Data Protection

Information Security

External Data Protection Officer
External Information Security Officer
Penetration Testing

Contributions from
Holzhofer Consulting
self test
Data protection information

The following information is to be provided pursuant to Art. 13 et sqq. General Data Protection Regulation (GDPR) where personal data are collected from the data subject.

Identity and contact details of the controller

Holzhofer Consulting GmbH
Lochhamer Straße 31
D-82152 München - Planegg
Tel.: (0 89) 1 25 01 56 00
(hereinafter "Holzhofer Consulting", "we, "us").

Purposes of the processing for which the personal data are intended as well as the legal basis for the processing

  1. Data processing for performing of a contract between you and us (Art. 6 para. 1 lit. b GDPR)
  2. In order to fulfil the existing contractual relationship, provide the services owed and send you contractual documents, we and third parties or contract processors commissioned by us process the following data from you, provided that you have submitted it to us upon conclusion of the contract or in the course of the contractual relationship:

    • personal data (name, address, telephone, fax number, e-mail address, homepage if applicable)
    • Bank details (IBAN, bank, account holder) and payment information
    • When contacting us (e.g. via e-mail), the user's details are stored for the purpose of processing the request and in the event that follow-up questions arise (pre-contractual measures).

  3. Use of data on the basis of your consent (Art. 6 para. 1 lit. a GDPR)
  4. In the case of an advertising contact, we will only communicate with you via the channels to which you have given your consent, except by post. We use your data for the following purposes:

    • Quality assurance: In order to continuously improve our services and products for you, we conduct surveys about your satisfaction, as well as your experiences from your contractual relationship.
    • General and personalised marketing.
    • If you have given us a corresponding SEPA direct debit mandate, we will also use your bank details. We collect outstanding amounts via the SEPA direct debit mandate in accordance with the contractual agreements.
    • If you apply for a job offer published on the website, the purpose of data processing is to execute the application procedure. The legal basis for this is Art. 88 GDPR, section 26 FDPA-new.

Commitment to the provision of data

The provision of name and address is obligatory for a consulting contract. If you do not provide us with this information, no consulting contract will be concluded with us. All other data is voluntary.

If you are applying for a job offer from us, the provision of title, first name, surname, address is required for the application procedure. Non-provision would mean that an employment contract could not be concluded or could not be implemented.

Automated individual decision-making, including profiling

Holzhofer Consulting does not carry out any profiling measures.

Data transfer to a third country

In principle, data is not transmitted to countries outside the EU and the European Economic Area ("third countries"). Data transfers to third countries may only occur within the scope of the administration, development and operation of IT systems. The transmission only takes place in the following cases:

  • The transfer is generally permissible because a legal basis for authorization has been fulfilled or you have given your consent to the transfer of data and
  • the special conditions for transfer to a third country are fulfilled.

Recipients of personal data and data sources

  1. Categories of recipients of personal data
  2. To the extent permitted by law, we pass on personal data to external service providers:

    • Credit institutions and providers of payment services for invoicing and settlement of payments.
    • IT service providers for the operation and maintenance of our IT infrastructure.
    • Telecommunications service providers for operating our telephone system.
    • Debt-collection service providers and lawyers to collect claims and enforce claims in court. If personal data (customer and contact data, payment and consumption point data and data on receivables) is transferred to a debt-collection service provider in the case of collection, we will inform you in advance of the intended transfer.

  3. Data sources
  4. We process personal data that we have received from you in the course of our business relationships. To the extent necessary for the provision of our services, we process personal data which we may obtain from publicly accessible sources (debtor registers, land registers, commercial and association registers, press, Internet) or which are legitimately transmitted by other third parties (an inquiry agency or an address service provider).

Storage period and criteria for determining that period

We store your data for the period of the existing contract and after termination of the contract for a period until the fiscal tax audit of the last calendar year in which you were our customer. If there are legal retention periods, we are obliged to store the data until the expiry of these periods. After expiration of the legal storage obligations, which result primarily from the commercial and tax law (in particular Sections 147 AO and 257 HGB), we delete this data.

We store your data for marketing activities until you object its use, you revoke your consent or an address is no longer permitted by law. We store your other data as long as we need it to fulfil the specific purpose (e.g. to fulfil or process the contract) and erase it after the purpose no longer applies.

In the case of an application, personal data will be processed for the application procedure and, where appropriate, for the performance of a task in the public interest or in the exercise of official authority. In addition, personal data may also be stored for the duration of the exercise or defence of legal claims. Documents of rejected applicants are kept for up to six months on the basis of the General Equal Treatment Act (AGG) and the Code of Civil Procedure (ZPO).

Processing of personal data on our website

Each time you access our website, access data is collected (so-called server log files). Access data includes:

Name of the accessed website, file, date and time of access, transferred data volume, HTML error code, browser type and version, the user's operating system, referrer URL (the previously visited page), anonymized IP address (3rd and 4th octet are replaced by a 0) and the requesting provider.

These log data are only processed for statistical evaluations for the purpose of operation, security and optimization of the service. However, we reserve the right to check the log data subsequently if there is a justified suspicion of illegal use based on concrete evidence.

Information on your rights as data subject

Holzhofer Consulting GmbH, Lochhamer Str. 31, D-82152 München - Planegg is responsible for the processing of your data, unless otherwise stated. You may at any time request information about the data stored about you and its correction in the event of errors. Furthermore, you may request the restriction of processing, the transferability of the data provided to us by you in a machine-readable format or the deletion of your data - insofar as they are no longer required.

In addition, you have the right to object at any time to the use of your data based on public or legitimate interests.

If we process your data on the basis of a consent given by you, you can withdraw this consent at any time with effect for the future. Upon receipt of your withdrawal, we will no longer process your data for the purposes stated in the consent. Please address your withdrawal or an advertising objection to:

Holzhofer Consulting GmbH
Lochhamer Straße 31
D-82152 München - Planegg

Right of lodge a complaint with a supervisory authority

You can also contact a supervisory authority at any time with a complaint. The Bavarian Data Protection Authority, P.O. Box 606, D-91511 Ansbach, is responsible for us. Alternatively, you can contact your local supervisory authority.

Certifications of our experts
  • Data Protection Officer (TÜV)
  • Data Protection Auditor DSA-TÜV
  • Certified Data Protection Officer (udiszert)
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
  • Certified Information Systems Auditor (CISA)
  • Certified in Risk and Information Systems Control (CRISC)
  • BSI ISO/IEC 27001:2005 Lead Auditor
  • Offensive Security Certified Expert (OSCE)
  • Offensive Security Certified Professional (OSCP)
  • Certified Ethical Hacker (CEH)
  • ITIL Foundation Certified
Foto Martin Holzhofer External Data Protection Officer Data protection and information security are crucial for every company. Save costs in these challenging areas by an external data protection officer and information security expert. We are pleased to help.

Martin Holzhofer,
Holzhofer Consulting GmbH
Tel. Holzhofer Consulting GmbH