Privacy policy

Scope of application

MSR Consulting respects your privacy. The following data protection declaration gives you an overview of the collection and processing of your data. It is intended to inform the users of this website about the nature, scope and purpose of the collection and use of personal data by the website operator.

Website owner:

MSR Consulting Group GmbH
Bayenthalgürtel 16-20
50968 Cologne
Germany
Phone: +49 221 489 28-0
E-Mail: Kontakt@MSR.de
Website: www.msr.de

If you have any questions on the subject of data protection, you can contact our data protection officer directly at any time.

Data Protection Officer:

Marc Bünger
MSR Consulting Group GmbH
Bayenthalgürtel 16-20
50968 Cologne
Germany
Phone: +49 221 489 28-69
E-Mail: Marc.Buenger@MSR.de

Access data

The website operator or page provider collects data about accesses to the page and stores these as “server log files”. The following data is logged in this way:

• Visited website
• Time at the time of access
• Amount of data sent in bytes
• Source/reference from which you reached the page
• Browser used
• Operating system used
• IP address used

With the help of this information, no conclusions are drawn about the site visitors concerned. It is only used for statistical evaluation and improvement of the website. However, the website operator reserves the right to subsequently check the “server log files” if there are concrete indications of illegal use.

Cookies

If a website declares the use of cookies, small text files are saved on the end device. These files are accessed when using a browser. Cookies increase the quality and security of the website and its content. They also have a positive effect on user-friendliness.

For the known and established browsers, it is possible to set that the use of cookies should be deactivated. However, this entails restrictions which mean that not all functions offered on the website can be called up or executed.

Handling of personal data

The website operator is only permitted to collect, use and pass on personal data if this complies with the law or if the person concerned consents to the collection of the data.

Personal data is defined as all information that serves to identify a person as well as to trace him or her, such as the name, e-mail address or telephone number.

Handling of contact details

If you contact the website operator using the contact options provided (contact form or e-mail), your details will be saved so that they can be used to process and respond to your enquiry. This data will not be passed on to third parties without your consent.

Data subjects’ rights of access, rectification and erasure

You have the following rights vis-à-vis MSR with regard to personal data concerning you:

• Right of access (Art. 15 GDPR)
  The data subject shall have the right to obtain from the controller
  confirmation as to whether personal data concerning him or her are being processed.
• Right to rectification (Art. 16 GDPR)
  The data subject shall have the right to obtain from the controller
  to rectify without delay any inaccurate personal data concerning him or her.
• Right to erasure “right to be forgotten” (Art. 17 GDPR).
  The data subject has the right to request that the controller
  erase personal data concerning him or her without undue delay, and the controller is obliged to erase personal data without undue delay, provided that one of the grounds referred to in Art. 17 GDPR applies.
• Right to restriction of processing (Art. 18 GDPR).
  The data subject has the right to request from the controller the
  restriction of processing, provided that one of the grounds referred to in Article 18 of the GDPR applies.
• Right to data portability (Art. 20 GDPR)
  The data subject has, among other things, the right to
  personal data concerning him or her that he or she has provided to a controller in a structured, commonly used and machine-readable format.
• Right to object (Art. 21 GDPR)
  The data subject has the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her carried out on the basis of Article 6(1)(e) or (f).
• Automated decisions in individual cases including profiling (Art. 22 GDPR)
  The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
• Right to withdraw consent (Art. 7 GDPR)
  The data subject has the right to withdraw consent at any time. The withdrawal of consent shall not affect the lawfulness of the processing carried out on the basis of the consent until the withdrawal. The data subject shall be informed of this before giving consent. 4The withdrawal of consent shall be as simple as the giving of consent.

Legal basis for the processing of personal data

Article 6(1)(a) of the GDPR serves as the basis when consent to process personal data is obtained from the respective individuals. On the other hand, Article 6(1)(b) of the GDPR is the legal basis when personal data must be processed in order to comply with a contract and one of the parties to the contract is the data subject. The processing of personal data is legitimised for website operators or third parties by the fact that their legitimate interest can only be maintained and carried out as a result. However, the legitimate interest must take precedence over the interests, fundamental rights and freedoms of the data subject. This legitimation is anchored in Article 6 para. 1 f) DSGVO.

Whistleblower protection

As part of our whistleblower system, we process personal data that we receive through reports from whistleblowers, from persons who are the subject of a report and from other persons mentioned in the report. The basis for this data processing is Art. 6 para. 1 lit. c) GDPR in conjunction with Section 10 of the Whistleblower Protection Act (HinSchG).

The scope of data processing is based on the provisions of the HinSchG, in particular the provisions on confidentiality. Accordingly, only persons who are responsible for receiving and processing reports or for taking follow-up measures, as well as persons who support these tasks, are involved in the processing. This also includes lawcode GmbH, Universitätsstraße 3, 56070 Koblenz, which provides technical systems as a processor for MSR Consulting Group GmbH but does not have access to the data. In certain cases, data is forwarded to the ‘competent authorities’ defined in the HinSchG if this is required by law. The data collected is stored in accordance with Section 11 (5) HinSchG and then deleted.

Data protection for applications

The personal data of applicants are collected and processed by the responsible person. This is done exclusively to ensure the processing of the application procedure. The information is also processed electronically. This happens, among other things, when the applicant sends the application documents electronically to the person responsible at MSR.

For the purpose of processing the employment relationship, the data shall be stored in compliance with the statutory provisions, provided that the applicant concludes an employment contract. If this is not the case, the application documents will be automatically deleted no later than two months after the conclusion of the procedure (date of rejection by MSR to the applicant or vice versa), provided that this does not conflict with any legitimate interests.

Privacy policy on Linkedin, XING and youtube

On our website you will find links to the social media services Linkedin, XING and youtube, which can be recognised by the respective company logo. If you follow these links, you will reach MSR’s corporate presence on the respective social media service. Clicking on the logo creates a connection to the respective social media service. In addition to your visit to the website, further information is transmitted to the social media service. This includes the IP address, information on the web browser and operating system used, the website on which the clicked link is located as well as the date and time.

If you are logged into one of the social media services at the moment of activating the link, the social media service can assign the listed information to your user account.

The MSR Consulting Group has no influence on the manner and scope of data processing by the provider of the social media service.

Information about Linkedin

LinkedIn is a web-based social network for maintaining existing business contacts and making new business connections.

The operating company of Linkedin is LinkedIn Corporation, Inc, Sunnyvale, California, USA.

Linkedin’s applicable privacy policy is available at https://de.linkedin.com/legal/privacy-policy.

Information about XING

XING SE, headquartered in Hamburg, is the listed operator of the social network XING, where members can primarily manage their professional but also private contacts and make new contacts.

The operating company of Xing is XING SE, Dammtorstraße 30, 20354 Hamburg, Germany.

XING’s applicable privacy policy is available at https://www.xing.com/privacy.

Information about youtube

YouTube is a video portal of the US company YouTube, LLC, a subsidiary of Google LLC since 2006. Users can watch, rate, comment on and upload video clips themselves on the portal free of charge.

The operating company of youtube is YouTube, LLC (subsidiary of Google LLC), 901 Cherry Ave. San Bruno, CA 94066, USA.

youtube’s applicable privacy policy is available at https://policies.google.com/privacy.

Adobe Typekit

Adobe Typekit web fonts are used on this website. This is a subscription service for fonts offered by Adobe Systems. This service makes fonts available and, when pages with Adobe Typekit web fonts are called up, asks Adobe (server headquarters in the USA) whether they are still up to date. During this process, at least the IP address of the user’s web browser is stored by Adobe.

Information about Adobe Systems

Adobe has been a leader in type design and technology for more than 30 years.

The operating company of Adobe Typekit is Adobe Systems, 345 Park Avenue, San Jose, CA 95110-2704, USA.

Adobe’s applicable privacy policy is available at https://www.adobe.com/de/privacy/policies/typekit.html.

Google Analytics 4
If you have given your consent, this website uses Google Analytics 4, a web analytics service provided by Google LLC. The controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).

Nature and purpose of the processing
Google Analytics 4 uses cookies that enable an analysis of your use of our websites. The information collected by means of the cookies about your use of this website is generally transferred to a Google server in the USA and stored there.

We use Google Signals. This allows Google Analytics to collect additional information about users who have personalised ads enabled (interests and demographics) and ads can be delivered to these users in cross-device remarketing campaigns.

Google Analytics 4 has IP anonymisation enabled by default. Due to IP anonymisation, your IP address will be shortened by Google within Member States of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. According to Google, the IP address transferred by your browser as part of Google Analytics will not be merged with other Google data.
During your website visit, your user behaviour is recorded in the form of “events”. Events can be:

• Page views
• First visit to the website
• Start of session
• Web pages visited
• Your “click path”, interaction with the website
• Scrolls (whenever a user scrolls to the bottom of the page (90%))
• Clicks on external links 
• Internal search queries
• Interaction with videos
• File downloads
• Seen Ads / clicked Ads

Also recorded:

• Your approximate location (region)
• Date and time of your visit
• Your IP address (in shortened form)
• Technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
• your internet service provider
• the referrer URL (via which website/advertising medium you came to this website)

Purposes of the data processing
On behalf of the operator Google will use this information to evaluate your pseudonymous use of the website and to compile reports on website activity. The reports provided by Google Analytics 4 serve to analyse the performance of our website.

Recipients
Recipients of the data are/may be

• Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor under Art. 28 DSGVO).
• Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
• Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

Third country transfer
For the USA, the European Commission adopted a news adequacy decision on 10 July 2023. Google LLC is certified under the EU-US Privacy Framework. Since Google servers are distributed worldwide and a transfer to third countries (for example to Singapore) cannot be completely ruled out, we have also concluded the EU standard contractual clauses with the provider to establish an appropriate level of data protection in those countries.

Retention period
The data sent by us and linked to cookies are automatically deleted after 2 months. The maximum lifespan of Google Analytics cookies is 2 years. The deletion of data whose retention period has been reached occurs automatically once a month.

Legal basis
The legal basis for this data processing is your consent pursuant to Art.6 para.1 p.1 lit.a GDPR and § 25 para. 1 p.1 TTDSG.

Withdrawal
You can withdraw your consent at any time with effect for the future by accessing the cookie settings and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until revocation remains unaffected.

You can also prevent the storage of cookies from the outset by setting your browser software accordingly. However, if you configure your browser to reject all cookies, this may result in a restriction of functionalities on this and other websites. You can also prevent the collection of data generated by the cookie and relating to your use of the website (including your IP address) by Google, and the processing of this data by Google, by

a. not giving your consent to the setting of the cookie or
b. downloading and installing the browser add-on to deactivate Google Analytics HERE. For more information on Google Analytics’ terms of use and Google’s privacy policy, please visit https://marketingplatform.google.com/about/analytics/terms/us/ and at https://policies.google.com/?hl=en.