Detailed Privacy Notice
General Information
The protection of your personal data is a top priority for KGM Strategy. It is important to us to inform you about what personal data we collect during your visit to our websites, how it is used and what configuration options you have. This data protection notice provides you with answers to the most important questions. (Last Update: August 2024)
Data Controller
The data controller when accessing this website within the meaning of the General Data Protection Regulation (GDPR) and other provisions of data protection law is:
KGM Strategy
Lichtstraße 43i
50825 Cologne
Germany
Phone: +49 221 485 687 0
E-Mail: office@kgmstrategy.com
KGM Strategy has appointed an external Data Protection Officer. They can be contacted at office@kgmstrategy.com.
What data is collected and how is it used?
When you visit our websites, our web servers temporarily record the domain name or IP address of your computer, the client’s file request (file name and URL), the http response code, and the source of your page request, also called referral URL.
Cookies: We use cookies for certain offers. These are small text files that are stored on your computer. This allows us to recognize when you visit us repeatedly.
Detailed information on all cookies used by us and your right to object can be found HERE.
Additional personal data, such as your name, address, telephone number or e-mail address, is not collected unless you provide this information voluntarily when getting in touch with KGM Strategy.
Where is my data processed?
Your data will generally be processed in Germany. Only in individual cases and within the legally permissible scope does data processing also take place abroad.
Under certain circumstances, your data may be accessed by our employees during business trips from third countries outside the European Economic Area (EEA), e.g. if you make an enquiry and an employee processes it from abroad. This access takes place via VPN connection, encrypted between the notebook of the employee and the server in Germany. Likewise, data processing of your data on the local notebook of our employees abroad is possible.
How secure is my data?
To protect your data from unauthorized access and misuse, we have taken extensive technical and organizational measures to ensure security in accordance with German and European data protection law.
Will my data be shared with third parties?
Yes, some data must be shared under strict contractual and legal requirements.
Due to legal obligation: In certain cases, we are legally obliged to transfer data to a requesting government agency.
To external service providers for data processing: If service providers handle personal data of our clients, we generally do so within the framework of a so-called data processing agreement. This is expressly provided for by law (Art. 28 GDPR). KGM Strategy remains responsible for the protection of your data even in this case. The service provider is contractually obligated to process all personal data exclusively in accordance with our instructions, which we ensure through strict contractual regulations, through technical and organizational measures and through supplementary controls.
Where processing of personal data takes place outside the EEA, an adequate level of data protection is ensured by the conclusion of the EU standard contractual clauses or other appropriate guarantees pursuant to Art. 44 et. sq. GDPR.
External service providers
We work with the external service provider HubSpot to record and analyze the traffic on our website. HubSpot also supports us in managing our CRM. The service uses optional cookies, the use of which you consent to and from which you can withdraw your consent at any time. Further information on these cookies can be found in the cookie banner or in our general cookie notice: /en/cookies/. HubSpot works exclusively bound by instructions as a processor within the meaning of Art. 28 GDPR. Further information on data protection at HubSpot can be found at: https://legal.hubspot.com/privacy-policy.
Surveys, studies and e-map
We use external service providers at various points on our website to conduct surveys and studies. In the following, we would like to briefly introduce you to the service providers used and the purposes for which your data is processed:
- We use the services of SurveyMonkey (SurveyMonkey Europe UC, 2 Shelbourne Buildings, Second Floor, Shelbourne Rd, Ballsbridge, Dublin 4, D04 Y4A4, Ireland) to embed surveys on our website. The results of these surveys are then published, for example as a white paper. SurveyMonkey acts as our processor and is bound by our instructions (Art. 28 GDPR). In the event of a third country transfer, the EU standard contractual clauses apply. SurveyMonkey loads Google Fonts via so-called iFrames, on which KGM Strategy has no influence. By participating in a survey, you consent to the use of this service.
The types of data processed include your contact information, such as name, e-mail or telephone number. This information is voluntary, and you can also complete the survey anonymously.
Subject to your consent, you will be informed about the survey results and other new publications. You can revoke this consent at any time.
- We use the services of Microsoft Forms (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA) to operate our e-map tool.
The types of data processed include your contact information, such as name, e-mail or telephone number, as well as information about your company. If you subsequently wish to be informed about your benchmarks and other services and news from KGM Strategy, you can voluntarily give your consent to this, which can be revoked at any time.
Online Meetings, Telephone and Video Conferences, and Webinars
We use platforms and applications of other providers for the purpose of conducting video and audio conferences, webinars and other types of video and audio meetings (hereinafter referred to as « Online Meetings »). When selecting these providers and their services, we comply with the legal requirements on data protection.
We currently use the providers Zoom (a service of Zoom Video Communications, Inc., 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA) and Microsoft Teams (a service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA) (hereinafter collectively referred to as « Providers »). The Providers act on our behalf (data processing pursuant to Art. 28 GDPR), based on a data processing agreement including the EU standard contractual clauses.
Note: If you access the Zoom or Microsoft Teams websites, the Providers are responsible for data processing. However, calling up the website is only necessary for using Zoom or Microsoft Teams in order to download the software for use or to use the browser version.
Recording of Online Meetings
In individual cases, we may record Online Meetings in order to make the recording available to the participants afterwards or to publish it via our online presence. If a recording is made, all participants will be expressly informed of this fact before the start of the Online Meeting so that they can individually decide whether they wish to be visually or acoustically recognisable on the recording. In addition, the microphones and cameras of all participants will generally be muted at the beginning of the Online Meeting. The fact of recording is indicated to them in the Online Meeting window by a red symbol as soon as and as long as the recording is running. There is no recording by default.
The recording is based on our legitimate interest pursuant to Art. 6 para. 1 p. 1 lit. f) GDPR to make it permanently available to the participants for follow-up purposes or to publish it via our online presences (e.g. website, social media channels, intranet) for marketing purposes. In all other cases, recordings are only made if and to the extent that this is necessary for documentation and follow-up purposes or to optimize our Online Meetings. Online Meetings are recorded exclusively in anonymous form, without the data of the participants being visible.
Data categories processed
To participate in an Online Meeting or to enter the meeting room, you must at least provide information about your name and – in the case of telephone use – your telephone number. You can deactivate the transmission via microphone and camera at any time using the corresponding settings.
The following personal data may be subject to processing:
- User details: first name, last name, display name, e-mail address, telephone, password (if single sign-on is not used), preferred language. Optional: profile picture, department.
- Meeting metadata: Meeting topic and description, meeting ID, date, time and location details, IP addresses, device/hardware information, phone numbers, time of last participant activity, number of chat and channel messages, duration of time for audio, video and screen sharing.
- When dialing in by phone: incoming and outgoing phone number information, country name, start and end time.
- Text, audio, and video data: You may have the option of using the chat, question or poll functions in an Online Meeting. To this extent, the text entries you make are processed in order to display them in the Online Meeting and, if necessary, to log them. To enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device will be processed accordingly for the duration of the Online Meeting, unless you have deactivated these functions.
- For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the Online Meeting chat.
Further privacy related information of the Providers:
Zoom: https://explore.zoom.us/en/trust/privacy/
Microsoft Teams: https://privacy.microsoft.com/de-de/privacystatement.
Beyond that, we do not share any data with third parties unless you have explicitly consented, or this is required by law.
Is my usage behavior being evaluated, e.g. for advertising?
Within the scope of legal regulations, we create usage profiles under a pseudonym. We can use these for the optimization of our content. It is not possible to draw any direct conclusions about you. A linking of the profile data with further information about your person only takes place with your consent. In the following, we inform you about the procedures used on our websites and how you can object at any time.
Use of Google Analytics
Nature and purpose of processing
To the extent that you have given your consent, this website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland). Google Analytics uses cookies that analyse your use of the website. The information collected is usually transferred to a Google server in the USA and stored there.
We use Google Signals
Google Signals are session data from websites and apps. These allow us to collect additional information about website visitors who are logged into their Google account and have activated personalised advertising. By linking data, cross-device remarketing campaigns can be delivered to such users.
We use the User-ID function
Using User-ID, we assign IDs to website visitors in order to analyse their behaviour throughout one or more sessions (and the activities within these sessions) across devices. In Google Analytics 4, automatic anonymisation of IP-addresses is activated by default. Due to the activation of IP anonymisation on these websites, your IP-address will be shortened by Google within member states of the EU or EEA. Only in exceptional cases will the full IP-address be transmitted to a Google server in the USA and shortened there. According to the information provided by Google, the IP-address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
Further information on terms of use and data protection can be found at google.com/analytics/terms/de.html and at https://policies.google.com/?hl=en.
Google will use this information on behalf of KGM Strategy for the purpose of evaluating your use of the website, compiling reports on website activity, and providing other services relating to website activity and internet usage to the website operator.
The data sent by us and linked to cookies, user identifiers (e.g. User-ID) or advertising IDs are automatically deleted after 14 months. Data that has reached the end of its retention period is automatically deleted once a month.
Legal basis
The legal basis for data processing is your consent pursuant to Art. 6 para. 1 p. 1 lit. a) GDPR.
Third country transfer
As Google is headquartered in the USA, it cannot be ruled out that the data will be processed on Google servers in the USA. As a result, there is a risk that your data may be processed by US authorities for control and monitoring purposes without you being able to take legal action. To establish an appropriate level of data protection, we have concluded EU standard contractual clauses with Google, which can be viewed here: https://business.safety.google/adscontrollerterms/sccs/c2c/
Retention period
The recorded data is stored together with the randomly generated User-ID to enable the analysis of pseudonymised user profiles. This user-related data is automatically deleted after 14 months. Other data remains stored in aggregated form indefinitely.
WITHDRAWAL OF CONSENT
You can withdraw your consent at any time for the future via this website’s privacy settings.
You can also prevent Google from collecting the data generated by a cookie and relating to your use of the website (including your IP-address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en
Data Control for the Social Media Plugins used
Our website contains buttons from social media networks, which you can use to access our company profiles on the social networks in order to follow us there and network with our contact persons.
To ensure that you have full data control, the buttons used only establish direct contact between the respective social network and the visitor when you actively click on the button (one-click solution).
By activating the social media plugin, the following data may be transmitted to the social media providers: IP address, browser information, operating system, screen resolution, installed browser plugins such as Adobe Flash Player, source of the visitor if you followed a link (referrer) URL of the current website.
The next time you visit the website, the social media plugins are provided again in the pre-set inactive mode, so that when you visit the website again, it is ensured that no data is transmitted.
What is the legal basis for the processing of your personal data?
If our company is subject to a legal obligation by which the processing of personal data becomes necessary, the processing is based on Art. 6 para. 1 p. 1 lit. c) GDPR. If we process your data for the implementation of pre-contractual measures that are carried out at your request or, if you are already our client, for the performance of the contract, Art. 6 para. 1 p. 1 lit. b) GDPR is the legal basis for this data processing. We only process further personal data if you consent to this (Art. 6 para. 1 p. 1 lit. a) GDPR) or we have a legitimate interest in processing your data (Art. 6 para. 1 p. 1 lit. f) GDPR).
What are your rights as a data subject?
Your following rights are stipulated in the European General Data Protection Regulation. We respect these rights and assure you that we will process your request as quickly as possible. You are entitled to the following rights:
- 15 GDPR: Right of access by the data subject
- 16 GDPR: Right to rectification
- 17 GDPR: Right to erasure (“Right to be forgotten”)
- 18 GDPR: Right to restriction of processing
- 20 GDPR: Right to data portability
- 21 GDPR: Right to object
You also have the right to lodge a complaint with the competent supervisory authority (Art. 77 GDPR).
For more information about your data protection rights, please contact our Data Protection Officer (office@kgmstrategy.com).
Can I access information about my stored data?
You can request information free of charge about the scope, origin and recipients of the stored data and the purpose of storage.
Can I have data corrected?
You can request that incorrect data be corrected at any time.
Can I have my data deleted?
You can demand that your data be deleted at any time.
This right is only restricted if the:
- Data is subject to a statutory retention period, e.g. by the German Tax Ordinance (Abgabenverordnung)
- Data is indispensable for the fulfilment of the purpose of the contract
- Data is processed to exercise the right to freedom of speech and information
- Data is processed for the fulfilment of a legal obligation to which the controller is subject
- Data is processed for the performance of a task carried out in the public interest or in the exercise of official authority
- Data is processed for archival purposes in the public interest, scientific or historical research purposes, or statistical purposes, or
- Data is processed for the assertion, exercise or defence of legal claims.
Can I get my data transferred by machine?
You have the right to receive personal data that you have provided to us pursuant to Art. 20 para. 1 GDPR in a structured, common and machine-readable format.
We will transfer the requested data without hindrance, provided that
- the processing is based on consent pursuant to Article 6 para. 1 p. 1 lit. a) GDPR or Article 9 para. 2 lit. a) GDPR or on a contract pursuant to Article 6 para 1 p. 1 lit. b) GDPR and
- the processing was carried out with the help of automated procedures.
If applicable, this right may be exercised in a restricted manner:
- if the data transfer is not possible or only possible with disproportionate effort due to the special nature of the storage and is not possible for technical reasons.
Do I have the right to object?
Yes. Any person affected by the processing of personal data has the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her which is carried out on the basis of Article 6 para. 1 p. 1 lit. e) or f) GDPR. We shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the assertion, exercise or defense of legal claims.
In order to exercise the right to object, the data subject may directly contact the Data Protection Officer (office@kgmstrategy.com).
Can I revoke a consent given by me for the processing of my personal data?
Yes, you can revoke your consent at any time. To do so, you can click on the unsubscribe link at the end of each of our newsletters or send us an email at office@kgmstrategy.com.
How can I get more information about data protection at KGM Strategy?
If you have any questions about data protection, you can contact our Data Protection Officer at office@kgmstrategy.com.