KARŌN | Privacy statement

Privacy Statement

KARON Beratungsgesellschaft mbH takes your legitimate interests in data protection very seriously and observes the provisions of the European General Data Protection Regulation (GDPR), the German Telemedia Act and, where applicable, the provisions of other applicable data protection regulations.

KARON Beratungsgesellschaft mbH handles the data transmitted by you carefully and with due diligence. As far as data of any kind is collected, processed or used, this is always done within the scope of the applicable legal provisions or after obtaining explicit consent from you.

Protecting the individual’s privacy on the Internet is crucial to the future of Internet-based business models and the move toward a true Internet economy. KARON Beratungsgesellschaft mbH has created this privacy statement to demonstrate its firm commitment to the individual’s right to privacy. This policy outlines KARON Beratungsgesellschaft mbH's personal information handling practices for this website.

This Privacy Statement covers this website and all other sites that reference this Privacy Statement. Some KARON Beratungsgesellschaft mbH entities may have their own, possibly different, privacy statements. We encourage you to read the privacy statements of each of the KARON websites you visit.

The controller according to Art. 4 Para. 7 of the General Data Protection Regulation (GDPR) is:

KARON Beratungsgesellschaft mbH

Vor der Niederpfort 13

65428 Rüsselsheim

Germany

District Court Darmstadt commercial register number: HRB 84241

VAT ID: DE 194709706

Phone: +49 6142 30170 - 0
Fax: +49 6142 30170 - 11

E-Mail: info@karon.de

Internet: www.karon.de

You can contact KARON Beratungsgesellschaft mbH's data protection officer at:

KARON Beratungsgesellschaft mbH

Thomas Fletschinger
E-Mail: dsb(at)karon.de

Global Privacy Fundamentals

Our privacy practices reflect current global principles and standards on handling personal information. These principles include notice of data use, choice of data use, data access, data integrity, security, onward transfer, and enforcement/oversight. KARON Beratungsgesellschaft mbH abides by the EU General Data Protection Regulation (GDPR).

Consent
By using this website, you consent to the electronic collection and use of the information as described here. If KARON Beratungsgesellschaft mbH decides to make changes to this Privacy Statement, we will post the changes on this site so that you will always know what information we collect, and how we use it.

From time to time, as may be required by applicable law, we may also seek your explicit consent to process certain data and information collected on this website or volunteered by you.

Collection and Processing of Your Personal Data
To serve you better and understand your needs and interests, KARON Beratungsgesellschaft mbH collects, exports, and uses personal information with adequate notice and consent, along with required filings with data protection authorities, when applicable.

When you visit our website, we may record your IP address and use cookies and other Internet technologies (referred to below as "Automated Tools" and "Embedded Web Links") to gather general information about our visitors and their interests. The technologies used and the information collected are described in more detail below.

We may further collect and process any information and data that you volunteer to us, e.g. when you register for events, subscribe to newsletters, participate in online surveys, discussion groups or forums, or when you make purchases.

Use and Purpose of Collected Personal Data
The information KARON Beratungsgesellschaft mbH collects to understand your needs and interests helps KARON Beratungsgesellschaft mbH deliver a consistent and personalized experience. KARON Beratungsgesellschaft mbH will use such information only as described in this Privacy Statement and/or in the way specified at the time of collection. We will not subsequently change the way your personal data is used without your consent, unless this is otherwise permitted by law.

We always process your personal data for a specific purpose.

In particular, we process your personal data for the following purposes:

To manage our relationship with you, e.g. through our databases, in which we collect data about you from our various sources in order to get an overview of the collaboration; also, to improve and individualize our understanding of your preferences and our communication with you;
To process your orders and deliver the products and services that you have ordered.
To implement tasks in preparation of or to perform existing contracts;
To evidence transactions and ensure transparency on transfers of value;
To provide you with appropriate and current information about research as well as our products and services;
To improve the quality of our products and services by adapting our offering to your specific needs;
To answer your requests and provide you with efficient support;
To track our activities (e.g. measuring interactions or sales, number of appointments/calls, issues discussed, documents presented);
To invite you to events sponsored or used by us (e.g. speaker events, conferences);
To grant you access to our specified IT systems so that you can use certain services of KARON Beratungsgesellschaft mbH;
To manage our IT resources, including infrastructure management and business continuity;
To preserve the company’s economic interests and ensure compliance and reporting (such as complying with our policies and local legal requirements, tax and deductions, internally defined contribution caps, managing alleged cases of misconduct or fraud; conducting audits and defending litigation);
archiving and record keeping;
To support recruitment inquiries and billing and invoicing;
any other purposes imposed by law and authorities.
In certain cases, we are legally obliged to transfer certain data to the requesting government agency (institution or authority). The legal basis for the processing is Art. 6. Para. 1 (c) GDPR and Art. 24 Para. 2, No 1 of the German Federal Data Protection Act
In some cases, business partners require personal information from our customers. This is usually done for the purpose of order fulfillment (e.g. in case of complaints). This is expressly provided for by law. In this case, KARON Beratungsgesellschaft mbH remains responsible for the protection of your data – in addition, the processor may also be responsible. The service provider works strictly in accordance with our instructions, which KARON Beratungsgesellschaft mbH ensures by means of strict contractual regulations.
To fulfil legal obligations to record, document and report to the responsible authorities.

IP Addresses
We use IP addresses to help diagnose problems, to administer our website, and to gather demographic information. We may also use IP addresses or other information you have shared on this website to determine which pages on our sites are being visited and topics that may be of interest so we can provide you with information about relevant products and services. Generally, KARON Beratungsgesellschaft mbH will aggregate such data only in an anonymous way and will not tie it to a particular individual unless he or she has given consent. When you visit our site, we recognize only your domain name.

KARON Beratungsgesellschaft mbH will only gather information related to your visit to the KARON website. We do not track or collect personal information from your visits to companies or entities outside the KARON Beratungsgesellschaft mbH group of companies.

Cookies
a) We use cookies on our website(s). These are small files that your browser automatically creates and stores on your device (laptop, tablet, smartphone, etc.) when you visit our websites. Cookies cannot do damage to your computer and do not contain viruses, Trojans or any other malware. The information stored in the cookie pertains to the specific device used. This, however, does not give us direct knowledge of your identity. The use of cookies serves to make using our online services more pleasant for you. For example, we use what are known as session cookies to determine that you have already visited individual pages on our website. These are automatically deleted after leaving our website.

b) In addition, to further improve usability, we also use temporary cookies that are stored on your device for a specified period of time. If you visit our website again to use our services, we will automatically determine that you have already visited our website and what inputs and settings you have made in order to avoid having to re-enter them.

c) Furthermore, we use cookies to statistically record the use of our website and to analyze it for the purpose of optimizing our website offerings. These cookies enable us to automatically determine that you have visited our website before. These cookies are automatically deleted after a defined period of time.

d) The data processed by cookies are necessary for the purposes mentioned in order to safeguard our legitimate interests and the interests of third parties under Art. 6 Para.1 Sent. 1 (f) GDPR.

e) Most browsers accept cookies automatically. You can, however, configure your browser in such a way that no cookies are stored on your computer or that a notice is displayed before a new cookie is created. Disabling cookies completely, however, may mean that you will not be able to use all the features on our website.

Email Addresses
If you choose to give us your email address or submit it through our contact form, we will communicate with you via email. We do not share your e-mail address with others outside the KARON Beratungsgesellschaft mbH group of companies. You can opt out from receiving future emails from KARON Beratungsgesellschaft mbH at any time.

Shopping or Event Registration
Our site includes order forms that you fill out to request information, products, and services.

External Service Providers
We work with service providers that process certain data on our behalf. This is done exclusively in accordance with the applicable data protection laws. In particular, we have entered into commissioned data processing agreements with our service providers which satisfy the requirements of Art. 28 GDPR.

Data Transfer, Transfer to a Third Country

Your personal data will not be transferred to third parties for any purposes other than those set out below. We will only transfer your personal data to third parties if:

a) You have given your express consent in accordance with Art. 6 Para. 1 Sent. 1 (a) GDPR, Art. 26 Para. 2 German Federal Data Protection Act (BDSG),

b) The transfer is necessary in accordance with Art. 6 Para. 1 Sent. 1 (f) GDPR for the purpose of asserting, exercising or defending legal claims, and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data.

c) in the event that there is a legal obligation to transfer the data pursuant to Art. 6 Para. 1 Sent. 1 (c) GDPR and

d) this is legally permissible and necessary under Art. 6 Para. 1 Sent. 1 (b) GDPR, Art. 26 Para. 1 German Federal Data Protection Act (BDSG) for the execution of a contractual relationship with you or for pre-contractual measures at your request.

Transfer to a third country or an international organization is not intended and there is no automated decision making unless otherwise provided in this Privacy Statement.

KARON Beratungsgesellschaft mbH may also share such information with business partners, service vendors, authorized third-party agents, or contractors in order to provide a requested service or transaction, including processing orders, providing customer support, or providing you with information on products and services that may be of interest to you.

We do not sell or rent your personal data to third parties for marketing purposes unless you have granted us permission to do so.

KARON Beratungsgesellschaft mbH may respond to subpoenas, court orders, or legal process by disclosing your personal data and other related information, if necessary. We also may choose to establish or exercise our legal rights or defend against legal claims.

Circumstances may arise where, whether for strategic or other business reasons, KARON Beratungsgesellschaft mbH decides to sell, buy, merge, or otherwise reorganize businesses. Such a transaction may involve, in accordance with applicable law, the disclosure of personal information to prospective or actual purchasers. It is KARON Beratungsgesellschaft mbH's practice to seek appropriate protection for information in these types of transactions.

We may collect and possibly share personal data and any other additional information available to us in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, or violation of KARON Beratungsgesellschaft mbH's terms of use, or as otherwise required by law.

Analysis Tools

The tracking measures listed below and used by us are carried out based on Art. 6 Para. 1 Sent. 1 (f) GDPR. With the tracking measures used, we want to ensure a needs-based design and the continuous optimization of our website. Furthermore, we use tracking measures to statistically record the use of our website and to analyze it for the purpose of optimizing our website offerings. These interests are considered legitimate within the meaning of the aforementioned provision. For the respective data processing purposes and data categories, please refer to the corresponding tracking tools described in detail below.

Privacy Statement for the Use of Google Analytics
a) Google Analytics uses "cookies", which are text files placed on your computer to help analyze how you use the website. The information generated by the cookie about your use of this website will be generally transmitted to and stored by Google on servers in the United States of America. If IP anonymization is activated on this website, however, Google will truncate your IP address within member states of the European Union or in other member states of the European Economic Area. Only in exceptional cases will your full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity, and providing the website operator with other services relating to website activity and internet usage.

b) You may refuse the storing of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use the full functionality of this website. Furthermore, you can prevent the collection of data generated by the cookie about your use of the website (including your IP address) and its processing by Google by downloading and installing the browser plug-in provided under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

c) This website uses Google Analytics with the add-on „anonymizelp“. This means that IP addresses are processed in abbreviated form, so as to eliminate any direct tracking to a specific person. If data collected about you refers to a specific person, it is therefore eliminated immediately and the personal data thus immediately deleted.

d.) We use Google Analytics to be able to analyze the use of our website and regularly improve it. The statistics we compile enable us to improve our offering and make it more engaging for you as a user.

Only in exceptional cases, the entire IP address will be transmitted to a Google server in the USA and shortened there. In these exceptional cases, the processing takes place in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in the statistical analysis of user behavior for optimization and marketing purposes.

For data to be transmitted from the EU to the USA, Google hereby refers to so-called standard data protection clauses of the European Commission, which are expected to ensure compliance with the European data-protection level in the USA.

e) Information on the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, fax: +353 (1) 436 1001. User conditions: https://www.google.com/analytics/terms/us.html, data protection overview: https://support.google.com/analytics/answer/6004245?hl=en, and privacy statement: https://policies.google.com/privacy?hl=en&gl=en.

Privacy Statement for the Use of YouTube Plug-Ins
Our website employs plug-ins provided by the Google-operated website YouTube. Operator of this site is: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, fax: +353 (1) 436 1001.

When you visit a site equipped with a YouTube plug-in, a connection is established to the YouTube servers. In the process, the YouTube server is informed which of our pages you have visited. If you are logged in to your YouTube account, you enable YouTube to associate your browsing behavior with your personal profile. You can prevent this by logging out of your YouTube account.

The use of YouTube takes place in the interest of an appealing presentation of our online services. This represents a legitimate interest in the sense of Art. 6 Para. 1 (f) GDPR. For more information on the handling of user data, please refer to YouTube's privacy policy at: https://www.google.com/analytics/terms/us.html, the data protection overview at: https://support.google.com/analytics/answer/6004245?hl=en, and the privacy statement at: https://policies.google.com/privacy?hl=en&gl=en.

If you do not wish to participate in the tracking process, you can disable the automatic setting of cookies in your browser settings. You can also choose to block only specific cookies for conversion tracking by modifying your browser settings so that cookies from the domain "googleadservices.com" are not allowed.

For further information and to view the Google privacy policy, click here and here.

Privacy Statement for the Use of SlideShare

(1) We employ components provided by SlideShare, a service that is integrated into our website using a 2-click approach. This means that no personal data is transmitted by visiting our website. Personally identifiable information is transferred to Slideshare.com Google Analytics, and comScore only when you start a presentation. In this case, the data is stored in the USA and a cookie is placed in your browser. We have no control over data collected or data processing operations, nor are we familiar with the full extent of the data collected, the purposes for which is collected or any storage periods.

(2) comScore stores the data as user profiles and uses them to for the purpose of advertisements, market research and/or the demand-oriented design of its websites. The data is analyzed for the purpose of delivering demand-oriented advertisements. You are entitled to the right to deny consent to the compiling this user profile by ComScore. To exercise this right, contact comScore.

(3) Additional information on the purpose and extent of data collection and its processing by the plug-in provider, please contact SlideShare Inc., 1 Montgomery St., Suite 1300, San Francisco, CA 94104, privacy@slideshare.com, http://www.slideshare.net/privacy and comScore, Inc., 11950 Democracy Drive, Suite 600, Reston, VA 20190, http://www.comscore.com/About_comScore/Privacy_Policy.

Privacy Statement for the Use of XING

Our website employs components provided by the XING network. These components are a service of XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. Each time our website receives an access request equipped with a XING component, a connection to the XING servers is established. To the best of our knowledge, XING does not store any personal information as part of this process. This applies particularly to the storing of IP addresses and the analysis of user behavior.

For more information about your privacy and the XING share button, refer to XING's privacy policy at https://www.xing.com/app/share?op=data_protection

Privacy Statement for the Use of Facebook Plug-Ins (Like Button)

Our website employs plug-ins provided by the Facebook social network, 1601 South California Ave, Palo Alto, CA 94304, USA. You can recognize the Facebook plug-ins by the Facebook logo or the "Like" button on our site. For an overview of the Facebook plugins, please visit http://developers.facebook.com/docs/plugins/.
When you visit our web pages, the plug-in establishes a direct connection between your browser and the Facebook server. This provides Facebook with the information that you have visited our website using your IP address. When you click the Facebook “Like” button while you are logged into your Facebook account, you can link the contents of our web pages with your Facebook profile. This allows Facebook to allocate the visit to our web pages to your account. Please note that as the provider of this website we receive no information from Facebook regarding the contents of the transmitted data or how it is used. For more information about this, please refer to Facebook's privacy policy at https://www.facebook.com/policy.php.

If you do not want Facebook to be able to allocate your visit to our pages to your Facebook account, please log out of your Facebook account.

Privacy Statement for the Use of LinkedIn

Our website employs plug-ins provided by the LinkedIn network, a service of LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. You can recognize the LinkedIn plug-ins by the LinkedIn logo or the "Share" button on our site (hereinafter referred to as "LinkedIn plug-ins"). When you visit our website, the LinkedIn plug-ins establish a direct connection between your browser and the LinkedIn server. This provides LinkedIn with the information that you have visited this website using your IP address. When you click the LinkedIn “Share” button while you are logged into your LinkedIn account, you can link the contents of this website with your LinkedIn profile. This allows LinkedIn to allocate the visit to this website to your account. Please note that as the provider of this website we receive no information from LinkedIn regarding the contents of the transmitted data or how it is used. For details on data collection (purpose, extent, further processing, use) as well as your rights in this regard and your settings options, refer to LinkedIn's privacy policy. You can find the LinkedIn privacy policy at http://www.linkedin.com/static?key=privacy_policy&trk=hb_ft_priv

Privacy Statement for the Use of Twitter

Our website is integrated with certain functions of the Twitter service. These functions are provided by Twitter Inc., 1355 Market St., Suite 900, San Francisco, CA 94103, USA. By using Twitter and the “re-tweet” function, you can link the web pages you have visited to your own Twitter account and share them with other users. This also includes the transmission of data to Twitter.

Please note that as the provider of this website we receive no information from Twitter regarding the contents of the transmitted data or how it is used. For more information, please refer to Twitter's privacy policy at http://twitter.com/privacy.

You can change your Twitter data privacy settings in your account settings at http://twitter.com/account/settings.

Links to Other Websites
Our website may contain links to other sites. KARON Beratungsgesellschaft mbH is not responsible for the privacy practices or the content of third-party websites or websites that are not owned by KARON Beratungsgesellschaft mbH or its affiliates.

Data Retention
KARON Beratungsgesellschaft mbH will not retain your personal data longer than is necessary to fulfill the purposes for which it was collected or as required by applicable laws or regulations.

Applicant Privacy Notice

(1) We process applicant data only for the purpose and in the context of the application procedure in accordance with the legal requirements. The processing of the applicant data takes place in order to fulfil our (pre)contractual obligations within the scope of the application procedure pursuant to Art. 6 Para. 1 (b). GDPR, Art. 6 para. 1 (f) GDPR insofar as data processing becomes necessary for us, e.g. within the framework of legal proceedings (in Germany, Art. 26 of the German Federal Data Protection Act (BDSG) also applies).

(2) The application process requires that applicants provide us with their data. Necessary applicant data are personal details, postal and contact addresses and the documents accompanying the application, such as cover letter, curriculum vitae and certificates. In addition, applicants may voluntarily provide us with additional information.

(3) By submitting the application to KARON Beratungsgesellschaft mbH, applicants agree to the processing of their data for the purposes of the application process in accordance with the type and scope set out in this Privacy Statement.

(4) Insofar as special categories of personal data pursuant to Art. 9 Para. 1 GDPR are voluntarily disclosed in the application process, they are additionally processed in accordance with Art. 9 Para. 2 (b) GDPR (e.g. health data, e.g. severely disabled status or ethnic origin). Insofar as special categories of personal data pursuant to Art. 9 Para. 1 GDPR are requested from applicants in the application process, they are additionally processed in accordance with Art. 9 para. 2 lit. a GDPR (e.g. health data, if these are required for exercising the profession).

(5) Applicants can send their applications by post or email. Please note, however, that emails are generally not sent in encrypted form and that the applicants themselves must ensure that they are encrypted. We therefore cannot accept any responsibility for the transmission of the application between the sender and the reception on our server. If the applicant is concerned about the security of the application documents sent by email, we recommend sending the application documents by post.

(6) The data provided by the applicants may be further processed by us in the event of a successful application for employment purposes. Otherwise, if the application for a job opening is not successful, the applicants' data will be deleted. Applicants' data will also be deleted if an application is withdrawn, which the applicants are entitled to at any time.

(7) The deletion is subject to a legitimate withdrawal by the applicant and carried after a seven-month application period so that we can answer any follow-up questions regarding the application and meet our obligations under the Equal Treatment Act.
In the event that you have agreed to the continued storage of your personal data, we will transfer your data to our applicant pool. There the data will be deleted after two years.
If you have been accepted for a job in the application process, the data from the applicant data system will be transferred to our personnel information system and deleted 10 years after termination of employment.

Invoices for any reimbursement of travel expenses are archived in accordance with tax regulations.

Data Subject Rights

You have the right

a) in accordance with Art. 15 GDPR, to request information about your personal data processed by us. In particular, you may request information about the purposes of processing, the categories of personal data concerned, the categories of recipients to whom your personal data have been or will be disclosed, the planned storage period, the existence of the right to rectification, deletion, restriction or objection of processing of personal data, the right to lodge a complaint with a supervisory authority, the origin of your data where the personal data was not collected by us, and the existence of automated decision-making and, if applicable, meaningful information about the logic involved;

b) in accordance with Art. 16 GDPR, to demand without delay the correction of incorrect data or the completion of your personal data stored by us;

c) to request the deletion of your personal data stored with us in accordance with Art. 17 GDPR, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;

d) in accordance with Art. 18 GDPR to restrict the processing of your personal data if you dispute the accuracy of the data, if the processing is unlawful but you reject its deletion and we no longer need the data, but you need it to assert, exercise or defend legal claims, or if you have filed an objection to the processing in accordance with Art. 21 GDPR;

e) in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request its transfer to another person responsible;

f) in accordance with Art. 7 Para. 3 GDPR, to revoke your consent to us at any time. As a result, we will no longer be allowed to continue processing the data based on this consent in the future and

g) in accordance with Art. 77 GDPR, to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or of the registered office of our company.

The competent supervisory authority for data protection for KARON Beratungsgesellschaft mbH is:

Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
[The State Commissioner for Data Protection and Freedom of Information Hesse]

Address: Gustav-Stresemann-Ring 1, 65189 Wiesbaden, Germany

Phone: 0611 – 1408 – 0

Fax: 0611 – 1408 – 900

Email: poststelle@datenschutz.hessen.de

Internet: http://www.datenschutz.hessen.de

For the assertion of the aforementioned rights as well as for questions regarding data protection, you can contact the person responsible or send an email to dsb(at)karon.de.

Right to Object

If your personal data are processed on the basis of legitimate interests pursuant to Art. 6 Para. 1 Sent. 1 (f) GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that there are reasons for this which arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which we will implement without specifying a particular situation. If you would like to exercise your right of withdrawal or objection, simply send an e-mail to dsb(at)karon.de.

Data Security
a) While you visit our website, we use the common SSL procedure (Secure Socket Layer) with the highest possible encryption level supported by your browser. As a general rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we will resort to128-bit v3 technology instead. Whether an individual page of our website is transmitted in encrypted form is indicated by the display of the closed key/lock symbol in the lower status bar of your browser.

b) We also use appropriate technical and organizational security measures to protect your data against accidental or intentional tampering, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

Changes to This Privacy Statement

In the event of new developments such as changes to the applicable data privacy laws, we will, if necessary, update this privacy statement accordingly.

Last update: May 9, 2023