The following document informs you about the processing of your personal data by us and the claims and rights to which you are entitled in accordance with the data protection regulations, in particular the European General Data Protection Regulation (GDPR).
This data protection information informs you about the type, scope and purpose of the processing of personal data within our website (hereinafter "website"). The data protection information applies regardless of the domains, platforms and devices used (e.g. desktop, mobile, etc.).
Personal data within the meaning of the GDPR is all data that can be related to you personally, e.g. name, address, email addresses, user behaviour. Which data is processed in detail and how it is used depends largely on the services used by us.
In our data protection information, we use various other terms in the sense of the GDPR. These include terms such as processing, restriction of processing, profiling, pseudonymisation, controller, processor, recipient, third party, consent, supervisory authority and international organisation. You can find the corresponding definitions for these terms in Article 4 of the GDPR.
1. Who is responsible for data processing and whom can I contact?
The responsible party is:
Phone: +49 (0)18.104.22.168.90
Fax: +49 (0)22.214.171.124.99
You can reach our data protection officer at:
mip Consult GmbH
Rechtsanwalt Asmus Eggert
2. What sources and data do we use?
We process personal data that we receive from you in the course of using our website and, if applicable, our business relationship.
In the case of purely informational use of the website, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. When you access our website, we collect the following access data, which is technically necessary for us to display our website to you and to ensure its stability and security. The access data includes the IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (i.e. name of the specific website accessed), access status/HTTP status code, amount of data transferred in each case, referrer URL (previously visited page), operating system and its interface, language and version as well as type of browser software, notification of successful retrieval.
Furthermore, we receive your personal data if you contact us via contact form or email. Personal data here are e.g. name, first name, company, email, telephone number and, if applicable, the data you send us as a message (hereinafter referred to as "contact data").
3. What do we process your data for (purpose of processing) and on what legal basis?
We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) for the following purposes and on the basis of the following legal grounds:
Insofar as you have given us your consent to process personal data for certain purposes, in particular for contacting you (e.g. via our contact form or by email for processing and handling the enquiry, sending newsletters, advertising approaches by telephone, email, SMS, etc.), this processing is lawful on the basis of your consent.
Consent given can be revoked at any time. Please note that the revocation is only effective for the future. Processing that took place before the revocation is therefore not affected by the revocation. The revocation can be sent to the contact details above or to firstname.lastname@example.org.
Consent, Art. 6 para. 1 sentence 1 lit. a) GDPR
When contacting us (via contact form or email), your data will be processed for the purpose of handling the contact request and its processing also on the basis of the implementation of pre-contractual measures, Art. 6 para. 1 sentence 1 lit. b) GDPR.
Implementation of pre-contractual measures at the request of the person, Art. 6 para. sentence 1 lit. b) GDPR
When you contact us (via contact form or email) in connection with your application, we process your data in order to check your suitability for the position (or other open positions in our companies, if applicable) and to carry out the application process. Your applicant data will be screened by the HR department after receipt of your application. Suitable applications will then be forwarded internally to the department heads for the respective open position. They will then decide on the further procedure. In principle, only those persons in the company have access to your data who need this for the proper conduct of our application procedure.
Establishment of an employment relationship, § 26 BDSG and after completion of the application procedure in the event of rejection to safeguard legitimate interests, Art. 6 para. 1 sentence 1 lit. f) GDPR (defence against claims), if applicable, if consent has been given, Art. 6 para. 1 sentence 1 lit. a) GDPR
We process your access data (see data listed above under point 2) to protect our legitimate interests or those of third parties. In particular, we pursue the following legitimate interests:
Within the framework of the balancing of interests for the protection of legitimate interests, Art. 6 para. 1 sentence 1 lit. f) GDPR
4. Who receives my data?
Within the company, those offices that need your data to fulfil our contractual and legal obligations will receive access to it.
Processors we use (Art. 28 GDPR) may also receive data for the above-mentioned purposes. These are companies in the categories of IT services, printing services, telecommunications, advice and consulting, and sales and marketing. Where we use processors to provide our services, we take appropriate legal precautions and corresponding technical and organisational measures to ensure the protection of personal data in accordance with the relevant legal provisions.
We only disclose data to third parties who are not processors as required by law. We only pass on users' data to third parties if this is necessary, for example, on the basis of Art. 6 para. 1 sentence 1 lit. b) GDPR for contractual purposes or on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR in the economic and effective operation of our business operations, or if you have consented to the transfer of data. In the case of purely informative use of the website, we do not pass on any data to third parties.
5. How long is my data stored?
For security reasons (e.g. to defend against attacks against our IT or to clarify acts of abuse or fraud), log file information is stored for a maximum of 4 weeks and then deleted (see point 2 above). Data whose further storage is necessary to avert attacks against our IT or for evidentiary purposes are exempt from deletion until the final clarification of the respective incident.
As far as necessary, we process your personal data for the duration of our business relationship, which also includes, for example, the initiation and processing of a contract via contact form or email.
Applicant data is deleted after 6 months in the event of a rejection. In the event that you have agreed to further storage of your personal data, we will transfer your data to our applicant pool. There, the data will be deleted if you revoke your consent or after 5 years at the latest. Should we fill the advertised position with you, your data will be stored in our personnel management system.
In addition, we are subject to various storage and documentation obligations, which result from the German Commercial Code (HGB) and the German Fiscal Code (AO), among other things. The retention and documentation periods specified there are two to ten years.
Finally, the storage period is also assessed according to the statutory limitation periods, which, for example, according to §§ 195 et seq. of the German Civil Code (BGB), usually amount to three years, but in certain cases can also be up to thirty years, whereby the regular limitation period is three years.
7. What data protection rights do I have?
Every affected person has
- the right of information according to Art. 15 GDPR (i.e. you have the right to request information about your personal data stored by us at any time),
- the right to rectification under Art. 16 GDPR (i.e. in the event that your personal data is inaccurate or incomplete, you may request that it be rectified),
- the right to erasure under Art. 17 GDPR and the right to restriction of processing under Art. 18 GDPR (i.e. you may have the right to request erasure or restriction of processing of your personal data if, for example, there is no longer a legitimate business purpose for such processing and legal retention obligations do not require continued storage),
- the right to data portability under Article 20 of the GDPR (i.e. you may have the right to receive the personal data relating to you that you have provided to us in a structured, commonly used and machine-readable format and to transfer this data to another controller without hindrance).
Furthermore, you can revoke consent, in principle with effect for the future.
Furthermore, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG). You can find the supervisory authority responsible for you at https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
In addition, we would like to point out your right of objection according to Art. 21 GDPR:
Information about your right to object according to Art. 21 GDPR
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6(1) sentence 1(e) of the GDPR (data processing in the public interest) and Article 6(1) sentence 1(f) of the GDPR (data processing based on a balance of interests).
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the assertion, exercise or defence of legal claims.
In individual cases, we process your personal data to carry out direct advertising. You have the right to object at any time to the processing of personal data concerning you for the purposes of such advertising; this also applies to profiling insofar as it is related to such direct advertising. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.
The objection can be made form-free and you will not incur any costs other than the transmission costs according to the basic rates.
If possible, the objection should be sent to:
or by email to:
8. To what extent is there automated decision-making in individual cases, including profiling?
In the context of accessing our website or contacting us by form or email, we do not use fully automated decision-making pursuant to Article 22 of the GDPR. Should we use these procedures in individual cases, we will inform you about this separately if this is required by law. We do not process your data automatically with the aim of evaluating certain personal aspects (profiling).
9. Is there an obligation for me to provide data?
Within the framework of our website, you must provide the personal data that is required for the use of our website for technical or IT security reasons. If you do not provide the aforementioned data, you will not be able to use our website.
When contacting us by form or email, you only need to provide the personal data that is required to process your enquiry. Otherwise, we will not be able to process your request.
With the following information, we inform you about our newsletter as well as the registration, dispatch and evaluation procedure and inform you about your rights of objection.
Newsletter content: We send newsletters, emails and other electronic notifications with promotional information (hereinafter "newsletter") only on the basis of the consent of the recipients. If we specifically describe individual newsletters within the scope of the registration, this description is decisive for the consent of a newsletter subscriber. If no separate description is provided, our newsletters will contain information about our products, offers and promotions as well as information about our company.
Double opt-in: Registration for our newsletter is carried out using the so-called double opt-in procedure. This means that after you have registered for the newsletter, we will send you an email in which we ask you to confirm your registration. This confirmation serves to ensure that only persons who have access to the specified email address register for our newsletter. We log the registrations to the newsletter in order to be able to prove the registration process in accordance with the legal requirements. This includes the storage of the registration and confirmation time as well as the IP address. Changes to your data stored with the newsletter service provider are also logged.
The newsletter is sent via "Sendinblue" (formerly "Newsletter2Go").
To register for the newsletter, it is sufficient to enter your email address. Optionally, we ask you to enter a name for the purpose of a personal address in the newsletter.
The newsletter is sent and its success is measured on the basis of the recipients' consent in accordance with Art. 6 Para. 1 Sentence 1 lit. a).
The logging of the registration process takes place on the basis of our legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR and serves as proof of consent to receive the newsletter.
You can unsubscribe from receiving our newsletter at any time, i.e. revoke your consent. You will find a link to cancel the newsletter at the end of each newsletter. If users have only subscribed to the newsletter and cancelled this subscription, their personal data will be deleted if claims for proof of previously granted consent should have become time-barred.
11. Our Facebook page
The following applies to our presence on facebook.com in addition to this data protection notice: Due to the use of Facebook Insights, we are joint controllers of our Facebook page with Facebook Ireland Ltd, 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland. The legal basis for this is the contract available on this page. The joint responsibility includes the creation of so-called events and their aggregation in page insights provided to us. What events are is described on the aforementioned Facebook Insights webpage. According to Facebook, these are in particular
• Viewing a page, post, video, story or other content associated with a page
• Interacting with a story
• Subscribe or unsubscribe to a Page
• Tag a page or post with "Like" or "Stop liking"
• Recommend a page in a post or comment
• Comment, share or respond to a Page post (including how you respond)
• Hide a Page post or report it as spam
• Hover over a link to a page or the name or profile picture of a page to preview page content
• Click on the website button, phone number button, "plan route" button or any other button on a page
• See a page's event, respond to an event (including how to respond), click on a link for event tickets
• Start a Messenger conversation with the page
• View or click on items in a page shop
• Information about the action, the person who took the action and the browser/app used to do it. These are for example:
• Date and time of the action
• Country/city (estimated from the IP address or imported from the user profile if the user is logged in)
• Language code (from the HTTP header of the browser and/or the language setting)
• Age/gender group (from user profile, only for logged in users)
• Previously visited websites (from the browser HTTP header)
• Whether the action was taken on a computer or on a mobile device (from the browser user agent or app attributes)
• Facebook user ID (only for logged in users)
Facebook Ireland ensures that it has a legal basis for processing the Insights Data, which is set out in the Facebook Ireland Data Policy. Facebook Ireland undertakes compliance with the obligations under the GDPR for the processing of Insights Data (including Articles 12 and 13 GDPR, Articles 15 to 21 GDPR, Articles 33 and 34 GDPR). Facebook Ireland takes appropriate technical and organisational measures in accordance with Article 32 of the GDPR to ensure the security of the processing. This includes the measures set out on this page below (this will be updated from time to time to take account of, for example, technological developments). All Facebook Ireland employees involved in the processing of Insights data are bound by appropriate agreements to maintain the confidentiality of Insights data.
Facebook Ireland provides data subjects with the essentials of this Page Insights supplement (Article 26(2) of the GDPR). This is currently done through the Page Insights Data information, which can be accessed from all pages.
If a data subject asserts against us the rights to which he or she is entitled under the GDPR with regard to the processing of Insights data, we are obliged to forward to Facebook Ireland without undue delay, but no later than within seven calendar days, all relevant information regarding such requests. Facebook Ireland is committed to responding to requests from data subjects in accordance with our obligations under this Policy.
The above statements do not affect the claims to which every data subject is entitled directly against us, in particular those arising from Art. 15 et seq. GDPR.
The legal basis for the corresponding data processing is Art. 6 para. 1 lit. f) GDPR. Only persons who purposefully call up our page on facebook.com and therefore deliberately use a website to which the data policy for facebook.com applies are affected by the data processing. The data processing to which the data subject is subject as a result of visiting our website on facebook.com therefore does not go beyond the data processing which Facebook would also carry out without our website existing on facebook.com. If the data subject did not agree to this, he or she would not visit facebook.com. From the visit to our website on facebook.com, it therefore follows that the data subject has an overriding interest in visiting our page there in order to be able to consume the content offered by us there and to interact with it, taking into account the resulting data processing. Our legitimate interest is therefore to use this site for our corporate communication in order to directly or indirectly promote the sales of the services we offer.
With your consent, the so-called Facebook Pixel is stored in your browser when you visit our website. The provider of this function for the EU is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
We use the Facebook Pixel to display our advertisements on Facebook and with partners cooperating with Facebook (so-called "Audience Network") only to those persons who have visited our website and for whom we therefore assume that they are interested in our offers and thus in our advertising. Furthermore, the Facebook pixel allows us to measure the effectiveness of these advertisements, as it is determined whether a person was redirected to our website after clicking on a corresponding advertisement.
In terms of data protection law, Facebook Ireland Ltd. acts in part for us as a processor and in part we are jointly responsible with it in accordance with Article 26 of the GDPR. In all other respects, Facebook Ireland Ltd. is solely responsible for the corresponding processing of personal data.
Facebook Ireland Ltd. acts as a processor to the extent that so-called event data is processed on our behalf in order to generate reports for us on the impact of our Facebook-powered advertising campaigns and other Facebook content (e.g. our posts on facebook.com) as well as analyses and insights about users of our website and their use of the website. For this purpose, we do not create profiles that we can associate with specific users of our website. "Event Data" is information we share with Facebook through the Facebook Pixel that relates to individuals and the actions they take on our website, such as visiting our website and making purchases of the products we offer. Event data includes information that is collected and transmitted when people access our website using Facebook login or Facebook plugins (e.g. the "Like" button). However, they do not collect information that is created when a user interacts with our website via the Facebook login, Facebook plugins or in any other way (for example, by logging in or by marking or sharing an article with "Like").
We are joint data controllers with Facebook Ireland Ltd. under Article 26 of the GDPR for the use of event data generated by our use of the Facebook Pixel to the extent that it is used to improve the display of our ads served through Facebook and the delivery optimisation of those ad campaigns. To do this, Facebook Ireland Ltd. relates this event data to people who use products of the Facebook companies in order to show our advertising campaigns only to people who have visited our website (so-called ad targeting) or who are assumed to also be interested in our services. In connection with ad targeting and optimisation of ad delivery, Facebook Ireland Ltd. uses event data generated by us to optimise the delivery of ads only after it has been aggregated with other data collected by other Facebook advertisers or otherwise on Facebook products. Facebook does not allow other advertisers or other third parties to target ads based solely on the Event Data we submit. An illustration of what personal data is processed as a result of the use of the Pixel by us and Facebook Ireland Ltd. as joint controllers can be found here. According to information from Facebook, this is the following data:
- HTTP header information such as information about the web browser or app used (e.g. user agent, language setting country-specific/language).
- Information on standard/optional events such as "page view" or "app installation", other object properties and buttons clicked by visitors to the website, in each case according to the configuration of the business tool
- Online identifiers such as, but not limited to, IP addresses and, where provided, Facebook related identifiers or device IDs (such as mobile operating system ad IDs) and ad tracking disablement/restriction status information;
Information on how Facebook Ireland Ltd. processes personal data, including the legal basis on which Facebook Ireland Ltd. relies and on how data subjects can exercise their rights against Facebook Ireland, can be found in Facebook Ireland's Data Policy. Facebook Ireland Ltd is responsible for enabling data subjects to exercise their rights under Articles 15-20 of the GDPR in respect of personal data held by Facebook Ireland Ltd following joint processing, under the contract entered into with us. Of course, your existing rights towards us under the GDPR according to these provisions (see "Your rights") remain unaffected by this. You can therefore assert these against us in parallel.
Sole responsibility of Facebook
Facebook Ireland Ltd. is the sole data protection controller for the processing of personal data in connection with the Facebook Pixel that goes beyond the above. The data protection declaration of Facebook Ireland Ltd. can be found here. You can find further options to object to Facebook using your personal data for these purposes here.
Finally, you can withdraw your consent to the use of the Facebook pixel on our site by clicking on the Privacy settings at the bottom right of this page. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the withdrawal.
Please note our warnings regarding third countries, as personal data for Facebook Pixel may be processed in countries that do not have a level of data protection that meets the standards of the GDPR.
Cookies used, responsible party: Facebook Ireland Ltd
Used to distinguish individual users from each other.
Used to distinguish individual users from each other.
Contains a randomly generated user ID. Using this ID, Facebook can recognise the user across different websites and display personalised advertising.
We are always happy to welcome new colleagues! If you apply for one of the positions we offer or send us an unsolicited application, we process your data for the purpose of carrying out the application procedure and for the decision on the establishment of an employment relationship. The legal basis for processing is Section 26 of the BDSG and, secondarily, Article 6 (1) (b) of the GDPR.
If we unfortunately do not consider your application, we will delete it together with the submitted documents six months after our rejection, unless we are legally obliged to store it for a longer period or further storage is in our legitimate interest in order to be able to prove compliance with obligations incumbent on us by law, e.g. according to the General Equal Treatment Act (AGG). In the case of longer retention, the data will be deleted upon expiry of the statutory retention period or if the reason justifying longer retention no longer applies. The legal basis for longer retention is Article 6 (1) (b) of the GDPR if there are statutory retention periods and otherwise Article 26 of the BDSG and, subordinately, Article 6 (1) (b) of the GDPR.
You can object to the further processing of your data at any time by withdrawing your application.
If we establish an employment relationship with you, you will be informed separately about the processing of your data and the rights to which you are entitled.
If we are unable to consider your application for a position, we will include you in our pool of applicants, subject to your separate consent, so that we can consider your application for positions that may be filled in the future. You can object to the corresponding use of your data at any time with effect for the future. In this case, the data will be deleted immediately, unless we are entitled or obliged to store the data for a longer period for the reasons stated above. In this case, the data will be deleted when the corresponding reason no longer applies. The legal basis for the processing of your data is Art. 6 para. 1 a. GDPR.
Some of these cookies are essential for our website to function, while other cookies help us to improve our website by giving us insight into how you use the website.
By default, we only use necessary cookies. Necessary cookies enable the core functionalities of our website. The website may not display correctly or some areas may not function properly without these cookies. Necessary cookies can only be prevented by appropriate settings in your browser.
You can revoke your consent or make changes at any time via the "Privacy settings" in the footer area.
The following additional options exist with regard to cookies:
- If you do not want cookies to be stored on your computer, you can deactivate the corresponding option in the system settings of your browser. Stored cookies can be deleted in the system settings of the browser. Please note that deactivating cookies may lead to functional limitations of this website. Here you will find information on how to adjust the cookie settings for the most common browsers:
14.2.1 Google reCaptcha
We use the "Google reCAPTCHA" service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google") on the basis of your consent.
The processing of data within the scope of this service also takes place in the USA. Standard data protection clauses issued by the EU Commission within the meaning of Article 46 (2) (c) of the GDPR have been concluded with Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Despite the conclusion of standard data protection clauses with Google, there are corresponding risks associated with the processing of your data in the USA. By giving your consent via our cookie banner, you agree to the processing of your data in the USA despite potential access by US authorities.
The purpose of reCAPTCHA is to check whether the data input on our websites (e.g. in a contact form) is made by a human being or by an automated programme. For this purpose, reCAPTCHA analyses the behaviour of the website visitor on the basis of various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google.
14.2.2 Integration of YouTube videos
YouTube videos are embedded on our website. The provider of YouTube is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, https://www.youtube.com/t/impressum?hl=de&gl=DE.
You can find the data protection information on YouTube at https://policies.google.com/privacy?hl=de&gl=de.
We have integrated the corresponding videos in such a way that, according to Google, personal data is only processed when you click on a video.
We use YouTube because we do not have the technical means to deliver the videos in such a way that they can be accessed by any number of users in parallel and with high performance. In this way, we increase the usability and attractiveness of our offer. The legal basis for this is Art. 6 para. 1 f) GDPR.
Further information on the purpose and scope of data collection and processing by YouTube can be found in the data protection information. There you will also find further information on your rights and setting options to protect your privacy:
You can find the YouTube privacy information at https://policies.google.com/privacy and opt-out from personalised advertising is possible at https://adssettings.google.com/authenticated.
15. Third-party services that do not set cookies
This website uses Matomo, an open source, self-hosted software to collect anonymous usage data for this website.
We use Matomo's web analytics service to perform reach measurement for the web pages under the domain www.silversolutions.de and to understand how and why our website is used. We also use Matomo to identify any technical problems with the use of our websites. Against the background of these legitimate interests, the legal basis for this data processing is Art. 6 para. 1 lit. f GDPR.
The data collected via Matomo is not combined with other data or transmitted to other data controllers within the meaning of the GDPR.
General information on Matomo can be found at https://matomo.org/.