Privacy Information
I. Data Controller
The controller responsible for processing your personal data is:
VP Compliance GmbH
Heidestr. 22
13467 Berlin
info@vpdata.de
Websites: www.vpdata.de, www.vpcompliance.de, www.vpaml.de, www.vpsec.de
(hereinafter also referred to as “we” or „us”)
You can contact us at any time for any questions on the subject of data protection or in connection with our services or the use of our website. We can be reached at the above postal address as well as at the e-mail address provided.
II. General Information on collected data, legal bases and purposes of storage
1. Use of the website
When using our website for purely informational purposes, i.e. if you do not contact us in any other way, we only process the personal data that your browser transmits to our server and that is technically necessary for the display of our website and to ensure stability and security. The legal basis for this is Art. 6 (1) lit. f GDPR. Our interest lies in enabling you to establish a smooth connection and use our website comfortably, in offering a secure, stable and fast site, and in being able to carry out administrative tasks that are necessary in this context.
2. Data processing when contacting us
You can use the contact form on this website or contact us by email, post or telephone. The personal data collected in connection with contacting us via our contact form and/or by email, post or telephone will be processed exclusively for the purpose of communicating with you. The legal basis is Art. 6 (1) lit. b GDPR. The personal data collected by us when using the contact form will be deleted after complete processing of your request, unless we need it to fulfill contractual or legal obligations (for more details see point V.).
3. Data processing in the context of initiating and executing a contractual relationship
We process personal data of our (future) customers within the scope of our contractual relationship and its initiation. If our (future) customers are companies, we process personal data of their legal representatives and their employees. We also process personal data of third parties who play a role in the respective matter (e.g. partners, external data protection officers, other parties involved). Typically, this is the following personal data:
- Master data (e.g. name, address, contact information such as email, telephone number and internet address);
- customer-related data (e.g. contracts, communications);
- Consulting data (e.g. contents of enquiries and documents);
- Activity data (e.g. consultation documentation, performance records, invoices);
- other data that you voluntarily provide to us within the scope of the contractual relationship;
This data is processed
- to initiate and execute the contractual relationship;
- to comply with legal obligations;
- for acquisition;
- in order to provide you with appropriate advice;
- in order to communicate with you;
- to make operational processes efficient;
- for accounting and invoicing;
- to archive files, delete data and document the contractual relationship.
Data processing is carried out in accordance with Article 6(1)(b) of the GDPR.
If you are not or do not wish to become a customer yourself (e.g. because it is not you but the company you work for that has commissioned or wishes to commission us, or if you are, for example, an external data protection officer or other party involved), we process your personal data in accordance with Art. 6(1)(f) GDPR. Our legitimate interests consist of providing appropriate advice for the purposes mentioned, or, for example, establishing contact.
If we are legally obliged to process data, we base this on Art. 6 (1) (c) GDPR in conjunction with the respective legal provision, in particular for the fulfilment of professional, commercial and tax law obligations for documentation and storage.
Under certain circumstances, we may need to process your personal data for the purpose of asserting or defending against claims; the legal basis for this is our legitimate interest pursuant to Article 6(1)(f) GDPR in the efficient defence of legal claims and enforcement of rights.
The provision of your personal data is necessary if you, or the company you work for, wish to commission us. If you do not provide your personal data, it will not be possible to establish and execute the contractual relationship. If we are subject to a legal obligation to process certain data, the provision of the relevant data is also mandatory for the commissioning.
4. social media
LinkedIn is operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”). We operate our LinkedIn company page in joint responsibility with LinkedIn on the basis of an agreement on the joint processing of personal data. You can view this agreement here: https://legal.linkedin.com/pages-joint-controller-addendum. There you will also find information about the processed page insights data and how to contact us in case of data protection inquiries. LinkedIn’s privacy policy is available here: https://www.linkedin.com/legal/privacy-policy.
The legal basis for this data processing is Art. 6 (1) (f) GDPR. Our legitimate interest is to contact you, stay in touch with you, and inform you about our services. If you contact us via LinkedIn, the request also serves to implement pre-contractual measures. The legal basis is then Art. 6 (1) (b) GDPR.
We only store personal data that we process in the context of our social media presence for as long as is necessary to process the respective interaction or inquiry.
5. applications
You can apply to us by email or post. The purpose of data collection is to carry out the application process with a view to possibly establishing an employment relationship. We collect the data you provide in order to process your application. As confidentiality cannot be guaranteed when sending applications by unencrypted email, you can also apply by post. The legal basis for processing is Art. 6 (1) (b) GDPR. If the application does not result in an employment relationship, this data will be deleted six months after the application process has been completed.
6. newsletter / community lists
We offer newsletters and registration for our communities. To do this, we need your email address so that we can send you information. Our service provider also offers the option of measuring the successful delivery and opening of the email. This allows us to identify and rectify any errors in sending the emails. The legal basis for processing is your consent, Art. 6(1)(a) GDPR.
III. Recipients of data
We will only pass on your data if we are legally permitted to do so. We may pass on your data as follows, unless already mentioned separately above:
- Hosting service provider for our website: Strato GmbH, Otto-Ostrowski-Straße 7, 10249 Berlin
Office products: Microsoft Ireland Operations, Ltd., One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland
Email service provider for sending our newsletters: Klick-Tipp Limited, 15 Cambridge Court, 210 Shepherd’s Bush Road, London W6 7NJ, United Kingdom
- freelancers
The transfer is based on our legitimate interest in organising our business operations in an entrepreneurial manner and in deciding freely on the personnel and IT service providers used in the interests of efficient and appropriate consulting and organised business operations; the legal basis is Art. 6(1)(f) GDPR.
All recipients to whom we transfer your personal data may only process this data in accordance with our instructions. We carefully select and commission service providers, who are bound by our instructions. Furthermore, we are contractually entitled to monitor compliance with the relevant contractual and legal regulations by the service providers.
In the event of a statutory obligation, we also reserve the right to disclose information about you if we are required to do so by lawfully acting authorities or criminal prosecution bodies. The legal basis for this is Art. 6 (1) lit. c GDPR.
If we transfer your data to a country that is not a member of the EU or the EEA and for which no adequacy decision has been made by the European Commission, we will take all necessary measures to ensure that the data is processed securely. This includes, for example, concluding standard data protection clauses of the European Commission.
IV. Storage period
We store your personal data for as long as is necessary to achieve the purpose stated in this Privacy Information, in particular to fulfill our legal and contractual obligations. Once the purpose has been achieved, this data will be deleted unless the law permits us to continue storing it for specific purposes, including the defence of legal claims. We delete personal data after and to the extent that storage is no longer necessary and no legitimate interests or legal obligations on our part, such as statutory retention obligations (Section 147 of the German Fiscal Code (AO), Section 257 of the German Commercial Code (HGB), Section 14b of the German Value Added Tax Act (UStG)), prevent deletion. Deletion therefore generally takes place 6 to 10 years after the end of the contractual relationship.
V. Your rights
In accordance with the statutory provisions, you have the following rights with regard to the processing of your personal data:
- Right of access
- Right to rectification and erasure
- Right to restriction of processing
- Right to object to the processing
- Right to data portability
You also have the right to complain to a supervisory authority about our data processing. The supervisory authority responsible for us is: Berlin Commissioner for Data Protection and Freedom of Information, Alt-Moabit 59-61, 10555 Berlin.
VI. Right of revocation and objection
You have the right to revoke any consent given to us at any time. The processing based on this consent will then no longer be continued in the future. The legality of the processing based on the consent until revocation is not affected by the revocation.
If we process your data on the basis of legitimate interests, you have the right to object to the processing of your data at any time for reasons arising from your particular situation.
You can object to the processing of your data for direct marketing purposes at any time, even without stating reasons.
In order to make use of your right of withdrawal or objection, please send an informal message to the contact details listed at point I.