ROCKVIEW GmbH privacy policy

We are pleased about your interest in our website or in our cooperation. Because we respect and protect your privacy, we would like to inform you in detail about how we handle your personal data.

1. Preface

Whether you are a customer, candidate, applicant, interested party or visitor to our website: We respect and protect your privacy. In the following we will inform you in detail which personal data we collect from you and how we use it. We also inform you about your rights under applicable data protection law and how you can contact us if you have any questions about data protection.

1.1 Who are we?
ROCKVIEW GmbH is a privately owned company with a headquarter in Hamburg, Germany, which operates mainly in the German-speaking countries. ROCKVIEW is the strategic management consultancy for organisations in the financial and energy sectors as well as for medium-sized industrial companies.

1.2 Who is the responsible body in terms of the European Data Protection Regulation (EU-DSGVO)?
As the responsible body, we, the

ROCKVIEW GmbH
Colonnaden 15
20354 Hamburg, Germany

all legally required measures to protect your personal data.

If you have any questions about this privacy policy or about our handling of your personal data in general, please contact us at the above address or by e-mail at imme.clotz@rockview.eu

2. To whom does this privacy policy apply?

When we process personal data, this means in plain language that we collect, store, use, transmit or delete such data.
This data protection guideline deals with personal data

• of candidates, applicants, customers, workshop participants, lecture listeners, and ROCKVIEW prospects who are individuals,
• as well as any other natural person or representative or employee of any legal entity who makes contact with ROCKVIEW.

3. Which personal data do we collect from you?

• We collect your personal data when you contact us, e.g. as an interested party, customer or applicant. This means: especially when you
• are interested in our services, place inquiries, place orders,
• apply for jobs or send us unsolicited applications and
• contact us for this purpose by e-mail or telephone or via the contact form on our website or
• if you use our services within the scope of existing business relationships.

We occasionally publish job advertisements in relevant media to help you find employees. Resulting applications reach us by e-mail, in which the applicants voluntarily submit their personal data. We do not provide an application form on our website. In addition, we process personal data from publicly accessible sources in order to safeguard legitimate interests in the context of employee recruitment. We generate candidates’ personal data permissibly, e.g. via social business networks (so-called career networks) such as XING.com and LinkedIn.com and occasionally via other relevant sources.

3.1 From customers and interested parties

• Personal identification data:
  for example, first and last name, address, e-mail address, fixed line or mobile telephone number, fax number, functional area,
• Order data:
  e.g. type, content and scope of inquiries or orders,
• Information about your interests and wishes that you communicate to us:
  e.g. via our customer dialogue or our website
• and other data comparable with these categories.

3.2 Of candidates and applicants

• Personal identification data
• Sociodemographic data
• Information on professional and educational background
• Information on career aspirations

3.3 From visitors to our website
The use of our website is usually possible without providing personal data. As far as personal data is collected on our pages (e.g. name, e-mail address, telephone number), this is always done on a voluntary basis as far as possible. There is no contact form. We will not pass on this data to third parties without your express consent.
We would like to point out that data transmission on the Internet (e.g. communication by e-mail) can have security gaps. A complete protection of data against access by third parties is therefore not possible.
On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our website in the sense of Art. 6 lit.f DSGVO) we use the following tools on our website:

• Cookies: The web pages partly use so-called cookies. Cookies do not cause any damage to your computer and do not contain viruses. Cookies are used to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser.
  Most of the cookies we use are so-called “session cookies”. They are automatically deleted at the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognize your browser on your next visit.
  You can set your browser so that you are informed about the setting of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.
• Server log files: The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
  – Browser type and browser version,
  – Operating system used
  – Referrer URL
  – Host name of the accessing computer
  – Time of the server request
• These data cannot be assigned to specific persons. A consolidation of this data with other data sources is not carried out. We reserve the right to check this data subsequently if we become aware of concrete indications of illegal use.
• – LinkedIn: Our website uses features of the LinkedIn network. The provider is the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Each time you access one of our pages that contains LinkedIn features, a connection is established to LinkedIn’s servers. LinkedIn is notified that you have visited our sites using your IP address. When you click on LinkedIn’s “Recommend” button and are logged into your LinkedIn account, LinkedIn is able to track your visit to our site to you and your account. We would like to point out that we, as the provider of these pages, have no knowledge of the content of the transmitted data or its use by LinkedIn.
  For further information, please refer to the LinkedIn privacy policy at: https://www.linkedin.com/legal/privacy-policy
  – SSL Encryption: This site uses SSL encryption for security reasons and to protect the transmission of confidential content, such as the requests you send to us as site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
  If SSL encryption is activated, the data you send to us cannot be read by third parties.

Information about the extent of the processing of your personal data by social network providers as well as ways to protect your privacy, please refer to the privacy policies of the respective providers:
• Twitter: https://twitter.com/privacy
• LinkedIn: https://www.linkedin.com/legal/privacy-policy
• Xing: http://www.xing.com/privacy

3.4 Hotjar
This website utilizes Hotjar. The provider is Hotjar Ltd., Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe (website: https://www.hotjar.com).

Hotjar is a tool used to analyse your user patterns on our website. Hotjar allows us to for instance record your mouse and scroll movements as well as your click. During this process, Hotjar also has the capability to determine how long your cursor remained in a certain position. Based on this information, Hotjar compiles so-called Heatmaps, that make possible to determine which parts of the website the website visitor reviews with preference.

We are also able to determine how long you have stayed on a page of our website and when you left. We can also determine at which point you suspended making entries into a contact form (so-called conversion funnels).

Furthermore, Hotjar can be deployed to obtain direct feedback from website visitors. This function aims at the improvement of the website offerings of the website operator.

Hotjar uses cookies. Cookies are small text files that are placed on your computer and stored by your browser. Their purpose is to make our website presentation more user friendly, more effective and more secure. These cookies allow us to in particular determine if our website was used with a certain device or if the functions of Hotjar have been deactivated for the respective browser. Hotjar cookies will remain on your device until you delete them.

You can set up your browser in such a manner that you will be notified anytime cookies are placed and you can permit cookies only in certain cases or exclude the acceptance of cookies in certain instances or in general and you can also activate the automatic deletion of cookies upon closing of the browser. If you deactivate cookies, the functions of this website may be limited.

The use of Hotjar and the storage of the Hotjar cookies are based on Art. 6 Sect. 1 lit. f GDPR. The website operator has a legitimate interest in the analysis of user patterns, in order to optimize the operator’s web offerings and advertising.

Deactivation of Hotjar

If you would like to deactivate the recording of data by Hotjar, please click on the link below and follow the instructions provided under the link: https://www.hotjar.com/opt-out.

Please keep in mind that you will have to separately deactivate Hotjar for every browser and every device.

For more detailed information about Hotjar and the data to be recorded, please consult the Data Privacy Declaration of Hotjar under the following link: https://www.hotjar.com/privacy.

4. What do we use your data for – and on what legal basis?

We collect, process and store your personal data described above only to the extent permitted by the provisions of the EU Data Protection Basic Regulation (EU-DSGVO) and local statutory regulations, for example the Federal Data Protection Act (BDSG-neu), in order to carry out the following activities:

• to fulfil our contracts with customers,
• to answer individual inquiries,
• to inform about our services,
• to get in contact with active and latent job seekers, to maintain this contact, to present them with suitable job offers, to determine their suitability as applicants and their job-relevant skills and potential
• manage, evaluate and optimise our business: including developing, increasing, analysing and improving our services, managing our communications, conducting data analysis and performing accounting, audit and other internal tasks
• to fend off or defend legal claims and to ward off lawsuits
• to protect us against fraud and to detect and prevent fraud attempts and other unlawful activities, claims and other liabilities
• Comply with and enforce applicable legal requirements, including industry standards, contractual obligations and our corporate policies.

5. Which of your personal information do we share with third parties – and why?

Within our company, only those entities that need access to your information to protect our legitimate interests or to comply with our contractual and legal obligations are granted access to your information.

5.1 Sharing of data with technical service providers
We share personal data with selected service providers within the EU, with whom we have concluded an EU-DSGVO-compliant contract for the processing of data, as well as with selected service providers outside the EU who have committed themselves to the EU Model Clauses or are members of the EU-U.S. Privacy Shield Framework and have additionally concluded an EU-DSGVO-compliant contract for the processing of data on our behalf and in accordance with our instructions.

5.2 In addition, we may disclose your personal data,

• insofar as we are obliged to do so by law or within the framework of legal proceedings,
• to law enforcement agencies or other government officials based on a legitimate request for disclosure,
• if we believe that disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with suspected or actual fraudulent or unlawful activity.
• We also reserve the right to disclose any personal information we hold about you in the event that we sell all or part of our business or assets (including in the event of any restructuring, dissolution or liquidation).

With respect to third parties outside the European Economic Area (EEA), the protection of personal data is handled differently from the EEA. In such cases we will take security measures (such as special contractual clauses) to ensure that your personal data is treated with the same level of care as in the EEA.

Your data will only be passed on to third parties in accordance with data protection regulations and the respective purpose.

5.3 Google Web Fonts
Diese Seite nutzt zur einheitlichen Darstellung von Schriftarten so genannte Web Fonts, die von Google bereitgestellt werden. Beim Aufruf einer Seite lädt Ihr Browser die benötigten Web Fonts in ihren Browsercache, um Texte und Schriftarten korrekt anzuzeigen.
Zu diesem Zweck muss der von Ihnen verwendete Browser Verbindung zu den Servern von Google aufnehmen. Hierdurch erlangt Google Kenntnis darüber, dass über Ihre IP-Adresse unsere Website aufgerufen wurde. Die Nutzung von Google Web Fonts erfolgt im Interesse einer einheitlichen und ansprechenden Darstellung unserer Online-Angebote. Dies stellt ein berechtigtes Interesse im Sinne von Art. 6 Abs. 1 lit. f DSGVO dar.
Wenn Ihr Browser Web Fonts nicht unterstützt, wird eine Standardschrift von Ihrem Computer genutzt.
Weitere Informationen zu Google Web Fonts finden Sie unter https://developers.google.com/fonts/faq und in der Datenschutzerklärung von Google: https://www.google.com/policies/privacy/.

5.4 Inclusion of social media

Using Social Plug-ins

In our online offer you will find the following social plug-ins as buttons, through which you can access our offer on the following social networks:

• Twitter: Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA
• LinkedIn: https: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
• Xing: New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany

We only display the social plug-ins on our site. They are designed as inactive icons. If you click on such a social plug-in on our site, it will be activated with your consent and will be connected to these third parties via your web browser in a separate tab (tab card). These third-party providers can follow the visit to our sites. If you are a member of one of the social networks, you can share the content of our site with other members from your social network by activating the button. We have no control over the data collected and stored about you by third parties. We also cannot influence the content of the third-party sites. In order to protect your privacy, we use a solution that only transmits the address of our server and not your IP address to these services if you have activated a social plug-in by clicking on it.

6. How do we protect your personal data?

We take appropriate administrative, technical and physical security measures to protect the personal information you provide to us from accidental or unlawful destruction, loss, alteration, access, disclosure or use.

7. What rights do you have?

We want to answer all your questions as soon as possible. However, sometimes it can take up to a month before you receive a response from us – as long as this is legally permitted. If we need more than one month for a final statement, we will of course inform you in advance how long it will take.

In some cases we cannot or are not allowed to provide information. In this case, we will always inform you promptly of the reason for the refusal, insofar as this is legally permissible. You have the right to file a complaint.

In the following, we inform you about your rights as a prospective customer, client, candidate or applicant regarding the processing of your personal data. Details can be found in the respective regulations of the EU Data Protection Basic Regulation (EU-DSGVO, Articles 15 to 21):

7.1 Your right of access, information and correction
You can request information about your personal data processed by us. If your information is not (no longer) correct, you can request a correction. If your data is incomplete, you can request a completion publishers. If we have passed on your details to third parties, we will inform these third parties of your correction – if this is required by law.

7.2 Ihr Recht auf Löschung Ihrer personenbezogenen Daten
For the following reasons, you can request the immediate deletion of your personal data:

• when your personal data is no longer needed for the purposes for which it was collected,
• if you revoke your consent and there is no other legal basis,
• if you object to the processing and there are no predominant reasons for processing worthy of protection,
• if their personal data have been processed unlawfully,
• if your personal data must be deleted in order to comply with legal requirements.

Please note that a claim for deletion depends on whether there is a legitimate reason that makes the processing of the data necessary.

7.3 Your right to limit the processing of your personal data
You have the right to request a restriction on the processing of your personal data for one of the following reasons:

• if the accuracy of your personal data is disputed by you and we have had the opportunity to verify its accuracy,
• if the processing is not lawful and you request a restriction of use instead of deletion,
• if we no longer need your data for the purposes of processing, but you need it to assert, exercise or defend against legal claims
• if you have lodged an appeal, as long as it is not yet clear whether your interests outweigh the appeal.

7.4 Your right of appeal
We may process your data due to legitimate interests or in the public interest. In these cases you have the right to object to the processing of your data. This also applies if we use your data for our direct advertising.
You have the right to object to the processing of your personal data for reasons arising from your particular situation. The prerequisite for this is that the processing is in the public interest or is based on a balancing of interests.
In case of an objection, we will no longer process your personal data. Unless we can demonstrate compelling legitimate reasons for processing such data that outweigh your interests, rights and freedoms – or your personal data is used to assert, exercise or defend legal claims.

Your objection can be made without formality and should be addressed if possible to:
ROCKVIEW GmbH
Colonnaden 15
20354 Hamburg
e-mail: imme.clotz@rockview.eu

7.5 Your right of appeal
In individual cases it can happen that you are not satisfied with our response to your concerns. If this is the case, you are entitled to file a complaint with ROCKVIEW and with the appropriate data protection authority.

7.6  Your right to data transferability
You have the right to receive personal information that you have given us in a transferable format.

8. How long do we store your data?

We do not store your data longer than we need them for the respective purposes.
If the data is no longer required for the fulfilment of contractual or legal obligations, it will be regularly deleted, unless its – temporary – storage is still necessary. Reasons for this can be, for example, the following:

• The fulfilment of commercial and tax law retention periods:
  In particular the commercial code is to be mentioned here, the periods for storage and/or documentation given there amount up to ten years.
• The preservation of evidence for legal disputes within the framework of the legal statute of limitations:
  Civil law limitation periods can be up to 30 years, with the regular limitation period being three years.