Privacy notice
This privacy notice explains how we process personal data in our business as per the General Data Protection Regulation (GDPR) and other relevant privacy laws applicable to our business.
Please note that this entire document is protected by copyright and you may not copy any text from it.
If you have any questions about this privacy notice, feel free to contact us at:
Company name: Rösslyng GmbH
Business address: Turmstrasse 38, 53175 Bonn, Germany
Contact email address: info@roesslyng.com
We take your privacy seriously and we have taken several steps to ensure that we provide you with clear and transparent information on how we process your data, and also inform you about your rights. If you feel that any information is unclear, or missing, please do not hesitate to contact us.
Your data protection rights
-
Your rights of access and rectification: You may request access to or a copy of the information we process about you and ask us to rectify any incorrect data.
-
Your right to erasure or restriction: In some circumstances, you may ask us to delete and/or restrict our processing of your data, but we cannot delete any data we are required to process.
-
Your right to object to processing: In some circumstances, you may ask us to stop processing your data.
-
Your right to data portability: In some circumstances, you may ask us to transfer your data to you or to another organisation.
-
Also, if you’re unhappy about how we process your data, you have a right to complain to a national data authority. We hope, however, that you will contact us first so that we can try to resolve the matter for you in a satisfactory way.
Please contact us if you have any questions about or want to exercise one of your rights. You are entitled to a reply within 30 days.
How we get your personal data
We typically process personal data about:
-
Potential and existing customers and through customer relations
-
Vendors and partners
-
Website visitors
We process personal data when you:
-
buy our services
-
participate in our events, e.g. leadership workshops
-
respond to one of our surveys
-
respond to personality inventories administered by us
-
are coached by us
-
provide us with your contact details, e.g. give us your business card
-
contact us via phone, text, email, social media or our website
-
otherwise use our website
It is voluntary to provide us with personal data, but if you choose not to, we may not be able to provide you with our services. We do not rent, buy or sell personal data from or to others, use automated decisions or profiling in the processing of your personal data or process special category data.
Purpose, lawful basis and retention periods
We only process your personal data when we have a purpose and a lawful basis for doing so. Under the GDPR Article 6-1, the lawful bases we rely on, are:
a) Your consent
b) We have a contractual obligation (contract)
c) We have a legal obligation
f) We have a legitimate interest
As a rule, personal data should not be processed and kept for longer than necessary to fulfil the purpose for processing.
Your personal data is only retained for as long as we have a purpose and a lawful basis:
-
Until you withdraw your consent.
-
For as long as we have a contractual obligation, and, if applicable, in accordance with accounting and bookkeeping rules and regulations.
-
For as long as we have a legal obligation; in accordance with accounting and bookkeeping rules and/or other legal requirements and regulations.
-
For as long as we have a legitimate interest or until you ask us not to process your data in such a way (e.g. marketing to existing customers)
You can always withdraw your consent for any data processing based on consent, and you can also reach out to us at any time if you’d like us to stop processing and/or ask us to delete any of your data.
We have routines in place to ensure that personal data is deleted from all relevant systems when we no longer have a purpose and/or legal basis to continue to process them.
Details on the processing of your personal data
In this section we describe in detail when and how we process your data, for what purposes and our legal grounds to do so (lawful bases). We also specify the retention periods for the processing.
We process personal data when:
You communicate with us
When you contact us through our website, e-mail, phone (call, text message), social media and/or give us your business card, we process personal data. Depending on where and how you contact us, this may include your name, contact details, IP address and other information you choose to send to us.
The purpose is to be able to respond to your inquiries and, on some occasions, to keep records in case of complaints or legal claims. The lawful basis is f), where the legitimate interests are to be able to respond to your inquiries and, on some occasions, to keep records in case of complaints or legal claims. We review this data during our annual (internal) GDPR audit day and delete personal data as appropriate. Due to the nature of our business, we can keep this type of personal data up to 3 years, or 10 years if we have a legal obligation in accordance with accounting and bookkeeping rules.
You purchase our services
When you purchase services from us, such as leadership development, team development, coaching and recruitment support, we process personal data such as your name, contact details, order and payment details as well as purchase history. We also use data that you have provided us with through surveys and personality inventories. If your purchase includes digital delivery, for example over video, either one to one between us and you, or one to many between us and a group of people, we also process personal data such as profile picture, video (picture and sound), messages (chat) and IP address.
We use personal data to write contracts and invoices. We use your personal data to tailor our services to your requirements, like coaching and team and leadership training.
The purpose is to be able to fulfil our obligation to deliver the services you have purchased and to manage the customer relationship. The lawful bases are a) consent, b) contract and c) legal obligation related to accounting, tax and other business rules and regulations we are required to abide by.
We process the data for as long as we have a legal obligation as per any applicable rules and regulations we are bound by. E.g. we are required by law to store business records, which could include personal data, for 10 years for accounting, tax and other business purposes. Please contact us if you would like to know what is applicable in your case.
You attend our events
When you attend our events, we process personal data such as your name and contact details. We sometimes collect data from personality inventories and surveys that you participate in. We may also collect order and payment information. The purpose is to be able to process your registration and attendance, to tailor our services to your requirements, and if applicable, your payment. The lawful basis is a) consent, or b) contract and c) legal obligation related to accounting, tax and other business rules and regulations we are required to abide by.
We may also use your data to send you an evaluation of the event you attended, or to invite you to other relevant events we think you might be interested in. The lawful basis is f), where our legitimate interest is to analyse and run our business effectively and to provide you with good customer service.
We review this data during our annual GDPR audit and delete personal data as appropriate, however no later than 2 years following the event.
You respond to our evaluations or surveys
Responding to our evaluations and surveys are voluntary. We process personal data such as your name, contact details and other information you choose to share with us. Some evaluations or surveys may be anonymous, and in such cases, we do not process any personal data.
The purpose is to gather your feedback so that we can continuously prepare for workshops and services, improve our services, as well as provide you with better customer service in the future. The lawful basis is a) consent. We review this data at our annual GDPR audit day and delete personal data as appropriate, however no later than 2 years after you responded to the survey.
You supply services to or collaborate with us
When you enter into an agreement with us either as a vendor, partner or data processor, we process personal data such as your name, contact details and correspondence. The purpose is to be able to enter into this agreement and to respond to your inquiries and the lawful basis is b) contract. We review this data at our annual GDPR audit day and delete personal data as appropriate, however no later than 3 years after the contract has been terminated, or 10 years if we have a legal obligation in accordance with accounting and bookkeeping rules. We process other communication data as per the first paragraph in this chapter, please see above.
You use our website
When you use our website, we may process personal data such as IP address and other technical data collected via cookies and analytics tools. The purpose is to run our website and business effectively, promote our products and services and to respond to any inquiries from website visitors. The lawful basis for processing personal data through cookies that are strictly necessary, is a) consent, and f) legitimate interest. Read more in our Cookie notice and about how we use analytical tools.
Whom we share your personal data with
To run our business efficiently and securely, we sometimes will have to share your personal data with other parties such as:
-
Public authorities we are obliged to report to
-
Our accountant, auditor, lawyer and others helping us in a professional capacity
-
Data processors: providers of services that process your personal data on our behalf.
-
IT support, if necessary
-
Business partners
We require that all such recipients secure data in accordance with good information security. We enter into a data processing agreement/addendum with anyone who processes data on our behalf, as per the requirements in the GDPR Article 28-3.
We use data processors for:
-
Email, calendar, contact lists and digital meetings
-
Cloud storage
-
This website
-
Project management, timekeeping, digital notebook and scheduling
-
Webinars and web meetings
-
Personality inventories
-
Signing documents electronically
-
Surveys and customer satisfaction feedback
To protect our business, we don't publish further details (like names) of our data processors. If you'd like to know more about our processing and whom we share your personal data with, please contact us.
Transfer of personal data outside the EU/EEA
In some cases, your personal data will be transferred outside the EU/EEA, e.g. where we use data processors to manage cloud storage, email services, personality inventories and web hosting.
We only use data processors we trust, that are well known and that we have a data processing agreement/addendum with. We check whether a country outside the EU/EEA offers an adequate level of data protection (has obtained an EU “adequacy decision”) or, if this is not the case, that other necessary safeguards are in place like the EU Standard Contractual Clauses (“SCC”, also called Model Clauses) or Binding Corporate Rules. If you would like to know where your particular data is processed, which safeguards we have for this and what other measures we have taken to protect your data, please contact us.
Information security
We take information security seriously and we will always do our utmost to safeguard your personal data in the best possible way. For example, we use strong passwords, data encryption, access control, two-factor authentication and locked vault to secure our data and prevent unauthorized persons from accessing, altering, deleting, or in any way affecting the data we store, including your personal data.
We only allow others to access and/or process your personal data in accordance with our instructions, and only when strictly necessary (e.g. when we require IT support).
If we experience a personal data breach, i.e. a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, and it poses a medium to high risk for the people affected, we will notify the national data authority within 72 hours. If the risk is deemed high for the people affected, we will also notify them directly, if possible.
Cookies
Type and purpose of the processing
Like many other websites, we use so-called ‘cookies’. Cookies are small text files that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our website. With cookies, we receive certain information such as IP address, type of browser and operating system used. Cookies cannot be used to start programs or to transmit viruses to a computer.
The data collected by us will not be shared with third parties under any circumstances nor will a link to personal data be created without your consent.
Essential Cookies enable core functionality such as security, verification of identity and network management. These cookies can’t be disabled. Internet browsers are regularly configured to accept cookies. In general, you can disable the use of cookies via your browser settings at any time. Please use your Internet browser’s help function to learn how to change these settings, and keep in mind that individual features of our website may not work if you have disabled the use of cookies.
If you allow us to use cookies, via your browser settings or consent, the following cookies may be utilised on our web pages:
-
Essential Cookies: Enable core functionality such as security, verification of identity and network management. These cookies can’t be disabled.
-
Marketing cookies: Used to track advertising effectiveness to provide a more relevant service and deliver better ads to suit your interests. These are enabled/disabled via our cookie banner on your first visit.
-
Functional cookies: Collect data to remember choices users make to improve and give a more personalised experience. These are enabled/disabled via our cookie banner on your first visit.
-
Analytics cookies: Used to help us to understand how visitors interact with our website, discover errors and provide a better overall analytics. These are enabled/disabled via our cookie banner on your first visit.
In your browser settings, you can delete individual cookies or the entire set of cookies. You will also find information and instructions on how to delete these cookies or prevent them from being saved in advance. The following links provide the information you’ll need for the respective browser providers:
-
Mozilla Firefox: https://support.mozilla.org/en-US/kb/delete-cookies-remove-info-websites-stored
-
Internet Explorer: https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies
-
Google Chrome: https://support.google.com/accounts/answer/61416?hl=en
-
Safari: https://support.apple.com/kb/PH17191?locale=de_DE&viewlocale=en_US
Using Google Analytics
Type and purpose of the processing
This website uses Google Analytics, a web analytics service of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043 USA (hereinafter: ‘Google’). Google Analytics uses so-called ‘cookies’, i.e. text files that are stored on your computer and allow an analysis of your use of the website. The information generated by the cookie about your use of this website is typically transmitted to a Google server in the U.S. and stored there. However, due to the activation of IP anonymisation on these websites, your IP address will be truncated beforehand by Google within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the U.S. and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, summarise reports on website activities and provide other services related to website and Internet usage to the website operator. The IP address transferred from your browser as part of Google Analytics will not be combined with other data from Google.
The data processing purposes are the website-use analysis and the summary of reports on activities on the website. Based on the use of the website and the Internet, other related services will be provided.
You can prevent the collected data generated by the cookie and the data related to your use of the website (including your IP address) being transmitted to Google, as well as the processing of this data by Google, by downloading and installing the browser plug-in available at the following link: browser add-on to deactivate Google Analytics.
In addition, or as an alternative to the browser add-on, you can prevent tracking by Google Analytics on our web pages by clicking this link, which will install an opt-out cookie on your device. This will prevent data collection by Google Analytics for this website and for this browser in the future, as long as the cookie remains installed in your browser
Profiling
With the assistance of the tracking tool Google Analytics, the browsing behaviour of the website visitors can be evaluated, and their respective interests can be analysed. For this analysis, we create a pseudonymous user profile.
Please note that this entire document is protected by copyright and you may not copy any text from it.
This privacy notice was last updated: January 7, 2021