1.1We are pleased that you are visiting our website and thank you for your interest. Below, we inform you about the handling of your personal data when using our website. Personal data are all data that can be used to identify you personally.
1.2The responsible party for data processing on this website in accordance with the General Data Protection Regulation (GDPR) is Tabak Consulting GmbH, Augustaanlage 33, 68165 Mannheim, Germany, Tel.: 062170289450, E-Mail: info@tabak-consulting.com. The party responsible for processing personal data is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data.
2.1When using our website for informational purposes only, meaning if you do not register or otherwise provide us with information, we only collect data that your browser transmits to the server (so-called 'server log files'). When you access our website, we collect the following data that are technically necessary for us to display the website to you:
The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. There is no transfer or other use of the data. However, we reserve the right to review the server log files retrospectively should there be concrete indications of unlawful use.
2.2This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the responsible party). You can recognize an encrypted connection by the string "https://" and the lock symbol in your browser's address bar.
To make our website attractive and to enable the use of certain features, we use cookies, which are small text files stored on your device. Some of these cookies are automatically deleted after closing the browser (so-called "session cookies"), while others remain on your device longer and allow for the storage of page settings (so-called "persistent cookies"). In the latter case, you can find the storage duration in the cookie settings overview of your web browser.
If individual cookies we use also process personal data, the processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR either for the performance of the contract, in accordance with Art. 6 para. 1 lit. a GDPR in the case of granted consent, or in accordance with Art. 6 para. 1 lit. f GDPR to safeguard our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the site visit.
You can configure your browser to be informed about the setting of cookies and to decide individually on their acceptance or to exclude the acceptance of cookies for specific cases or in general.
Please note that if cookies are not accepted, the functionality of our website may be limited.
4.1Own function for online appointment scheduling
We process your personal data as part of the online appointment scheduling provided. The data we collect for online appointment scheduling can be found in the respective input form or the appointment inquiry for scheduling. If certain data is necessary to carry out an online appointment scheduling, we will indicate this in the input form or during the appointment inquiry accordingly. If we provide you with a free text field in the input form, you can describe your concern in more detail there. You can also control which additional data you wish to enter. The data you provide will be stored and used solely for the purpose of scheduling the appointment. In processing personal data that is necessary for the fulfillment of a contract with you (this also applies to processing operations necessary for the execution of pre-contractual measures), Article 6(1)(b) of the GDPR serves as the legal basis. If you have given us consent for the processing of your data, the processing will be based on Article 6(1)(a) of the GDPR. Any consent given can be revoked at any time by sending a message to the responsible party mentioned at the beginning of this declaration.
4.2WhatsApp Business
You have the option to contact us via the messaging service WhatsApp of WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. For this purpose, we use the so-called "Business version" of WhatsApp.
If you contact us via WhatsApp regarding a specific business matter (for example, an order placed), we will store and use the mobile number you used on WhatsApp and, if provided, your first and last name in accordance with Art. 6 para. 1 lit. b GDPR to process and respond to your inquiry. Based on the same legal basis, we may ask you via WhatsApp to provide additional information (order number, customer number, address, or email address) to assign your request to a specific transaction.
Use our WhatsApp contact for general inquiries (such as about our range of services, availability, or our online presence). We will store and use the mobile number you use on WhatsApp and, if provided, your first and last name in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in the efficient and timely provision of the requested information.
Your data will only be used to respond to your inquiry via WhatsApp. There will be no sharing with third parties.
Please note that WhatsApp Business gains access to the address book of the mobile device we use for this purpose and automatically transmits phone numbers stored in the address book to a server of the parent company Meta Platforms Inc. in the USA. For the operation of our WhatsApp Business account, we use a mobile device that only contains the WhatsApp contact details of users who have contacted us via WhatsApp.
This ensures that every person whose WhatsApp contact details are stored in our address book has consented to the transmission of their WhatsApp phone number from the address books of their chat contacts by accepting the WhatsApp terms of use on their device upon first use of the app in accordance with Art. 6 para. 1 lit. a GDPR. The transmission of data from users who do not use WhatsApp and/or have not contacted us via WhatsApp is therefore excluded.
For information on the purpose and scope of data collection and the further processing and use of data by WhatsApp, as well as your rights and settings regarding the protection of your privacy, please refer to WhatsApp's privacy policy: https://www.whatsapp.com
We have concluded a data processing agreement with the provider that protects the data of our website visitors and prohibits sharing with third parties.
As part of the aforementioned processing, data transfers to servers of Meta Platforms Inc. in the USA may occur.
For data transmissions to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision by the European Commission.
4.3When contacting us (e.g., via contact form or email), personal data is collected. The data collected when using a contact form can be seen in the respective contact form. This data is stored and used exclusively for the purpose of responding to your inquiry or for contacting you and the associated technical administration.
The legal basis for processing this data is our legitimate interest in responding to your inquiry in accordance with Art. 6 para. 1 lit. f GDPR. If your contact aims at concluding a contract, the additional legal basis for processing is Art. 6 para. 1 lit. b GDPR. Your data will be deleted after your request has been conclusively processed. This is the case when it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided that no legal retention obligations oppose this.
You can register on our website by providing personal data. The personal data processed for registration is specified in the input mask used for registration. We use the so-called double opt-in procedure for registration, meaning your registration is only complete once you have confirmed your registration by clicking on the link contained in a confirmation email sent to you for this purpose. If you do not confirm within 24 hours, your registration will be automatically deleted from our database. Providing the aforementioned data is mandatory. You can voluntarily provide any additional information by using our portal.
When you use our portal, we store your data necessary for contract fulfillment, including any payment method information, until you permanently delete your access. Furthermore, we retain the voluntary data you provide for the duration of your use of the portal, unless you delete it beforehand. You can manage and change all information in the secure customer area. The legal basis is Art. 6 para. 1 lit. f GDPR.
In addition, we store all content you publish (such as public posts, wall entries, guestbook entries, etc.) to operate the website. We have a legitimate interest in providing the website with complete user-generated content. The legal basis for this is Art. 6 para. 1 lit. f GDPR. If you delete your account, your public statements, especially in the forum, will remain visible to all readers, but your account will no longer be accessible. All other data will be deleted in this case.
6.1Google (Universal) Analytics
This website uses Google (Universal) Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), which enables an analysis of your use of our website.
By default, when visiting the website, Google (Universal) Analytics sets cookies, which are small text files stored on your device and collect certain information. This information includes your IP address, which is truncated by Google to exclude direct personal reference.
The information is transmitted to Google servers and processed there. Transfers to Google LLC based in the USA are also possible.
Google uses the information collected on our behalf to evaluate your use of the website, compile reports on website activities for us, and provide additional services related to website and internet usage. The IP address transmitted and truncated by your browser as part of Google Analytics will not be merged with other data from Google. The data collected through the use of Google (Universal) Analytics will be stored for a period of two months and then deleted.
All of the aforementioned processing activities, particularly the setting of cookies on the device used, will only take place if you have given us your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR.
Without your consent, the use of Google (Universal) Analytics will not take place during your visit to the site. You can revoke your consent at any time with effect for the future. To exercise your right of withdrawal, please deactivate this service via the 'Cookie Consent Tool' provided on the website.
We have concluded a data processing agreement with Google that ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.
Further legal information regarding Google (Universal) Analytics can be found at https://business.safety.google
Demographic features
Google (Universal) Analytics uses the special feature 'demographic characteristics' and can create statistics that provide insights into the age, gender, and interests of website visitors. This is done by analyzing advertisements and information from third parties. However, the collected data cannot be attributed to a specific individual and will be deleted after being stored for a period of two months.
Google Signals
As an extension to Google (Universal) Analytics, Google Signals can be used on this website to create cross-device reports. If you have enabled personalized ads and linked your devices to your Google account, Google may, subject to your consent to the use of Google Analytics in accordance with Art. 6 para. 1 lit. a GDPR, analyze your usage behavior across devices and create database models, including cross-device conversions. We do not receive any personal data from Google, only statistics. If you wish to stop cross-device analysis, you can disable the 'Personalized Advertising' feature in your Google account settings. Please follow the instructions on this page: https://support.google.com
For more information on Google Signals, please visit the following link: https://support.google.com
UserIDs
As an extension to Google (Universal) Analytics, the 'UserIDs' feature can be used on this website. If you have consented to the use of Google (Universal) Analytics in accordance with Art. 6 para. 1 lit. a GDPR, created an account on this website, and logged in on different devices with this account, your activities, including conversions, can be analyzed across devices.
For data transmissions to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision by the European Commission.
6.2Google Analytics 4
This website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ('Google'), which enables an analysis of your use of our website.
By default, when visiting the website, Google Analytics 4 sets cookies, which are small text files stored on your device that collect certain information. This information includes your IP address, which is truncated by Google to exclude the last digits to prevent direct personal identification.
The information is transmitted to Google servers and processed there. Transfers to Google LLC based in the USA are also possible.
Google uses the information collected on our behalf to evaluate your use of the website, compile reports on website activities for us, and provide additional services related to website usage and internet usage. The IP address transmitted and truncated by your browser as part of Google Analytics will not be merged with other data from Google. The data collected through the use of Google Analytics 4 will be stored for a duration of two months and then deleted.
All of the aforementioned processing activities, particularly the setting of cookies on the device used, will only take place if you have given us your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR.
Without your consent, the use of Google Analytics 4 will not take place during your visit to the site. You can revoke your consent at any time with effect for the future. To exercise your right of revocation, please disable this service using the 'Cookie Consent Tool' provided on the website.
We have concluded a data processing agreement with Google that ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.
Further legal information on Google Analytics 4 can be found at https://business.safety.google
Demographic features
Google Analytics 4 uses the special feature 'demographic characteristics' and can create statistics that make statements about the age, gender, and interests of website visitors. This is done by analyzing advertising and information from third parties. However, the collected data cannot be attributed to a specific individual and will be deleted after being stored for a duration of two months.
Google Signals
As an extension to Google Analytics 4, Google Signals can be used on this website to create cross-device reports. If you have enabled personalized ads and linked your devices to your Google account, Google may analyze your usage behavior across devices and create database models, including cross-device conversions, subject to your consent for the use of Google Analytics in accordance with Art. 6 para. 1 lit. a GDPR. We do not receive any personal data from Google, only statistics. If you wish to stop cross-device analysis, you can disable the 'Personalized Advertising' feature in your Google account settings. Please follow the instructions on this page: https://support.google.com
For more information on Google Signals, please visit the following link: https://support.google.com
UserIDs
As an extension to Google Analytics 4, the 'UserIDs' feature can be used on this website. If you have consented to the use of Google Analytics 4 in accordance with Art. 6 para. 1 lit. a GDPR, set up an account on this website, and log in with this account on different devices, your activities, including conversions, can be analyzed across devices.
For data transmissions to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision by the European Commission.
6.3Google Tag Manager
This website uses the 'Google Tag Manager', a service provided by the following provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: 'Google').
The Google Tag Manager provides a technical foundation for bundling various web applications, including tracking and analysis services, and allows them to be calibrated, controlled, and conditioned through a unified user interface. The Google Tag Manager itself does not store information on user devices or read it. The service also does not perform independent data analyses. However, when a page is accessed, your IP address is transmitted to Google via the Google Tag Manager and may be stored there. Transmission to servers of Google LLC in the USA is also possible.
This processing will only take place if you have given us your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR. Without this consent, the use of Google Tag Manager will not occur during your visit to the site. You can revoke your consent at any time with effect for the future. To exercise your revocation, please disable this service in the 'Cookie Consent Tool' provided on the website.
We have concluded a data processing agreement with the provider, which ensures the protection of our site visitors' data and prohibits unauthorized disclosure to third parties.
For data transmissions to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision by the European Commission.
Further legal information on Google Tag Manager can be found at https://business.safety.google
Google Ads Conversion Tracking without Cookies
This website uses the online advertising program "Google Ads" and, as part of Google Ads, the conversion tracking of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").
We use the Google Ads service to draw attention to our attractive offers on external websites using advertising materials (so-called Google AdWords). We can determine the success of individual advertising measures in relation to the data from the advertising campaigns. Our aim is to show you advertisements that are of interest to you, to make our website more appealing to you, and to achieve a fair calculation of the incurred advertising costs.
This website uses Google Ads conversion tracking exclusively without the use of cookies, which means that the service does not set cookies on your device at any time.
Instead, the local storage of your browser is used to store a unique ID assigned by Google, which enables an analysis of your use of the website. For this purpose, certain user information is processed via the ID.
The ID is set when a user clicks on an ad displayed by Google. If the user visits certain pages of this website, Google and we can recognize that the user clicked on the ad and was redirected to this page. Each Google Ads customer receives a different cookie. Cookies cannot be tracked across the websites of Google Ads customers. The information collected in this way is used to create conversion statistics for Google Ads customers who have opted for conversion tracking. Customers learn the total number of users who clicked on their ad and were redirected to a page equipped with a conversion tracking tag.
However, you will not receive any information that can personally identify users. In the context of using Google Ads, there may also be a transmission of personal data to the servers of Google LLC in the USA. Details regarding the processing initiated by Google Ads Conversion Tracking and Google's handling of data from websites can be found here: https://policies.google.com
If the collected information has a personal reference, the processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in the statistical evaluation of the success of our advertising campaigns.
Google's privacy policy can be viewed here: https://business.safety.google
For data transmissions to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision by the European Commission.
8.1Google Web Fonts
This page uses web fonts from the following provider for consistent font representation: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
When you access a page, your browser loads the necessary web fonts into its browser cache to correctly display texts and fonts and establishes a direct connection to the provider's servers. In this process, certain browser information, including your IP address, is transmitted to the provider.
Data may also be transmitted to: Google LLC, USA.
The processing of personal data in connection with contacting the font provider will only take place if you have given us your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future by disabling this service via the 'Cookie Consent Tool' provided on the website. If your browser does not support web fonts, a standard font from your computer will be used.
For data transmissions to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision by the European Commission.
Further information on Google's privacy policy can be found here: https://business.safety.google
8.2Google Customer Reviews (formerly Google Certified Shops Program)
We collaborate with Google as part of the 'Google Customer Reviews' program. The provider is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). This program allows us to collect customer reviews from users of our website. After making a purchase on our website, you will be asked if you would like to participate in an email survey from Google.
If you give your consent in accordance with Art. 6 para. 1 lit. a GDPR, we will transmit your email address to Google. You will receive an email from Google Customer Reviews asking you to rate your purchase experience on our website. Your rating will then be aggregated with our other ratings and displayed in our Google Customer Reviews logo as well as in our Merchant Center dashboard. Additionally, your rating will be used for Google seller ratings. In the context of using Google Customer Reviews, there may also be a transmission of personal data to the servers of Google LLC in the USA.
You can revoke your consent at any time by sending a message to the data processing controller or to Google.
For data transmissions to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision by the European Commission.
Further information on Google's privacy policy can be found here: https://business.safety.google
8.3Microsoft Teams
For conducting online meetings, video conferences, and/or webinars, we use this provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA.
The provider processes various data, depending on the information you provide before or during participation in an online meeting, video conference, or webinar. Your data as a communication participant is processed and stored on the provider's servers. This may include your login details (name, email address, phone number (optional), and password) and session data (topic, participant IP address, device information, description (optional)).
In addition, image and audio contributions from participants as well as voice inputs in chats may be processed.
The processing of personal data necessary for the fulfillment of a contract with you is based on Art. 6 para. 1 lit. b GDPR (this also applies to processing operations necessary for the execution of pre-contractual measures). If you have given us consent to process your data, the processing is based on Art. 6 para. 1 lit. a GDPR. You can revoke any consent given at any time with effect for the future.
Furthermore, the legal basis for data processing during the conduct of online meetings, video conferences, or webinars is our legitimate interest according to Art. 6 para. 1 lit. f GDPR in the effective execution of the online meeting, webinar, or video conference.
We have concluded a data processing agreement with the provider that ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.
For data transmissions to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision by the European Commission.
8.4Online applications via a form
On our website, we currently advertise vacant positions in a separate section, where interested parties can apply using a corresponding form.
Applicants must provide all personal data necessary for a well-founded assessment, including general information such as name, address, and contact options, as well as performance-related evidence and, if applicable, health-related information. Details regarding the application can be found in the job advertisement.
When the form is submitted, the applicant data is transmitted to us encrypted in accordance with the state of the art, stored by us, and evaluated solely for the purpose of processing the application. The processing is based on Art. 6 para. 1 lit. b GDPR (or § 26 para. 1 BDSG), under which the application process is considered as the initiation of an employment contract.
If, in the context of the application process, special categories of personal data as defined in Art. 9 para. 1 GDPR (e.g., health data such as information about disability status) are requested from applicants, the processing is carried out in accordance with Art. 9 para. 2 lit. b GDPR, so that we can exercise the rights arising from labor law and social security law and fulfill our related obligations.
Cumulatively or alternatively, the processing of special categories of data may also be based on Art. 9 para. 1 lit. h GDPR, if it is for the purposes of health care or occupational medicine, for assessing the applicant's ability to work, for medical diagnostics, care or treatment in the health or social sector, or for managing systems and services in the health or social sector.
If the applicant is not selected or withdraws their application prematurely, the data submitted via the form, as well as all electronic correspondence including the application email, will be deleted after a corresponding notification, no later than 6 months. This period is based on our legitimate interest in answering any follow-up questions regarding the application and, if necessary, fulfilling our documentation obligations under the regulations on equal treatment of applicants.
In the event of a successful application, the data provided will be processed on the basis of Art. 6 para. 1 lit. b GDPR (when processed in Germany in conjunction with § 26 para. 1 BDSG) for the purpose of executing the employment relationship.
Cookie Consent Tool
This website uses a so-called 'Cookie Consent Tool' to obtain valid user consents for cookies and cookie-based applications that require consent. The 'Cookie Consent Tool' is displayed to users as an interactive user interface upon page access, where consents for specific cookies and/or cookie-based applications can be granted by checking boxes. By using the tool, all consent-required cookies/services are only loaded when the respective user grants the corresponding consents by checking the boxes. This ensures that such cookies are only set on the user's device if consent has been given.
The tool sets technically necessary cookies to store your cookie preferences. Personal user data is generally not processed in this context.
If, in individual cases, the processing of personal data (such as the IP address) occurs for the purpose of storing, assigning, or logging cookie settings, this is done in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in a legally compliant, user-specific, and user-friendly consent management for cookies, and thus in a legally compliant design of our online presence.
Another legal basis for processing is also Art. 6 para. 1 lit. c GDPR. As data controllers, we are subject to the legal obligation to make the use of technically unnecessary cookies dependent on the respective user consent.
If necessary, we have concluded a data processing agreement with the provider that ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.
Further information about the operator and the settings of the Cookie Consent Tool can be found directly in the corresponding user interface on our website.
10.1The applicable data protection law grants you the following rights as a data subject regarding the processing of your personal data (rights of access and intervention), with reference to the respective legal basis for the conditions of exercise:
10.2RIGHT TO OBJECT
IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR LEGITIMATE INTERESTS IN THE CONTEXT OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE AFFECTED DATA. HOWEVER, FURTHER PROCESSING REMAINS RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS, AND FREEDOMS, OR IF THE PROCESSING IS NECESSARY FOR THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS.
IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA CONCERNING SUCH MARKETING. YOU CAN EXERCISE THE OBJECTION AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE AFFECTED DATA FOR DIRECT MARKETING PURPOSES.
The duration of storage of personal data is determined by the respective legal basis, the purpose of processing, and, if applicable, additionally by the respective statutory retention period (e.g., commercial and tax retention periods).
When processing personal data based on explicit consent in accordance with Art. 6 para. 1 lit. a GDPR, the affected data will be stored until you withdraw your consent.
If there are statutory retention periods for data processed in the context of contractual or contract-like obligations based on Art. 6 para. 1 lit. b GDPR, this data will be routinely deleted after the retention periods expire, unless it is no longer necessary for contract fulfillment or contract initiation and/or we have no legitimate interest in further storage.
When processing personal data based on Art. 6 para. 1 lit. f GDPR, this data will be stored until you exercise your right to object under Art. 21 para. 1 GDPR, unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.
When processing personal data for the purpose of direct marketing based on Art. 6 para. 1 lit. f GDPR, this data will be stored until you exercise your right to object under Art. 21 para. 2 GDPR.
Unless otherwise stated in the additional information of this declaration regarding specific processing situations, stored personal data will be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.
