This Privacy Statement was last updated on 5 May 2022.
It sets out the data protection practices carried out through the use of the Internet and any other electronic communications networks by BearingPoint Holding BV and its associated companies (all together “BearingPoint”; “we”, “us”) and with respect to bearingpoint.com, hcube.io, ministerialkongress.de, ps.bearingpoint.com, bearingpointbill.com, bearingpoint.services, survey.bearingpoint.com, arcwide.com and other BearingPoint websites, applications and online services that link to this website privacy statement (together referred to as the “Site”).
We may provide a separate privacy statement in connection with certain websites and applications that we offer, and where we do so, such privacy statement will apply to our collection and use of personal information collected through such websites and applications.
A full list of our main offices can be found at https://www.bearingpoint.com/en-gb/locations/ whereas we are not responsible for our member firms in Portugal and in Russia; they are allowed to use “BearingPoint” in the name under limited license but from a data protection perspective both member firms are Controllers themselves for their processing activities.
1.1 BearingPoint collects personal information from you that you provide, such as your email address, job title or company name through the use of registration forms, for instance every time you sign up for an electronic newsletter, when you choose to send us an application to be considered for employment, when you register for an event or conference organized by BearingPoint, when you submit a request for proposal or for information, when you request the authorization of downloading a document, when you enter an online competition or when you send us a message via an email reply mechanism provided on the BearingPoint sites or when you choose to provide your information for surveys, quizzes or benchmarking surveys.
We use a customer relation management system (the BearingPoint CRM) to store personal information about our business contacts. We collect and use business contact details for individuals associated with existing and potential BearingPoint clients to manage and maintain our relationship with those individuals.
BearingPoint also uses Microsoft Bookings. Microsoft Bookings is a Microsoft 365 app supporting the scheduling and the managing of appointments; it includes a web-based booking calendar. The legal basis is the legitimate interest (Art. 6 (1) lit. f GDPR; we want to give you the opportunity to easily schedule an appointment with us.
The personal data required for an appointment via Microsoft Bookings (name and email address) as well as your additional, voluntary information (address, telephone number, notes) are processed and stored by us only to the extent that this is necessary for the processing of the appointment, but no longer than 120 days. Since Microsoft Bookings is a Microsoft 365 service, Microsoft (One Microsoft Way, Redmond, WA 98052-6399, USA) also receives access to the data you provide in the form.
2.1 We process personal information collected via the BearingPoint sites for the purposes of:
3.1 When you visit one of the BearingPoint sites, we collect information automatically about those visits.
3.2 In particular, your browser automatically sends us certain Internet-related information, such as the Internet Protocol (IP) address of the computer you are using.
3.5 When you visit or use our social media websites such as Facebook, we use Facebook Pixel, which allows us to display interest-based advertisements ("Facebook Ads") to users of the website when they visit the social network or other websites also using this tool. In this way, we pursue the interest in displaying advertisements that are of interest to you in order to make our website or offers more interesting for you. With the help of the Facebook Pixel, we can also track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad ("conversion").
The processing of this data by Facebook takes place within the framework of Facebook's data policy: https://www.facebook.com/policy.php.
Special information and details about the Facebook pixel, the Conversions API and its functionality can also be found in the Facebook help area: https://www.facebook.com/business/help/742478679120153?id=1205376682832142.
We also use lead ads on Facebook, e.g. for recruiting purposes. If you, as a platform user, click on an add, you will be prompted to fill out a lead ad forms. After submitting it, your leads data will be stored on Facebook’s servers for no more than 90 days, and we may download your leads data from it. The downloaded data will be further stored in our recruitment system for no longer than 6 months. Facebook will use the information submitted by users through the lead ad, subject to its data policy: https://www.facebook.com/policy. Further details about how Lead ads work on Facebook can be found here: https://www.facebook.com/business/help/1481110642181372?id=735435806665862.
When operating with lead ads, BearingPoint together with Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (Facebook) are Joint Controllers for the collection and transfer of data in this process. The following processes are therefore not covered by joint controllership:
We transfer the data within the scope of joint controllership based on the legitimate interest pursuant to Art. 6 (1) f GDPR. Further information on how Facebook processes personal data, including its legal basis and further information on the rights of data subjects can be found here: https://www.facebook.com/about/privacy.
3.6 Google Analytics 4.
BearingPoint also uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, on its websites. In order to protect your data as best as possible, the version “Google Analytics 4” (GA4, anonymized tracking, cookieless tracking) is used. Thus, only anonymized aggregated data is transmitted to us, which we evaluate for web statistics and therefore want to improve our offer. No individual profiles are created, but rather user groups. A personal reference can no longer be established.
GA4 uses IP address anonymization by default, which cannot be deactivated. Lawful cookies have a duration of 2 months.
The legal basis for the use of GA4 and the resulting coverage measurement is the legitimate interest (Art. 6 (1) lit. f GDPR).
The collected data may be transmitted to Google in Europe, or also to Google servers in the USA. BearingPoint has no influence on the data transfer to Google. Furthermore, BearingPoint has no influence on whether Google can draw conclusions about your person.
We are reviewing relevant rulings of the European Data Protection Agencies and/or other authorities which might impact the use of Google Analytics.
3.7 CleanTalk anti-spam check
We use the "CleanTalk" service, which protects the Site from spam when a data entry on a Site is done (for example in a contact form). The legal basis is the legitimate interest (Art. 6 (1) lit. f GDPR.
For security reasons and as protection against spam, your data is processed in the CleanTalk Cloud Service and stored in log files for a maximum of 45 days. After expiry of the aforementioned period, this data will be completely deleted. CleanTalk may use information about spam activity from IP or email addresses to provide appropriate anti-spam protection to all websites connected to its service.
4.2 Microsoft Dynamics 365
4.3 This website uses Hotjar, an analysis software from der Hotjar Ltd. („Hotjar“) (https://www.hotjar.com/, Hotjar Ltd Dragonara Business Centre 5th Floor, Dragonara Road, Paceville St Julian’s STJ 3141, Malta, Europe). Hotjar makes it possible to measure and analyse user behaviour (clicks, mouse movements, scrolling, etc.) on our website. The tracking code and cookie generate data about your visit to our website, which is then transmitted to the Hotjar server in Ireland and stored there. The tracking code collects the following data:
Hotjar will use this information to analyse your use of our website, compile reports on usage, and provide further services connected with use of the website and the internet. To this end, Hotjar also uses the services of third parties such as Google Optimize and Optimizely. These third parties may store data that is sent by your browser when you visit the website, such as cookies or IP requests. Please consult the data privacy statement of Optimizely for more information about how data is stored and used: https://www.optimizely.com/legal/privacy-policy/.
By using this website, you declare your consent to the above-mentioned processing of the data collected by Hotjar and its third-party service providers as specified in their data privacy statements.
The cookies used by Hotjar have different lifetimes. Some may remain valid for up to 365 days while others expire after the current visit.
If you do not wish data to be collected by Hotjar, please click here and follow the instructions: https://www.hotjar.com/policies/do-not-track/.
4.4 Furthermore, when browsing the BearingPoint website you may get access to embedded media and other external sources which may store cookies. As cookies from externally embedded media may be used or modified without BearingPoint’s knowledge or consent, you are invited to consult the following links for further information.
|Media||Link to their privacy statement|
4.6 The "help" portion of the toolbar on most Internet browsers will tell you how to change your browser cookie settings, including how to have the browser notify you when you receive a new cookie, and how to disable cookies altogether. For further information about cookies and how to control their use, please visit the following third-party educational resources: https://www.allaboutcookies.org/ and https://www.youronlinechoices.eu/.
5.1 We will only disclose personal information to other companies within our group of companies, business partners, government bodies and law enforcement agencies, successors in title to our business and suppliers we engage to process data on our behalf. In these circumstances we will share your personal information for purposes such as our legitimate business purposes and to comply with legal obligations.
6.1 This Privacy Statement applies only to information collected by a BearingPoint site.
6.2 BearingPoint sites contain links to other sites that are not owned or administered by BearingPoint. Please be aware that BearingPoint is not responsible for the privacy practices of such other third party sites. We encourage you to read the privacy statements of every Website you visit.
7.1 We maintain safeguards to protect against unauthorized disclosure, use, alteration, or destruction of the personal information you provide to us through the BearingPoint sites. Please note, however, that perfect security does not exist on the Internet. Therefore, while we endeavor to protect your personal data, when data is transferred over the Internet it may potentially be accessed and used by unauthorized parties.
8.1 We want to make sure that any information we hold on you is up to date and correct. You can request from BearingPoint information in particular pursuant to Art. 15 to 18, 21 GDPR, as to your personal data held by us as a controller, the purpose of the storage and obtain certain other information about how and why we process your personal data. Furthermore, and within the legal framework, you have the right to request for your personal data to be amended or rectified where it is inaccurate, the right to restrict our processing of your personal data and the right to object or to obtain deletion of your personal data. If you have any requests concerning your personal information BearingPoint holds about you, to obtain a copy or any queries with regard to these practices please contact us at the contact listed below:
BearingPoint Data Protection Department
Group Compliance Officer
Fax: +49 30- 880041040
E-Mail (for requests that do not have confidential or sensitive content):
8.2. We use the Zendesk ticketing system, a customer service platform provided by Zendesk Inc, 989 Market Street, San Francisco, CA 94103, to process your requests submitted by email.
We use Zendesk to be able to process your requests quickly and efficiently. This constitutes a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. We have concluded a Data Processing Agreement (DPA) with Zendesk, which contains the Standard Contractual Clauses ("Model Clauses") approved by the European Commission.
A request sent to us remains with us until you make a request to delete it or the purpose for storing the data no longer applies (e.g. after processing your request has been completed). Mandatory legal provisions - in particular retention periods - remain unaffected.
Design and maintenance of our websites by Electronic Minds GmbH, Feldbergstr. 80, 64293 Darmstadt, Germany. The webserver is hosted by aiticon GmbH Stephanstraße 1, 60313 Frankfurt, Germany.
10.1 Given that the Internet is a global environment, using the Internet to collect and process personal data necessarily involves the transmission of data on an international basis. Therefore, by browsing the BearingPoint sites and communicating electronically with us, you acknowledge our processing of personal data in this way. However, we will endeavor to protect all personal information collected through the BearingPoint sites in accordance with strict data protection standards.
We reserve the right to amend this Statement at any time without advance notice in order to address future developments of BearingPoint, the Website or changes in industry or legal trends. We will post the revised Statement on the Website or announce the change on the home page of the Website. You can determine when the Statement was revised by referring to the "Last Updated" date on the top of this Statement. Any changes will become effective upon the posting of the revised Statement on the Website. By continuing to use the Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Statement, in whole or part, you can choose to not continue to use the Website.
If you have any general questions or concerns about how we process personal information please contact us at email@example.com.