This privacy statement explains what personal data we process in what way and for which purposes. The term “personal data” refers to all data that can be attributed to you personally, like your name, your email address or your date of birth. We process personal data in accordance with the provisions of the EU General Data Protection Regulation (“GDPR”) and all other applicable data protection laws.
Controller of the data pursuant to Art. 4(7) GDPR is
Berlin Risk Advisors GmbH
We have appointed an external data protection officer. You can contact the data protection officer at firstname.lastname@example.org or by mail at:
Two Towers Consulting GmbH & Co. KG
If you want to contact the data protection officer by email, please feel free to ask for encrypted communication by requesting the S/MIME key from the aforementioned email address.
§2 Data processed when visiting our Website
The following section explains what personal data we process when you visit our website. For technical reasons, we record some basic connection data. This information is necessary to enable us to display the website properly, to provide a stable connection and to protect ourselves against cyber-attacks. This basic connection data comprises
Type of browser, browser version and browser language
Referrer (the internet site which sent you to us)
Internet Service Provider (ISP)
Volume of transferred data
The web pages you visit on our website
Time and data with time zone difference to UTC (coordinated universal time).
The legal basis for processing of this data is Art 6(1)(f) GDPR.
On this website, we use transient as well as persistent cookies. The principal difference between those types of cookies arises from the retention periods. Transient cookies are deleted automatically once you close your browser. The most common form of transient cookies are session-cookies. Session-cookies store a session-ID enabling our site to attribute different actions performed by your browser to the same session. This enables our server to recognize your browser when you return to our website. However, session-cookies are automatically deleted once your close your browser or you log out of an account. Persistent cookies remain on your device after you close your browser. They might expire automatically after a defined period, or they might persist until you delete them.
You can delete cookies at any time using the respective function in your browser. You can also configure your browser settings in a way that no cookies can be stored. If you deactivate cookies in general, some functions of our website might become unavailable to you.
Our website employs different solutions and services provided by WordPress. In particular, we use WordPress Stats for a statistical analysis of frequency and form of visits on our site. WordPress utilizes cookies which are stored on your device. These cookies allow for an analysis of how visitors use our website. The information on the use of our site generated by these cookies is stored on servers in the USA. Your IP address will be anonymized after recording and before storing. The cookies in question are persistent cookies (see above). This WordPress Stats cookie remains on your device until you delete it.
Storing of WordPress Stats cookies occurs pursuant to Art. 6(1)(f) GDPR. As domain owners, we have a legitimate interest in the anonymized analysis of the use of our website in order to optimize our online presentation.
Controller of data processed through WordPress Stats is the Irish subsidiary of Automattic at
Aut O’Mattic A8C Ireland Ltd.
Business Centre, No.1 Lower Mayor Street
International Financial Services Centre
Web Fonts Provided by Adobe Typekit and Google WebFonts
We use fonts that are provided by Adobe Typekit and Google WebFonts to make your visit to our website more enjoyable. When you access our website, your browser will download the respective fonts into your browser cache. This enables your browser to present the fonts in the intended way. To load these fonts, your browser will contact the servers of Adobe or Google, which might be located in the USA. Adobe and Google will receive and possibly store your IP address as a result of this process. Adobe and Google both emphasize that they do not place any cookies when a user visits a page which uses their respective web fonts. Legal basis for processing your data is our legitimate interest pursuant to Art. 6 (1) (f) GDPR to present an appealing website.
Adobe Systems Software Ireland Ltd.
Citywest Business Campus
1600 Amphitheatre Parkway
Mountain View, CA 94043
Google LLC is certified under the EU-US Privacy Shield.
§3 Processing of data when reaching out to us
There are several ways to get in touch with us. You can contact us by mail, email or by telephone. We will store the personal data received when contacting us, e.g. your email address, the phone number, etc, to facilitate the communication with you. If there is no further need for any of these contact data, we will either delete your information or restrict its use where there are legal obligations to retain the data.
Legal basis for this processing can be Art. 6(1)(b) GDPR, Art. 6(1)(c) GDPR or Art. 6(1)(f) GDPR respectively.
§4 Data transfer to third parties
We will forward your data to any third party only if at least one of the following applies:
You have given your explicit consent pursuant to Art. 6(1)(f) GDPR.
The transfer is justified pursuant to Art. 6(1)(f) GDPR to preserve our legitimate interests and there is no reason to assume that our legitimate interest is overridden by your interests requiring protection.
There is a legal obligation to forward the data pursuant to Art. 6(1)(c) GDPR.
The transfer is necessary to perform a contract with you pursuant to Art. 6(1)(b) GDPR.
§5 Processing of data when applying for a job
If you apply for a job at Berlin Risk, we will process your data to carry out our screening and recruitment procedures. If you are hired, we will store your application data to fulfil the employment contract requirements. If you are not hired, we will delete your data after three months, as long as no other legitimate interests are affected. Legal basis for the processing of application data is provided in particular by § 26(1) BDSG.
§6 General record retention periods
Your personal data stored on our systems will be deleted once they are no longer required for the purposes they have been processed for. We will store the data for longer periods only, if we have your consent or if there is a legal obligation to store such data, e.g. from the German Tax Code. In the latter, the processing of your data will be restricted until the mandatory retention periods have expired.
§7 Your rights
The GDPR defines a number of rights listed below that you have when interacting with us or any other company processing your data:
You have the right to obtain access to your personal data stored on our IT systems.
You have the right to request the rectification of inaccurate personal data.
You have the right to request the deletion of your personal data from our systems, provided that there are no mandatory retention periods to be observed.
In case we made your personal data public and we are obliged to delete your personal data, we will undertake adequate measures, considering costs, effort and technical means available, to notify other data controllers who process the data published by us that you desire the deletion of the data.
You have the right to request from us the restriction of the processing of your data provided there are no contradicting legal obligations. When data is restricted, it is still stored but cannot be processed otherwise.
You have the right to request that personal data that you provided to us shall be provided to you in a portable form. Further, you have the right to transmit the data to another controller. To ensure portability, you have the right to obtain the data in a structured, commonly used and machine-readable format where (i) the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and (ii) the processing is carried out by automated means. You also have the right to request that we transmit the data to another controller of your choice.
You have the right to object to the processing of your data within the limits of Art. 21 GDPR, that is when this processing is based on our legitimate interests or a task carried out in the public interest. You can object to the processing of your personal data for purposes of direct marketing at any time.
Where we process personal data based on your consent, you have the right to revoke your consent at any time.
Finally, you have the right to lodge a complaint with the responsible supervising authority regarding the way we process your data. In our case, please apply to the Berliner Beauftragte für Datenschutz und Informationsfreiheit.
§8 Changes to our Privacy Notice