Privacy Policy

Privacy Statement

This privacy statement serves to inform you of the processing of personal data when using our website, in accordance with Art. 13, 14 GDPR.

You may visit our website and retrieve its content without providing personal information. Only if you send us a message using the contact form or in any other manner do we collect the data that you provide.

1.0 Controller

hicklvesting Public Relations GbR, Klenzestraße 7, 80469 München, T +49 89 38380185,  munich@hicklvesting.com

2.0 Processing of personal data when visiting the website

2.1 Log files

For technical reasons, the following data are recorded, including data which your Internet browser transmits to us or to our webspace provider (so-called server log files):

• type and version of your browser
• operating system in use
• referrer URL
• webpage that you are visiting
• date and time of your access
• your Internet protocol (IP) address

We use this information for statistical purposes only, to analyze your use of the website and to create reports regarding the use of the website and, under certain circumstances, to be able to trace illegal activities.

The data in log files are stored for 7 days and then deleted or made anonymous by deleting the IP address.

Art. 6 (1) sentence 1 lit. f GDPR constitutes the legal grounds for this (pursuit of legitimate interests). Personal data are processed on the grounds of our legitimate interests in analyzing the use of our website and optimizing our information offer as well as ensuring system security and preventing any misuse.

2.2 Cookies

We use a cookie, meaning a small text file, which your browser stores on your terminal device. The cookie used is a session cookie, meaning it remains active until your browser session ends, after which it is automatically erased. The cookie which is placed when prompting the website saves the language that you chose to view the website.

You may prevent the storing of cookies by selecting the appropriate settings on your browser; however, please note that if you do this you may not be able to use the full functionality of this website.

2.3  Google Analytics

We use Google Analytics on our website. This is a web analytics service provided by of Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Irland (hereinafter: Google). The Google Analytics service is used to analyze how our website is used. The legal basis is Article 6(1)(a) GDPR (consent), if you have given your consent to the use of Google Analytics when accessing our website.

You may access the cookie preferences in the footer of the page again in order to revoke your consent.

Google Analytics uses cookies to analyse how you use our web pages. The information on your use of this website will be normally transferred to a Google server in the US and will be stored there.

Usage and user-related information, such as IP address, place, time, or frequency of your visits to our website will be transmitted to a Google server in the United States and stored there. However, we use Google Analytics with the so-called anonymization function, whereby Google truncates the IP address within the EU or the EEA before it is transmitted to the US.

Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, is based in a third country outside the territorial scope of application of the GDPR. The USA does not provide an adequate level of protection for the processing of personal data within the meaning of Article 45 GDPR, as the European Court of Justice ruled in its judgment of 16 July 2020 (Case C-311/18). However, the transfer of personal data to a third country without an adequate level of protection and without appropriate safeguards (Art. 46 GDPR) is exceptionally permitted under Art. 49(1)(a) GDPR if the data subject gives his or her consent. We therefore request your consent for the use of Google Analytics when accessing our website. Googly Analytics will not be used if no consent is given. We would like to point out that according to the ruling of the European Court of Justice in the USA, security authorities and secret services can access personal data of non-American citizens without the legal provisions containing sufficient limitations, in particular proportionality, and that these provisions in part also do not provide for effective legal protection against such interference.

The data collected in this way is in turn used by Google to provide us with an evaluation of visits to our website and what visitors do once there. This data can also be used to provide other services related to the use of our website and of the internet in general.

The data transmitted to us and linked to cookies will automatically erased after 14 months. Data whose retention period has been reached is automatically erased once a month.

Google states that it will not connect your IP address to other data. In addition, Google provides further information with regard to its data protection practices at including options you can exercise to prevent such use of your data.

In addition, Google offers an opt-out add-on at in addition with further information. This add-on can be installed on the most popular browsers and offers you further control over the data that Google collects when you visit our website. The add-on informs Google Analytics’ JavaScript (ga.js) that no information about the website visit should be transmitted to Google Analytics. However, this does not prevent information from being transmitted to us or to other web analytics services we may use as detailed herein.

2.4 reCAPTCHA

We use the functionality of “reCAPTCHA”, which is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. We use this functionality in ordert o detect if input, e.g. in an online form, is made by humans rather than automatic machines (so called „bots“). The data processed may include IP addresses, information on operating systems, devices, browsers, language settings, location, mouse movements, keystrokes, timespan spent on websites, previously visited websites, interactions with reCAPTCHA on other websites and possibly cookies and the result of manual detection procedures (such as answering questions or selecting objects in images).

Please find further information at https://www.google.com/recaptcha/ and https://policies.google.com/privacy.

The legal basis is Article 6(1)(f) GDPR. We use reCAPTCHA for the pursuit of legitimate interests, namely the prevention of misuse.

3.0 Processing of personal data which you provide to us

3.1 Enquiries

If you contact us, we will process the data you provide to process your request.

The legal basis is Article 6(1)(b) GDPR (step prior to entering into a contract).

3.2 Applications

We offer you the opportunity to apply for a job with us by e-mail. With these digital applications, your application data will be collected and processed electronically by us for the purpose of handling the application procedure.

If necessary, we will make enquiries with training institutions, previous employers and other references you have mentioned in your application. In this case, we process the data provided by the third party named by you to evaluate your application.

The legal basis for this processing is Section 26(1) sentence 1 BDSG (German Federal Data Protection Act).

If an employment contract is concluded after the application procedure, we will store the data you provide during the application process in your personnel file for the purpose of the usual organisational and administrative process – this is, of course, in compliance with all other legal obligations.

The legal basis for this processing is also Section 26(1) sentence 1 BDSG.

We will store a rejected application for up to six months after the end of the application procedure with regard to possible claims under the AGG (German Anti-Discrimination Law).

The legal basis in this case is Article 6(1)(f) GDPR and Section 24(1)(2) BDSG. Our legitimate interest is the defence or enforcement of legal claims.

If you expressly consent to a longer storage of your data, e.g. for your inclusion in a database of applicants or interested parties, your data will be further processed based on your consent. The legal basis is then Article 6(1)(a) GDPR. However, you can of course revoke your consent at any time in accordance with Article 7(3) GDPR with effect for the future.

If necessary, we will store your data for up to ten years in order to comply with legal obligations, e.g. in the event of reimbursement of travel expenses the corresponding documents, to the extent that this is necessary in accordance with the obligations to retain documents under tax law and commercial law.

The legal basis in this case is Article 6(1)(c) GDPR.

3.3 Newsletters

When you subscribe to a newsletter, you give us your consent to processing your name and email address for sending you the newsletter. The legal basis is Article 6(1)(a) GDPR. You may revoke your consent at any time by unsubscribing from the newsletter.

4.0 Recipients of data

We use the following service providers (processors) who process data on our behalf:

• Fabian Magnus Isensee, Steinstr. 54, 81667 München
• klargedacht UG, Welserstr. 10-12, 10777 Berlin
• loswebos.de GmbH, Tschaikowskistr. 21, 04105 Leipzig
• The Rocket Science Group LLC, 675 Ponce de Leon Ave NE
  Suite 5000, Atlanta, GA 30308, USA (in case you have subscribed to a newsletter)

If you have consented to the use of Google Analytics, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, also collects personal data (see section 2.3).

For sending newsletters we use the service “Mailchimp” provided by The Rocket Science Group LLC, which is located in the USA. The USA does not provide an adequate level of protection for the processing of personal data within the meaning of Article 45 GDPR. Therefore the processing is based on an appropriate safeguard according to Article 46 GDPR. We have agreed with The Rocket Science Group LLC the Standard Contractual Clauses published by the EU Commission. The Standard Contractual Clauses form part of the Data Processing Addendum, which is available at https://mailchimp.com/legal/data-processing-addendum/.

Without your consent, we will forward your personal data to third parties in the following cases only:

• Insofar as this is required for us to perform our contractual obligations. Art. 6 (1) lit. b GDPR constitutes the legal grounds for this.
• Insofar as this is required for us to pursue our legitimate interests. Our legitimate interests encompass in particular the assertion of claims. Art. 6 (1) lit. f GDPR constitutes the legal grounds for this.
• To comply with a legal obligation, e.g. in relation to tax authorities. Art. 6(1) lit. d GDPR constitutes the legal grounds for this.

5.0 Time period for storing data

We store your data for as long as this is required to process an enquiry or to perform the contract. This does not include data which we are not permitted to erase by virtue of a legal requirement (e.g. documents which must be kept under tax law and commercial law requirements) and data which are necessary to pursue legitimate interests, for example the assertion of claims.

6.0 Privacy Information for Instagram and LinkedIn

In addition to the other information contained in this Privacy Policy, the following applies to our Instagram channel https://www.instagram.com/hicklvesting.pr/ and to the LinkedIn profiles of Barbara Hickl and Nicole Vesting.

6.1 Controller

Instagram: Joint controllers within the meaning of Art. 26 GDPR are hicklvesting Public Relations GbR (see section 1) and Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland, e-mail: impressum@support.instagram.com, fax: +1 650 543 5340. You may contact the data protection officer of Facebook at https://help.instagram.com/contact/186020218683230

LinkedIn: Joint controllers within the meaning of Art. 26 GDPR are Barbara Hickl (for contact details see section 1) or Nicole Vesting, hicklvesting Public Relations GbR, Klenzestraße 7, 80469 Munich, T +49 89 383 801 85, munich@hicklvesting.com and LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

6.2 Instagram Insights

We use Instagram Insights. This means that part of the usage data collected by Facebook is made available to us in anonymised form as a statistical evaluation. The data processing by Facebook itself is not anonymised. In this regard you should contact Facebook directly.

The data is stored solely for statistical purposes. This statistical analysis relates only to the audience, content and activity on our Instagram page. Settings can be made for the evaluation of the audience or appropriate filters can be set with regard to the selection of a time period, access to a specific posting and demographic groupings.

In addition, Facebook collects and processes further personal data of users by using tracking and analysis tools. As far as your behaviour when visiting our Instagram page is evaluated by tracking and analysis tools integrated by Facebook, we have no influence on this processing of data. Facebook is the controller as defined by data protection law with respect to this processing. Therefore, please contact Facebook directly with any enquiries regarding tracking and analysis tools.

6.3 Interactive functions of Instagram

If you use certain interactive functions, such as comments or “liking” of postings, a a registered user, these actions are visible for us as well as for the other registered users. In this way, we can normally establish a direct link to you or your Instagram account.

The legal basis for this is Article 6(1)(b) GDPR (performance of a contract, if you trigger a function desired by you) and Article 6(1)(b) GDPR (pursuit of legitimate interests). Our legitimate interest is to be able to offer you content adapted to your interests.

Please note that we have no influence on visibility of your interactions. The nature, scope and duration of the processing and storage of personal data is determined solely by Facebook. You can therefore request information on the storage period as well as available options for objection directly from Facebook. You can delete your interactions yourself at any time (see https://de-de.facebook.com/help/instagram/289098941190483).

6.4 Other processing of data by Facebook

Facebook describes its own processing in the Instagram Data Policy: https://help.instagram.com/519522125107875?helpref=page_content. In this context Facebook is the sole controller.

Facebook processes information about the content provided and shared, networks and connections used, transactions carried out on Facebook and Instagram, and the end devices used (device attributes, device IDs, device signals, cookies, etc.). Facebook also collects the above data from people who are not logged in to any of the Facebook services. Facebook uses this information for its own purposes, in particular to place advertisements, improve its own products and user tracking.

Please see for more information: https://www.facebook.com/policies/cookies/, https://www.facebook.com/legal/terms/page_controller_addendum, https://www.facebook.com/about/basics/manage-your-privacy

Facebook may transfer the data collected about you to countries outside the European Economic Area. Facebook uses the standard contractual clauses (see https://de-de.facebook.com/help/566994660333381) as an appropriate guarantee in accordance with Article 46 GDPR.

6.5  LinkedIn

We use the Page Insights function to obtain anonymised statistical data on the users of our profiles. Information about Insights and LinkedIn pages can be found at https://www.linkedin.com/legal/privacy-policy?_l=de_DE. LinkedIn sets cookies. For more information about LinkedIn’s use of cookies, please visit https://www.linkedin.com/legal/cookie-policy?_l=de_DE.

LinkeIn uses the data processed when you visit our profiles to create statistics on the use of our profiles. This makes us aware of the profiles of visitors as well as demographic and geographical analyses. We can use this information to place targeted interest-based advertisements without immediately knowing the visitor’s identity. LinkedIn will only send us the visitor statistics generated in anonymous form.

The processing of users’ personal data is based on our legitimate interests, namely presenting us and our services. The legal basis is Article 6(1)(f) GDPR.

Please note that LinkedIn Ireland Unlimited Company may transfer personal data to LinkedIn, 1000 W Maude Ave, Sunnyvale, CA 94085, USA, and therefore personal data of users may be processed in a third country outside the territorial scope of applictation of the GDPR.

If you want to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Details of how they handle your personal information are set out in the LinkedIn Privacy Policy: https://www.linkedin.com/legal/privacy-policy.

6.6 Contact via Instagram or LinkedIn

Section 3.1 applies accordingly.

7.0 Your rights

You have the following rights provided that the respective legal requirements apply:

• You may revoke your consent at any time (Article 7(3) GDPR).
• You have the right of access to personal data stored on you as a data subject (Art. 15 GDPR).
• You have the right to demand the rectification of incorrect personal data (Art. 16 GDPR).
• You have the right to demand the erasure (Art. 17) or the restriction of processing of data (Art. 18 GDPR) that are no longer required. If legal retention requirements apply, e.g. for business correspondence under commercial law and tax law or if any other legal exception applies, data will not be erased and instead, their processing will be restricted only.
• You have the right to data portability (Art. 20 GDPR), meaning the right to request that we provide the data that you shared with us in a structured, commonly-used and machine-readable format and that these data be transmitted to another controller without hindrance on our behalf; where applicable, you also have the right to request that we transmit the data directly to another controller, insofar as this is technically feasible.

You may object to the processing of your data for the purposes of direct marketing at any time, and even to any other form of processing of your data on grounds relating to your particular situation (Art. 21 GDPR).

To assert your rights, please refer to the above address.

If you believe that the processing of your data breaches data protection laws, you may lodge a complaint with a supervisory authority (Art. 77 GDPR). The respective local supervisory authorities responsible for us are: Bavarian Data Protection Authority (Bayerisches Landesamt für Datenschutzaufsicht), Promenade 18 (Schloss), 91522 Ansbach, Germany (https://www.lda.bayern.de/); Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragte für Datenschutz und Informationsfreiheit), Maja Smoltczyk, Friedrichstr. 219, 10969 Berlin (https://www.datenschutz-berlin.de)

As of: October 2021