The following information is to be provided pursuant to Art. 13 et sqq. General Data Protection Regulation (GDPR) where personal data are collected from the data subject.
1. Identity and the contact details of the controller
(hereinafter ” Nayoki“, „we“, „us“).
2. Contact details of the data protection officer
Holzhofer Consulting GmbH
Lochhamer Str. 31
Phone: +49 89 1 25 01 56 00
3. Purposes of the processing for which the personal data are intended as well as the legal basis for the processing
3.1. Data processing for performing of a contract between you and us (Art. 6 para. 1 lit. b GDPR)
In order to fulfil the existing contractual relationship, provide the services owed and send you contractual documents, we and third parties or contract processors commissioned by us process the following data from you, provided that you have submitted it to us upon conclusion of the contract or in the course of the contractual relationship:
When contacting us (e.g. via e-mail), the user’s details are stored for the purpose of processing the request and in the event that follow-up questions arise (pre-contractual measures).
3.2. Use of data on the basis of your consent (Art. 6 para. 1 lit. a GDPR)
In the case of an advertising contact, we will only communicate with you via the channels to which you have given your consent, except by post. We use your data for the following purposes:
3.3.Use of data on the basis of legitimate interests (Art. 6 para. 1 lit. f) GDPR)
We may use your personal data to pursue our legitimate interests, except where such interests are overridden by your interests or fundamental rights and freedoms. If data processing is based on a balance of interests and thus on legitimate interests, further information regarding the balance of interests is available on request.
4. Commitment to the provision of data
The provision of name and address is obligatory for a consulting contract. If you do not provide us with this information, no consulting contract will be concluded with us. All other data is voluntary.
If you are applying for a job offer from us, the provision of title, first name, surname, address is required for the application procedure. Non-provision would mean that an employment contract could not be concluded or could not be implemented.
5. Automated individual decision-making, including profiling
Nayoki does not carry out any profiling measures.
6. Data transfer to a third country
In principle, data is not transmitted to countries outside the EU and the European Economic Area (“third countries”). Data transfers to third countries may only occur within the scope of the administration, development and operation of IT systems. The transmission only takes place in the following cases:
7. Recipients of personal data and data sources
7.1. Categories of recipients of personal data
To the extent permitted by law, we pass on personal data to external service providers:
7.2. Data sources
We process personal data that we have received from you in the course of our business relationships. To the extent necessary for the provision of our services, we process personal data which we may obtain from publicly accessible sources (debtor registers, land registers, commercial and association registers, press, Internet) or which are legitimately transmitted by other third parties (an inquiry agency or an address service provider).
8. Storage period and criteria for determining that period
We store your data for the period of the existing contract and after termination of the contract for a period until the fiscal tax audit of the last calendar year in which you were our customer. If there are legal retention periods, we are obliged to store the data until the expiry of these periods. After expiration of the legal storage obligations, which result primarily from the commercial and tax law (in particular Sections 147 AO and 257 HGB), we delete this data.
We store your data for marketing activities until you object its use, you revoke your consent or an address is no longer permitted by law. We store your other data as long as we need it to fulfil the specific purpose (e.g. to fulfil or process the contract) and erase it after the purpose no longer applies.
9. Processing of personal data on our website
Links to other websites
10. Information on your rights as data subject
Nayoki is responsible for the processing of your data, unless otherwise stated. You may at any time request information about the data stored about you and its correction in the event of errors. Furthermore, you may request the restriction of processing, the transferability of the data provided to us by you in a machine-readable format or the deletion of your data – insofar as they are no longer required.
In addition, you have the right to object at any time to the use of your data based on public or legitimate interests.
If we process your data on the basis of a consent given by you, you can withdraw this consent at any time with effect for the future. Upon receipt of your withdrawal, we will no longer process your data for the purposes stated in the consent. Please address your withdrawal or an advertising objection to:
11. Your right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a supervisory authority. The Bavarian Data Protection Authority, P.O. Box 606, D-91511 Ansbach, is responsible for us. Alternatively, you can contact your local supervisory authority.