Privacy Statement of Kienbaum Consultants International GmbH for („Compensation Portal“)

We, the Kienbaum Consultants International GmbH (hereinafter referred to as “we” or “Kienbaum”), appreciate and welcome your interest in our Kienbaum Compensation Portal.

The protection and the safety of your data is our highest priority. The processing of your personal data is effected solely within the framework of the statutory provisions relating to data protection law, in particular, the European General Data Protection Regulation (hereinafter referred to as “GDPR”) and the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG).

It is the aim of this Privacy Statement to make the processing of your personal data as transparent as possible for you. Therefore, we want to provide you with information about which personal data we collect in connection with the use of the Compensation Portal, and for which purposes we are processing your data, as well as to whom we may possibly disclose your data.

The original language of this statement is German. In case of conflicts between the original German version and any translation, the German version shall prevail.

Kienbaum as responsible party and order processor

The GDPR distinguishes between companies that process personal data for their own purposes (“responsible parties”) and companies that process personal data on behalf of other companies (“processors”).

Depending on the circumstances, Kienbaum may act either as responsible party or as order processor regarding your personal data.

Registration and use of our compensation portal is only available if your employer has acquired access to the compensation portal and entered into a data processing contract with us. In this case, your employer is responsible for the processing of your personal data from the time of your registration for the compensation portal and we process your personal data strictly according to the instructions given by your employer.

If you visit or use our website without your employer having acquired access to the Kienbaum Compensation Portal and thereby having entered into a data processing contract with us and without your registration for our services, we are the “responsible party” regarding the processing of your personal data. In this case the following information applies:

1. Controller and Data Protection Officer; Contact Details

The controller that is responsible for the data processing within the meaning of the data protection legislation is:

Kienbaum Consultants International GmbH
Edmund-Rumpler-Straße 5
D-51149 Köln
Tel.: +49-221-80172200

If you have any questions or suggestions regarding data protection, please contact us. You may contact our data protection officer here:

Dr. Gregor Scheja
Adenauerallee 136
D-53113 Bonn
tel.: +49 (0) 228-227 226-0
fax: +49 (0) 228-227 226-26


2. Subject Matter of Data Protection: Personal Data

Data protection comprises the protection of personal data. This includes any information relating to an identified or identifiable natural person (who is called a data subject). This includes, e.g., information like the name, address, telephone number, or e-mail address, as well as any information that needs to be collected during the use of the Compensation Portal, for example, specifications concerning the beginning, ending, and extent of the use.

3. Purposes, Nature, Extent and Legal Bases of the Data Processing

With the following information, we would like to provide you with an overview of the purposes, nature, and extent of the processing of your personal data as well as the corresponding legal basis on which we base the processing of your data.

3.1 Accessing and Using the Compensation Portal

When the Compensation Portal is accessed and used, the following data will be processed:

– Date and time of access
– IP address of the service provider
– Port number
– Command method
– URI Star and URI Query
– Protocol status
– Win32 status
– Time stamps
– Browser type/version
– Which type of operating system was used

We process such data in order to make the Compensation Portal available to be used by you as well as to ensure technical availability and safety, but also for the purpose of fault diagnosis and troubleshooting.

We base the processing of such data on the legal basis of Article 6(1)(f) of the GDPR as well as paragraph 14 Section 1. The data processing is necessary to protect our legitimate interest in enabling our clients and prospective clients to use the Compensation Portal and to ensure its technical functionality.

When you access the Compensation Portal, such data will be processed automatically. Without the provision of such data, you cannot use our services.

We usually delete such data after the end of the calendar year, unless we need it for the purposes mentioned above in exceptional cases. In such cases, we will delete the data immediately after the purpose has expired.

3.2 Contact form

When you contact us via our contact form, the data you provide will be stored by us to answer your questions or to be available for follow-up questions.

The data entered in the contact form will be processed exclusively on the basis of your consent (Art. 6 para. 1 letter a) GDPR). A withdrawal of your given consent is possible at any time. An informal notification by e-mail is sufficient for the withdrawal. The legality of the data processing operations carried out prior to the withdrawal remains unaffected by the withdrawal. We will store data transmitted via the contact form until you request us to delete it or until there is no longer any need to store the data and there are no compelling legal provisions to prevent deletion.

3.3 Newsletter

With your consent you can subscribe to our newsletter. We use the so-called double opt-in procedure to subscribe to our newsletter. This means that after your registration we will send you an e-mail to the specified e-mail address in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 30 days, your information will be blocked and then automatically deleted. In addition, we store your IP addresses and the time stamps of registration and confirmation.

After your confirmation, we will store your personal data for the purpose of designing the content and sending the newsletter. The legal basis is Art. 6 paragraph 1 letter a) GDPR.

You can withdraw your consent to the transmission of the newsletter at any time and unsubscribe from the newsletter. You can revoke your consent by clicking on the link provided in each newsletter e-mail or by sending a message to the contact details given in the imprint.

We will delete your personal data at your own request by unsubscribing from the newsletter or within 2 years after the newsletter has been discontinued if no other clear declaration of intent has been made by then.

3.4 Cookies

On the Compensation Portal website, we use cookies in order to offer a comprehensive range of functions, to make the use more comfortable, and to optimize our offers. Cookies are small text files that are generated by a web server and stored on your computer during the online visit by means of the web browser that is used.

Most of the cookies we use are what is called “session cookies”. They will be automatically deleted after the termination of your browser session.

In addition, we also use long-term cookies, which are mainly used to provide recurring settings to you as our website’s visitor. This enables us to customize our website individually to match your requirements. Long-term cookies also allow us to analyze the usage behavior of visitors, but only within the period during which the cookie is valid.

Furthermore, in connection with the integration of certain services provided by third parties (please see below), additional cookies (which are called “third party cookies”) may also be placed by their providers, as the case may be.

If you do not wish cookies to be used, you may prevent cookies from being stored on your device by changing the corresponding settings in your Internet browser. Please note that this may limit the functionality and range of functions of the services we offer. In addition, we will only set certain cookies if you have given your prior consent thereto (please see below). You may also use special options to object to certain cookies.

You can change or withdraw your consent at any time with regard to the cookie declaration on our website.

Your consent applies to the following domains:

Your current state: Only use necessary cookies.

Change your consent

Necessary (2)

Necessary cookies help to make a website usable by enabling basic functions such as page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

Name Provider Purpose Procedure Type
ASP.NET_SessionId Maintains the status of the user for all page requests. Session HTTP Cookie
CookieConsent Stores the user’s consent status for cookies on the current domain. 1 Year HTTP Cookie

3.5 Integrating Vimeo videos

For integration and presentation of video content, our website uses plug-ins from the video portal Vimeo. The provider of the video portal is Vimeo Inc, 555 West 18th Street, New York, New York 10011, USA.

When you access a page with an integrated Vimeo plug-in, a connection between your browser and the Vimeo servers is established. This informs Vimeo which of our pages you have visited. Vimeo will know your IP address, even if you are not logged in or do not have an account with the video portal. The information collected by Vimeo is transmitted to servers of the video portal in the USA. Vimeo can directly assign your surfing behavior to your personal profile. You can prevent this by logging out beforehand.

Vimeo is used in the interest of an attractive presentation of our website. This represents a legitimate interest in terms of article 6 paragraph 1 letter f) GDPR. For details on the handling of user data, please refer to the Vimeo privacy policy at

3.6 Google Analytics

This website uses functions of the web analytics service Google Analytics. The provider is Google Inc.,1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics uses cookies. Cookies are text files which are stored on your computer that make it possible to analyse how you use the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. The storage of Google Analytics cookies is implemented on the basis of Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in analysing user behavior for the purpose of optimising both its website as well as its advertising.

The Google company is certified for the US-European data protection agreement “Privacy Shield”. This privacy agreement is designed to ensure compliance with the level of data protection applicable in the EU.

By using cookies, the following personal data are collected:

– date and time of access,
– duration of the visit,
– which type of terminal device was used,
– which type of operating system was used,
– the functions you use,
– the amount of data transferred,
– type of event,
– IP address
– domain name
– location of the device that was used (county and city)
– language
– operating system
– resolution of the device
– browser that was used
– source of visitors
– advertisements that were clicked on in the Google search
– individual pages of the Compensation Portal that were visited

IP Anonymisierung

We have activated the IP anonymization function for this website. This means that, within the Member States of the European Union or other states which are contracting parties to the Agreement on the European Economic Area, your IP address will be shortened by Google before it is transmitted to the US. Only in exceptional cases will the full IP address be sent to a Google server in the US and be shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the websites, to compile reports on website activities, and to provide the operator of the website with other services related to the use of the website and the Internet. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Browser Plugin

You may prevent the cookies being stored by selecting the appropriate settings in your browser software; however, we would like to point out that doing so may mean you will not be able to use all the functions of this website in full. Additionally, you may prevent the collection of the data generated by the cookie and by your use of our website (including your IP address) by Google as well as the processing of this data by Google by downloading and installing the browser plugin which is available at the following link:

Objecting to the collection of data

You can prevent the collection of your data by Google Analytics by blocking statistical cookies when visiting our pages. You can make the corresponding settings here

You can find more information on how Google Analytics handles user data in the Google privacy policy: #Cookies

3.7 Google Web Fonts

In rare cases our website uses Web Fonts from Google. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

The use of these web fonts makes it possible to present our website in the way we want, regardless of which fonts are available to you locally. This is done by retrieving the Google Web Fonts from a Google server in the USA and the associated transfer of your data to Google. This includes your IP address and the information about which page you have visited on our website. The use of Google Web Fonts is based on article 6 paragraph 1 letter f) GDPR. As operators of this website we have a legitimate interest in the optimal presentation and transmission of our web presence.

The company Google is certified for the US-European data protection agreement “Privacy Shield”. This data protection agreement is intended to ensure compliance with the data protection level applicable in the EU.

Details about Google Web Fonts can be found at

and further information in the privacy policy of Google:

3.8 Google Tag Manager

This website uses the Google Tag Manager. Google Tag Manager is a solution that allows marketers to manage website tags through one interface. The Tag Manager tool itself (which implements the tags) is a cookie-free domain and does not collect any personal information. The tool triggers other tags that may collect data. Google Tag Manager does not access this data. If disabled at the domain or cookie level, it will remain disabled for all tracking tags implemented with Google Tag Manager.

Click here to be excluded from the Google Tag Manager.

4. Recipient of the personal data

Within Kienbaum Consultants International GmbH, only those persons who need access for the purposes stated in this data protection declaration have access.

We will only pass on your personal data to external recipients outside Kienbaum Consultants International GmbH if this is necessary to process or handle your inquiry, if we have your permission to do so, or if another legal authorization is applicable.

External recipients may be:

4.1 Order data processors

Subsidiaries of Kienbaum Consultants International GmbH or external service providers that we use to provide services, for example in the areas of technical infrastructure and maintenance for the Kienbaum Consultants International GmbH offerings or the provision of contractually relevant content. These order processors are carefully selected by us and checked on a regular basis to ensure that your privacy is protected. The service providers may use the data exclusively for the purposes specified by us.

4.2 Public authorities

Authorities and state institutions, such as public prosecutors, courts or financial authorities, to which we must transmit personal data for legally binding reasons.

4.3 Private bodies

Cooperation partners or auxiliary persons to whom data is transmitted on the basis of a consent or a legal basis.

5. Transfer of your data to a third country

If we transfer or disclose your data to service providers in a third country, that is outside the European Union (EU) or the European Economic Area (EEA), this will only be done on the basis of your consent, a legal obligation or a legal or contractual permission. Subject to legal or contractual permissions, the service providers will process your data in a third country only if the special requirements of Art. 44 ff. GDPR are fulfilled, that is the processing is carried out on the basis of special guarantees such as e.g. an officially recognized level of data protection corresponding to that of the EU or by using the so-called standard data protection clauses drawn up by the EU Commission for this purpose.

6. Retention period

Please find the retention period of personal data in the corresponding chapter on data processing. In general, the following applies: we only store your personal data for as long as they are needed to fulfil the purposes or – if you have given your consent – for as long as you have not withdrawn your consent. If you withdraw your consent, we will delete your personal data, unless further processing is permitted under the applicable statutory provisions. We will also delete your personal data if we are under an obligation to do so on grounds established by law.

7. Rights of data subjects

As a data subject, you may assert rights against Kienbaum with respect to the processing of your personal data. In the following, we would like to give you an overview of the data subject rights to which you are entitled:

Right of access: You have the right to demand access to the personal data pertaining to you which we process.

Right to rectification: You may demand that inaccurate personal data and/or incomplete personal data concerning you will be rectified and completed.

Right to erasure: You are entitled to the right to demand the erasure of your personal data provided that the statutory requirements are met.

Restriction of processing: Provided that the statutory requirements are met, you may demand the restriction of the processing of your personal data.

Data portability: Provided that the statutory requirements are met, you are entitled to the right to receive the personal data concerning you which you provided to us in a structured, commonly used and machine-readable format and you have the right to transmit those data to another controller without hindrance, or to have them transmitted by us to another controller.

Objection to cookies: You may object to the use of cookies at any time.

Withdrawal of consent: If you have given us your consent to the processing of your data, you may revoke the consent at any time with effect for the future. This does not affect the legitimacy of the processing of your personal data before the withdrawal of the consent.

Right to lodge a complaint with the supervisory authority: If you believe that the processing of your personal data has breached data protection law, you may lodge a complaint with the competent supervisory authority. To do this, you can contact the supervisory authority at your place of residence, your workplace, or at the location of the alleged breach.

Objection to data processing: If the data processing is based on a “legitimate interest” in accordance with Article 6 (1)(1) GDPR, you may at any time object to the processing of personal data that specifically concern you for reasons that arise from your particular situation. If your data are processed for the purpose of direct mail, you can object to this at any time without stating reasons.

How you can contact us:
 If you have any questions about the processing of your personal data and your rights as a data subject, please feel free to contact us without incurring any charges. To exercise any of the aforementioned rights, please contact or write to the mail address as indicated above in Subsection 1. When doing so, please make sure that we can clearly identify you.

The latest version of this privacy statement shall apply. This version was last updated on 24 May 2018.