Your Sparring Partner

for change projects

Data protection

Download of our GDPR. [700 KB]

The protection of your personal data is of particular concern to us. The General Data Protection Regulation adopted by the European Parliament on April 14th, 2016 harmonizes the rules governing the processing of personal data, the rights of data subjects and the obligations of data controllers throughout the EU.

We have therefore been processing your data exclusively based on the General Data Protection Regulation (GDPR) and the Austrian Data Protection Act (DSG) in the version of the Data Protection Adaptation Act 2018 and the Data Protection Deregulation Act 2018 since May, 5th, 2018. To make the following declaration easier to understand, we have summarized the most important terms for you in advance:

  • “Personal data" means any information relating to an identified or identifiable natural person. This is a person who can be identified directly or indirectly by reference to an identifier, such as a name, an identification number, location data, an online identifier or to one or more special characteristics specific to the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person (e.g. name, address, date of birth, bank data).
  • “Processing" means any operation which is performed on personal data or on sets of personal data, wether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or modification, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (e.g., the processing of personal data): Creation of a customer file, recording of the data to create an invoice).
  • “Consent" means any freely given specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement of by a clear affirmative action, signifies agreement to the processing of personal data.
  • “Controller" means the natural or legal person, authority, institution or other body that alone or together with others decides on the purposes and means of processing personal data (e.g. the entrepreneur who collects customer data to create an invoice to the customer).
  • “Processor" means the natural or legal person, public authority, agency or other body processing personal data on behalf of the controller (e.g. the external accountant who receives and processes the accounting data for the preparation of the balance sheet from the above-mentioned entrepreneur, or a cloud service provider).
  • “Recipient" means any natural or legal person, public authority, agency or another body, to which personal datas are disclosed, whether or not it is a third party. The processor is also the recipient.

This document is intended to inform you about how we handle your personal data. As these are of the utmost importance to us, we can assure you that we are constantly protecting them. Our employees treat your personal data in compliance with the applicable laws of Austria and the EU.

Our Business relationship with you
In the course of our business relationship with you, it is essential that we process your personal data. The owner of the data processing, who has access to your personal data, is HR Strategy & Consulting e.U.,, its employees, any subcontractors (partner trainers / consultants) or other external parties (e.g. payroll accountants, tax consultants) insofar as these are required to fulfil our contractual obligations or statutory business obligations.

Even if trade and business secrets are therefore not directly covered by the term personal data, we still provide the same protection for such information and we also expect this from our business partners. We also process the personal data that you provide to us when using our website using the forms provided there.

Scope of data use
In establishing your business relationship with us when you place orders with us or use our website, you disclose to us personal data and possibly trade and business secrets both from you and, if applicable, from your customers, employees, companies involved in you or from other third parties. We assume that you have the right to pass on this data to us. We use your data and the data of your customers, employees, participating companies or other third parties to the extent necessary for the proper performance of our business relationship with you or for the proper processing of your inquiry. Based on any separate declarations of consent you may have given us, we will also use your data to submit further product offers to you if necessary.

Disclosure of data to third parties
Due to the complexity of today's data processing procedures, we sometimes use service providers and commission them to process your data. However, in all cases where service providers are used, we always ensure that the European data protection level and the European data security standards are comprehensively maintained. However, some of these service providers are outside the territory of the European Union. If content, tools or other means are used by third parties within the scope of this data protection declaration and their registered office is in a third country, it is to be assumed that data is transferred to the countries in which the third parties have their registered office. Third countries are countries in which the GDPR is not directly applicable law, i.e. in principle countries outside the EU or the European Economic Area. The transfer of data to third countries takes place either if an appropriate level of data protection, the user's consent or any other legal permission is available.
If you would like to know more about how and to what extent we process your data in your specific business case or pass it on to service providers, you can contact us at any time.

Data integrity
The personal data entrusted to us and data from public sources remain under constant physical, electronic and procedural control. Every person who deals with your personal data, whether in the context of her or his professional or contractual obligations, is subject to the legal or contractual duty of confidentiality!

The protection of your rights by us
As a data subject you have the following defined rights in accordance with the GDPR:

Right of information We will inform you whether and which personal data we have stored about you and how we handle it.
Right of erasure ("Right to be forgotten“) We will delete or make anonymous the personal data that you have made available to us.
Right of rectification You may request the rectification or integration of the data processed about you.
Right to restriction of processing You may request a restriction on processing in order to exclude personal data from processing without, however, requesting deletion.
Right to object the processing You have the right to object to the processing of personal data for direct marketing purposes. The right of objection also applies to processing for the purposes of the legitimate interests pursued by us, unless we have compellingly legitimate reasons for processing that override your interests, rights and freedoms.
Right to data portability We will be happy to provide you with a machine-readable copy (Excel or similar) of the personal data you have provided to us. However, we may not be able to provide you with all information as some may affect and infringe other people's privacy or our own intellectual property rights.

If you wish to exercise your rights, you can contact us by e-mail at

Earmarking and legality
We only process the personal data of you and your employees that we really must process. For example, to provide you with the best possible service, we keep the following types of information in our system:
Personal identification data,
such as first name, last name, address, telephone number and other contact information that you share with us.
Personal information such as age, gender, nationality, test evaluations of professional, social or personal abilities/skills.
Current job situation, e.g. important tasks, functions, roles, specializations
Photos that you have either provided to us or that have been taken while documenting an event, workshop, , training or seminar.
Professional experience, expertise, skills, qualifications, certificates and references.

Data retention and integrity
In principle, we will only retain the information concerning you for as long as is necessary for the purposes for which it is processed. In addition, we may also be subject to retention obligations under which we must retain data on you, on our contractual relationship and on our business relationship even after they have ended, as it is the case, for example, due to the legal retention periods. Among other things, we will keep your data for as long as it is possible to assert legal claims arising from our business relationship with you.

We endeavor to keep the accuracy of personal data up to date and would be pleased if you would support us in doing so.

To make your visit to our website attractive and to facilitate the use of certain functions for you, we may use so-called cookies, which are stored on your terminal device. These are small text files that enable us to recognize your browser on your next visit.

In addition, the website uses functions of the web analysis service Google Analytics, a service of Google Inc. "("Google"), which has a Privacy Shield certification. Google Analytics uses "cookies" to enable us to analyze the use of our website and thus to further develop our offer and our website in line with requirements (= legitimate interest). The information generated by the cookie is usually transmitted to a Google server in the USA together with the IP address and is stored there. We use Google Analytics only with enabled IP anonymization. This means that Google will previously reduce its IP address within Member States of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases the full IP address is transmitted to a Google server in the USA and there pseudonymised by shortening.

You have the possibility to prevent the storage of cookies on your terminal device at any time by making the appropriate settings in your browser, which, however, may limit the range of functions of our offer. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website and from processing this data by Google by downloading and installing the browser plug-in available under the following link:

Closing remarks
All legal relationships arising from or in connection with the processing of personal data are subject to Austrian law, regardless of where they are accessed from. Any disputes arising from data protection between you and HR Strategy & Consulting e.U. fall under the jurisdiction of Austrian courts under Austrian law.

Your trust in our approach is important to us! If you do not agree to the processing of personal data or have any questions, please do not hesitate to contact us.

Attachment to the data protection declaration
Examples of the processing of personal data:

The processing of personal data takes place exclusively on the following three basic principles:

Declaration of consent, e.g. On a contract basis, e.g. On a legal basis, e.g.
• For marketing purposes, to inform you about market news or about new services or offers. You can withdraw your consent to this at any time without any negative consequences. • When you enter your attendance at a business event.
• When processing or maintaining the data that you or your employees voluntarily provide us with by completing an assessment test.
• Collecting information during a coaching or other meeting.
• In the collection of all data about your internal processes that are necessary for the fulfilment of our order.
• When researching your company on your homepage or other open sources (LinkedIn, Facebook, etc.), where you make information about your company and your employees public.
• If you provide us with personal data of third parties. In this case we assume that this is done with the declaration of consent of affected third parties and complies with our data protection guidelines (e.g.: personal data of your employees); otherwise we request that any transmission of personal data of third parties to us not be carried out).

HR-Strategy & Consulting e.U. - Update 2018