Dr. Westernacher & Partner Unternehmensberatung AG
Im Schuhmachergewann 6
69123 Heidelberg, Germany
T +49 6221 187 62 – 0
F +49 6221 187 62 – 11
1 Data protection officer
You can contact our data protection officer on the following email address for information:
Dr. Westernacher & Partner Unternehmensberatung AG
Im Schuhmachergewann 6
69123 Heidelberg, Germany
3 Sending of data to third parties (outside the EU)
As part of the use of the website it may be necessary to forward your personal data to countries outside of the EU. This occurs exclusively in compliance with the measures to ensure a suitable level of data protection set out in Article 44 et seqq. GDPR. Where no resolution on suitability has been passed by the Commission on the country in which the recipient is established, standard contractual clauses are used. You can find more information in the contact details under 1 and 2.
4 Transfer security
When data is transferred, this website has what is known as the SSL security system (Secure Socket Layer) preset along with 128-bit encryption to protect the data against accidental or intentional manipulation, loss, destruction or access by unauthorised parties. The security measures are continuously adapted to technological developments. You can determine that data are being sent in an encrypted manner from the closed image of a key or lock symbol in the lower status bar of your browser.
5 Your rights
As a data subject, you have the following rights with respect to us:
You can request information about the data we have stored relating to you at any time via the contact details for Dr. Westernacher & Partner Unternehmensberatung AG or the data protection officer listed above.
Correction, restriction and deletion
You also have the right to request the correction of inaccurate data or where there are legal requirements for this to request the restriction or deletion of your data.
You can object to the use of your data for purposes of direct advertising or market research informally at any time.
You can also revoke consent you have granted on this website informally via the contact details given above or the links intended for this on this website or in emails that are based on your consent.
You can revoke consent for the storage of your data when you use communication forms on this website informally via the contact details given above. In this case, Westernacher will cease to process your data unless there are compelling legitimate reasons that outweigh the interests of the person revoking consent for further storage or the processing is used to pursue legal claims.
On request, we will send you the data we have stored relating to you in a structured, commonly-used and machine-readable format that you can use for further processing.
Please send any such requests to the address given in the imprint stating “data protection” or to the email address [email protected]. Any transfer of data requires you to provide unequivocal evidence that you are the data subject and can only be sent to the address you have previously set in your data.
Right to lodge a complaint
You also have the right to lodge a complaint with the data protection supervisory authorities competent for you or for Westernacher Consulting GmbH. The competent supervisory authority for Westernacher Consulting GmbH is
The State Officer for Data Protection, Baden-Württemberg
Dr Stefan Brink
PO box 10 29 32
T +49 (0) 7 11/61 55 41 – 0
F +49 (0) 7 11/61 55 41 – 15
If you have any questions or complaints about data protection you can also contact our data protection officer at any time on the contact details given above.
If you wish to apply for a job with us, the application tool of the provider JazzHR is provided for you on our website. Westernacher is responsible for the collection of usage data on the use of the portal. The application data you send are recorded by JazzHR on our behalf and only provided to selected employees internally. The processing of your data is carried out in collaboration with the United States of America, along with other countries. The transfer of the information provided by you on the web form is via a secure TLS connection.
Data that are essential for your application to be accepted are marked with an asterisk.
All of the documents you send will be deleted no later than six months after completion of the application process if we do not conclude an employment contract with you.
If we are interested in storing your documents (for example for consideration in a subsequent recruitment process), you will be asked in advance for your consent unless you already granted this in your application form. In this case your data will then be stored for a further six months. A message will be sent before your data are deleted so you have the option of consenting to further storage. If your application is not for a specific role and is not part of a specific recruitment process (talent pool), we will store your data for two years.
7 External links
8 Collection of usage data when you visit this website
A series of information about you as a user is recorded when you use any website which, at least in theory can be attributed to a specified user via the IP address, the specific user settings, the cookies or other possible methods of identification. These data are used for technical purposes to display the site and to optimize the site by means of the statistical recording of user behavior, but they can also be used to display information that has already been entered or entries that have already been made in the event that the process is aborted. The usage data that are collected on this website and the further services that are used on this website are shown below.
Where third party services are used, revocation of consent is enabled in the description of the individual services offered by third party providers.
Sending of browser data and settings
If the website is used purely for information purposes, in other words if you do not register or send information in any other way, we only collect the personal data that your browser sends to our server. If you want to look at our website, we collect the following data that are technically necessary for us to display our website for you and to ensure stability and security. The legal basis for this processing is Article 6 paragraph 1F GDPR (legitimate interest):
– IP address
– Date and time of query
– Content of the request (specific web page)
– Access status/https or http status code, error codes – The quantity of any data transferred
– Website from which the request came
– Browser used
– Operating system
– Language and version of the browser software
– Cookies/Flash cookies
– Additional technical parameters e.g.
– Number and type of plug-ins installed
– Size of the browser window
– Screen resolution
– Languages supported
– Fonts installed
The data mentioned above are deleted after 30 days and are not evaluated with reference to a person.
Do not track
You can refuse the tracking of your visits to websites using what is known as the “do not track” setting. This setting is offered by a range of browsers. If you have activated the “do not track” option, your visits cannot be tracked:
– Firefox https://support.mozilla.org/en-US/kb/how-do-i-turn-do-not-track-feature
– Microsoft https://support.microsoft.com/de-de/products/internet-explorer#
– Chrome https://support.google.com/chrome/answer/114836?hl=en&ref_topic=3421433
– Safari https://help.apple.com/safari/mac/9.0/#/sfri40732
– Opera http://help.opera.com/Windows/12.10/en/notrack.html
Cookies placed by the website provider
Information on the website usage is also collected when you use the website through what are known as browser cookies. These are text files that are stored on your data carriers and store certain settings and data on the exchange with the website via your browser. The cookies used regularly contain the domain names, information on the age of the cookies and an identifier. Your device can be recognized so settings you have previously adjusted will be available immediately. Cookies known as session cookies help to recognize users again when they visit the website.
The cookie ID is not combined with your personal data such as name, email address or IP address. If you do not want cookies to be used on this website, you can adjust your browser to ensure that storage of the cookie is not accepted. The legal basis of this data processing is Article 6 paragraph 1F GDPR, legitimate interest in providing cookie-based functions during use of the website.
9 Usage and web analysis services
Usage and web analysis services (tracking services) are generally used to measure the reach of the website and improve the website content using a statistical evaluation of user behavior. The services used record the pages from which visits originate and the content that is accessed, among other things.
This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses what are known as “cookies”. The information generated by the cookie is generally transferred to a Google server in the USA and stored there. In order to avoid the sending of personal data, this website uses the IP anonymization offered by Google. Your IP address is abbreviated before it is sent. Only in exceptional cases is the full IP address transferred to a Google server in the USA and abbreviated there. Google will use this information on behalf of the operator of this website to analyse, to prepare reports on the website activities and to provide further services to the website operator linked to the use of the website and the use
of the internet. The IP address sent by your browser as part of Google Analytics is not combined with other Google data. You can prevent the storage of cookies at any time by setting your browser software accordingly; we wish to note, however, that if you do this you will not be able to use all of the functions of this website to the full extent. You can also prevent the detection of the information generated by the cookie and related to the use of the website (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plug-in available via this link (https://tools.google.com/dlpage/gaop- tout?hl=en).
You can prevent the collection of data by Google Analytics by clicking on the following link. This sets an opt-out cookie which prevents the future capture of your data when you visit this website.
Deactivate Google Analytics
You can find more information on the terms and privacy on https://www.google.com/analytics/terms/us.html and on https://policies.google.com/.
The legal basis for the data processing by Westernacher is a legitimate interest in optimizing the design of the website, Article 6 paragraph 1F GDPR.
Content Delivery Networks (CDN)
– CDN Service Provider, Cloudflare
Re-targeting or Re-marketing services are used to display interest-based advertising when users visit other websites after they have visited these websites. Tracking of the advert is recorded and evaluated for billing purposes, among other things.
The legitimate interest on the part of Westernacher in targeted advertising is the legal basis for the data processing, Article 6 paragraph 1F GDPR.
Custom Audiences by Facebook Inc.
Further information on the collection and use of the data by Facebook and about your rights and the options in terms of protecting your privacy can be found in the Facebook data policy on https://www.facebook.com/ about/privacy/. Alternatively, you can deactivate the Re-marketing function “Custom Audiences” on https://www.facebook.com/settings/?tab=ads#_=_. You have to be logged in to Facebook to do this.
Conversion tracking by the company LinkedIn Corp.
The “Conversion Tracking” function by LinkedIn Corp. is also used. This function is used to present users who visit this website with interest-based advertising when they visit LinkedIn. In order to do this, remarketing tags in the form of individual pixels are implemented on our website that link to LinkedIn servers. LinkedIn receives information about your visit to the website in this way.
Further information on the collection and use of your data by LinkedIn is available on https://www.linkedin. com/legal/conversion-tracking. Your options in terms of protecting your data and refusing related services can be found on https://www.linkedin.com/help/linkedin/answer/62931?lang=en.
Information on data transfer to the USA by Hubspot
By accepting the respective purposes and providers, you consent at the same time pursuant to Article 49 (1) (a) of GDPR that your data may be processed in the USA. The USA is assessed by the European Court of Justice as a country with an insufficient level of data protection according to EU standards. In particular, there is a risk that your data may be processed by US authorities for control and monitoring purposes, possibly also without any legal remedy.
11 Data collection when you interact on the website
If you use the following services that are available on our website, the personal data you enter will be stored and processed for the purposes indicated in each case, for example during registration, a survey or the conclusion of a contract.
You can use the contact form on the website to contact us. Your name including a form of address (optional), a valid email address, your affiliation to the company and the content of your message are collected so your query can be processed. The data you enter are sent via a secure TLS connection.
The information sent are forwarded to the area responsible for your concern and only used to process your query. Your data are deleted as soon as your query has been processed unless storage of these data is offered for reasons of traceability, customer service or legal retention periods.
If your request relates to other sites within our company, your data will be passed on.
You can revoke consent for the storage of your data informally via the contact details given above. In this case, we will cease to process your data unless there are reasons that outweigh the interests of the person revoking consent for further storage or the processing is used to pursue legal claims.