Data Protection Declaration for this website
We have written this data protection declaration (version 05.09.2022) to explain to you, in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679, what information we collect, how we use data and what decision-making options you have as a visitor to this website.
Note on the responsible entity
The responsible authority for data processing on this website is:
RISK-CONSULTING Prof. Dr. Weyer GmbH
Tel: +49 221 968479 – 0
Responsible authority is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.).
Hosting and Content Delivery Networks (CDN)
This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster’s servers. This is the data described in the next section (Automatic data storage).
The hoster is used for the purpose of fulfilling the contract (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online presence by a professional provider (Art. 6 para. 1 lit. f GDPR).
Our hoster will only process your data to the extent necessary to fulfill its service obligations, and he will follow our instructions regarding this data.
We use the following hoster:
INSIGMA IT Engineering GmbH
Conclusion of a contract on order processing
To ensure data protection-compliant processing, we have concluded a contract for order processing with our hoster.
Automatic data storage
Nowadays, when you visit websites, certain information is automatically created and stored, also on this website.
When you visit our website, as you are doing right now, our web server automatically stores data such as
- the host name and IP address of the device from which the access is being made
- the address (URL) of the visited website
- browser and browser version
- the operating system used
- the address (URL) of the previously visited page (referrer URL)
- date and time
in files (web server log files).
Usually, web server log files are stored for two weeks and then automatically deleted. We do not pass on this data, but we cannot exclude the possibility that this data may be viewed in the event of unlawful behavior.
Rights under the General Data Protection Regulation
According to the provisions of the GDPR, you are generally entitled to the following rights:
- Right to rectification (Article 16 GDPR)
- Right to erasure (“right to be forgotten”) (Article 17 GDPR)
- Right to restriction of processing (Article 18 GDPR)
- Right to notification – obligation to notify in connection with the rectification or erasure of personal data or the restriction of processing (Article 19 GDPR)
- Right to data portability (Article 20 GDPR)
- Right to object (Article 21 GDPR)
- Right not to be subject to a decision based solely on automated processing – including profiling (Article 22 GDPR).
If you believe that the processing of your data violates data protection law or your data protection rights have been violated in any way, you can contact the responsible supervisory authority. About this and other questions on the subject of data protection, you can contact us at any time.
TLS encryption with https
We use https to transmit data in a tap-proof manner on the Internet (data protection by design of technology Article 25(1) GDPR). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission on the Internet, we can ensure the protection of confidential data.
Integration of third-party services and content / Content Delivery Networks (CDN)
We use content or service offers from third-party providers within our website in order to integrate their content and services, such as scripts or fonts (hereinafter jointly referred to as “content”). This always requires that the third-party providers of this content are aware of the IP address of the user, as without the IP address they would not be able to send the content to their browser. The IP address is therefore necessary for the display of this content. We aim to only use content whose respective providers only use the IP address to deliver the content.
Below is an overview of the third-party providers used and their content, along with links to their data protection declarations, which contain further information on data processing and opt-out options:
- We integrate external SVG icons from Fontawesome: https://use.fontawesome.com/. The integration takes place via a server call of the font library in the USA.
- We integrate a script for animations via the Cloudflare content delivery network. The integration takes place via a server call in the USA.
Request by e-mail, telephone or letter
If you contact us by e-mail or telephone, your inquiry including all resulting personal data (name, inquiry) will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent.
The processing of this data is based on Art. 6 (1) lit. b GDPR, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests addressed to us (Art. 6 (1) (f) GDPR) or on your consent (Art. 6 (1) (a) GDPR) if this has been requested.
The data you provide to us will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory legal provisions – in particular legal retention periods – remain unaffected.