Privacy Policy

1. General Information

Nachfolgend geben wir Ihnen einen Überblick über die Verarbeitung personenbezogener Daten im Sinne der Datenschutzgrundverordnung (DSGVO) und der weiteren anwendbaren Datenschutzgesetze durch uns, Boardside Executive Transition, und informieren Sie über Ihre Rechte aus dem Datenschutzrecht.
Sofern Sie nur einzelne unserer Dienste nutzen, werden nicht alle Teile dieser Informationen auf Sie zutreffen.

2. Controller

Controller responsible for data processing within the meaning of the GDPR is:

Boardside Executive Transition
Dr. Berit Bretthauer
Mangerstraße 26
14467 Potsdam
E-Mail: dataprivacy@boardsideet.com

3. Processing of Personal Data by Boardside Executive Transition

a) General and within the scope of contractual relationships

We process personal data that we receive in the course of our business activities from our clients, employees, candidates, suppliers or other data subjects. In addition, we process – insofar as this is necessary – data that we obtain from publicly accessible sources (e.g. press, internet, career platforms such as LinkedIn or Xing) or that are lawfully transmitted to us by third parties.

Relevant personal data may include, among others:

Personal details (name, address, contact details, date and place of birth, nationality)
Educational and professional background
Identification data (e.g. ID details)
Bank and contractual information
Documentation data (e.g. consulting records)
Technical data such as IP addresses (if required)

b) Data processing when visiting our website

i. Log files

When accessing our website, general information is automatically stored in the server log files (e.g. date, time, retrieved file, browser type). These data are used solely to ensure the secure operation of the website. No personal analysis takes place. Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest).

ii. Hosting

Our website uses Google Fonts for uniform display of fonts. The fonts are stored locally on our web server. When visiting our website, no connection to Google servers is established and therefore no personal data (e.g. IP addresses) are transmitted to Google. Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in a secure, fast and visually appealing presentation of our website).

iii. Google Fonts (locally embedded)

Our website is hosted by an external service provider. This provider supplies infrastructure, storage and security services. In this context, meta and communication data of users may be processed. Legal basis: Art. 6 (1) lit. f GDPR in conjunction with Art. 28 GDPR (data processing agreement).

c) Data processing when contacting us

i. Contact by e-mail

If you contact us by e-mail, the data you provide, including metadata (e.g. IP address, time of sending), will be stored for the purpose of processing your inquiry. Legal basis: Art. 6 (1) lit. b GDPR (pre-contractual measures) and Art. 6 (1) lit. f GDPR (legitimate interest).

ii. Contact via WhatsApp

Our website offers a button for contacting us via WhatsApp (a service of WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). When clicking the button, WhatsApp opens and data may be transmitted to WhatsApp (e.g. IP address, device data, communication content). Communication via WhatsApp is encrypted. Please note, however, that WhatsApp may share data with affiliated companies (e.g. Meta Platforms, USA).

Legal basis:

Art. 6 (1) lit. a GDPR (your consent by actively using the button)
Art. 6 (1) lit. b GDPR (processing of inquiries as part of pre-contractual measures).

Further information: https://www.whatsapp.com/legal/privacy-policy-eea https://www.whatsapp.com/legal/privacy-policy-eea

d) Online presence in social media

We maintain a LinkedIn profile, which can only be accessed via external links. Once you click the link, the data protection policies of the respective provider apply. We only process data insofar as you provide them to us (e.g. via comments or direct messages). Legal basis: Art. 6 (1) lit. a GDPR (consent).

4. Purposes and Legal Bases of Processing

Legitimate interests (Art. 6 (1) lit. f GDPR)
Interessenabwägung (Art. 6 Abs. 1 lit. f DSGVO)
Based on consent (Art. 6 (1) lit. a GDPR)
Legal obligations (Art. 6 (1) lit. c GDPR)

5. Recipients of Personal Data

Within our company, only authorized persons have access to your data. External recipients may include IT service providers, processors and public authorities, where legally required.

6. Transfer of Data to Third Countries

A transfer of personal data to third countries (e.g. USA) may occur when using services such as WhatsApp. We ensure appropriate safeguards in accordance with Art. 44 ff. GDPR (e.g. EU Standard Contractual Clauses).

7. Storage Period

We only store personal data for as long as necessary for the respective purposes. Statutory retention obligations (e.g. German Commercial Code, Fiscal Code) remain unaffected.

8. Rights of Data Subjects

You have the right to:

Access (Art. 15 GDPR)
Rectification (Art. 16 GDPR)
Erasure (Art. 17 GDPR)
Restriction of processing (Art. 18 GDPR)
Data portability (Art. 20 GDPR)
Object to processing (Art. 21 GDPR)

You also have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR).

9. Obligation to Provide Data

The provision of personal data is required in the context of contractual relationships. Without these, contracts cannot be carried out.

10. Right to Object (Art. 21 GDPR)

You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data based on Art. 6 (1) lit. f GDPR.

The objection can be addressed to: