We take our legal obligations regarding the protection of your personal data extremely seriously. Legal requirements demand comprehensive transparency regarding the processing of personal data. Only when the processing is comprehensible to the data subject can they be sufficiently informed about its meaning, purpose and scope. Our privacy policy therefore explains what personal data we process when you use this website or any other website that refers to it.
Joint controller within the meaning of Art. 4 No. 7, Art. 26 of the EU General Data Protection Regulation (GDPR), hereinafter referred to as "Cologne Intelligence" or "CI" and accessible at kontakt@cologne-intelligence.de, are the following companies:
Cologne Intelligence GmbH (CI)
Marie-Curie-Str. 10
51103 Köln
Deutschland
CI Decision Design GmbH
Marie-Curie-Str. 10
51103 Köln
Germany
CI Strategy Consulting GmbH
Marie-Curie-Str. 10
51103 Köln
Germany
CI Mobile Minds GmbH
Marie-Curie-Str. 10
51103 Köln
Germany
CI Software Solutions GmbH
Marie-Curie-Str. 10
51103 Köln
Germany
Within the Cologne Intelligence group of companies, Cologne Intelligence GmbH is the parent company, and we distribute certain tasks and departments among the group companies. The Cologne Intelligence group companies act as joint controllers and jointly determine the purpose and means of processing your personal data on this website, as described below. Where we refer to “Cologne Intelligence” or “CI” in this policy, this refers to the joint controllers unless one or more companies are expressly named.
If you have any questions about data protection or wish to assert data protection rights, you can contact any of the Cologne Intelligence Group companies listed in this privacy policy or on our website.
You can reach our data protection officer at DSB-CIrickert.net or at our postal address:
Cologne Intelligence GmbH
c/o Data Protection Officer
Marie-Curie-Str. 10
51103 Cologne
Germany
If you have any questions or comments about this privacy statement or about data protection at Cologne Intelligence in general, please contact us by e-mail to our data protection officer or by mail to the above address.
In accordance with the statutory provisions, you can assert the following rights against the data controller free of charge:
To assert your rights under the GDPR, please contact the controller or the data protection officer using the contact details above. If you wish to contact us by email, please use an address that is already stored in our system so that we can identify you.
For security reasons, we recommend sending confidential information by post, as we cannot guarantee complete data security when communicating by email.
If you believe that the processing of your personal data violates data protection law, you have the right to lodge a complaint with the supervisory authority of your choice, in accordance with Article 77(1) of the GDPR.
We only process personal data if we have a legal basis to do so. We will provide more information on the specific grounds for each processing operation. In general, however, the following applies:
Storage of information in, or access to information stored in, the end user's terminal equipment is only permitted if it is covered by one of the following justifications:
Section 25(2) No. 2 TDDDG: If the storage or access is necessary for the provider of a digital service to be able to provide a digital service expressly requested by the user.
In accordance with the statutory provisions, particularly Articles 17 and 18 of the GDPR, we delete or restrict the processing of data. Unless stated otherwise in this privacy policy, we delete stored data as soon as it is no longer required for its intended purpose.
Once this purpose ceases to apply, the data will only be stored if it is necessary for other legally permissible purposes, or if legal retention obligations apply. In these cases, processing is restricted, i.e., the data is blocked and not processed for other purposes.
Legal retention obligations may arise from Section 257(1) of the German Commercial Code (HGB) (six years for trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) or Section 147(1) of the German Fiscal Code (10 years for books, records, management reports, accounting documents, commercial and business letters, and documents relevant for taxation).
We would like to take this opportunity to inform you about the third parties and processors to whom we transfer personal data. We use several third-party services on our website. These services have different purposes, which we will discuss in more detail below. These services are generally used to ensure the functionality, security, visual appeal and content of our website and to continuously optimise it.
We generally transfer personal data to the following categories of third parties: authorities, hosting providers and other service providers in connection with our website.
If we transfer personal data to a third country or international organisation, we will inform you separately about the transfer and its justification. This transfer is secured by standard contractual clauses in accordance with Article 46 of the GDPR or by other suitable transfer safeguards in accordance with Articles 44 et seq. of the GDPR.
If we use processors to process data, we carefully select and commission them. We also monitor them regularly, and they are, of course, bound by our instructions. These agreements are based on order processing contracts in accordance with Article 28 GDPR. Processors do not process data for their own purposes.
Processors include, in particular: IT service providers (maintenance and support), digital service providers for the operation of IT systems (web hosts for the provision of online platforms, providers of cloud software and backup services) and service providers for the professional disposal of data waste.
Please note that links on our website may take you to other websites operated by third parties. Such links are clearly marked, or you can recognise them by a change in the address bar of your browser. We are not responsible for compliance with data protection regulations on these third-party websites.
We use appropriate technical and organisational measures to protect your personal data against loss, manipulation, destruction or other forms of attack by unauthorised persons. We are constantly improving our security measures in line with the latest technology. We use transport encryption (TLS) technology to protect your personal data when you transfer it via this website.
No automated decision-making, including profiling, takes place.
When you visit our website for informational purposes, it is generally not necessary for you to provide personal data. However, each time you access content on the website, data is temporarily transmitted via your internet browser and stored in so-called log files, which may allow identification. The following data is collected when you use our website for informational purposes:
Temporary storage of this data is necessary during a website visit to enable the website to function. Log files are stored to ensure the website's functionality and the security of the information technology systems. In this context, your IP address is shortened as quickly as possible to prevent identification. The legal basis for temporary storage is Article 6(1)(b) of the GDPR. The legal basis for further storage with a shortened IP address is Art. 6(1)(f) GDPR. We have a legitimate interest in protecting our IT systems (especially against malicious attacks, such as DDoS attacks) and in providing and displaying the website.
We do not carry out any personal evaluation of the data, particularly for marketing purposes, without your prior consent.
The data will be deleted as soon as it is no longer required for its intended purpose. In the case of providing the website, this occurs when the respective session ends. Log files are stored in a manner that is accessible only to administrators.
We use a hosting provider (Timme Hosting GmbH & Co. KG, Ovelgönner Weg 43, 21335 Lüneburg) to process meta and communication data of our website users on our behalf and in accordance with our legitimate interests in providing this website efficiently and securely, as set out in Articles 6(1)(f) and 28 of the GDPR.
You can contact us by email, telephone, fax, and via our contact form.
To process your request, depending on how you contact us, we will process your name, email address, company name (if applicable), telephone number and any other information you provide, as well as the content of your request.
When you contact us by fax, email, contact form or telephone, we process your data based on our legitimate interest in providing diverse and fast contact options, good customer service and responding to your enquiry. This is in accordance with Article 6(1)(f) of the GDPR, unless the contacts are related to (pre-)contractual service obligations, in which case it is in accordance with Article 6(1)(b) of the GDPR.
We delete contact requests immediately after processing them, unless further storage is required by statutory retention periods. After responding to your enquiry, we will archive it immediately. Access to this information is strictly limited. Purely informational enquiries, i.e., those that do not lead to a contract or contain any other content that must be retained, will be deleted at the end of the year in which they were made.
When you use our contact form, we also process location data (country and city, obtained from your IP address), data obtained from our tracking system and data about your browser and device. The legal basis for data processing is your consent in accordance with Article 6(1)(a) and Article 7 GDPR.
We use the Eventbrite event platform, provided by Eventbrite Inc., 535 Mission Street, 8th Floor, San Francisco, California 94105, USA ("Eventbrite"), for bookings to participate in our events. If you click on the corresponding button or link on our website to make a booking, you will be redirected to the Eventbrite website.
When you make a booking with Eventbrite, they collect and process the following personal data on our behalf:
Eventbrite, Inc. is certified under the EU-US Data Privacy Framework (DPF), which guarantees an adequate level of data protection for the transfer of personal data to the USA as recognised by an adequacy decision (Article 45 GDPR).
Your data is processed for the purpose of fulfilling the contract in accordance with Article 6(1)(b) GDPR, for both paid events (purchase contract) and free events (free spectator contract). The provision of data is necessary for this purpose. In addition, pursuant to Article 6(1)(f) of the GDPR, we pursue a legitimate interest in ensuring the orderly processing of our events, particularly for participant authentication, providing information and adapting our offerings to your interests.
Eventbrite itself is responsible for all other data processing on the Eventbrite website (which is not directly related to your booking with us). Eventbrite's privacy policy can be found here: https://www.eventbrite.de/help/de/articles/460838/eventbrite-privacy-policy/.
To help you book appointments with our experts quickly and easily, we provide our booking tool, 'Microsoft Bookings'. This tool is provided by Microsoft Ireland Operations Ltd., One Microsoft Place, South County Business Park, Carmanhall Road, Leopardstown, Dublin 18, Ireland.
We only process your personal data for the purpose of arranging appointments with our employees.
The legal basis for this processing is Article 6(1)(a) GDPR (consent).
As Microsoft is a US company, your personal data may be transferred to a third country (e.g., the USA) as part of this processing. The transfer to the USA is legitimised by the fact that Microsoft is certified under the EU-US Data Privacy Framework (DPF). In its adequacy decision of 10 July 2023, the European Commission determined that the DPF ensures an equivalent level of protection for data transfers to certified US companies as that in the EU.
We have concluded a contract for the performance of order processing (AV contract) with Microsoft. Microsoft reserves the right to process the data for its own purposes in connection with 'Microsoft's legitimate business operations'. In this context, Microsoft is itself the controller (Article 4(7) GDPR) and is responsible for complying with applicable data protection laws. The controller has no influence on this processing.
Further information on data processing by Microsoft can be found at: https://privacy.microsoft.com/de-de/privacystatement.
We embed videos from the YouTube platform on our website to present content clearly and make our online offering more appealing. When these videos are played, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, the provider of YouTube, may process personal data. This processing only takes place if you have consented to the use of marketing cookies or services. YouTube is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
When YouTube content is embedded on our website, the following information about the use of the video is transmitted to Google:
Usage data (e.g., playback duration, interactions and click behaviour).
The purposes are to display and play back video content, improve the user experience and analyse video playback for marketing and statistical purposes.
The legal basis for this processing is Article 6(1)(a) of the GDPR (consent via the consent tool). You can easily revoke your consent using our consent manager or by installing the Google browser add-on, which is available at the following link: tools.google.com/dlpage/gaoptout.
Data may be transmitted to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google is certified under the EU-U.S. Data Privacy Framework (DPF). In its adequacy decision of 10 July 2023, the European Commission determined that the DPF ensures an equivalent level of protection for data transfers to certified US companies as that in the EU.
The storage period for the collected data varies. More detailed information can be found in Google's privacy policy https://www.youtube.com/intl/ALL_de/howyoutubeworks/privacy/ and https://policies.google.com/privacy.
Our website contains links to our social media accounts on LinkedIn, XING and Kununu. These links are integrated via a graphic representing the respective network and can be identified by its logo. When you visit our website, a connection to the server of the relevant network is not automatically established. You will only be redirected to the service of the respective social network when you click on the corresponding graphic.
Once redirected, the respective network will collect information, and it cannot be ruled out that the data collected in this way will be processed in the USA.
Initially, the data collected includes your IP address, the date and time, and the page visited. However, if you are logged into your user account on the social network in question, the operator may be able to assign the information collected during your visit to your account.
If you interact via a 'share' button on the network, this information may be stored in your account and published as necessary. To prevent the collected information from being assigned directly to your user account, log out before clicking on the graphic or the 'share' button.
The following social networks are integrated into our site via links:
LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (a subsidiary of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA), which is certified under the EU-U.S. Data Privacy Framework (DPF). In its adequacy decision of 10 July 2023, the European Commission determined that the DPF ensures an equivalent level of protection for data transfers to certified US companies as that in the EU.
Privacy policy: https://www.linkedin.com/legal/privacy-policy
YouTube/Google
Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Privacy policy: https://policies.google.com/privacy
Spotify
Spotify AB, Regeringsgatan 19, SE-111 53 Stockholm, Sweden
Privacy policy: https://www.spotify.com/de-en/legal/privacy-policy/
Kununu
Neutorgasse 4-8, Top 3.02, A -1010 Vienna, a subsidiary of New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany
Privacy policy: https://privacy.xing.com/de/datenschutzerklaerung
We offer you the opportunity to contact us via the “Apply now” button on our website to apply for an advertised position. We use Recruitee B.V. (Johan Huizingalaan 763, 1066 VH Amsterdam, Netherlands) to organise and process applications.
We use Recruitee based on our legitimate interest in optimising and efficiently designing the recruitment process and our internal procedures (Article 6(1)(f) GDPR) and based on a data processing agreement with Recruitee in accordance with Article 28 GDPR.
After clicking the 'Apply now' button, Recruitee automatically collects personal access data. This includes details of the device used to access the website, the web browser used, the operating system, the IP address, the website you came from, and your behaviour on the Recruitee website. Further information about data protection at Recruitee can be found in Recruitee's privacy policy at recruitee.com/en/privacy.
You can also apply to our company by post or electronically via email.
Any information you provide (e.g., name, email address, phone number, photo, cover letter, CV, etc.) will be stored and processed by us. Rest assured that we will use your information exclusively for the purpose of processing your application and will not pass it on to third parties. Please note that unencrypted emails are not transmitted with access protection.
If you have applied for a specific position that has already been filled, or if we consider you to be equally or even better suited to another position within our group of companies, we would like to forward your application. Please let us know if you do not agree to this.
Your personal data will be deleted either immediately after the application process has been completed or after a maximum of six months, unless you have expressly given us your consent to store your data for a longer period, or unless a contract has been concluded. This is in accordance with Article 6 (1) (a), (b) and (f) of the GDPR and Section 26 of the German Federal Data Protection Act (BDSG). If you have given us your consent to store your data for a longer period, your application documents may be used for future job advertisements. You can revoke your consent at any time, with effect for the future.
In some cases, it may be necessary for us or our providers to use cookies for technical purposes, for which your consent is usually required under Article 6(1)(a) and Article 7 of the GDPR and Section 25 of the TDDDG, unless they are technically necessary.
Cookies are generally text files stored on your device by a website or read from there. They contain combinations of letters and numbers to recognise users and their settings when they reconnect to a website that has set a cookie, to enable users to remain logged in to a customer account, or to analyse usage behaviour statistically. Unless they are technically necessary, the storage of cookies can be individually controlled and set by each internet user.
You can revoke your consent to the use of non-technically necessary cookies at any time, with or without reason, either by clicking here or by deleting the cookies for this site in your browser.
This website uses Google Analytics, a web tracking service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). We use this tool to analyse user interactions on our website and improve our offering to make it more interesting for you.
We primarily collect information about your interactions with our website using cookies, device/browser data, IP addresses and website activity. Google Analytics also collects your anonymised IP addresses to ensure the security of the service and to provide information about the region of the respective user (known as 'IP location determination'). Using the anonymisation function ('IP masking'), Google truncates IP addresses within the EU/EEA at the last octet.
When you visit our website, the following data may be recorded, among other things:
Google acts as a processor, and we have a corresponding contract with them. Information obtained about your use of this website, including anonymised IP addresses, is usually transferred to and processed by a Google server in the USA. In these cases, Google is certified under the EU-U.S. Data Privacy Framework (DPF). On 10 July 2023, the European Commission issued an adequacy decision determining that the DPF ensures an equivalent level of protection for data transfers to certified U.S. companies as that in the EU.
The legal basis for processing this information, which is retained for up to 14 months, is your consent under Article 6(1)(a) of the GDPR. You can withdraw your consent at any time, which will not affect the lawfulness of processing carried out prior to withdrawal. The easiest way to do this is to use our Consent Manager or install the Google browser add-on, which is available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
For more information on the scope of Google Analytics, please visit marketingplatform.google.com/about/analytics/terms/de/. Google provides information on data processing when using Google Analytics at the following link: support.google.com/analytics/answer/6004245. General information on data processing, which Google says also applies to Google Analytics, can be found in its privacy policy: https://www.google.de/intl/de/policies/privacy/.
In connection with Google Analytics, we use the 'Google Tag Manager' service, which is provided by Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google LLC is certified under the EU-US Privacy Shield Framework. On 10 July 2023, the European Commission determined in its adequacy decision that the DPF ensures a level of protection for data transfers to certified US companies that is equivalent to that in the EU.
Tag Manager enables us to implement and manage so-called 'tags', i.e., small code elements, via an interface. This cookie-free tool does not itself collect any personal data. Google Tag Manager triggers other tags, which may collect data, but does not access this data.
The legal basis for the integrated service is consent given under Section 25(1) of the Telemedia Data Protection Act (TDDSG) and Article 6(1)(a) of the General Data Protection Regulation (GDPR). You can revoke your consent at any time without affecting the lawfulness of processing carried out prior to revocation. The easiest way to do this is to use our consent manager or install the Google browser add-on, which is available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
For more information about Google Tag Manager and how it works, please visit https://www.google.com/intl/de/tagmanager/faq.html.
Google Advertising Products is an advertising service provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland. The EU-US Data Privacy Framework-certified parent company is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. This service enables advertisers to manage and plan comprehensive advertising campaigns. Its functions range from designing ads to displaying them to the right target group, using automated decision-making tools for bidding (known as 'automated bidding'), and analysing campaign reach.
Data processing by Google Advertising Products is based on various legal grounds under the GDPR.
The following purposes are pursued based on consent pursuant to Article 6(1)(a) GDPR:
You can revoke your consent at any time without affecting the lawfulness of the processing until revocation. The easiest way to revoke your consent is to use our Consent Manager or install the Google browser add-on, which is available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
Based on legitimate interest pursuant to Article 6(1)(f) GDPR, the following activities are carried out, among others:
This processing involves comparing and combining data from different sources, as well as linking different end devices.
For more information on Google's use of data, please refer to Google's partner policy.