Data privacy

1. Introduction

As we want you to be secure when visiting our website, the protection of your personal data is our utmost priority. For this purpose, our privacy practice complies in particular with the requirements laid down in the EU General Data Protection Regulation, the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG-neu) and the Federal Telemedia Act (Telemediengesetz -TMG). At this point, we would like to inform you about the type, scope and purpose of the processing of your personal data. We would like to point out in advance that this Privacy Policy only refers to our website and its pages and does not apply to web pages of third parties to which we refer in the form of links.

2. Subject of Protection

Subject of protection is personal data, which is all information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”). This mainly includes data that enables to draw conclusions about your identity (e.g. information such as name, postal address, e-mail address and telephone number).

3. Purpose

Konen & Lorenzen is one of the leading companies in the field of recruitment consulting for the hotel, catering and tourism industry internationally. There are no standard requirements for the cooperation with our clients and applicants because every partner requires individual solutions that can only be developed with extraordinary dedication. This is the basis for the entire recruitment process of Konen & Lorenzen Recruitment Consultants, from needs assessment to follow-up support, specifically tailored to the needs of our applicants and clients.

Based on years of experience within the hotel industry at home and abroad, Konen & Lorenzen today has a team of qualified consultants in five locations, which displays a high level of expertise, flexibility and competence in a variety of fields.

By registering and sending your application documents, you will be added to our database. At the same time, you have the opportunity to apply for job advertisements on our website. The purpose of our database and the job board is to match employers and potential employees and to achieve the best possible solution for the positioning of qualified personnel within a company.

4. Collection and Processing of Personal Data

4.1 Homepage

4.1.1 Technical requirements

In order to establish a connection to our website, your browser sends certain data to the web server of our website. This is a technical necessity for providing you with the information you have called up. To enable this, data regarding your IP address, the date and time of your retrieval and the type of your operating system are stored and used for a maximum of 30 days. We reserve the right to store such data for a limited period of time in order to protect our legitimate interests and, in the event of unauthorised access or attempts to cause us deliberate damage, to initiate the tracing of personal data (Art. 6 para. 1(f) GDPR). Such data will be stored or transmitted by us for this purpose only and for no other purpose, without us informing you in advance and asking for your permission.

4.1.2 Cookies

Cookies are small text files that are stored on your computer or mobile device via your browser, for example to detect whether you visit websites repeatedly from the same device or browser. Generally, we use cookies to analyse interest in our website and to improve the user-friendliness of our website. In principle, however, you can also access our website without using cookies.

Cookies can usually be disabled or removed by using tools provided in most commercial browsers. The settings must be defined and individually set for each browser you use. For this purpose, the various browsers provide different functions and options.

In order to be able to use our website fully and comfortably, you should accept those cookies that enable the use of certain functions or make their use more comfortable. The following listing gives you an overview about the purpose for which our cookies are used and for how long they are stored:

List of Cookies:

When accessing our website, our cookie banner text informs you about the use of these cookies and you accept them by continuing to use them or by clicking on the “Accept” button.

Types of Cookies:

In order to explain the most common types of cookies to you in more detail, we have explained them below for your understanding:

Session Cookies:

Session cookies allow users and the changes they have made within a website to be recognised. They allow the website to track their movements across individual pages so that data that has already been entered/stored does not have to be entered/stored again, for example shopping carts used by online shops. The respective session cookie stores the chosen items in the shopping cart so that it contains the correct items when paying at the checkout. Session cookies are deleted when logging out or lose their validity once the session has expired automatically.

Persistent or Protocol Cookies:

A persistent or protocol cookie stores user information and settings on the user’s computer for the period of time defined by the respective cookie’s expiration date. This speeds up your access and makes it more convenient, for instance because you do not need to adjust your language settings or re-enter your login data every time. Such cookie is automatically deleted once the expiration of its storage period is reached.

Third-Party Cookies:

Third-party cookies usually have no influence on the use of the site, as they do not originate from the operator of the website. For example, they serve the purpose of collecting data for advertising, custom content and web statistics and passing it on to the respective third party provider.

Tracking Cookies:

Tracking cookies are special text files that provide the opportunity to collect data about the behaviour of an Internet user. This is intended to provide information about the user’s main interests, for example, in order to be able to place customised promotions. Tracking cookies are therefore set not only when logging in, but automatically when visiting the website.

The above-mentioned exemplary presentation of the most common forms of cookies is intended to give you a global overview of this form of collection. The present explanations do not claim to be complete. As a result of technical IT development, it can be assumed that other types of cookies will develop over time. Please check our Privacy Policy for current changes at regular intervals before using our website.

4.1.3 Using our contact forms

Our website provides contact forms, allowing you to get in touch with us for various purposes. To ensure a secure transfer of your data, we use a state-of-the-art encrypted connection that is protected by SSL certificate. By clicking on the “Submit Form” button you agree to transmit the data entered in the input mask to us. We store your name and e-mail address and, where appropriate, any other information you provide in order to be able to contact you and answer your enquiry in the best possible way. By doing this, on the one hand we can offer you the service you expect from us, and on the other hand we have the opportunity to continuously improve ourselves (Art. 6 para. 1(f) GDPR).

Our website also provides forms that can be used to send us your application. In addition to the information mentioned above, further information is required, which is necessary to take the measures required for your enquiry (Art. 6 para. 1(f) GDPR). Such information includes, among other others:

• Contact details
• Personal information (e.g. date of birth)
• Information on your school education and your professional career
• Language skills

Your data will only be processed to evaluate your application and stored to be recognised in the event of any renewed application.

4.1.4 Tracking tools

Our website uses functions of various web analysis services from other companies such as Google Inc. Below, we explain in more detail which services are involved and which data are analysed.

Use of Google Analytics with Anonymisation Function

We use Google Analytics, a web analysis service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter referred to as “Google”. Google Analytics uses cookies that enable an analysis of how you use our website. Data generated by cookies about the use of our website (e.g. when, where and how often you access our website, incl. IP address) is usually transmitted to a Google server in the USA and stored there. In order to eliminate the personal identification of your IP address, it will be shortened immediately upon its collection (e.g. by deleting the last 8 bits) and thus made anonymous. IP anonymisation also applies to all member states of the European Union or other member states of the European Economic Area. For more information about IP anonymisation and the use of data by Google, please visit: https://support.google.com/analytics/answer/2763052?hl=en.

If you want to decide on your own which data Google may collect regarding the website you visit, you can download a deactivation add-on for your Internet browser. However, such an add-on does not prevent data from being transmitted to us or other web analysis services used by us. For more information about using and installing the add-on, please visit:https://tools.google.com/dlpage/gaoptout?hl=en.

4.1.5 Shariff solution by c’t

Our website uses the so-called “Shariff solution” for sharing our content. In this way, we protect your privacy and prevent the unwanted transfer of data about your surfing habits through social media plug-ins such as Facebook, Google or Twitter. Social media plug-ins are usually integrated into websites via so-called “iframes”. As a result, personal data such as the IP address or locally stored cookies is already communicated to the social media services when loading the site. “Shariff” replaces social media plug-ins with simple HTML links and a script retrieves how often a site has already been shared or tweeted. Instead of your IP address, only our server address is communicated to the social media services. Only if you actively click on a plug-in, your above mentioned personal data will be transmitted by your consent. For more information on the “Shariff solution” by c’t, please visit: https://github.com/heiseonline/shariff.

4.1.6 Social media plug-ins

All information about the different plug-ins given below only applies provided that the Shariff solution by c’t is not used. Our website uses this solution so that no information is communicated to social media services without your consent.

Our website uses various social media plug-ins to expand and link our own Internet presence via social networks.

In the following, we will explain in more detail which plug-ins are involved.

Facebook

Our website contains plugins of the social network “Facebook”, which belongs to Facebook Inc.1601 South California Avenue, Palo Alto, CA 94304, USA, hereinafter referred to as “Facebook“. Facebook plug-ins can be identified by one of the Facebook logos (white „f“ on a blue background, terms such as “Like”, “Gefällt mir”, “Share”, “Teilen”, “Follow”, “Folgen” or a “Thumbs up” sign) or are marked with the addition “Facebook Social Plugin”. For any relevant information about the appearance and functions of the plug-ins, please visit: https://developers.facebook.com/docs/plugins.

From the moment you access our site, the stored plug-in establishes a direct connection between your browser and the Facebook servers. We as website operators have no influence on which and to what extent such plug-in transmits data to Facebook. According to Facebook, this is data about your visit to our site (e.g. IP address, date and time). However, once you click on one of the plug-ins, additional data are transmitted that can associate you directly with your Facebook account (if you have such an account and are logged in to it). Facebook processes such data to provide you with a personalised user experience on our website and to upgrade its own products. For more information, please visit: https://www.facebook.com/help/186325668085084.

Twitter

Our website contains functions (plug-ins) of the microblogging service Twitter, which are provided by Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, hereinafter referred to as “Twitter”. Such plug-ins are identifiable by one of the Twitter logos (white bird profile on a light blue background, or the other way around, and the addition “tweet”). When visiting our website, a direct connection is established between your browser and the Twitter servers. So-called “log data” are sent to Twitter via this connection, even if you do not have a Twitter account. According to Twitter, this may be your IP address, browser type, operating system or information about the websites you visit. Your web activity is not associated with your name, email address, phone number or your Twitter username. Twitter deletes, obfuscates or aggregates your log data after a maximum of 30 days. According to Twitter, all data collected by Twitter are used to personalise, evaluate and enhance its own services.

For information on Twitter’s Privacy Policy, please visit: https://twitter.com/de/privacy.

You can define your personalisation settings under https://twitter.com/personalization.

You can change your Twitter privacy settings in your account settings under https://twitter.com/login?redirect_after_login=%2Faccount%2Fsettings.

Google +1

Our website contains the plug-in “google+1”, which is provided and operated by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter referred to as “Google”. The Google plug-in is typically identifiable by a button marked “G” and “+”, or “+1”, as well as the added text “share” or “teilen”. From the moment you access our website, your browser establishes a direct connection to the Google servers and transmits all data collected by the plug-in from your visit to our website to Google. We as website operators have no influence on which and to what extent the plug-in sends data to Google.

If you are logged in via your “Google” or “Google Plus” account when visiting our site, the data collected by Google may be directly associated with that account. To avoid this, please log out of “Google” or “Google Plus” before visiting our website.

According to Google, the data collected about you will be processed for the purpose of enhancing Google’s services and personalising the content of the site.

Google will use the data communicated by you in accordance with its Privacy Policy. Please consult Google’s Privacy Policy by using the following link: https://policies.google.com/privacy?hl=en.

LinkedIn

This website incorporates plug-ins from the LinkedIn social network of LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA, hereinafter referred to as “LinkedIn”. You can typically identify them by the LinkedIn logo (the letters “in” in white on a blue background) and added text such as “share” or “teilen”. All information about the appearance of the LinkedIn plug-ins is provided under the following link: https://developer.linkedin.com/plugins.

LinkedIn logs data from the moment you visit our site and establishes a connection between your browser and the LinkedIn servers. We as website operators have no influence on which and to what extent the plug-in sends data to LinkedIn. According to LinkedIn, your logins, cookies, device information and IP addresses are used to identify you and track your usage. However, as soon as you click on one of the plug-ins, further data will be transmitted which directly associate you with your LinkedIn account (if you have such an account and are logged in to it). For more information, please refer to the LinkedIn Privacy Policy at: https://www.linkedin.com/legal/privacy-policy.

Pinterest

Our site uses social plug-ins of the social network Pinterest, which is operated by Pinterest Inc, 808 Brannan Street San Francisco, CA 94103-490, USA (“Pinterest”). When you access a site that contains such a plug-in, your browser establishes a direct connection to the Pinterest servers. The plug-in transmits log data to the Pinterest server in the USA. Such log data may include your IP address, the address of the sites you visit, which also includes Pinterest functions, the type and settings of your browser, the date and time of your request, information on how you use Pinterest, and cookies.

For more information about the purpose, scope and further processing and use of the data by Pinterest as well as your rights and means of protecting your privacy, please consult the Pinterest Privacy Policy: https://about.pinterest.com/en/privacy-policy.

5. Further General Information

5.1. Changes to our present Privacy Policy

We check our Privacy Policy at regular intervals for compliance with legal provisions, court rulings, the statements of supervisory authorities as well as for alignment with emerging trends and the development of technical standards. In this respect, we reserve the right to make changes to our Privacy Policy in order to adapt it to new legal provisions on data protection and other changes in the factual or legal situation. Therefore, please always inform yourself at the beginning of using our website about our Privacy Policy applicable at the relevant time.

5.2 Who is responsible for the data processing? (Art. 13 para. 1 (a), (b) GDPR)

Responsible for the data processing on our website is Konen & Lorenzen GmbH & Co. KG. You can find the contact details in our Legal Notice: https://www.konen-lorenzen.com/legal-notice/.

You can contact our data protection officer at the following address:

Konen & Lorenzen GmbH & Co. KG

Attn.: Data Protection Officer

Kaiserswerther Straße 282

D-40474 Düsseldorf

E-Mail: datenschutz@konen-lorenzen.deSuccessfully Encoded

Phone: +49 (0) 211 239 554 – 14

5.3 Who gets your personal data? (Art. 13 para. 1(e), (f) GDPR)

We treat your personal data confidentially and do not pass them on to third parties, unless you have given your consent or such provision is based on a legal or contractual obligation. In isolated cases, we engage processors to process your personal data. This is done in accordance with Art. 28 GDPR and on the basis of a data processing agreement.

Furthermore, it should be noted that Konen & Lorenzen also has branches and businesses outside the European Union and some recipients are located in countries, which may not have an adequate level of data protection within the meaning of the European Data Protection Regulation (GDPR). For this reason, all affiliated companies outside the European Union are contractually bound by the standard data protection clauses enacted by the commission in accordance with the review procedure under Art. 46 para. 5, 2 GDPR. Among the affiliated companies of Konen & Lorenzen are Konen & Lorenzen GmbH & Co. KG, Konen & Lorenzen International GmbH & Co. KG and Konen & Lorenzen Management & Real Estate Solutions GmbH in Germany and Konen & Lorenzen International AG in Switzerland.

By registering via our online form, you also make your data available to these affiliated companies. Should you wish to restrict the use of your data for these companies, you can inform Konen & Lorenzen in writing, by e-mail to info@konen-lorenzen.com

5.4 How long is your data stored? (Art. 13 para. 2(a) GDPR)

The legislator has enacted a variety of retention obligations and periods.

In principle, we only store your data for as long as legally required.

After expiry of such periods, the corresponding data is routinely deleted if it is no longer necessary to fulfil the contract. Data that we process on the basis of your consent will be stored until revoked or as long as the data is required. We store such data on the basis of a legitimate interest for as long as the legitimate interest exists.

Commercial or financial data regarding a closed business year will be deleted after a further ten years in accordance with legal regulations, unless longer retention periods are prescribed or required for legitimate reasons. If data is not subject to specific retention period, they are deleted when the purposes for which they are processed cease to apply.

5.5 For what purposes and on what legal basis do we process your personal data? (Art. 13 para. 1(c), (d) GDPR)

We have already explained the purposes and legal bases of data processing. In addition, the following generally applies: if necessary, we process your data to protect our or third parties’ legitimate interests pursuant to Art. 6 para. 1(f) GDPR, for example, for asserting legal claims and defending against litigation matters or for guaranteeing IT operations and security.

If we have a legitimate interest or have received your written consent to process your personal data, we process your data for the purposes of external communication and marketing according to Art. 6 para. 1(a) or (f) GDPR. You have the right to revoke your consent at any time.

In order to comply with legal requirements, we may or must, if necessary, process your data and pass it on to third parties (pursuant to Art. 6 para. 1(c)).

We do not use your data in any way for automated decision-making or profiling.

We also use cookies to provide you with an improved service when using our website and to make the use of this website easier for you (Art. 6 para. 1(f) GDPR).

5.6 What are your rights and obligations? (Art. 13 para. 2(b), (c), (d), (e) GDPR)

Any data subject has the following rights. According to:

• Art. 15 GDPR you have the right to information. This means that you may require us to confirm whether personal data concerning your person is processed by us.
• Art. 16 GDPR you have the right to correction. This means that you may require us to correct any inaccurate personal data concerning your person.
• Art. 17 GDPR you have the right to deletion (“right to be forgotten”). This means that you may require us to delete personal data concerning your person immediately, unless we cannot delete your data, for example, because we have to observe legal retention obligations.
• Art. 18 GDPR you have the right to restrict processing. This means that we are not allowed to process your personal data any more, apart from storing it.
• Art. 20 GDPR you have the right to data portability. This means that you have the right to receive the personal data concerning your person that you have provided us in a structured, common and machine-readable format and to communicate this data to another person in charge.
• Art. 7 para. 3 GDPR you have the right to revoke your consent for the future at any time.
• Art. 13 GDPR you have a right of appeal to the competent supervisory authority.

Furthermore, you have the right of objection that we explain in more detail at the end of this privacy information.

If you wish to exercise your rights, please contact our data protection officer (for contact details see above).

Competent supervisory authority

Landesbeauftragte für Datenschutz (Privacy officer for North Rhine Westphalia)

Nordrhein-Westfalen

Street address: Kavalleriestr. 2-4, 40213 Düsseldorf

Mailing address: Postfach 200444, 40102 Düsseldorf

Phone: +49 (0) 211 38424 -0

E-mail address: poststelle@ldi.nrw.de