents
– Responding to contact requests and communicating with users
– Processing of business processes
– Safety and protective measures
In addition, personal data will only be processed within the scope of our business purpose, taking into account Article 6 GDPR and Article 9 GDPR paragraph 2 lit. h. This is always appropriate under the aspect of necessity, legality and purpose, in accordance with Article 5 GDPR.
Applicable legal basis for the processing
In accordance with Article 13 GDPR, we shall notify the users of our website and our customers of the legal bases of our data processing. For users within the scope of the General Data Protection Regulation (GDPR), i.e., the EU and the EEC, unless the legal basis is specified in the Data Protection Declaration, the following applies:
Deletion of data and storage duration
Unless otherwise stated, we delete your data as soon as they are no longer needed, e.g., the e-mail address after you have unsubscribed from our newsletter. Your data will also be blocked or deleted if a storage period prescribed by law expires, unless it is necessary to store the data for the purpose of concluding or fulfilling a contract. Certain data may have to be kept longer for legal reasons. Of course, you can request information about the stored data and their retention periods at any time. The necessity for the storage of the data will be reviewed by us on a regular base; in the case of legal storage obligations, the data will be deleted after their expiry (we strictly comply with the legal requirements).
Visit of our website
When you visit our website, SSL or TLS encryption is used to protect the transmission of incoming and outgoing requests. You can recognize an encrypted connection by the fact that the address line of the browser begins with “https://” and by the lock symbol in the browser line. If you just want to browse our website, no personal data is collected, except for the data your browser transmits to enable you to visit the website, in particular:
Most interesting for you as a visitor to our website is the IP address, as this is data that can theoretically be traced back to you as a person. As a protective measure in favor of your privacy, all data is therefore deleted from the website on a regular base after your visit. The purpose of the temporary storage of the data at the beginning is to ensure the connection as well as accessibility and correct display of our website. The IP address and the technical data already mentioned are required to display the website, to avoid display problems for visitors and to correct error messages. Legal basis is my so-called legitimate interest according to art. 6 para. 1 lit. f. GDPR.
Collection, processing and transfer of personal data when commissioned
When you order our services, we collect and process personal data only to the extent necessary to fulfill and process your order and to process your inquiry. The provision of the data is necessary for the conclusion of the contract or for the completion of the order. Failure to provide the data means that no contract can be concluded. The processing is based on Art. 6 para. 1 lit. b GDPR and is necessary for the fulfilment of the contract with you. Your data will only be passed on in the event of a legal obligation and within the framework of contractually regulated processes. In all cases we strictly observe the legal requirements. The scope of data transfer is limited to a minimum.
Getting in contact with us
When contacting us (e.g., by e-mail, telephone, contact form or via social media), the user’s details, including all resulting personal data (name, inquiry, e-mail address), will be used to process the contact request and to handle it in accordance with Art. 6 para. 1 lit. b. (within the scope of contractual/pre-contractual relations), Art. 6 para. 1 lit. f. GDPR (other inquiries). User data may be stored in a system-supported environment (“CRM system”) or comparable applications. We will delete the inquiries if they are no longer required. The necessity is reviewed on a regular base. Furthermore, the statutory archiving or retention obligations apply. Requests that are not relevant or do not need to be stored will be deleted. This also applies to unsolicited applications and advertising.
Security measures
We take appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, implementation costs and the nature, scope, circumstances and purposes of the processing as well as the varying probability of occurrence and severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.
These measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access, input, disclosure, safeguarding of availability and segregation of data relating to them. In addition, procedures are in place to ensure that data subjects’ rights are exercised, data is deleted, and data is reacted to threats to the data. Furthermore, we take the protection of personal data into account as soon as the development and selection of hardware, software and processes, in accordance with the principle of data protection through technology design and data protection-friendly default settings. Here in particular our online presence and the information compiled. The system and process conformity of tax law requirement is also considered and applied.
Cooperation with contract processors, jointly responsible parties and third parties
If, in the course of our processing, we disclose data to other persons and companies (contract processors, jointly responsible parties or third parties), transfer them to them or otherwise grant them access to the data, this will only be done on the basis of a legal authorization.
We make sure that cooperation with business partners and service providers is either regulated by a contract processing agreement or a declaration of commitment to confidentiality and adherence to data and business secrets.
Transfers to third countries
If data is processed in a third country (i.e., countries outside the European Union) or if this is done in the context of using the services of third parties (software, applications, etc.), this will only be done if it is necessary to fulfill our (pre-)contractual obligations or if we have your consent. Subject to legal or contractual permissions, we will only process or have processed the data in a third country if the legal requirements are met. This means that the processing is carried out, for example, on the basis of special guarantees or in compliance with officially recognized special contractual obligations.
Cookie banner and cookie hint
According to the current ruling of the EUGH, an active cookie banner is required if cookies (of any kind) are used. Our website uses the cookie consent technology of Borlabs Cookie to obtain your consent to the storage of certain cookies in your browser and to document this in accordance with data protection law.
The provider of this technology is Borlabs – Benjamin A. Bornschein, Georg-Wilhelm-Str. 17, 21107 Hamburg (hereinafter Borlabs).
When you enter our website, a Borlabs cookie is stored in your browser, in which the consents you have given or the revocation of these consents are stored. This data is not shared with the Borlabs cookie provider.
The collected data will be stored until you request us to delete it or until you delete the Borlabs cookie yourself or until the purpose for storing the data no longer applies. Mandatory legal retention periods remain unaffected. Details on the data processing of Borlabs Cookie can be found at https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/.
Borlabs Cookie Consent Technology is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 p. 1 lit. c GDPR.
Note on the deactivation or deletion of cookies
Every user can set his web browser to generally prevent the storage of cookies on his terminal device or to ask him each time whether he agrees to the setting of cookies. Once cookies have been set, the user can delete them at any time. How this works is described in the help function of the respective web browser.
Please note: a general deactivation of cookies may lead to functional restrictions of web pages.
Right of objection for direct advertising
A general objection to the use of cookies used for online marketing purposes can be declared for many of the services, especially in the case of tracking, via the US site https://www.aboutads.info/choices/ or the EU site https://www.youronlinechoices.com/. Furthermore, the storage of cookies can be achieved by deactivating them in the browser settings. Please note that in this case, functions on websites may only be used to a limited extent.
You can configure, block and delete cookies in your browser settings.
Hosting and e-mailing
The hosting services of our provider that we use serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, e-mail dispatch, security services as well as technical maintenance services that we use for the purpose of operating this online presence.
In doing so, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors of this online presence on the basis of our legitimate interest in an efficient and secure provision of this online presence in accordance with Art. 6 para. 1 lit. f GDPR in conjunction with Art. 28 GDPR (conclusion of contract processing agreement).
Contact and request by e-mail, phone or fax
When contacting us (e.g., via e-mail link), the user’s data will be used to process the contact request and its handling in accordance with Art. 6 Par. 1 lit. b. (within the scope of contractual/pre-contractual relations), Art. 6 para. 1 lit. f. (other inquiries) GDPR are processed. User data may be stored, for example, in a customer relationship management system (“CRM system”) or generally system-based. Inquiries that are not relevant or do not need to be stored will be deleted
If you contact us by e-mail or telephone, your inquiry including all personal data (name, inquiry) will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent.
The processing of this data is based on Art. 6 para. 1 lit. b GDPR, if your inquiry is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on your consent (Art. 6 para. 1 lit. a GDPR) and/or on our legitimate interest (Art. 6 para. 1 lit. f GDPR), as we are very keen to ensure that the inquiries addressed to us are processed effectively.
Google products on our website (Analytics, Fonts, Statistic)
In order to operate websites interesting, modern and also secure, it is necessary to integrate specialized services on the website. Following you will find an overview of the Google services that we have integrated on our website, with brief explanations of how they work.
We have compiled this information to the best of our knowledge and belief and refer to the respective privacy policies/data protection statements provided by the provider.
Google Fonts
We use Google Fonts on our website. These are fonts that can be reloaded by your browser from Google’s servers. This is done without transmitting any data to Google other than your IP address and the requested font. About the use of your IP address from requests for fonts by Google, please read the privacy policy of Google. For more information about Google Web Fonts, please visit https://developers.google.com/fonts/faq and read Google’s privacy policy: https://policies.google.com/?hl=en.
Privacy policy in the application process
We process applicant data only for the purpose and within the scope of the application procedure in accordance with the legal requirements. Candidate data is processed for the purpose of fulfilling our (pre-)contractual obligations within the scope of the application procedure in accordance with Art. 6 Par. 1 lit. b. GDPR and art. 6 para. 1 lit. f. GDPR if the data processing becomes necessary for us, e.g., in the context of legal procedures.
The application procedure requires that applicants provide us with the applicant data. The necessary applicant data is derived from the job descriptions and basically includes personal details, postal and contact addresses and the documents belonging to the application, such as cover letter, CV and certificates. In addition, applicants can voluntarily provide us with additional information.
By submitting their application to us, applicants agree to the processing of their data for the purposes of the application procedure in accordance with the type and scope described in this data protection declaration.
As far as special categories of personal data within the meaning of Art. 9 Para. 1 GDPR are voluntarily communicated as part of the application procedure, their processing is additionally carried out in accordance with Art. 9 Para. 2 letter b GDPR (e.g., health data, such as severely disabled status or ethnic origin). As far as special categories of personal data within the meaning of Art. 9 Para. 1 GDPR are requested from applicants in the course of the application procedure, their processing is also carried out in accordance with Art. 9 Para. 2 letter a GDPR (e.g., health data if this is necessary for the exercise of the profession).
Applicants can send us their applications by e-mail. Please note, however, that e-mails are generally not sent in encrypted form and that the applicants themselves must ensure that they are encrypted. We can therefore not take any responsibility for the transmission path of the application between the sender and the receipt on our server and therefore recommend to use postal delivery. In this context, we kindly ask you to send us only attachments in PDF format and to observe a maximum file size of up to 5 MB.
The data provided by applicants may be processed by us for the purposes of the employment relationship in the event of a successful application. Otherwise, if the application for a job offer is not successful, the applicants’ data will be deleted. The applicants’ data will also be deleted if an application is withdrawn, which the applicants are entitled to do at any time.
Subject to a justified revocation by the applicants, the data will be deleted after a period of six months so that we can answer any follow-up questions regarding the application and meet our obligations to provide evidence. Invoices for any travel expense reimbursement will be archived in accordance with tax law requirements.
Social media presence of high impact
In addition to our website, we also provide an online presence on Instagram in order to communicate with active users and to inform them about our services. The user data (e.g., posts and messages) are processed by us exclusively for communication purposes on the basis of voluntary requests and contributions. Of course, these can be deleted by the user at any time.
In all other respects, the terms and conditions and the following data processing guidelines of the respective operators apply when calling up the profiles.
Instagram-Datenrichtlinie |
We therefore ask you to note that the data of the users is also used by the operators on their own responsibility (e.g., for the personalization of their own products, provision of personalized advertisements and other sponsored content as well as market research) and that we, as operators of the online presences, have no influence on the scope of this data processing. Among other things, the operators of the social networks may also use cookies that are stored on the various end devices of the users (computers, phones, tablets, etc.). The specific scope of data processing depends in each individual case on the data protection/privacy settings selected by the user or activated in the user profile. It is therefore recommended to check these at regular intervals; any options to object (so-called opt-out) and ways to restrict data processing can be found in the aforementioned data processing guidelines of the operator.
Furthermore, we cannot exclude the possibility that user data may be transmitted by the operator of the social networks to third countries, such as the USA, or processed by companies affiliated with the operators of the social networks that use the infrastructure, systems and technology of the aforementioned social networks.
In addition, the operators of the social networks also regularly provide page statistics functions that give us an overview of the reach, page views and posts of our online presences. We use this data, which is available in aggregated form, where available, to adjust our posts and activities on our online presences and to improve interaction with users. However, we have no influence on the generation, presentation and availability of these statistics. For more information on this, please refer to the aforementioned data processing policies of the respective operators of the social networks.
We use social network to provide our service online under the aspect of Art. 6, lit. b and f GDPR.
Contradiction advertising e-mails
We hereby object to the use of our contact data, published within the framework of the imprint obligation, for sending advertising and information material not expressly requested. As the operator of the website, we reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as through spam e-mails.
Notice about changes and updates to the privacy information
This data protection information is made available to you on- and offline. It is important to us that you can get a transparent overview of our work and our handling of your data, especially according to your personal data.
It is a matter of course for us that we only process data that is necessary for the justification, preparation and fulfillment of our (pre)contractual services and point out the necessity.
In this context, Article 6 paragraph 2 b., c. and f. shall apply. Article 9 paragraph 2 applies to the processing of data in special categories and Article 88 GDPR applies to data processing in an employee context. Disclosure to external parties shall only be made if it is really necessary in the context of an assignment. When processing data provided by us within the scope of an order, we act in accordance with the instructions of the client and the legal requirements of an order processing in accordance with Art. 28 GDPR and do not process the data for any other purpose than the one specified in the order. In the case of cooperation with other responsible parties, the data protection requirements will be taken into account in mutuality by means of Article 26 GDPR.
Please inform yourself regularly about the content of our data protection information. This, because it will be updated as soon as changes in the data processing carried out by us or it is necessary because legal requirements demand it.
Status 12/2020