Data Protection Policy

Data Protection Policy

Information about the processing of your data in accordance with Article 13 of the European General Data Protection Regulation (GDPR).

References to statutory provisions relate to the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) in the version applicable as of 25 May 2018.

I. Scope

This Data Protection Policy applies to the website: of HERING SCHUPPENER Consulting Strategieberatung für Kommunikation GmbH and to the personal data collected via that website. For websites of other providers to which reference is made, by means of links for example, their own data protection information and policies apply.

II. Responsible Controller

Responsible controller in the sense of data protection law is:

HERING SCHUPPENER Consulting Strategieberatung für Kommunikation GmbH

Berliner Allee 44

40212 Düsseldorf

Commercial Register: Amtsgericht Düsseldorf, Commercial Register Number HRB 40605.  

VAT/UST-ID-No.: DE 215379414

Managing directors: Alexander Geiser, Dr. Brigitte von Haacke, Dr. Phoebe Kebbel, Tina Mentner



Phone.: +49 69 92 18 74-86

Fax: +49 (0) 211-43079-233

Important note:

For security reasons, we recommend sending e-mails in encrypted form only. There are considerable risks associated with the transfer of unencrypted messages. Please do not send us any sensitive data by unencrypted e-mail.

III. Data protection officer

HERING SCHUPPENER Consulting Strategieberatung für Kommunikation GmbH

Data protection officer

Berliner Allee 44

40212 Düsseldorf


Important note:

For security reasons, we recommend sending e-mails in encrypted form only. There are considerable risks associated with the transfer of unencrypted messages. Please do not send us any sensitive data by unencrypted e-mail.

IV. How we process your data

1. Personal data

According to Article 4 of the GDPR, personal data is any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.

2. Collection and processing of your personal data

When you access our web pages, you transmit data to our web server via your Internet browser (for technical reasons). The following data is recorded during an ongoing connection for communication between your Internet browser and our web server:

  • Date and time of the request
  • Name of the requested file
  • Web page from which the file was requested
  • Access status (file transferred, file not found, etc.)
  • Web browser and operating system used
  • Full IP address of the requesting computer
  • Data volume transferred

The recipient (in addition to Hering Schuppener) of this data is our server host, who acts as a data processor and with whom we have concluded a data processing agreement (DPA). The respective information is only processed in accordance with our instructions and stored on servers in the EU or EEA.

Except for the above-mentioned data, personal data will only be stored if you provide us with the data on your own initiative, and even in these cases only to the extent that we are permitted to do so on the basis of your consent or in accordance with applicable law (for further information, please refer to the “Legal basis of processing” section below).

You are neither legally nor contractually obliged to provide us with your personal data. It is possible, however, that certain functions of our websites depend on the provision of personal data. If you do not provide personal data in such cases, this may result in functions not being available or only available to a limited extent. 

3. Purposes of usage

We use the personal data collected when you visit our website to operate it as convenient as possible for you and to protect our IT systems from attacks and other illegal activities.

4. Evaluation of usage data; use of analysis tools

No analysis tools in use

5. Targeting and retargeting

No targeting in use

6. Notes on cookies

  • Functions and use of cookies

Cookies are small files that are stored on your desktop, laptop or mobile device when you visit a website. From these we can recognise if there has already been a connection between your device and our website, for example, or which language or other settings you prefer. Cookies may also include personal data.

If you decide to object to the use of cookies, it may be that some of the functions of our website may not be available or individual functions may only be available to a limited extent.

We divide cookies into the following categories: 

Essential cookies (type 1)

These cookies are essential for the functions of the website. Without them, we may not be able to offer some of the services to you, for example.

Functional cookies (type 2)

These cookies make it easier to use the website and improve its functions. For example, we save your language settings in functional cookies.

Performance cookies (type 3)

These cookies collect information about how you use our website. In this way, we can identify which parts of our website are particularly popular and thus improve our service to you. Please also read the section “Evaluation of usage data” in our Data Protection Policy.

Third-party cookies (type 4)

These cookies are set up by third parties, e.g. social networks such as Facebook, Twitter and Google+, the content of which you can integrate using the “social plugins” offered on our website. More detailed information about the use and function of the social plugins is available in our Data Protection Policy.

  • We use the following cookies on our website




Functional Life

Session Cookie

Holds the Session ID, which stores language selection and acceptance of the Clickgate


Browser session

Cookie Banner Cookie

Saves whether the user has clicked away the cookie banner


Browser session

7. Security

We implement technical and organisational security measures to protect the data about you that we manage from manipulation, loss, destruction and access by unauthorised persons. We are continuously improving our security measures in accordance with technological progress.

For security reasons and to protect transmission of personal data and other confidential content, this website uses SSL and TLS encryption. You can recognise an encrypted connection by the string “https://” and the padlock icon on your browser bar.

8. Legal basis of processing

If you have given us your consent to process your personal data, this represents the legal basis for processing (Art. 6 (1) (a) GDPR).

For processing personal data to initiate or fulfil a contract with you, Art. 6 (1) (b) GDPR is the legal basis.

Insofar as processing of your personal data is necessary to fulfil our legal obligations (e.g. retention of data), we are authorised to do so by Art. 6 (1) (c) GDPR.

We also process personal data for purposes of pursuing our legitimate interests and the legitimate interests of third parties pursuant to Art. 6 (1) (f) GDPR. Such legitimate interests include maintenance of the function of our IT systems, but also marketing of our own and third-party products and services and the necessary legal documentation of business contacts. 

9. Erasure of your personal data

We erase your IP address and the name of your Internet Service Provider, which we only save for security reasons, after seven days. Otherwise we erase your personal data as soon as the purpose for which we have collected and processed the data no longer applies. Beyond this time, storage takes place only if this is required in accordance with the laws, ordinances or other legal regulations of the European Union or a Member State of the European Union to which we are subject.


V. Your rights

As a user of our website, you have various rights under the GDPR, which are set out in particular in Art. 15 to 21 GDPR:

1. Right to information

You may demand information about your personal data processed by us under Art. 15 GDPR. Your application for information should provide precise information about your request in order to make it easier for us to compile the data required. Please note that your right to information may be restricted under certain circumstances by legal regulations (in particular Article 34 GDPR and Art. 10 of the Bavarian Data Protection Act).

2. Right to rectification

If the information about you is not (or no longer) accurate, you may demand rectification under Art. 16 GDPR. If your data is incomplete, you may demand completion.

3. Right to erasure

You may demand erasure of your personal data under the conditions of Art. 17 GDPR. Your right to erasure depends, among other things, on whether the data about you are still required by us to fulfil statutory duties.

4. Right to restriction of processing

In accordance with Art. 18 GDPR, you have the right to obtain a restriction of processing of data concerning you.

5. Right to notification

If you have asserted your right to rectification, erasure or restriction of processing in respect of the data controller, the latter is obliged to notify all recipients to whom your personal data has been disclosed of this rectification or erasure of data or restriction of processing, unless this proves to be impossible or involves a disproportionate amount of work. You have the right to information about such recipients under the provisions of Art. 19 GDPR.

6. Right to data portability

Under the provisions of Art. 20 GDPR, you have the right to receive the personal data that you have provided to us in a structured, standard and machine-readable format or to demand transmission to another data controller, provided that this is technically feasible.

7. Right to object

Under Art. 21 GDPR, you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you. We cannot always comply, however, if we are subject to statutory regulations concerning fulfilment of our processing obligations, for example.

8. Right to withdrawal

You have the right to withdraw the consent that you have given to process your data at any time with effect for the future, in accordance with the provisions of Art. 7 GDPR. If consent is withdrawn, we shall erase the data concerned immediately, insofar as further processing cannot be justified on a legal basis for processing without consent. Withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of that consent up to the point of withdrawal. 

9. Right to lodge a complaint

If you believe that the processing of your personal data breaches statutory provisions, you have the right to lodge a complaint with a competent data protection supervisory authority (Art. 77 GDPR).

VI. Contact person

The data protection officer provides support for all questions relating to data protection. Complaints can also be made against Hering Schuppener and the rights mentioned in this data protection declaration can be asserted.


The data protection officer can be contacted at:


In addition to contacting the data protection officer, you can also contact the responsible data protection supervisory authority at any time: 

Commissioner for Data Protection and Freedom of Information
North Rhine-Westphalia
PO box 20 04 44
40102 Düsseldorf

Phone: 0211/38424-0
Fax: 0211/38424-10

VII. Alterations to this Data Protection Policy

We may alter this Data Protection Policy at any time by publishing the amended version on this website, including enforcement of the amended version.

Date of publication: 23.01.2020