Data protection

We have taken the technical and organisational measures to ensure that the data protection regulations are observed both by us and by any service providers.
This privacy policy explains to you the nature, scope and purpose of the processing of personal data (hereinafter referred to as “data”) within our website and the associated websites, functions and content as well as our external online presences, such as our social media profiles (hereinafter referred to as “online offer”).
Responsible
The person responsible for the collection, processing and use of your personal data in the sense of Art. 4 No. 7 DSGVO is

S&B Strategy GmbH
Managing directors: Patrick Seidler, Christoph Blepp
Bluetenstr. 20
80799 Munich, Germany
T +49 – 89 – 200 60 125
info[a]sandb-strategy.com

Types of data processed

Inventory data (e.g. your name, address)
Contact details (e.g. your e-mail address, telephone number)
Content data (e.g. your text entries on our site, photographs, videos that you upload)
usage data (e.g. the subpages you visited, access times)
Meta/communication data (e.g. device information, IP addresses)
Categories of data subjects
Visitors and users of the online offer (hereinafter: “users”), customers, interested parties, business partners.
Purpose of processing

Provision of the online offer, its functions and contents
Answering contact requests and communicating with users
safety precautions

Reach measurement/Marketing

Terms used
“Personal data’ means any information relating to an identified or identifiable natural person (hereinafter ‘data subject’); a natural person who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier (e.g. a cookie) or to one or more specific characteristics which are an expression of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (Article 4(1) DSGVO), is regarded as identifiable.
“Processing” means any operation or set of operations relating to personal data, whether or not by automatic means, such as collection, recording, organisation, sorting, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or association, limitation, erasure or destruction (Article 4(2) DSGVO).
“Profiling” means any automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the work performance, economic situation, health, personal preferences, interests, reliability, behaviour, whereabouts or movements of that natural person (Art. 4 para. 4 DSGVO).
“Pseudonymisation” means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the involvement of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures ensuring that the personal data are not attributed to an identified or identifiable natural person (Art. 4 No. 5 DSGVO).
“Responsible” means the natural or legal person, public authority, agency or other body which alone or jointly with others decides on the purposes and means of the processing of personal data (Art. 4 No. 7 DS Block Exemption Regulation).
“Processor” means any natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller (Art. 4 No. 8 DSGVO).

Applicable legal bases

Art. 13 DSGVO stipulates that we inform you about the legal basis of our data processing. If the legal basis is not expressly mentioned within the following data protection declaration, the following applies:
The legal basis for obtaining consent is Art. 6 para. 1 lit. a and Art. 7 DSGVO.
The legal basis for the processing for the fulfilment of our services and the implementation of contractual measures as well as the answering of inquiries is Art. 6 para. 1 lit. b DSGVO.
The legal basis for the processing to fulfil our legal obligations is Art. 6 para. 1 lit. c DSGVO.
The legal basis for processing to safeguard our legitimate interests is Art. 6 para. 1 lit. f DSGVO.
The legal basis for the case that vital interests of the data subject or another natural person necessitate the processing of personal data is Art. 6 para. 1 lit. d DSGVO.

Safety precautions

To secure your data, we maintain technical and organizational security measures in accordance with Art. 32 DSGVO, which we continually adapt to the state of the art.
In particular, these measures include ensuring the confidentiality, integrity, and availability of data by controlling physical access to the data.
We have established procedures to ensure that data subjects’ rights are exercised, that data is deleted and that data is reacted to if it is endangered.
Furthermore, we take into account the protection of personal data through technology design (privacy by design) and through data protection-friendly default settings (privacy by default), Art. 25 DSGVO.
We transmit your personal data in encrypted form. This applies to all communication via our website. We use the SSL (Secure Socket Layer) coding system. However, we would like to point out that data transmission over the Internet, e.g. communication by e-mail, can be subject to security gaps.
Cooperation with contract processors and third parties
Insofar as we disclose data to contract processors or third parties within the scope of our processing, transfer them to them or otherwise grant them access to the data, this shall only take place on the basis of legal permission, e.g. if you have consented to Art. 6 Para. 1 lit. a DSGVO, the transfer to third parties pursuant to Art. 6 Para. 1 lit. b DSGVO is necessary for the performance of the contract, a legal obligation provides for this, Art. 6 Para. 1 lit. c DSGVO, or on the basis of our legitimate interests, Art. 6 Para. 1 lit. f DSGVO, or on the basis of our legitimate interests, Art. 6 Para. 1 lit. f DSGVO.
In the case of contract processors, the transfer takes place on the basis of the contract concluded with the contract processor pursuant to Art. 28 DSGVO.

Transfers to third countries

A transfer of data to a third country, e.g. when using the services of third parties, only takes place if it is done to fulfil our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests in accordance with the aforementioned legal bases. Subject to other legal or contractual permissions, we process or allow the data to be processed in a third country only if the special requirements of Art. 44 ff. of the German Data Protection Act are met. DSGVO (e.g. on the basis of special guarantees, such as the officially recognised determination of a data protection level corresponding to the EU (e.g. for the USA by the “Privacy Shield”) or compliance with officially recognised special contractual obligations (so-called “standard contractual clauses”)).

Rights of data subjects

Right to confirmation and information: According to Art. 15 DSGVO, you have the right to receive confirmation from us as to whether personal data concerning you will be processed. If this is the case, you have the right to request from us, free of charge, information about the personal data stored about you, together with a copy of this data.

Right to rectification

Pursuant to Art. 16 DSGVO, you have the right to demand that we correct any incorrect personal data concerning you. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data.
Right to deletion: Pursuant to Art. 17 DSGVO, you have the right to demand that personal data concerning you be deleted immediately.

Right to limitation of processing

Under the conditions of Art. 18 DSGVO, you have the right to request a restriction on the processing of personal data.
Right to data transfer: Pursuant to Art. 20 DSGVO, you have the right to demand that the personal data concerning you which you have provided to us be received in a structured, common and machine-readable format and that it be transferred to other responsible parties as far as this is technically feasible.
Right of withdrawal: Pursuant to Art. 7 (3) DSGVO, you have the right to revoke your consent to the processing of personal data at any time with effect for the future.
Right of objection: Pursuant to Art. 21 DSGVO, you have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you on the basis of Art. 6 para. 1 lit. e or f DSGVO.
You may exercise the aforementioned rights at any time vis-à-vis the above-mentioned person in charge or the above-mentioned data protection officer.
Right to complain to a supervisory authority: Pursuant to Art. 77 DSGVO, you have the right to submit a complaint to the competent supervisory authority.

Deletion of data

Unless otherwise expressly stated, the data stored by us will be deleted in accordance with Art. 17 DSGVO as soon as they are no longer required for their intended purpose and there are no legal obligations to retain them.
If the data are not deleted because they are required for other and legally permissible purposes, their processing will be restricted in accordance with Art. 18 DSGVO, i.e. the data will be blocked and not processed for other purposes. This applies, for example, to data that must be stored for commercial or tax reasons. According to legal requirements in Germany, the storage takes place in particular for 10 years according to §§ 147 Paragraph 1 No. 1, 4 and 4a, Paragraph 3 AO, 257 Paragraph 1 No. 1 and 4, Paragraph 4 HGB (German Commercial Code) (books, records, management reports, accounting records, commercial books, documents relevant for taxation, etc.) and 6 years according to §§ 147 Paragraph 1 No. 2, 3 and 5, Paragraph 3 AO, 257 Paragraph 1 No. 2 and 3, Paragraph 4 HGB (German Commercial Code) (commercial letters).
Operation of the website and access to the website
The hosting services used by us at our hosting provider serve the provision of the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services as well as technical maintenance services which we use for the purpose of operating the website.
Here we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to this online service on the basis of our legitimate interests in the efficient and secure provision of this online service pursuant to Art. 6 Para. 1 S. 1 f) DSGVO in connection with Art. 28 DSGVO.
We or our hosting provider also process access data. These include:
Name and URL of the retrieved file
Date and time of retrieval
transferred data volume
Message about successful retrieval (HTTP response code)
Browser type and browser version
operating system
Referer URL (i.e. the previously visited page)
Websites accessed by the user’s system through our website
Internet service provider of the user
IP address and the requesting provider
We use this log data without allocation to your person or other profiling for statistical evaluations for the purpose of operating, security and optimisation of our online services, but also for anonymous recording of the number of visitors to our website and for the scope and type of use of our website and services, as well as for billing purposes, to measure the number of “clicks” received from cooperation partners. This information enables us to provide personalized, location-based content and analyze traffic, troubleshoot and correct errors, and improve our services.
This is also our legitimate interest pursuant to Art. 6 Para. 1 lit. f DSGVO.
We reserve the right to subsequently check the log data if there is a justified suspicion of illegal use on the basis of concrete indications. We store IP addresses in the log files for a limited period of time if this is necessary for security purposes or for the provision of services or the billing of a service, e.g. if you use one of our offers. After the order process has been aborted or after payment has been received, we delete the IP address if it is no longer required for security purposes. We also store IP addresses if we have the concrete suspicion of a criminal offence in connection with the use of our website.

Contact us

When contacting us (e.g. by e-mail, telephone or via social media), the user’s details will be processed in order to process the contact request and its processing in accordance with Art. 6 Para. 1 lit. b) DSGVO. Answering your request also constitutes our legitimate interest in the processing of your transmitted data pursuant to Art. 6 para. 1 lit. f) DSGVO.
We will delete the requests if they are no longer necessary. We check the necessity regularly, at the latest every two years. Furthermore, the statutory archiving obligations apply.
Google Maps
We integrate the maps of the service “Google Maps” of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The data processed may include in particular IP addresses and location data of users, which are not collected without their consent (usually within the framework of the settings of their mobile devices). The data can be processed in the USA. You can find Google’s privacy policy at https://www.google.com/policies/privacy/, and you can opt out here: https://adssettings.google.com/authenticated.
Modification of this privacy policy
We will revise this privacy statement if we make changes to our website or for any other reason that makes it necessary to do so. You will always find the current version on our website.
Privacy policy status: 01 October 2019.