Privacy Notice pursuant to Articles 13 and 14 of the GDPR
The protection of your data and transparency regarding its processing are of the utmost importance to us.
We are therefore fulfilling our obligation to provide information regarding the circumstances of the processing
in accordance with Articles 13 and 14 of the General Data Protection Regulation (GDPR).
The processing of your personal data gives rise to the following rights for you:
- Right of access (Article 15 GDPR)
- Right to rectification (Article 16 GDPR)
- Right to erasure (Article 17 GDPR)
- Right to restriction of processing (Article 18 GDPR)
- Right to object (Article 21 GDPR)
- Right to data portability (Article 20 GDPR)
Right to withdraw consent
If the processing is based on Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR,
you have the right to withdraw your consent at any time.
Data that has already been processed remains unaffected by the withdrawal.
Data controller
NISTLER CONSULTING
Birgit Nistler
Altenstein 5
D-94234 Viechtach
Telephone: +49 9942 801757
Email: datenschutz [at] nistler-consulting [dot] de
You have the right to lodge a complaint with a supervisory authority if you believe that the processing
of your personal data is unlawful.
Supervisory authority
Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18
91522 Ansbach
Telephone: +49 (0) 981 180093-0
Fax: +49 (0) 981 180093-800
Email: poststelle [at] lda [dot] bayern [dot] de
The controller is the natural or legal person who, alone or jointly with others, determines the purposes
and means of the processing of personal data (e.g. names or email addresses).
Data transfers to third countries (countries outside the European Economic Area – EEA) will only take place
insofar as this is necessary for the performance of the service contract, you have given us your consent,
or this is permitted by law. In this case, we will take appropriate measures to ensure the protection of your data,
for example through contractual arrangements in accordance with Articles 44 to 49 of the GDPR.
1. Communication
In order to get in touch with you, we may send you an email containing further information regarding the processing
of your enquiry, your order or as part of our general business relationship.
In doing so, your email address, the content of the email and the communication history are recorded.
The data is processed on the basis of Article 6(1)(b) of the GDPR for the performance of a contract or
pre-contractual measures.
Data will only be disclosed if this has been agreed with you or is necessary for the relevant business transaction.
Your data will be stored in accordance with statutory retention obligations.
2. Contact and Address Management
To manage the contact details of our business partners and customers, we store personal data in our central database.
This includes name, contact person, address, telephone number, mobile number and email address, as well as,
where applicable, application documents (e.g. CV, certificates or references).
Data collection is carried out on the basis of a legitimate interest pursuant to Article 6(1)(f) of the GDPR,
in order to manage contact information in an organised manner.
Only our employees have access to this system.
Contact details are stored for the duration of the business relationship and beyond in accordance with legal provisions.
Application data is generally deleted six months after the project has been completed, provided there are no legitimate
interests to the contrary, such as a duty to provide evidence under the General Equal Treatment Act (AGG).
As an applicant, you may consent to your data being stored for a longer period for consideration in future projects.
This consent may be withdrawn at any time.
3. Project Management / Application Process
Your application will be stored centrally in our system.
This involves the processing of your name, contact details and application documents.
Once the pre-selection process has been completed, your data may be forwarded to our clients with your consent.
Processing is carried out on the basis of Article 6(1)(b) of the GDPR as a pre-contractual measure in the context
of a potential employment contract.
Storage may also be based on your voluntary consent in accordance with Article 6(1)(a) of the GDPR.
This consent may be withdrawn at any time.
4. IT Security
To protect our network and manage our IT systems, we have engaged an external IT service provider:
FastRocket GmbH
Unterer Sand 9
94209 Regen
For maintenance and support purposes, this provider may have access to personal data.
A data processing agreement has been concluded with the service provider.
Data processing is carried out on the basis of a legitimate interest pursuant to Article 6(1)(f) of the GDPR
for the protection of our IT systems.
5. Who receives your data?
Your personal data is stored in our central database in order to fulfil contractual, legal and legitimate interests.
Possible recipients are:
- Processors engaged by us (Art. 28 GDPR), in particular IT service providers
- Public authorities in the case of legal obligations
- Public authorities, solicitors, courts or experts
- Clients or other authorised recipients, subject to your consent
6. Automated decision-making
No automated decision-making, including profiling, takes place in accordance with Article 22 of the GDPR.
7. Disposal of paper files and data storage media
Paper documents and data storage media containing personal data that are no longer required are destroyed
in accordance with the statutory retention periods.
Destruction is carried out internally or by a certified waste disposal service provider.
8. Data Protection Management
You can contact the internal data protector at any time by sending an email to
datenschutz [at] nistler-consulting [dot] de.
In doing so, your name, the reason for your enquiry and any other necessary information may be stored for processing purposes.
Processing is carried out in accordance with Article 6(1)(b) of the GDPR.
Data will only be disclosed with your consent.
Personal data will only be stored for as long as is necessary for the respective purpose.
Statutory retention obligations remain unaffected.