Data protection

Data privacy statement according to the GDPR


1. Name and address of the responsible party


The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:


Palladio GmbH
Klettenbergstraße 12
60322 Frankfurt am Main
Germany
Tel.: 49 (0)69 17 53 72 67-0
E-mail:mail@palladio-partners.com
Website:www.palladio-partners.com


Below, we inform you about the processing of your personal data in connection with the use of our website.


Should you have any further questions regarding data protection in connection with our website or the services offered, please contact our data protection officer. The data protection officer of the controller is:


Rudolf Fiedler DPP
Data Protection GmbH
E-mail:datenschutz@palladio-partners.com


2. Scope, purpose and legal basis of the processing of personal data


We collect and use our users' personal data only to the extent necessary for providing a functional website and our content and services. The collection and use of our users' personal data is generally only carried out with the user's consent. An exception applies in cases where obtaining prior consent is not possible for practical reasons and the processing of the data is permitted by law.


2.1 Creating log files


Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing device (log files). This includes the IP address of the respective user. The IP addresses of visitors are anonymized with an "x" in the log data after seven days and automatically deleted after nine weeks.


We collect this technical information for network security purposes, for example to combat attacks, and to improve our website offering.


These purposes also constitute our legitimate interest in data processing pursuant to Art. 6 para. 1 lit. f GDPR.


The collection of data for the provision of the website and the storage of data in log files is essential for the operation of the website. Therefore, there is no possibility for the user to object.


2.2 Use of cookies


We use session cookies to make our website more user-friendly.

Cookies are text files that are stored in or by the web browser on the user's computer system. When a user visits a website, a cookie can be stored on the user's operating system. This cookie contains a unique string of characters that allows the browser to be uniquely identified when the website is visited again. As soon as the user ends the browser session, the cookies set by our website are automatically deleted.


Cookies are stored on the user's computer and transmitted from there to our site. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, some of its functions may no longer be fully available.


We also use videos from Vimeo on our website. The video portal is operated by Vimeo LLC, 555 West 18th Street, New York, New York 10011, USA. Using a plugin, we can display interesting video content directly on our website. In doing so, certain data may be transferred from you to Vimeo. This privacy policy explains what data is involved, why we use Vimeo, and how you can manage or prevent your data transfer.


We use Google Maps from Google Inc. on our website. For the European region, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for all Google services. Google Maps allows us to show you locations more effectively and thus better tailor our service to your needs. By using Google Maps, data is transferred to Google and stored on Google's servers.


3. Legal basis for the processing of personal data


Insofar as we obtain the consent of the data subject for processing operations involving personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.


When processing personal data necessary for the performance of a contract to which the data subject is a party, Article 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations necessary for carrying out pre-contractual measures.


Where the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Article 6(1)(c) GDPR serves as the legal basis.


In the event that the processing of personal data is necessary to protect the vital interests of the data subject or of another natural person, Article 6(1)(d) GDPR serves as the legal basis.


  • Protection of the company from material or immaterial damages
  • The professionalization of our products and services
  • Cost optimization.


We also process personal data to comply with commercial or tax law retention obligations.


4. Data deletion and storage period


The personal data of the data subject will be erased or blocked as soon as the purpose of the storage no longer applies or is no longer necessary. However, personal data may be retained for the period during which claims can be asserted against our company (statutory limitation periods can range from three to thirty years).


Storage may also take place if this is provided for by European or national legislation in Union regulations, laws or other provisions to which the controller is subject.


Corresponding documentation and retention obligations arise, among other things, from the German Commercial Code, the German Fiscal Code, and the German Money Laundering Act. The retention periods are therefore up to ten years.


Data will also be blocked or deleted when a storage period prescribed by the aforementioned standards expires, unless further storage of the data is necessary for the conclusion or performance of a contract.


5. Disclosure of personal data to third parties


In order to offer you our products and services based on our contractual obligations or our legitimate interests, we may share your personal data with other companies within the corporate group (group).


These are the following companies:


  • Palladio GmbH
  • Palladio Management GmbH
  • Palladio (Luxembourg) S.à rl


Furthermore, we may be legally obligated to provide personal data to German and international authorities. The legal basis for this is Article 6(1)(c) GDPR in conjunction with local and international regulations and agreements.


6. Right to object pursuant to Article 21 GDPR


You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) of the GDPR, including profiling based on those provisions.


The controller will no longer process your personal data unless they can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of establishing, exercising or defending legal claims.


If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing; this also applies to profiling insofar as it is related to such direct marketing.


If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.


You have the option, in connection with the use of information society services – notwithstanding Directive 2002/58/EC – to exercise your right to object by means of automated procedures using technical specifications.


7. Rights of the data subject


Our company places great importance on making our processes for processing personal data transparent. Therefore, we would like to inform you that, in addition to your right to object, you may exercise further rights if the respective legal requirements are met:


  • Right to information pursuant to Article 15 GDPR
  • Right to rectification pursuant to Article 16 GDPR
  • Right to erasure (“right to be forgotten”) pursuant to Article 17 GDPR
  • Right to restriction of processing pursuant to Article 18 GDPR
  • Right to information pursuant to Article 19 GDPR
  • Right to data portability pursuant to Article 20 GDPR
  • (No) automated decision-making in individual cases, including profiling, pursuant to Article 21 GDPR


To exercise your rights, you can contact us by email atdatenschutz@palladio-partners.comturn around.


In order to process your application and for identification purposes, we would like to inform you that we process your personal data in accordance with Article 6 Paragraph 1 Letter c GDPR.


8. Consent


You have the right to withdraw your consent to data processing at any time with effect for the future. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. In some cases, we may still be entitled to process your personal data on another legal basis (for the performance of a contract) despite the withdrawal.


9. Right to lodge a complaint with a supervisory authority


Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.


The supervisory authority with which the complaint has been lodged shall inform the complainant of the progress and outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78 GDPR.


Competent supervisory authority:


The Hessian Data Protection Commissioner
Gustav-Stresemann-Ring 1
65189 Wiesbaden
Poststelle@datenschutz.hessen.de