PMCC Consulting Data protection

1. Overview of data privacy

General information

The following information provides a basic overview of what happens to your personal data when you visit our website. Personal data refers to any data that can be used to identify you personally. For more detailed information on the topic of data privacy, please refer to our Privacy Policy located below.

Data collection on our website

Who is responsible for data collection on this website?
The data processing on this site is performed by the website operator. The contact details for the website operator are listed in this website’s publication details.

How do we collect your data?
One way your data is collected is by the fact that you provide it to us. This data may include things like the information you enter in a contact form.

Other kinds of data are recorded automatically by our IT systems when you access the website. This primarily involves technical data (such as your Internet browser, operating system, or the time at which you accessed the site). This data is collected automatically as soon as you log on to our website.

What do we use your data for?
Some of the data is collected in order to ensure error-free website performance. Other types of data may be used to analyse your user behaviour.

What rights do you have with respect to your data?
You have the right to receive information free of charge at any time about the origin, recipients, and purpose of your stored personal data. You also have the right to request that this data be rectified, blocked, or erased. To do this and to address any other questions on the subject of data privacy, please contact us at any time at the address provided in the publication details. In addition, you have the right to lodge a complaint with the responsible supervisory authority.

You also have the right to request that the processing of your personal data be restricted under certain circumstances. For details, please refer to the section “The right to restriction of processing” in the Privacy Policy.

Third-party analytics and tools

When you visit our website, your surfing behaviour can be statistically analysed. This is done mainly by means of cookies and so-called analysis programs. As a rule, the analysis of your surfing behaviour is performed anonymously; surfing behaviour cannot be traced back to you. You can object to this analysis or prevent it by refraining from using certain tools. You can find more detailed information about this in the Privacy Policy below.

You can object to this analysis. We will inform you in this Privacy Policy about the options available to you for objecting.

2. General mandatory information

Data privacy

The operators of this site take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data privacy regulations and this Privacy Policy.

When you access this website, we collect certain types of personal data. Personal data refers to data that can be used to identify you personally. This Privacy Policy outlines which data we collect and what we use it for. It also explains how this is done and for what purpose.

We wish to point out that data transmission over the Internet (such as when communicating by e-mail) may be subject to gaps in security. Complete protection of the data against access by third parties is not possible.

Information on the data controller

The controller of the data processing on this website is:

PMCC Consulting GmbH
Schubertstraße 37/1
A-8010 Graz
T: +43/316/22 50 33
E: office@pmcc-consulting.com
I: www.pmcc-consulting.com

The data controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data (names, e-mail addresses, and the like).

Revoking your consent to data processing

Many data processing operations can only be carried out with your explicit consent. You can revoke consent that has been previously granted at any time. To do so, all you need to do is send us an informal message by e-mail. This revocation does not affect the lawfulness of the data processing that occurred prior to the revocation.

The right to object to the collection of data (Article 21 GDPR)

If the data processing is carried out pursuant to Article 6(1)(e) or (f) GDPR, you have the right to object to the processing of your personal data at any time on grounds relating to your particular situation; this also applies to profiling based on these provisions. The applicable legal basis on which processing is based is set forth in this Privacy Policy. If you object, we will refrain from processing the personal data concerned unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing serves the purpose of asserting, exercising, or defending legal claims (objection pursuant to Article 21[1] GDPR).

If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to processing of personal data relating to you for the purpose of such marketing; this also applies to profiling to the extent that it is related to direct marketing of this kind. If you object, your personal data will subsequently no longer be used for the purpose of direct marketing (objection pursuant to Article 21[2] GDPR).

The right to lodge a complaint with the responsible supervisory authority

In the event of violations to the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, their place of work, or the location of the alleged violation. The right to lodge a complaint is valid without prejudice to other administrative or judicial remedies.

The right to data portability

You have the right to request that data that we process automatically based on your consent or in fulfilment of a contract be handed over to you or to a third party in a standard, machine-readable format. If you request that the data be transferred directly to another controller, this will only be carried out to the extent that it is technically feasible.

SSL and TLS encryption

This site uses SSL and TLS encryption for security reasons and to protect the transmission of confidential content such as orders or requests that you submit to us as the site operator. An encrypted connection can be identified by the fact that the browser address bar changes from “http://” to “https://” as well as by the padlock icon in the browser bar.

If SSL or TLS encryption is enabled, the data you transmit to us cannot be read by third parties.

Information, blocking, erasure, and rectification

In the context of the applicable legal provisions, you have the right at any time to receive information free of charge regarding your stored personal data, its origin, recipients, the purpose of data processing and, where applicable, the right to have this data rectified, blocked, or erased. You may contact us at any time at the address provided in the publication details if you have any questions in this regard or any further questions relating to personal data.

The right to restriction of processing

You have the right to request that the processing of your personal data be restricted. To do so, you may contact us at any time at the address provided in the publication details. The right to restriction of processing arises under the following circumstances:

• If you contest the accuracy of the personal data we have stored relating to you, we generally require a certain amount of time to review the matter. For the duration of this review, you have the right to request that the processing of your personal data be restricted.
• If the processing of your personal data has occurred/is occurring unlawfully, you may request that the data processing be restricted rather than erased.
• In the event that we no longer need your personal data but you require it in order to exercise, defend, or assert legal claims, you have the right to request that the processing of your personal data be restricted rather than erased.
• If you have lodged an objection pursuant to Article 21(1) GDPR, your interests must be weighed against ours. As long as it has not yet been determined which party’s interests prevail, you have the right to request that the processing of your personal data be restricted.
• If you have restricted the processing of your personal data, this data may only be processed – apart from being stored – with your consent or in order to assert, exercise, or defend legal claims or to protect the rights of another natural or legal person or for reasons of major public interest on the part of the European Union or a Member State.

Inclusion of third-party technologies

• Google Maps
  We incorporate the maps of the Google Maps service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA on our website. In this context, the IP addresses and location data of users may be processed but are not collected without their consent. The data may be processed in the US.
• falcana Software GmbH /Sendinblue GmbH
  We have incorporated the newsletter signup form of falcana Software GmbH / Sendinblue GmbH into our website. If you sign up for our PMCC newsletter using this form, falcana Software GmbH / Sendinblue GmbH will process your contact details for the delivery of the newsletter.

3. Data collection on our website

Cookies

The Internet pages make partial use of so-called cookies. Cookies do not harm your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, effective, and secure. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are “session cookies”. They are automatically deleted after you exit the site. Other cookies remain stored on your terminal device until you delete them. These cookies allow us to recognise your browser the next time you visit our site.

You can configure your browser to inform you when cookies are stored and to accept cookies only in specific cases, to prevent cookies from being accepted in certain cases or in general, and to enable the automatic deletion of cookies when you close the browser. When cookies are disabled, the functionality of this website may be limited.

Cookies that are required to carry out the electronic communication process or to provide certain functions you have requested (such as the shopping cart feature) are stored pursuant to Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in storing cookies in order to provide its services in an optimised manner and without technical defects. To the extent that other cookies (such as cookies for analysing your surfing behaviour) are stored, they are addressed separately in this Privacy Policy.

Server log files

The provider of the site automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These include:

• Browser type and version
• Operating system used
• Referrer URL
• Host name of the accessing computer
• Time of the server request
• IP address

This data is not aggregated with other data sources.

This data is collected pursuant to Article 6(1)(f) GDPR. The website operator has a legitimate interest in ensuring that its website is displayed and optimised without technical errors – this requires that the server log files be recorded.

External data recipients

We may transmit data to external processors as part of our own data processing activities. This is done solely on the basis of the relevant legal regulations, your consent, a legal obligation, or in connection with our legitimate interests.

Commissioned data processors:

• Websitebetreuung: BRANDIG GesbR, St-Peter-Pfarrweg 30, 8042 Graz, A
• Google Analytics (mit “anonymize IP”): Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043
• Hostprovider: ALL-INKL.COM – Neue Medien Münnich, Hauptstraße 68, 02742 Friedersdorf, D
• E-Mail-Newsletterversand: Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, D
• Umfrage-Analyse LamaPoll: Lamano GmbH & Co. KG, Prenzlauer Allee 36G, 10405 Berlin, D
• Lernplattform Moodle: moodle.com und Arrabiata Solutions GmbH, Seidlstraße 25, 80335 München, D
• Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399, USA
• CRM falcana Software GmbH, Lindau 23, 3335 Gaflenz, A
• DMS DATA+MAIL Schinnerl GmbH, Gewerbeparkstraße 119, 8143 Dobl, A

PMCC Consulting expressly reserves the right to commission further data processors. These will be disclosed when the data privacy information is updated.

4. Social media

Social media plugins

Our site uses plugins from social media (XING and LinkedIn).
You can generally recognise the plugins by their respective social media logos.

A direct connection to the provider’s server is only established when you enable the particular plugin by clicking the associated icon (consent). As soon as you enable the plugin, the relevant provider receives the information that you have accessed our site using your IP address. If you are simultaneously logged into your corresponding social media account (for example, LinkedIn), the associated provider can assign your visit to our website to your user account.

Enabling the plugin constitutes consent as defined by Article 6(1)(a) GDPR. You may revoke this consent at any time with future effect.

LinkedIn plugin

Our website uses functions from the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.

Each time one of our web pages containing LinkedIn functions is accessed, a connection to LinkedIn servers is established. LinkedIn is notified that you have accessed our website using your IP address. If you click the “Recommend” button on LinkedIn and are logged into your account at LinkedIn, LinkedIn is able to assign your visit to our website to you and your user account. We wish to point out that as the provider of the site, we have no knowledge of the content of the transmitted data or its use by LinkedIn.

The use of the LinkedIn plugin is carried out pursuant to Article 6(1)(f) GDPR. The website operator has a legitimate interest in ensuring the broadest possible visibility in social media.

You can find further information in this regard in LinkedIn’s privacy policy at : https://www.linkedin.com/legal/privacy-policy.

XING plugin

Our website uses functions from the XING network. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany.

Each time one of our web pages containing XING functions is accessed, a connection to XING servers is established. To the best of our knowledge, no personal data is stored in the process. Specifically, IP addresses are not stored and usage behaviour is not evaluated.

The use of the XING plugin is carried out pursuant to Article 6(1)(f) GDPR. The website operator has a legitimate interest in ensuring the broadest possible visibility in social media.

For more information on data privacy and the XING Share button, please refer to XING’s privacy policy at: https://www.xing.com/app/share?op=data_protection.

5. Analysis tools

Google Analytics

This website uses the Google Analytics service provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) to analyse how users use the website. The service uses “cookies” – text files that are stored on your terminal device. The information collected by the cookies is normally sent to a Google server in the US and stored there.

IP anonymisation is used on this website. The user’s IP address is truncated within the EU Member States and the European Economic Area. As a result of this truncation, your IP address is no longer linked to a specific person. Under the terms of the Agreement on Commissioned Data Processing which the website operators have concluded with Google Inc., Google Inc. uses the information collected to evaluate website usage and website activity and to provide services related to internet usage.

You have the option to block cookies from being stored on your device by adjusting the relevant settings in your browser. There is no guarantee that you will be able to access all of the features of this website fully if your browser does not allow cookies.
Moreover, by using a browser plugin you can prevent the information collected by cookies (including your IP address) from being transmitted to and used by Google Inc.
Block the storage of cookies with the appropriate plugin.

As an alternative, you can prevent Google Analytics from collecting data about you on this website by clicking this link – Disable Google Analytics. By clicking the link above, you will download an “opt-out cookie”. This means that as a rule, your browser has to permit the storage of cookies. If you clear your cookies periodically, you will need to click the link again each time you access this website.
You can find more information about data use by Google Inc. here.

6. PMCC Newsletter

Newsletter data

Our newsletter provides you with specialist articles on current topics as well as information about seminars and events. You can sign up for this newsletter free of charge by providing a limited amount of personal data. The processing of the data entered in the newsletter registration form is based entirely on your consent (Article 6[1][a] GDPR). We use this data for the sole purpose of sending the requested information.

The data you provide to us for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter, after which time it will be erased. Data stored by us for other purposes remains unaffected by this.

You can revoke this consent at any time by clicking the unsubscribe link in the newsletter itself or by sending an e-mail to office@pmcc-consulting.com.

falcana Software GmbH/ Sendinblue GmbH

We use Brevo / Sendinblue and falcana Software GmbH for the purposes of registering recipients for, delivering, and analysing our newsletter. The registration is based on a double opt-in process. Upon delivery, this provider collects data on opening and click behaviour, such as the time of delivery, time of opening, duration of opening, IP address of the opening device, e-mail client that is used, which link was clicked, and the time that this link was clicked. For more information visit: https://www.falcana.com/datenschutzerklaerung & https://www.brevo.com/de/dsgvo/.

7. Applications

We provide you with the possibility of applying for a position with us (for example, by e-mail or postal mail). The following section provides information on the scope, purpose, and use of your personal data collected as part of the application process. We confirm that the collection, processing, and use of your data is carried out in accordance with applicable data privacy law as well as all further statutory provisions and that your data is treated in strict confidence.

Scope and purpose of the data collection

If you send us an application, we process your associated personal data (such as contact and communication details, application documents, notes taken during interviews, and so on) to the extent that this is necessary for the decision about establishing an employment relationship. Provided you have granted your consent, the legal basis for this is Article 6(1)(a) GDPR. This consent can be revoked at any time. Your personal data will only be disclosed within our company to individuals who are involved in processing your application.

If your application is successful, the data you submitted will be stored in our data processing systems in accordance with Article 6(1)(b) GDPR for the purpose of fulfilling the employment relationship.

Data retention period

If we are unable to offer you a job or you reject a job offer, withdraw your application, revoke your consent to data processing, or instruct us to erase the data, the data you submit, including any remaining physical application documents, will be stored or retained (retention period) for a maximum of 3 months following the conclusion of the application process in order to be able to trace the details of the application process should any discrepancies arise (Article 6[1][f] GDPR).

You may object to this storage if you have legitimate interests that override our interests.

After the retention period has expired, the data will be erased provided that there is no legal obligation to retain the data or other legal grounds for further storage. If it is evident that retaining your data will be necessary after the retention period has expired (for instance, because of an impending or pending legal dispute), the data will not be erased until it has become immaterial. Other statutory retention requirements remain unaffected.

8. PMCC Consulting Shop and Academy

PMCC Consulting only collects the personal data required for the specific enquiry based on the legitimate interest of PMCC Consulting or the personal data that you provide voluntarily.
We treat the data that you provide confidentially. By submitting your personal or business data such as your e-mail address, name, and address, you grant your consent that we use this data to provide you with individual services, to process contracts concluded with you, for billing purposes, for communication regarding orders, to send product information by regular mail and in digital form, and for (technical) administration purposes. Your personal data are administered by falcana Software GmbH, Lindau 23, 3335 Gaflenz, A, on the basis of a separate agreement on the processing of personal data and can be viewed at any time and also erased upon request. You may also revoke your consent at any time. falcana Software GmbH was carefully selected by us as a specialised service provider and is regularly monitored by us to ensure that your privacy remains protected. Personal data are only processed on our behalf and under our instruction, and may solely be used for the purposes specified by us. Compliance with these data privacy provisions and the required security measures is ensured at all times. For more information, see: https://www.falcana.com.

Types of data, purpose of processing, and data storage

• Name and company name
• Contact details (address, telephone number, e-mail address, etc.)

Data is also processed as part of the ordering process, including

• Specific order details
• Commercial register number
• Bank account information or EU VAT no.

Purpose of processing:

• Provision of the online offers, including their functions and content
• Processing of enquiries and communication with/servicing of customers and potential customers (contract initiation, preparation, and fulfilment)
• Sending of our newsletter and invitations to events (overriding legitimate interest, direct marketing)

We will store the data you provide for the time required to process your enquiry. Data may also be saved based on legal archiving requirements, for example the storage of account data to meet specific legal obligations or the storage of data for the duration of legal retention periods. We will not disclose this data to other parties without your consent. We may, however, be required to disclose data in the event of illegal activity. After the lapse of any retention periods, the data will be erased or anonymised so that you cannot be identified based on the data.

9. Social media presence

Data processing by social networks

We maintain publicly accessible profiles on social networks. The specific social networks we use are listed below.

Social networks such as Facebook, Google+, and others can generally perform extensive analyses of your user behaviour when you access their website or a website with integrated social media content (such as Like buttons or advertising banners). Visiting our social media profiles triggers numerous processing operations that are relevant to data privacy. In particular:

If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, under certain circumstances, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In such case, this data collection is carried out by recording your IP address, for instance, or by means of cookies that are stored on your terminal device.

Using the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you both within and outside the social media presence concerned. If you have an account with the relevant social network, the interest-based advertising may be displayed on all devices to which you are logged in or have been logged in.

Please also note that we are unable to track all of the processing procedures on the social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and data privacy policies of the respective social media portals.

Legal basis
Our social media pages are designed to ensure the broadest possible Internet presence. This constitutes a legitimate interest as defined by Article 6(1)(f) GDPR. The analysis processes initiated by the social networks may be governed by differing legal bases, which must be stated by the operators of the social networks (such as consent as defined in Article 6[1][a] GDPR).

Who is responsible
If you visit one of our social media pages (such as LinkedIn), we are jointly responsible with the operator of the social media platform for the data processing operations that are triggered during this visit. In principle, you may exercise your rights (information, rectification, erasure, restriction of processing, data portability, and lodging a complaint) both in relation to us as well as in relation to the operator of the particular social media portal (for example, in relation to LinkedIn).

Please note that despite our joint responsibility with the social media portal operators, we do not have complete control over the data processing operations of the social media portals. Our options are largely determined by the corporate policy of the respective provider.

Storage period
The data we collect directly through the social media presence will be erased from our systems as soon as the purpose for storing it no longer applies or you instruct us to erase it, revoke your consent to its storage, or when the purpose for storing the data no longer applies. Stored cookies remain on your terminal device until you delete them. Mandatory statutory provisions – retention periods in particular – remain unaffected.

We have no influence on the storage period of your data that is stored by the operators of the social networks for their own purposes. For details, please consult the operators of the social networks directly (for instance their privacy policy, see below).

Social networks in detail

LinkedIn
We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.

If you would like to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

For details on how LinkedIn handles your personal data, please refer to their privacy policy: https://www.linkedin.com/legal/privacy-policy.

XING
We have a profile on XING. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. For details on how XING handles your personal data, please refer to their privacy policy: https://privacy.xing.com/de/datenschutzerklaerung.

10. Amendment of the Privacy Policy provisions

We reserve the right to amend this Privacy Policy in order to comply with current legal requirements or to account for changes in our services. As of 11/2023.