Privacy Notice Website
Our website privacy notice is structured as follows:
B. Processing of personal data
C. Your rights
The simultaneous use of masculine and feminine forms of speech is waived for reasons of better readability. All personal designations nevertheless apply to all genders.
Responsible for the processing of personal data is:
BRP Renaud and Partners mbB
Königstraße 28, D-70173 Stuttgart
T +49 711 16445-0
F +49 711 16445-100
Beethovenstraße 12-16, D-60325 Frankfurt/Main, Germany
T +49 69 133734-0
F +49 69 133734-34
You can reach our data protection officer at:
BRP Renaud and Partners mbB
Data Protection Officer
Königstraße 28, D-70173 Stuttgart
T +49 711 16445-0
F +49 711 16445-100
B. Processing of personal data
Read here how personal data is collected and for what purposes it is processed with what legal basis, to whom the data is disclosed for what purpose and under what conditions it is deleted again.
1. Technical and functional provision of the website
We process personal data in order to be able to provide our website as far as possible without technical or functional restrictions and in accordance with legal requirements.
When you visit our website, we store certain access data, e.g. browser type and version, operating system used, the previously visited website, access date and time of the server request and the client's file request (file name and URL). We use this data anonymously for statistical evaluations without attribution to the respective user.
The purpose of this data processing is the retrievability and correct display of the website on your terminal device as well as the optimization of our website. In this respect, there is a legitimate interest on our part. The basis for the processing is Art. 6 para. 1 p. 1 lit. f GDPR and § 15 TMG (German Telemedia Act; Telemediengesetz).
b) Consent Management Tool
Our website uses the Consent Management Tool ("CMT") of Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich ("Usercentrics") to obtain and document your consent to data processing by various services.
When you open our website, you can give consent via the CMT for individual data processing, which is stored by the CMT. For this purpose, the CMT generates a so-calles "Controller ID" and also stores information in session storage and local storage of your browser:
- uc_user_country: Records your country and region in order to display the output language of the Usercentrics interface in the appropriate language; Deleted after the session expires; There is no access by third parties to the processed data.
- uc_tcf: Helps to request and transmit the user consent; Deleted the next time your browser cache is cleared; There is no access by third parties to the processed data.
- uc_settings: Contains your settings in Usercentrics for consenting to different data processing operations as well as the time of your consent/refusal; Deleted the next time your browser cache is cleared; There is no access by third parties to the processed data.
- uc_user_interaction: Stores whether you have already selected a setting for your data processing preferences (i.e. whether you have already interacted with the CMT); Deleted the next time your browser cache is cleared; There is no access by third parties to the processed data.
This information, which is linked to the Controller ID, can be used to track which data processing by which services you have consented to or not consented to when you reopen the website. This way, you do not have to enter your settings for consenting to individual data processing operations again with each visit. Of course, you can also change your selection subsequently via the settings. You can open the CMT at any time via the "fingerprint icon".
We use the CMT to allow you to consent to different data processing operations and to withdraw consent once given. We are required by law to obtain and document your consent. The legal basis for data processing by the CMT is Art. 6 para. 1 p. 1 lit. c GDPR.
For more information about the CMT and Usercentrics' privacy practices, please visit: usercentrics.com/de/faqs/legal-datenschutz/beschreibung-usercentrics-in-datenschutzerklaerung.
c) Required cookies
– PHPSESSID: Assignment of an ID for the current session - this is standard for PHP-based websites; cookie and session ID are deleted again when the website is closed; third parties have no access to the processed data.
We collect personal data when you provide it to us. This can be, for example, data that you transmit to us in the course of contacting us.
The processing of this data is based on Art. 6 para 1 p. 1 lit. b GDPR, insofar as this is necessary for the execution of a measure requested by you. In all other cases, the processing is based on our legitimate interest in the effective processing of requests addressed to us (Art. 6 para. 1 p. 1 lit. f GDPR).
3. Advertising measures; in particular e-mail-newsletters
We may process your data for advertising purposes. We have a legitimate interest in the use of your data for direct marketing purposes within the meaning of Art. 6 para 1 p. 1 lit. f GDPR. If you have consented (Art. 6 para. 1 p. 1 lit. a GDPR), your data will also be processed for the sending of an e-mail-newsletter.
CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany, is used in part for sending newsletters by e-mail. Winkhardt + Spinder GmbH & Co. KG, Ernsthaldenstraße 53, 70565 Stuttgart, Germany, is used in part for sending newsletters by mail. In each case, this is a service provider bound by instructions, which is obligated in accordance with the data protection regulations and may not use the data for any other purpose.
You can unsubscribe from an e-mail-newsletter at any time and thus withdraw your consent to the sending of the newsletter with effect for the future by contacting us either via the link provided for this purpose in every e-mail-newsletter or directly via newsletter-cancel(at)brp.de. In addition, you can object to the processing of your personal data for advertising purposes with effect for the future in writing, by fax, by e-mail or by telephone, without incurring any costs other than the transmission costs according to the basic rates. The lawfulness of the data processing operations already carried out remains unaffected by this.
If you exercise your right to object, we will store the address data mentioned in a "block list" to implement your objection. If you wish your data to be deleted completely, we would like to point out that if your data is collected again, processing for advertising purposes may occur again due to lack of knowledge of your objection.
If you have consented, we use the open source web analytics software "Matomo" on our website.
With Matomo, we collect and process personal data for optimization and marketing purposes. In particular, this involves the – immediately anonymized – IP address, a randomly assigned user ID, date and time of the first, last and current access to our website, total number of visits to our website, location and the visitor's language settings. For data collection purposes, cookies are stored on your computer. These are the following cookies:
- _pk_id...: Stores the visitor's session ID associated with Matomo; Storage period: 13 months; There is no access by third parties to the processed data.
- _pk_ses...: Stores information about the current session; Deleted after the session expires; There is no access by third parties to the processed data.
- _pk_ref..: Stores the website that the user visited before our website (referrer); storage period: 6 months; There is no access by third parties to the processed data.
- MATOMO_SESSID: Temporary cookie needed for security reasons for the execution of the opt-out; Deleted after the session expires; There is no access by third parties to the processed data.
The data collected is used to create and evaluate pseudonymous usage profiles. The pseudonymous usage profiles only refer to our website. Tracking across services and websites does not take place. Likewise, no personal identification of the individual visitor takes place.
The processing of your personal data by Matomo only takes place if you have consented. The relevant legal basis in this respect is Art. 6 para. 1 p. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future via our Consent Management Tool (CMT).
5. Data processing on our social media company pages
We operate a so-called "company page" on these social media platforms:
- "Facebook": Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
- "LinkedIn": LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
- "Xing": New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany
a. General information about company pages, legal basis
When visiting a company page, the respective provider collects information that enables it to recognize users and comprehensively analyze user behavior. Based on the data collected in this way, the operator of the social media platform can also create user profiles. If you are logged in with your corresponding social media account when visiting a company page, the respective provider can also assign this visit to your account.
The respective provider merely provides us with an anonymized statistical evaluation of the use of our company website based on the information obtained. This enables us to make our contributions even more targeted in the future. In this respect, we have a legitimate interest in collecting and processing this information. In addition, we have a legitimate interest in being able to use as many communication options as possible and thus reach as many interested parties personally as possible. The legal basis for the operation of a company page is in this respect Art. 6 para. 1 p. 1 lit. f GDPR.
We do not ourselves pass on to third parties any personal data that we collect via our company pages. However, we can neither influence nor exclude the possibility that the named providers transmit the collected data to third parties - in particular to their partner companies, which may also be based in countries outside the EU. In many third countries outside the EU, there is currently no level of data protection that corresponds to the EU.
In principle, you can assert your data subject rights (see also under C.) with regard to data processing by our company pages both against us and against the respective provider. However, we would like to point out that these can be asserted most effectively with the respective provider. This is because only the respective provider has access to the users' data and can take appropriate measures and provide information directly.
b. Agreements according to Art. 26 GDPR
We have concluded an agreement with Facebook and LinkedIn pursuant to Art. 26 GDPR in which the data protection obligations arising from the operation of our company website are divided between us and the respective provider. The providers have thereby assumed a large part of the data protection obligations, such as the fulfillment of the data subject rights pursuant to Art. 12-23 GDPR, the obligation to provide suitable technical and organizational measures to protect the security of personal data, and the reporting and notification obligations in the event of a data protection breach. If you contact us regarding your data subject rights, we will immediately forward your request to the respective provider. We are obligated to do so under the agreement with the respective provider.
For more information on the agreement between us and the respective provider, please see:
6. Disclosure of data to third parties
Your personal data will only be passed on to third parties if this is necessary for the purpose of processing the contract (Art. 6 para. 1 p. 1 lit. b GDPR), you have expressly consented to the transfer (Art. 6 para. 1 p. 1 lit. a GDPR) or data protection law permits such a transfer. However, only the data required in each case will be passed on.
In addition to the recipients mentioned above, personal data may be passed on to our website administrator, anders und sehr GmbH, Heßbrühlstraße 7, 70565 Stuttgart, Germany. The website is hosted exclusively on servers within the EU via a German service provider Host Europe GmbH, Hansestraße 111, 51149 Cologne. In both cases, the service providers are not only bound by instructions in accordance with data protection law but also not permitted to use the data for any other purpose.
7. Data deletion
The personal data processed by us will be stored for as long as required for the respective purpose – in particular the processing of your request or your contract – in compliance with the statutory retention periods (e.g. in accordance with the German Commercial Code and the German Fiscal Code, ten years for tax-relevant documents and six years for other business letters) (Art. 6 para 1 p. 1 lit. c GDPR). Storage beyond the statutory retention periods is possible if you have consented to this in accordance with Art. 6 para. 1 p. 1 lit. a GDPR or the purpose of the data processing has not yet ceased.
C. Your rights
1. Disable cookies
2. Right of withdrawal
Some of the processing operations explained above are only carried out with your consent. You can withdraw your consent to the performance of these processing operations at any time with effect for the future. In this case, you may no longer be able to use our services as usual until you have again consented to the respective data processing. You can exercise your right of withdrawal via our Consent Management Tool (CMT). In this way, you can also consent again to individual data processing operations. You can open the CMT at any time via the "fingerprint icon ".
3. Right of objection
You may object to the use of personal data for direct marketing purposes at any time; you may also object to the use of personal data on the basis of Art. 6 para. 1 lit. e or f GDPR for reasons arising from your particular situation at any time with effect for the future, without incurring any transmission costs other than those according to the basic rates.
4. Right of access, rectification, erasure or restriction and portability
Under the conditions of Art. 15 to 20 GDPR, you have the right to receive information free of charge about the data we have stored about you, to have incorrect data rectified and to demand erasure, restriction of precessing and portability of your personal data. In some cases, however, we are not allowed to delete user data completely due to legal retention obligations.
5. Right of appeal
You have a right of appeal to a supervisory authority. The supervisory authority responsible for us is the Landesbeauftragte für Datenschutz und Informationsfreiheit, Königstraße 10a, 70173 Stuttgart.
Update: April 2021