The security of your personal data is an important concern for us. With the following information we would like to give you an overview of the basic processing of your personal data by us as well as your rights from the data protection law. Which data is processed in detail and how it is used, as well as the respective deletion periods, is largely determined by the individual business relationships and the contractual agreements.

1. What data is processed? We process personal data that we receive from our clients in the course of our business relationship, e.g. names of employees or applicants or their CVs. In addition, we process personal data that we permissibly obtain from publicly accessible sources (e.g. press, Internet) or are legitimately provided by other third parties. Relevant personal data are, for example, personal details (name, address and other contact details, date and place of birth and nationality, CV data, results of performance in the procedures used).

Personal data is collected in the course of our test procedures, assessments or trainings. These are results from test procedures or assessments or trainings, which are then passed on to the client.

2. On what legal basis and for what purpose is the data processing carried out? We process personal data in accordance with the provisions of the European Data Protection Regulation (DSGVO) and the German Federal Data Protection Act (BDSG): i.e. only to the extent that and for as long as – you have given appropriate consent to the processing (Art. 6 para. 1 a DSGVO) or – it is necessary for the performance of a contract with you or for the implementation of pre-contractual measures taken at your request (Art. 6 para. 1 b DSGVO) or – processing is necessary for compliance with a legal obligation to which the controller is subject (Art. 6 (1) c DSGVO) or – processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority (Art. 6 (1) e DSGVO) or – processing is necessary for the purposes of protecting the legitimate interests of us or of third parties, including in these cases: Assertion of claims, defense in legal disputes; prevention and investigation of criminal offences; detection and elimination of misuse (Art. 6 para. 1 f DSGVO).

3. what rights do i have? You have the right to a) revoke your consent at any time (Art. 7 para. 3 DSGVO). b) Information about the purpose of processing, the categories of personal data as well as any recipients of the data and the planned storage (Art. 15 DSGVO). c) demand the correction or completion of your personal data (Art. 16 GDPR). d) demand the deletion of your data in the cases mentioned in Art. 17 GDPR. e) demand the restriction of the processing of personal data under certain conditions, insofar as deletion is not possible or the obligation to delete is disputed (Art. 18 GDPR). f) to object, on grounds relating to your particular situation, to the processing of personal data which is to be carried out on the basis of a legitimate interest (Art. 21 (1) DSGVO). g) to data portability, i.e. the right to receive and transmit your personal data to others in a structured, commonly used and machine-readable format (Art. 20 DSGVO). Page 2 of 2 h) to complain about data processing to the competent supervisory authority.

4. Who will my data be passed on to? Within Obermann Consulting GmbH, those offices that need your data to fulfill our contractual and legal obligations will have access to it. Service providers and vicarious agents employed by us may also receive data for these purposes if they guarantee us the same legally required protection of your data within the framework of an order data processing relationship as is guaranteed at Obermann Consulting GmbH. These include IT services such as hosting solutions as well as services for the provision of online testing procedures by Brooklynmaxx GmbH. In addition, personal data is passed on to companies on whose behalf Obermann Consulting GmbH performs services such as selection procedures. This is done with your prior consent (see declaration of consent).

5. where is my data processed? Your data will only be processed in Germany and other European countries.

6. how long will my data be stored? We process and store your personal data as long as it is necessary for the fulfillment of our contractual and legal obligations. If the data is no longer required for the fulfillment of contractual or legal obligations, it will be deleted after two years.

7 What data is collected as part of the newsletter dispatch? Within the scope of the newsletter dispatch, your name and email address are collected. These collected data are collected exclusively for sending the newsletter and are not transmitted to third parties. You can unsubscribe from the newsletter at any time without giving any reason by clicking the appropriate button at the end of the email. Upon unsubscription, your data will be immediately deleted from the newsletter distribution list and you will no longer receive a newsletter.

8. what is my right to object? According to Art. 21 DSGVO, you have the right to object to the processing of personal data concerning you at any time for reasons arising from your particular situation.

9 Who is responsible for data processing? The responsible party is: Obermann Consulting GmbH Agrippinawerft 10 50678 Cologne +49 (0(221 – 920 46 – 0 info@obermann-consulting.de You can reach our company data protection officer at: Hans Palm E-mail contact: DSB@obermann-consulting.de Status: 25.05.2018