This is a technical translation according to ISO 17100. The German version is the only valid version.
As operator of the website at “www.stakeholder-reporting.com”, we devote great importance to protecting your privacy as well as personal sphere.
We collect and use personal data of visitors to our website only insofar as this is necessary to provide the website and our content and services in a functional manner and to make it convenient for visitors to use.
Personal data is regularly processed only with the visitor’s consent. In addition, processing may take place if obtaining prior consent is not possible for actual reasons and the data processing is permitted by legal regulations – in particular by the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
“Personal data”, according to Art. 4 No. 1 GDPR, means any information relating to an identified or identifiable individual (“data subject”). This includes, for example, the name, address, date of birth, e-mail address and telephone number or staff ID.
According to Art. 4 lit. 2 GDPR, “processing” means any operation or set of operations which is performed upon processing of personal data (e.g. collection, recording, use or disclosure) in a structured format, whether or not by automatic means.
According to Art. 4 lit. 7 of the GDPR, a “controller” is an individual or a legal entity, public authority, agency or other institution which alone or jointly with others determines the purposes and means of the processing of personal data.
Furthermore, we explain how your personal data that is processed when you visit or use our website, for what purposes and on what legal basis this is done, whether there is an obligation to provide it and how long the data is stored (section 2).
We also explain to what extent data is transferred, to whom and what legal guarantees we have in place for data transfers (sections 3 to 5).
Finally, we inform you about the rights you have with regard to the processing of your personal data (section 6).
1. Company name and contact details of the data controller, contact details of the data protection officer(s).
The Controller for data processing when visiting and using this website is:
Stakeholder Reporting GmbH & Co. KG
Schulterblatt 58 (Haus A)
Phone: +49 (0)40 68 98 98 – 10
Our Data Protection Officer is
Dr. Michael Foth
IBS data protection services and consulting GmbH
Zirkusweg 1, 20359 Hamburg
Phone: 040-540 90 97 97
2. Data processing when visiting and using our website
2.1 Storage of access data in log files
In principle, you can visit and use our website without providing any personal information. When you visit our website, the internet browser you use automatically transmits certain access data to our server. This includes the following data:
- IP address of the requesting computer
- Browser software used as well as its version and language
- Operating system of the requesting computer
- Date and time of access
- Name and URL of the page or file accessed
- Internet page from which the access was made
- Access status/http status code
- Amount of data transferred in each case
Type and purpose of data processing
This data is temporarily stored in a separate log file. The primary purpose of this is to ensure system security and stability on a permanent basis and to enable technical administration in order to ensure trouble-free connection setup and operation of our website as well as its comfortable use. In addition, this data is analysed in order to improve our online services.
Legal basis for processing
The legal basis for technical security is Art. 6 para. 1 lit. f) GDPR. With this data processing, we pursue the legitimate interest of maintaining the operational security of our websites in order to be able to provide the websites properly and the information contained therein in a trouble-free and convenient manner.
The data is deleted as soon as it is no longer required to achieve the aforementioned purposes of its processing.
Type and purposes of data processing and storage period of cookies
Some functions of our website cannot be offered without the use of technically necessary cookies. Other cookies, however, enable us to perform various analyses.
Cookies are, for example, able to recognise the browser you are using when you visit our website again and to transmit various information to us. With the help of cookies, we can, among other things, make our website more user-friendly and effective for you, for example by tracking your use of our website and determining your preferred settings (e.g. country and language settings).
If third parties process information via cookies, they collect the information directly via your browser. Cookies do not cause any damage to your end device.
In case of technically necessary cookies, the legal basis for the processing of personal data lies in Art. 6 para. 1 lit. f) GDPR.
Retention period for cookies
As soon as the via the cookies transmitted data is no longer required to fulfil the purposes described above, the data is deleted. Further storage may take place in individual cases if it is required by law.
Configuration of the browser settings regarding cookies
Most browsers are pre-set to accept cookies by default. However, you can configure your respective browser in a way that it only accepts certain cookies or no cookies at all.
However, we would like to point out that you may not be able to use all the functions of our website if cookies are deactivated on our website by your browser settings.
You can also delete cookies already stored in your browser via your browser settings. Furthermore, it is possible to set your browser to notify you before cookies are set.
Since various browsers can differ in their respective functions, we kindly ask you to refer to the respective help menu of your browser for the configuration options.
If you wish to have a comprehensive overview of all third-party accesses to your internet browser, we recommend that you install specially developed plug-ins for this purpose.
2.3 Use and application of Google Maps
Type and extent of processing on behalf of Google Maps
Content from Google Maps (“Google”) is implemented on our website. By visiting a sub-page of our website on which Google Maps is integrated, data about your behaviour when using Google Maps is transmitted to Google and processed on behalf of Google. The processing and transmission to Google does not take place automatically, but exclusively through active clicking by the user. Only through this conscious use data about your behaviour when using Google Maps is transmitted to and processed by Google. Google thereby receives, for example, the information that you have selected the corresponding sub-page of our website. The data processed by Google may include, in particular, your IP address and location data, which, however, will not be collected without consent (usually executed within the framework of the settings on your mobile devices).
Purpose and legal basis for Google Maps
Google processes this data as usage profiles and uses it for the purposes of market research and/or needs-based design of Google Maps. If you are a Google customer and logged into a Google service, this data will be linked directly to your Google account. If you do not wish this to happen, you have to log out of Google before visiting our website.
The processing of the data is based on Art. 6 para. 1 lit. a) GDPR. This serves as legal basis for our company in terms of processing operations in which we obtain consent for a specific processing purpose.
In this case, the provision of personal data is neither legally nor contractually required and is also not required for the conclusion of a contract. You are not obliged to provide any personal data. However, failure to provide personal data may result in you not being able to use some functions of our website or not being able to use it to its full extent.
Disable function of Google Maps
If you wish to prevent any transfer of personal data to Google, you should avoid using the Google Maps functions. Regardless of this, we recommend that you regularly log out of your user account after using a social network, especially before activating integrated contents, as this will help you to avoid a match with your profile with the respective provider.
3. Processing of customer and prospective customer data
3.1 Data categories
In the context of contact and contract initiation, we collect and process personal data for contacting and communicating with you. This involves the following data:
- Company details,
- Address of the company
- Name, first name
- Telephone number
- E-mail address
Type and purpose of data processing
This data is stored and processed for contact and contract initiation as contact data.
Legal basis for the processing of customer and prospective customer data
The legal basis for contact and contract initiation is Art. 6 para. 1 lit. b) GDPR for contract initiation and lit f) the legitimate interest in collecting new customer contacts within the scope of the permissible legal requrements.
The data will be deleted as soon as they are no longer required for the aforementioned purposes of their collection.
4. Legal basis of processing
We process personal data if you provided your consent (Art. 6 para. 1 lit. a GDPR), for the performance of a contract to which the data subject is a party of or for the performance of measures serving to initiate a contract (Art. 6 para. 1 lit. b GDPR), for the performance of a legal obligation to which Stakeholder Reporting GmbH is subject to (Art. 6 para. 1 lit. c GDPR) or for the protection of overriding legitimate interests of the controller or a third party (Art. 6 para. 1 lit. f GDPR). The legitimate interests can be either the provision of evidence for law enforcement and damage claims, the Corporate presentation purposes and public relations or the provision of technical security.
Retention periods of personal data
Stored personal data are deleted as soon as the purpose of the processing has been fulfilled and there are no legitimate grounds for further retention of the data.
We will inform you in the individual processing operations about the specific storage periods or criteria for storage.
Irrespective of this, we store your personal data in individual cases for the assertion, exercise or defence of legal claims and if there are statutory retention obligations.
5. Data transfers to third countries
In order to ensure an adequate level of data protection at all times, if we transfer your personal data outside the EEA, we will either use the European Commission’s standard contractual clauses with appropriate additional measures to guarantee a comparable level of data protection or take other appropriate safeguards as set out in Art. 46 GDPR.
6. Data transfers to third parties
We only disclose your personal data that we process on our website to third parties if it is required for the fulfilment of the purposes and is covered by a legal basis in the individual case (e.g. consent or safeguarding legitimate interests). In addition, we disclose personal data to third parties in individual cases if this serves the assertion, exercise or defence of legal claims. Possible recipients may then be, for example, law enforcement authorities, lawyers, auditors, courts, etc.
7. Your data subject’s rights
You have the following rights regarding the processing of your personal data:
Right of access (Art. 15 GDPR in connection with § 34 BDSG)
You have the right to request access to your personal data processed by us. In particular, you may request access to the purposes of processing, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned retention period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details.
Right to rectification (Art. 16 GDPR)
You have the right to demand immediate correction of data relating to you which you suspect us to have processed incorrectly, or to demand that it be completed if we have stored it incompletely.
Right to erasure (Art. 17 GDPR in connection with. § 35 BDSG)
You have the right to request the erasure of your personal data stored by us, unless the processing is required for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims.
Right to restriction of processing (Art. 18 GDPR)
You have the right to demand the restriction of the processing of your personal data insofar as the accuracy of the data is disputed by you, insofar as the processing is unlawful but you refuse the erasure of the data, insofar as we no longer require the data but you request it for the assertion, exercise or defence of legal claims, or insofar as you have objected to the processing pursuant to Art. 21 GDPR.
Right to data portability (Art. 20 GDPR)
You have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format or to request that it be transferred to another controller.
Right to withdraw your consent at any time (Art. 6 para. 1 lit. a) in connection with Art. 7 para. 3 GDPR)
You have the right to withdraw any consent you have given to us at any time. If you give your consent, you can withdraw it at any time with effect for the future; the withdrawal of consent does not affect the lawfulness of the data processing prior to the withdrawal. If you give your consent, we will explain how you can revoke it just as easily.
Right to file a complaint with the Supervisory Authority (Art. 77 GDPR in connection with § 19 para. 2 BDSG)
You have the right to complain to a supervisory authority if you believe that the processing of your personal data violates the GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our registered office for this purpose.
Furthermore, you have the
Right to object (Art. 21 GDPR)
You have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates the GDPR. As a general rule, you may contact the supervisory authority of your usual place of residence or workplace or our registered head office for this purpose.
No use of automated decision-making including profiling
We do not use any so-called profiling or other decision-making processes which are based exclusively on automated data processing and which may have legal effects on your behalf or which may significantly affect you in a similar way.
In order to exercise your rights, it is best to use the contact details of our data protection officer given under point 1. However, you can also contact us using any of the other contact details provided in section 1.