The following information provides a simple overview of what happens to your personal data when you visit the website of PRCC Personal- und Unternehmensberatung GmbH (hereinafter “PRCC”, “we”, “us”). In addition, we also provide an overview of other processing procedures of personal data, such as in the context of our recruiting activities or our newsletter offering. Personal data is any data by which you can be personally identified.
In the following sections, we inform you in accordance with Art. 13 of the EU General Data Protection Regulation (DSGVO), or in accordance with Art. 14 DSGVO if there is no direct collection, which data we process for which purpose and which rights you have in this regard.
We would like to point out that, despite all precautions taken, there may be security gaps in the transmission of data electronically (on the Internet or via e-mail). Complete protection of data against access by third parties is not possible.
The responsible body within the meaning of Art. 4 No. 7 DSGVO is
PRCC Personal- und Unternehmensberatung GmbH
Poststr. 7
40213 Düsseldorf
Phone: +49 211 176070-66
Fax: +49 211 176070-69
E-mail: kontakt(at)prcc-personal.de
Further information on the person responsible can be found in the imprint of this website. If you have any questions about data protection, please contact our external data protection officer:
Tengelmann Audit GmbH
Datenschutzbeauftragter
An der Pönt 45
40885 Ratingen E-Mail: datenschutz(at)t-audit.de
Personal data is only processed if this is necessary for the respective purpose and/or consent has been given. In principle, processing can take place on the basis of the following legal bases, among others:
If consent serves as the legal basis for processing, you can revoke your consent at any time without giving reasons. The revocation applies in principle only for the future. This means that the revocation of the declaration of consent does not render the previous processing unlawful until receipt of the revocation of consent.
Information on the relevant (or also additional) legal bases in each individual case is provided in the following paragraphs of this data protection declaration.
Insofar as we process personal data from you, you have the following rights in relation to the processing of your personal data against us, which you can assert against us at any time:
Right to information, deletion and correction.
Within the framework of the applicable legal provisions, you have the right at any time to free information (Art. 15 DSGVO) about your processed personal data as well as to the further information pursuant to Art. 15 (1) lit. a to h DSGVO. Furthermore, you may have the right to rectification (Art. 16 DSGVO) or deletion (Art. 17 DSGVO) of this data. The right to erasure may be restricted in cases pursuant to Art. 17 (3) DSGVO (e.g. if the data is required for the assertion, exercise or defence of legal claims).
Right to restriction of processing
You have the right to request the restriction (or also blocking) of the processing (Art. 18 DSGVO) of your personal data. The right to restriction of processing exists in cases of Art. 18 (1) lit. a to d DSGVO.
If the processing of your personal data has been restricted, this data may – apart from being stored – only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.
Right to data portability
You have the right to have the personal data concerning you, which we process automatically on the basis of your consent or in performance of a contract, handed over to you or to a third party in a common, machine-readable format (Art. 20 DSGVO). If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.
Right to object to processing
Where we process your personal data on the basis of legitimate interests (Art. 6(1)(f) DSGVO) (including any profiling), you have the right to object to the processing of your personal data at any time on grounds relating to your particular situation (Art. 21 DSGVO). We will then no longer process your data for this purpose(s), unless our interests merit protection or the processing serves the assertion, exercise or defence of legal claims. Notwithstanding the above, in the case of direct marketing, you may object to the processing of your personal data at any time without giving reasons. This also applies to any profiling, insofar as it is related to such direct advertising.
Right to withdraw consent
If consent serves as the legal basis for the processing, the consent can be revoked at any time without giving reasons (Art. 7 (3) DSGVO). The revocation applies in principle only for the future. This means that the revocation of the declaration of consent does not render the previous processing unlawful until receipt of the revocation of consent.
Right to complain to a supervisory authority
If you believe that there has been a breach of the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or the place of the alleged breach (Article 77 GDPR). The right of appeal is without prejudice to other administrative or judicial remedies.
To exercise your rights, please contact us, the contact details can be found under the details of the responsible body and data protection officer.
If rights of data subjects are asserted, personal data will also be processed in this context in order to respond to the request. The processing of personal data is carried out for the fulfilment of a legal obligation on the basis of Art. 6 para. 1 lit. c DSGVO.
When you visit our website, personal data is also processed, among other things. This section gives you an overview of which data is processed for which purpose and on the basis of which legal basis in this context.
When our website is accessed, information such as the IP address can be accessed on your terminal equipment, but information can also be stored on your terminal equipment (e.g. in the form of cookies). If this is necessary for the technically error-free and secure provision of the website and the associated services, this is generally done on the basis of Section 25 (2) TTDSG. Otherwise, this is done on the basis of your consent according to § 25 para. 1 TTDSG.
If access to or storage of information involves the processing of personal data, the processing is generally carried out on the corresponding legal basis according to Art. 6 para. 1 DSGVO. You will find more details on this in the following passages:
SSL or TLS encryption
For security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address line of the browser changes from
“http://” to “https://” and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
We host the content of our website with the following provider:
All-Inkl
The provider is ALL-INKL.COM – Neue Medien Münnich, owner René Münnich, Hauptstraße 68, 02742 Friedersdorf (hereinafter All-Inkl). Further details on the provider can be found, among other things, in the data protection declaration of All-Inkl (external link): https://all-inkl.com/datenschutzinformationen/. Personal data collected through visits to our site are stored on All-Inkl’s servers.
We have concluded a so-called order processing agreement with All-Inkl in accordance with the requirements of Art. 28 DSGVO, in which we oblige the service provider, among other things, to protect the processed personal data in accordance with the legal requirements.
Server-Log
When you access our website, information is automatically collected and stored in so-called server log files, which your browser automatically transmits to us. These are:
This data is not merged with other data sources unless otherwise described below.
The collection of this data is based on Art. 6 Para. 1 lit. f DSGVO. We have a legitimate interest in the technically error-free presentation and optimisation of our website – for this purpose, the server log files must be collected.
Our website uses the Borlabs Cookie consent technology to obtain your consent to the storage of certain cookies in your browser or to the use of certain technologies and to document this in accordance with data protection law. The provider of this technology is Borlabs GmbH, Rübenkamp 32, 22305 Hamburg (hereinafter referred to as Borlabs).
When you enter our website, a Borlabs cookie is stored in your browser, in which the consents you have given or the revocation of these consents are stored. This data is not shared with the Borlabs cookie provider.
The collected data will be stored until you request us to delete it or until you delete the Borlabs cookie yourself or until the purpose for storing the data no longer applies. Mandatory legal retention periods remain unaffected. Details on the data processing of Borlabs Cookie can be found at (external link) https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/.
Borlabs Cookie Consent Technology is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 (1) lit. c DSGVO or our rectified interest (Art. 6 (1) lit. f DSGVO to obtain the legally prescribed measures.
This website uses the open source web analytics service Matomo.
With the help of Matomo, we are able to collect and analyse data about the use of our website by website visitors. This enables us to find out, among other things, when which page views were made and from which region they came. We also collect various log files (e.g. IP address, referrer, browsers and operating systems used) and can measure whether our website visitors perform certain actions (e.g. clicks, purchases, etc.).
The use of this analysis tool is based on Art. 6 para. 1 lit. f DSGVO. We have a legitimate interest in analysing user behaviour in order to optimise both its web offering and its advertising. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.
We use IP anonymisation for the analysis with Matomo. In this case, your IP address is shortened before analysis so that it can no longer be clearly assigned to you.
We host Matomo exclusively on our own servers so that all analysis data remains with us and is not passed on.
Functions of the Twitter service are integrated on this website. These functions are offered by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.
When the social media element is active, a direct connection is established between your end device and the Twitter server. Twitter thereby receives information about your visit to this website. By using Twitter and the “Re-Tweet” function, the websites you visit are linked to your Twitter account and made known to other users. We would like to point out that we do not have any knowledge of the content of the transmitted data or its use by Twitter. You can find further information on this in Twitter’s data protection declaration at (external link): https://twitter.com/de/privacy.
The social media plugins of Twitter (Consent) are activated on the basis of your consent. The legal basis for this is Art. 6 para. 1 lit. a DSGVO for the associated processing of personal data and § 25 para. 1 TTDSG for the storage on and access to information on your terminal device. Consent can be revoked at any time with effect for the future.
In the context of the integration and use of Twitter described above, data is transferred by Twitter to the USA and stored there. We would like to point out that the USA is classified as a so-called third country in terms of data protection law, in which different legal data protection provisions apply compared to the European Union and therefore the legally required level of data protection may be lower than that of the European Union. For example, under US law, authorities may also be able to access personal data if certain legal conditions are met.
Against this background, the data transfer to the USA is based on the standard data protection clauses of the EU Commission pursuant to Art. 46 (2) lit. c DSGVO, which enables more effective data protection measures. Details can be found in Twitter’s privacy policy (see link above) or here (external link): https://gdpr.twitter.com/en/controller-to-controller-transfers.html.
We include videos from YouTube on our website. The operator of YouTube is Google Ireland Limited, Ireland (“Google”). By using YouTube on our website, further services of Google, Google Fonts as well as Google Photos, can be used to create an appealing video preview. We use YouTube in extended data protection mode. According to YouTube, this means that no information about visitors to the website is stored before the video is started by clicking on it. The transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode. YouTube establishes a connection to the Google DoubleClick network even without a video being viewed. As soon as you start a YouTube video on the site, a connection to YouTube’s servers is established. Among other things, your IP address, which of our pages you have visited, your device configuration (e.g. browser, operating system, resolution, etc.) and how you watched the video are transmitted.
Furthermore, YouTube can save various cookies on your end devices after starting a video. In this way, YouTube can obtain information about visitors to the website, which is used to collect video statistics, improve the user experience and prevent fraud attempts. If applicable, further data processing processes may begin after YouTube is launched, over which we have no control.
If you are logged in with a YouTube or Google account or log in there, it cannot be ruled out that Google or YouTube will link your interactions on our site with the respective profile.
In the context of the integration and use of YouTube described above, it cannot be ruled out that data will be transferred to the USA and stored there. The USA is classified as a so-called third country under data protection law, in which different legal data protection provisions apply compared to the European Union and thus the legally required level of data protection may be below that of the European Union. For example, under US law, authorities may also be able to access personal data if certain legal conditions are met.
The use of YouTube and the other services such as Google Fonts and Google Photos described above and the associated processing of personal data on our site, including the possible transfer of your personal data to third countries, is based on your consents (Section 25 (1) TTDSG for the use of cookies, Article 6 (1) a DSGVO, Article 49 (1) a DSGVO for the basic processing of your personal data and the possible transfer to third countries).
Consents can be revoked at any time for the future via our cookie settings. If the data is transferred to the USA, in addition to YouTube, authorities may also gain access to this data under the legal requirements in accordance with American law. We have no influence on the scope of the data processed by YouTube, the type of processing and use or the transfer of this data to third parties. We also have no effective control options in this respect. You can find more information about data protection at YouTube in their data protection declaration at (external link): https://policies.google.com/privacy?hl=de.
We have integrated iThemes Security on this website. The provider is iThemes Media LLC, 1720 South Kelly Avenue Edmond, OK 73013, USA (hereinafter “iThemes Security”).
iThemes Security serves to protect our website from unwanted access or malicious cyberattacks. For this purpose, iThemes Security collects, among other things, your IP address, time and source of login attempts and log data (e.g. the browser used). iThemes Security is installed locally on our servers.
iThemes Security transmits IP addresses of recurring attackers to a central iThemes database in the USA (Network Brute Force Protection) in order to prevent such attacks in the future.
The use of iThemes Security is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in protecting its website as effectively as possible against cyberattacks. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time.
If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as further information to be entered in the corresponding mandatory fields, which allow us to check that you are the owner of the specified e-mail address and that you agree to receive the newsletter.
The registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registration you will receive an e-mail in which you are asked to confirm your registration. This confirmation is necessary so that no one can register with other people’s e-mail addresses. If this confirmation is not received, your data will be completely deleted after XX days. When registering for the newsletter, the user’s IP address and the date and time of registration are stored. This serves to prevent misuse of the services or the e-mail address of the person concerned. The data is not passed on to third parties (except to the necessary IT service providers). An exception exists if there is a legal obligation to pass on the data. The data is used exclusively for sending the newsletter. You can cancel your subscription to the newsletter at any time. Likewise, consent to the storage of personal data can be revoked at any time with effect for the future. For this purpose, you will find a corresponding link in each newsletter. Legal basis for the processing of data after registration for the newsletter in the event of the user’s consent Art. 6 para. 1 lit. a DSGVO.
We use rapidmail to send newsletters. The provider is rapidmail GmbH, Wentzingerstraße 21, 79106 Freiburg, Germany. Among other things, rapidmail is used to organise and analyse the dispatch of newsletters. This is done on the legal basis of your consent in accordance with Art. 6 Para. 1 lit. a DSGVO- The data entered by you for the purpose of receiving the newsletter is stored on the servers of rapidmail in Germany. If you do not wish to have your data analysed by rapidmail, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. For the purpose of analysis, the e-mails sent with rapidmail contain a so-called tracking pixel, which connects to the servers of rapidmail when the e-mail is opened. In this way, it can be determined whether a newsletter message has been opened. Furthermore, with the help of rapidmail we can determine whether and which links are clicked on in the newsletter message. All links in the e-mail are so-called tracking links, with which your clicks can be counted. For more details, please refer to the data security information of rapidmail at: https://www.rapidmail.de/datensicherheit (external link). For more information on the analysis functions of rapidmail, please refer to the following external link: https://www.rapidmail.de/wissen-und-hilfe.
The data stored by us in the context of your consent for the purpose of the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of rapidmail after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. e-mail addresses for our login area) remain unaffected by this.
You have the option to revoke your consent to data processing at any time with effect for the future. The legality of the data processing operations already carried out remains unaffected by the revocation.
We have provided information on how to contact us via various means (e.g. on this homepage, on business cards or in email signatures). In most cases, the purpose of providing contact details is to enable (potential) business partners to better address their concerns to us. If you communicate with us regarding a vacancy with us or one of our clients, please also note the relevant passages below.
When you contact us, e.g. by e-mail, telephone or fax, the personal data you voluntarily provide (e.g. your e-mail address, name or telephone number) will be processed by us in order to process/answer your request. If the selected means of communication offers further options (e.g. video telephony), you are always free to activate or deactivate these.
Only those persons who need them for the respective legitimate purpose of the processing have access to the personal data received in the course of the communication. External third parties only receive personal data that we have received in the course of communication with you if this is either technically necessary (e.g. telecommunication providers or IT service providers), necessary for the adequate processing of the transaction (e.g. cloud, postal or parcel service providers) or if you have given us the corresponding consent. We select and use external service providers in accordance with internal minimum data protection standards and the corresponding legal requirements (e.g. the conclusion of corresponding contracts in accordance with Art. 28 DSGVO for processors, if this is necessary).
The processing of personal data from communication with us is based on Art. 6 (1) lit. b DSGVO, insofar as your request is related to the performance of a contract with you or is necessary for the performance of pre-contractual measures. In all other cases, the processing is generally based on our legitimate interest in the effective handling of enquiries addressed to us (Art. 6 (1) (f) DSGVO) or on your consent (Art. 6 (1) (a) DSGVO), if this has been requested; consent can be revoked at any time with effect for the future.
If you are not a contractual partner yourself, but e.g. an employee of a (potential/current/former) business partner, personal data is processed – if necessary – for the initiation, fulfilment or termination of a business relationship on the basis of the legitimate interest pursuant to Art. 6 (1) lit. f DSGVO. Efficient communication for the economic fulfilment of our business purpose as well as for the mutual fulfilment of (pre-)contractual obligations from (potential) business relationships represents both our legitimate interest and – at least in part – the legitimate interest of our business partners.
The data you send to us in the course of communication will be stored until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after your request has been processed), unless there are legitimate reasons for this, such as e.g. statutory retention periods. legal retention periods (Art. 6 para. 1 lit. c DSGVO) or a legitimate interest according to Art. 6 para. 1 lit. f DSGVO (e.g. processing of any queries or examination, assertion, exercise or defence of legal claims).
If you contact us via contact form, there are various mandatory fields (these are marked as such) without which processing is unfortunately not possible.
We use the Microsoft Teams tool to conduct video conferences, seminars or, in some cases, telephone calls and, if necessary, to exchange documents and other content. The following categories of personal data may generally be processed when using Microsoft Teams, among others:
For the processing of personal data in the context of electronic communications, Microsoft Corporation with Microsoft Teams as an OTT service (over-the-top service or interpersonal telecommunications service) is subject to and responsible for data protection and privacy in telecommunications (“telecommunications secrecy”) under Part 2 of the TTDSG.
PRCC is responsible for any further processing resulting from communications via Microsoft Teams (e.g. via the invitation function, video recordings or document exchange).
Accordingly, Microsoft acts as a processor for PRCC in this regard. We therefore draw your attention to the following features and options:
You can decide at any time during a Teams session whether your camera and/or microphone should be on or off. Further, it is up to you to share content or not, and you can stop sharing content at any time.
If you use the chat function, your personal data contained in the chat texts will be processed and the other participants will also be aware of this content.
It is technically possible for participants to make a recording of this session during an online meeting. In such a case, you will be notified immediately of the recording and can object to the recording with the meeting participants. After the online meeting, the recording is saved in Microsoft Teams. The recording can then be shared with other participants.
In principle, we do not intend to process personal data in the context of the use of Teams in third countries (countries outside the European Union and the European Economic Area), as we have obliged Microsoft Corporation to restrict the storage location to data centres in the European Union. However, we cannot exclude the possibility that data may be routed via Internet servers located outside the EU. This may be the case in particular if participants in a meeting are located in a third country.
Microsoft Corporation uses EU standard contractual clauses to ensure an adequate level of data protection when processing/transferring personal data in third countries (or the USA). Nevertheless, we would like to point out that the USA is classified as a so-called third country in terms of data protection law, in which different legal data protection provisions apply compared to the European Union and thus the legally required level of data protection may be lower than in the European Union. If the data is transferred to the USA, in addition to Microsoft, authorities may also gain access to this data under the legal requirements in accordance with American law. We have no influence on the scope of the data processed by Microsoft under its own responsibility, the type of processing and use or the transfer of this data to third parties. We also have no effective means of control in this respect.
If you do not wish to use Microsoft Teams, please inform us by e-mail so that we can jointly agree on other communication channels.
Further information on Microsoft’s data protection regulations can be found on the homepage of the Microsoft Corporation (external link): https://privacy.microsoft.com/de-de/privacystatement
In order to fill vacancies, we necessarily process personal data of (potential) candidates. Information on data protection in this regard can be found here.
If we have vacancies to fill, we offer you the opportunity to apply to us. In the following, we inform you about the scope, purpose and use of your personal data collected as part of the application process. We assure you that the collection, processing and use of your data will be carried out in accordance with applicable data protection law and all other statutory provisions and that your data will be treated in strict confidence.
For what purposes do we process your data and on what legal basis?
When you send us an application, we process your associated personal data (e.g. contact and communication data, application documents, notes taken during interviews, etc.) insofar as this is necessary to decide whether to establish an employment relationship. The legal basis for this is Section 26 (1) of the Federal Data Protection Act (BDSG) (initiation of an employment relationship). In the case of consent, the legal basis is Art. 6 para. 1 lit. a DSGVO (as well as Art. 9 para. 2 lit. a DSGVO, if applicable) in conjunction with §26 para. 2 BDSG. If we base data processing on your consent, you have the right to revoke your consent at any time with effect for the future. The lawfulness of the processing of your data up to the time of the revocation remains unaffected.
If the application is successful, the data you submitted will be stored and processed by us on the basis of Section 26 BDSG for the purpose of implementing the employment relationship.
In certain cases, we may process your data to protect a legitimate interest of ours or of third parties (Art. 6 para.1 lit. f DSGVO). A legitimate interest exists, for example, if your data is required for the assertion, exercise or defence of legal claims in the context of the application procedure (e.g. claims under the General Equal Treatment Act). In the event of a legal dispute, we have a legitimate interest in processing the data for evidence purposes.
Who will your data be shared with?
Your personal data will only be passed on within our company to persons who are involved in processing your application. However, external bodies – such as IT service providers – may also be involved in the processing. We select and use external service providers in accordance with internal minimum data protection standards and the corresponding legal requirements (e.g. the conclusion of corresponding contracts in accordance with Art. 28 DSGVO for processors, if this is necessary).
How long is the data stored?
We store your personal data for as long as is necessary to make a decision about your application. Insofar as an employment relationship between you and us does not come about, we may continue to store data beyond this, insofar as this is necessary for the defence against possible legal claims. As a rule, your data will be deleted within 6 months of the end of the application process. If it is evident that the data will be required after the 6-month period has expired (e.g. due to an impending or pending legal dispute), the data will only be deleted when the purpose for continued storage no longer applies.
Longer storage may also take place if you have given your consent (Art. 6 para. 1 lit. a DSGVO) or if legal storage obligations prevent deletion.
Inclusion in the applicant pool
If we are initially unable to make you a job offer, we may be able to include you in our applicant pool. If you are accepted, all documents and details from your application will be transferred to the applicant pool so that we can contact you in the event of suitable vacancies.
Inclusion in the applicant pool is based exclusively on your express consent (Art. 6 para. 1 lit. a DSGVO). The provision of consent is voluntary and is not related to an ongoing application process with us. The person concerned can revoke his/her consent at any time. In this case, the data from the applicant pool will be irrevocably deleted, unless there are legal reasons for retention.
The data from the applicant pool will be irrevocably deleted no later than two years after consent has been given.
An obligation to provide personal data may arise from contracts concluded or to be concluded if this is necessary for the conclusion or performance of the contract. Legal obligations may also lead to the collection/processing of personal data. In principle, however, the provision of personal data is voluntary, but please note that, depending on the individual case, we may not be able to fulfil/provide certain measures/services without the provision of corresponding data.
Automated decision-making or profiling in accordance with Art. 22 DSGVO does not take place.
We reserve the right to change security and data protection measures if this becomes necessary, for example due to technical developments. In these cases, we will also adapt our information on data protection accordingly. Adjustments to our services or legal developments may also lead to an adjustment of the privacy policy.
