We take the protection of your personal data very seriously. With the following information, we would like to give you, as a visitor to our online offer, as a business partner, as an applicant or other data subject, an overview of the processing of your personal data by us and of your rights under data protection law. Which data is processed in detail and how it is used depends largely on the agreed services. Therefore, not all parts of this information will apply to you.
1 Controller and contact details of the data protection officer (DPO)
Responsible for data processing within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations is plenum AG Management Consulting and its subsidiaries in which plenum AG itself directly or indirectly holds a majority interest (plenum group).
plenum AG
Management Consulting
THE SQUAIRE WEST 15
Am Flughafen
D-60549 Frankfurt am Main
E-Mail: info@plenum.de
(hereinafter referred to as "Company")
You can reach our external data protection officer at:
Wodianka privacy legal GmbH
Baron-Voght-Str. 73b
D-22609 Hamburg
E-Mail: datenschutz@plenum.de
2.1 Data categories, purpose of processing, and legal basis
In connection with the use of our websites, applications or online tools (hereinafter collectively referred to as "online services"), we process the following personal data:
We process your personal data for the following purposes:
In some cases, we expressly ask you for your consent to the processing of your personal data. In this case, the legal basis for the processing of your personal data is the consent given by you pursuant to Art. 6 (1) lit. a GDPR in conjunction with. Art. 7 GDPR.
2.2 Cookies
Within the scope of our online offer, we also use so-called cookies. Cookies are small text files that are stored by your browser on your end device when you visit our website. Cookies contain information that is related to the context of use and your end device.
Depending on the type, the use of cookies is possible without consent or requires consent. Cookies that do not require consent are in particular those that are necessary in order to use our online services or that serve IT security purposes. The legal basis for data processing in these cases is Art. 6 (1) lit. f GDPR.
In contrast, cookies that require consent serve on the one hand to individually adapt the use of our offer to your preferences. You give your consent in this regard when you call up our online offer by displaying our "cookie banner". Here you can declare your consent to the use of cookies on this website by clicking a button.
For example, we use cookies to recognise that you have already visited our online offer. In addition, we also use temporary cookies for the purpose of user-friendliness, which are stored on your end device for a certain fixed period of time. If you visit our site again, the circumstance of your visit and your entries are automatically recognised and, if necessary, supplemented.
Furthermore, we use cookies to statistically record and optimise the use of our online offers and to evaluate them for you. The legal basis of the data processing for cookies requiring consent is Art. 6 (1) lit. a GDPR in conjunction with Art. 7 GDPR. This data includes, among other things, page views, duration of visit, origin, country and other data. We analyse this statistical information in order to optimise our services.
Overview of the cookies used on this website:
Cookie | Purpose | Storage duration |
_gat_gtag_UA_<property-id> | Used to lower the request rate. | 1 minute |
_gid | Used to distinguish website visitors | 1 day |
_ga | Used to distinguish website visitors | 50 months |
PLENUM_PRIVACY_GA_ENABLED_V1 | Used to identify whether consent has been given to Google Analytics | 1 year |
PLENUM_PRIVACY_VIEWED_V1 | Used to detect whether the cookie banner has already been displayed | 1 year |
2.3 Google Analytics
This website uses functions of the web analysis service "Google Analytics". The company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services in Europe.
Google Analytics also uses so-called cookies. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the US and stored there.
Google Analytics cookies are stored on the basis of Art. 6 (1) lit. a GDPR. We obtain the necessary consent from our users immediately after they call up our website.
IP anonymisation
We have activated the IP anonymisation function on this website. This means that your IP address is shortened by Google within the states of the European Union or other contracting states to the Agreement on the European Economic Area before being transmitted to the US. Only in exceptional cases will the full IP address be transmitted to a Google server in the US and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
Browser plug-in
You can prevent cookies from being stored by setting your browser software accordingly. However, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaopout?hl=de.
Objection to data collection
You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will then be set that prevents the collection of your data during future visits to this website: Deactivate Google Analytics
For more information on how Google Analytics handles user data, please see Google's privacy policy at the following link: https://support.google.com/analytics/answer/6004245?hl=de.
Please note that American authorities, such as intelligence agencies, could potentially gain access to personal data that is inevitably exchanged with Google on the basis of the Internet Protocol (TCP) when this service is integrated, due to American laws such as the Cloud Act. The transmission of the data to Google may result in the processing of the data by Google in the US. An appropriate level of data protection for data processing by Google is ensured by standard contractual clauses.
2.4 Google Tag Manager
We use the service called "Google Tag Manager" from Google. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.
We have concluded an order processing agreement with Google. The Google Tag Manager is an auxiliary service and only processes personal data itself for technically necessary purposes. The Google Tag Manager takes care of loading other components, which in turn may collect data. The Google Tag Manager does not access this data.
Further information on the Google Tag Manager can be found in Google's privacy policy (https://policies.google.com/privacy?hl=de).
Please note that American authorities, such as intelligence agencies, could potentially gain access to personal data that is inevitably exchanged with Google via the Internet Protocol (TCP) when this service is integrated, due to American laws such as the Cloud Act. The transmission of the data to Google may result in the processing of the data by Google in the US. An appropriate level of data protection for data processing by Google is ensured by standard contractual clauses.
2.5 Google Fonts
External fonts from "Google Fonts" are used on our website. Google Fonts is a service provided by Google. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.
You do not have to log in or enter a password to use Google Fonts. Furthermore, no cookies are stored in your browser. The files (CSS, fonts) are requested via the Google domains fonts.googleapis.com and fonts.gstatic.com. According to Google, the requests for CSS and fonts are completely separate from all other Google services. If you have a Google account, you do not need to worry about your Google account information being transmitted to Google while using Google Fonts. Google records the use of CSS (Cascading Style Sheets) and the fonts used and stores this data securely. We will look at exactly what the data storage looks like in more detail.
The purpose of Google Fonts is the legitimate interest in the presentation of our website in the selected layout (Art. 6 (1) lit. f GDPR).
You can also prevent the establishment of an automatic connection at any time by means of an appropriate setting in the Internet browser used; our site can then still be used, albeit without the Google fonts. We do not retain any personal data within the scope of Google Fonts. Personal data is not transmitted to other recipients.
Further information and the applicable data protection provisions of Google Fonts can be found in Google's data protection declaration (https://policies.google.com/privacy?hl=de).
Please note that American authorities, such as intelligence agencies, could potentially gain access to personal data that is inevitably exchanged with Google via the Internet Protocol (TCP) when this service is integrated, due to American laws such as the Cloud Act. The transmission of the data to Google may result in the processing of the data by Google in the US. An appropriate level of data protection for data processing by Google is ensured by standard contractual clauses.
2.6 Newsletter
If you would like to receive the newsletter offered on the website, we require an email address from you as well as information that allows us to verify that you are the owner of the email address provided and that you agree to receive the newsletter (double opt-in procedure). To personalise the newsletter, we store personal data (e.g. first name, surname and e-mail address). If you provide further personal data when registering, this information is voluntary. We use the data exclusively for sending the requested information and for documenting your consent. You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time and with effect for the future, for example via the "unsubscribe" link in the newsletter.
We use an external service provider to manage and send our newsletter. This service provider has of course been carefully selected and obliged to comply with all data protection regulations in accordance with Art. 28 GDPR.
We would like to point out that we evaluate your user behaviour when sending the newsletter. The newsletter emails we send contain a so-called web beacon or a so-called tracking pixel. This is a single-pixel image file that is stored on our website. This data is only collected pseudonymously. This processing of data serves the purpose of tailoring the newsletter to your individual interests. You can prevent the above evaluation of your user behaviour if you have deactivated the display of images in your e-mail programme by default. Please note that in this case the newsletter will not be displayed in full and you may not be able to use all the functions of the newsletter. If you manually activate the display of images, the evaluation of your user behaviour described above will take place again.
2.7 Contacting us
Our website contains an e-mail address that can be used for electronic contact. If a user makes use of this option, the data entered in the e-mail will be transmitted to us and part of the data will be stored.
In this context, the data is not passed on to third parties outside the company. The data is used exclusively for processing the correspondence.
The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 (1) lit. f GDPR. If the e-mail contact is aimed at concluding a contract, Art. 6 (1) lit. b GDPR is the further legal basis for the processing.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is usually the case when the respective correspondence has ended.
The user has the option to object to the processing of his/her personal data at any time. In such a case, the correspondence cannot be continued. Please send us your request for deletion via e-mail to datenschutz@plenum.de. All personal data stored in the course of contacting us will be deleted in this case.
3.1 Data categories and purpose of processing
Within the scope of cooperation with business partners, the Company processes personal data of contact persons at customers, suppliers, interested parties, sales partners and cooperation partners (hereinafter "business partners"):
This personal data is processed for the following purposes:
3.2 Legal basis
The processing of personal data is necessary to achieve the aforementioned purposes. Unless explicitly stated otherwise when collecting the personal data, the legal basis for data processing is:
If you have expressly given your consent to the processing of your personal data in an individual case, this consent is the legal basis for the processing pursuant to Art. 6 (1) lit. a GDPR.
4.1 Categories of data and purpose of data processing
As part of the application process, we generally process the following categories of personal data:
Personal data that you provide to us as part of your application will be stored and used exclusively for the purpose of processing the application and, if necessary, for the implementation of the subsequent employment relationship.
4.2 Legal basis
The processing of your personal data within the scope of the application procedure is based on Art. 6 (1) lit. b GDPR (establishment and execution of a contract) as well as § 26 (1) p. 1 BDSG.
4.3 Data transfer
Your data will be made available to the employees or supervisors responsible for the position for which you have applied.
In the case of a speculative application, your documents will be made available to the relevant employees or superiors for whom your application could be of interest.
We do not pass on your application data to affiliated subsidiaries or parent companies unless your application also relates to these companies or is kept open for this purpose.
Data will also be passed on if we are obliged to do so due to legal provisions and/or official or court orders.
4.4 Deletion periods for applicant data
If no employment relationship is established, the application documents are deleted six months after rejection. The legal basis for the storage in this regard is Art. 6 para. 1 lit. f GDPR. Our legal interest in this regard is the defence against any claims arising from the General Equal Treatment Act ("AGG"). In all other respects, the general deletion periods and notes under section 9 apply.
If you have given us your consent or if we are entitled to do so within the scope of existing customer relationships, your contact data will also be used for direct marketing purposes (such as invitations to trade fairs, newsletters) or to conduct customer satisfaction surveys. You have the right to object to the use of your contact data for these purposes at any time. If you wish to exercise your right to object in this regard, please write us an email at datenschutz@plenum.de or follow the corresponding instructions you received from us in any promotional email. The legal basis for processing your data for advertising purposes is Art. 6 (1) lit. f GDPR in the case of existing customer relationships or Art. 6 (1) lit. a GDPR if you have given us your consent.
We use references ("links") to the social networks LinkedIn and XING on our website on the basis of Art. 6 (1) sentence 1 lit. f GDPR in order to draw attention to our services and products and to contact you as a visitor and user of these social media pages as well as our website.
You can recognise the links by the logo of the respective social network. When you click on the logo, a direct connection is established between your browser and the server of the respective service and you are redirected to the website of the service provider.
These are not so-called social plug-ins, where a connection and data transmission to the respective social network is already established when you call up our website. We would like to point out that you use the following services and their functions on your own responsibility. Please also note that when calling up the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply. In detail, these are the following third-party providers:
Within our company, those offices will receive access to your data that need it to fulfil contractual and legal obligations. Service providers and vicarious agents employed by us may also receive data for these purposes if they maintain confidentiality and integrity in particular. These are companies in the categories of IT services, logistics, printing services, telecommunications, debt collection, consulting and sales and marketing.
With regard to the transfer of data to recipients outside our company, it should first be noted that we only pass on necessary personal data in compliance with the applicable data protection regulations. As a matter of principle, we may only pass on information about you if this is required by law, you have given your consent or we are authorised to provide information. Under these conditions, recipients of personal data may be
Data is transferred to bodies in countries outside the European Union (so-called third countries), insofar as
Furthermore, a transfer to bodies in third countries cannot be excluded in the following cases:
The use of our social media offering, the Google Analytics analysis tool, the Google Fonts directory and the use of IT service providers may result in data transfers and subsequent processing of usage data of the respective services in the US. The basis for any processing activities is your explicitly declared declaration of consent, which you have given via the cookie banner. Your declaration of consent justifies such data processing on an exceptional and case-by-case basis pursuant to Art. 49 (1) lit. a GDPR. Please note that there is no comparable level of data protection in the US as in the EU and the EEA. In particular, it is possible that government agencies access your personal data on the basis of legal authorisations without us or you knowing about it. Comparable possibilities for your own legal enforcement do not exist in the US, so that this does not appear promising.
Any data transfers take place exclusively in an automated manner in connection with the use of our offer of social media (LinkedIn and Xing), the Google Analytics analysis tool, the Google Fonts directory, the applicant platform and the use of IT service providers and with the help of cookies. You can find out more details about this in this data protection declaration in sections No. 2.3 "Google Analytics", No. 2.4 "Google Fonts", No. 2.5 "Google Tag Manager", No. 4 "Processing of personal data of applicants", No. 6 "Social media" and No. 8 "Transfer to third countries".
You can revoke your consent at any time with effect for the future. To do so, please send an email to our data protection officer at datenschutz@plenum.de and delete the corresponding cookies in your browser.
We process and store your personal data as long as it is necessary for the fulfilment of our contractual obligations and the exercise of our rights. If the data is no longer required for the fulfilment of contractual or legal obligations, it is regularly deleted, unless its - temporary - further processing is necessary for the following purposes:
Our employees and the service companies commissioned by us are obliged to maintain confidentiality and to comply with the provisions of the applicable data protection laws. The company takes appropriate technical as well as organisational security measures to protect your personal data against loss, alteration, destruction and against access by unauthorised persons or against unauthorised disclosure. Our security measures are constantly being improved in line with technological developments.
Every data subject has the right to information according to Art. 15 GDPR, the right to correction according to Art. 16 GDPR, the right to deletion according to Art. 17 GDPR, the right to restriction of processing according to Art. 18 GDPR and the right to data portability from Art. 20 GDPR.
With regard to the right to information and the right to erasure, the restrictions according to §§ 34 and 35 BDSG apply. In addition, there is a right of appeal to a competent data protection supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG).
You may revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent given to us prior to the application of the GDPR, i.e. prior to 25 May 2018. Please note that the revocation only takes effect for the future.
You also have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out in particular on the basis of Article 6 (1) lit. f GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms. In particular, this includes that the processing is necessary for the assertion, exercise or defence of legal claims.
You also have the right not to be subject to fully automated decision-making in accordance with Art. 22 GDPR. As a matter of principle, we do not use fully automated decision-making for the establishment, implementation and termination of the business relationship. Should we use these procedures in individual cases (e.g. to improve our products and services), we will inform you separately about this and about your rights in this regard, insofar as this is required by law.
Within the scope of our business relationship, you must provide the personal contractual data that is required for the establishment, implementation and termination of a business relationship and for the fulfilment of the associated contractual obligations or which we are legally obliged to collect. Without this data, we will generally not be able to conclude, execute and terminate a contract with you.
The same applies to the visit to our online offer and the collection of usage data. Without the collection of usage data, we and our service providers will not be able to provide you with our online offer.
We do not process your personal data automatically in such a way that it has legal effect on you or in a similarly significant way.
This data protection declaration is currently valid and has the status: September 2021.
