Privacy policy


Engelbrecht Unternehmensberatung Personalberatung assigns the utmost importance to protecting your privacy and your personal data. We treat your personal data confidentially and in accordance with the legal data protection regulations and this privacy policy.

This privacy policy governs the processing of personal data of visitors to our website, as well as for contacting us by e-mail and telephone.

Please be aware that data transfer via the internet (e. g. e-mail) is subject to security risks and, therefore, complete protection against third-party access to transferred data cannot be ensured.

1. Who is responsible for data processing and whom can I contact?

The data controller is:

Engelbrecht Unternehmensberatung Personalberatung
Große Neugasse 4
50667 Köln

Tel.: +49 221 270888-0

2. What sources and data do we use?

You can access our website without directly providing any personal information (such as name, postal address or e-mail address). However, in order to enable you to access our website, we have to collect and store certain information.

Log files: We collect, store and use data about the access to our online offer (so-called server log files). The access logs of the web servers record which pages were accessed at which time. They contain the following data: IP, directory protection user, date, time, accessed pages, logs, status code, data volume, referrer, user agent, accessed host name. The IP addresses are stored anonymously. For this purpose the last three digits are removed, i.e. becomes 127.0.0.*. IPv6 addresses are also anonymized. The anonymized IP addresses are stored for 60 days. Details of the directory protection user used are anonymized after one day. Error logs, which log incorrect page views, are deleted after seven days. In addition to the error messages, these logs contain the accessing IP address and, depending on the error, the website called up.

We use this data for statistical evaluations for the purpose of operating, security and optimizing our online offer, but also for anonymous recording of the number of visitors to our website (traffic) and the extent and type of use of our website and services. Based on this information, we can provide personalized and location-based content and analyze traffic, troubleshoot and correct errors and improve our services. We reserve the right to subsequently check the log data if there is a justified suspicion of illegal use based on concrete evidence. We store IP addresses in the log files for a limited period of time if this is necessary for security purposes or for the provision of services. We also store IP addresses if we have concrete suspicion of a criminal offence in connection with the use of our website. 

Contacting us: If you contact us via one of the options offered on our website (e.g. by e-mail, telephone or letter), we process all personal data contained and stated in your message for the purpose of processing and answering your inquiry.

Links to other websites: Our website also offers a link to Google Maps. This link is not a "social plug-in" (i.e. buttons by means of which the operator providing the corresponding service can already collect information about the users of our website when they access our website). Please note, however, that when accessing this other service, information (possibly including personal data) about your visit may be collected by the operator of this service. Further information is contained in the data protection notice of the operator of the relevant offer (here Google Maps).

3. For what purpose do we process the data (purpose of processing) and on what legal basis?

The personal data possibly contained in the log files are processed to enable you to use our website; the processing is carried out in accordance with § 15 para. 1 German Telemedia Act (TMG), and Article 6 para. 1 f) GDPR to safeguard our legitimate interest in the operation of our website.

Data processing in the context of answering an enquiry or establishing contact is based on Article 6 para. 1 f) GDPR in order to safeguard our legitimate interest in establishing and maintaining business contacts. Insofar as your enquiry relates to the conclusion of a contract or to precontractual measures, we process your personal data on the basis of Article 6 para. 1 b) GDPR, in the context of employment relationships on the basis of § 26 BDSG.

We may also process the personal data processed in connection with your use of our website in order to fulfil legal obligations to which we are subject; this is done in accordance with Article 6 para. 1 c) GDPR.

If necessary, we may process personal data not only for the above-mentioned purposes but also to protect our legitimate interests or the interests of third parties; this is done in accordance with Article 6 para. 1 f) GDPR. Our legitimate interests include the assertion of legal claims and the defence of our interests in legal disputes, the prevention and investigation of criminal offences and the management and further development of our business activities, including risk management.

4. Who gets my data?

As a rule, your personal data is processed in our company. Depending on the type of personal data, only certain departments / persons have access to your personal data. A role and authorisation concept limits access within our company to the functions required for the respective processing purpose and to the extent necessary in this respect.

To the extent permitted by law, we may also disclose your personal data to third parties outside our company. In particular, these external recipients may include the following persons:

  • companies that are part of our group of companies, provided they are involved in the processing of inquiries or orders, in particular xaverius Unternehmensberatung Personalberatung GmbH,
  • service providers commissioned by us who provide services for us on the basis of a separate contract, which may also include the processing of personal data, as well as all subcontractors commissioned by our service providers with our consent,
  • shipping companies involved in the processing of a postal/parcel shipment, 
  • credit institutions involved in the processing of payments,
  • non-public and public bodies, insofar as we are obliged to transmit your personal data due to legal obligations.

5. Is data transferred to a third country or to an international organisation?


6. How long will my data be stored?

As a rule, we store your personal data as long as we have a legitimate interest in storing it and this interest outweighs your interest in discontinuing storage. We may also continue to store the data without a justified interest if we are legally obliged to do so (e.g. to fulfil archiving obligations). We will delete your personal data without your intervention as soon as the data is no longer required for the fulfilment of the processing purpose or its storage is otherwise prohibited by law.

The personal data that we have to store in order to fulfil the archiving obligations will be stored until the expiry of the respective archiving obligation. 

7. What data protection rights do I have?

Every data subject has the right of access under Article 15 GDPR, the right of rectification under Article 16 GDPR, the right of deletion under Article 17 GDPR, the right to restrict processing under Article 18 GDPR, the right of objection under Article 21 GDPR and the right of data transferability under Article 20 GDPR. With regard to the right to information and the right of deletion, the restrictions under §§ 34 and 35 BDSG apply. In addition, there is a right of appeal to a data protection supervisory authority (Article 77 GDPR in conjunction with § 19 BDSG).

You can revoke your consent to the processing of personal data at any time by contacting the data controller. This also applies to the revocation of declarations of consent that were given to us before the GDPR came into force, thus before 25 May 2018. Please note that the revocation is only effective for the future. Processing that took place before the revocation is therefore not affected by a revocation, we may continue to process your personal data – possibly to a reduced extent – if there is another legal basis for doing so, in particular due to legal obligations or an overriding legitimate interest. 

8. Is there an obligation for me to provide data?

In order to be able to respond to an inquiry addressed to us, we need at least your name and information on how we can contact you (e.g. postal address or e-mail address). We will not be able to process your request if the required information is not provided to us.

If we collect additional personal data from you, we will inform you in the course of collecting your data whether the provision of this data is based on a legal or contractual obligation or is a requirement necessary for the conclusion of a contract. In this regard, we usually identify information that can be provided voluntarily and whose provision is not based on the aforementioned obligations or is not necessary for the conclusion of a contract.

9. Is there automated decision making (including profiling)?


Information about your right of objection according to Article 21 GDPR

Right of objection based on individual cases

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6 para. 1 e) GDPR (data processing in the public interest) and Article 6 para. 1 f) GDPR (data processing based on a legitimate interest); this also applies to profiling within the meaning of Article 4 No. 4 GDPR.

If you object, we will no longer process your personal data, unless we can prove compelling reasons for processing that are worthy of protection, which outweigh your rights, interests and freedoms, or it serves to assert, exercise or defend legal claims.

The objection may be made in any form.