Data protection Notice

Data Protection Notice

Below, we would like to explain to you which data we collect about you and what we do with these data. We also inform you about your privacy rights and explain to whom you can turn with questions about data protection.


About us

Data controller (responsible for data processing):
Fischer HRM GmbH
Internationale Berater für Human Resources Management
Niederkasseler Lohweg 18
40547 Düsseldorf
Ph.: +49 – 211 – 749 686 – 20
Management: Mrs Maria Fischer, Managing Owner


Concerning questions about this Data Protection Notice, processing of your data, your rights or other data protection topics, our data protection officer (DPO) would be pleased to help you.

Contact details of our data protection officer:
Xamit Bewertungsgesellschaft mbH
Monschauer Straße 12
40549 Düsseldorf

Scope of application

This privacy policy applies to the websites, and It is aimed at the visitors of our website.

Our website offers links which lead to the websites of other operators for which this Data Protection Notice does not apply.

Responsibility for integration of advertisements, text advertisements or commercials before or during embedded videos lies with the respective operator.

Do I have to enter my data?

When you visit our website, user data are automatically stored. Some of the collected data are necessary for the use of a website. In addition, we also process your data in order to safeguard our legitimate interests according to a balance of interests. This will enable us to continuously improve the services we offer to you. On the following pages, you will learn about the background of our interests as well as whether and how you can object to the use of your data or disable the use of the data.

In order to use one of our offers or to send a request, you will be asked to provide your personal data. You can decide for yourself whether to take advantage of these offers and to provide your data. We also offer services for which we process your data only if you have given us your consent. The granting of consent is always voluntary. Consent that has been granted may be revoked at any time.

Please note that if you provide information about other persons, you must have obtained their prior approval and informed them of the purposes for which the information is being disclosed, as set forth in this Data Protection Notice.

We also ask you to share this information with the people you include in the use of our services, such as family members or authorised persons.

Processed data, processing purposes and legal bases

  1. Processed data and processing purposes:
  • Service provision: In order to visit and use our website, the specified data must be collected.
  • Data security: Every access to our website is stored in a log file. We process these data only for the purpose of data security.
  • Display of fonts: In order to load the fonts and videos which are embedded in this website into your browser cache, the specified data need to be processed.
  • Enquiries: We process the data which you give us if you have a question or concern. This includes e.g. those data which you enter into the contact form or send to us via e-mail.
Data Service provision Data security Display of fonts Enquiries
IP number x x x
name of the accessed file x x
transferred data volume x x
accessed website x
referrer URL (the previously visited website) x x
user agent sent by your browser (only for mobile version or automatic voice control) x x x
session cookie x
date and time of access x x
browser type, version, resolution (inner window size), browser language, screen size, screen resolution incl. colour depth x
cookies on/off x
java script on/off x
name x
e-mail address x
topic x
message x

In addition, the above-mentioned data are used for the following purposes in the context of a balance of interests (Art. 6 (1) (f) GDPR). The interests are described below:

  1. Should a security incident occur in our company that affects your data, we are obliged to report the case to our data protection supervisory authority (Article 33 GDPR). Since our legitimate interest is to comply with this statutory reporting obligation as quickly as possible, it may happen that in the context of the investigation of the corresponding security incident data about you are processed. Reports of these security incidents to data protection supervisory authorities do not contain any of your personal data.
  2. As it is in our interest to ensure the security of our systems, we regularly conduct security and efficiency tests that allow us to process your above-mentioned data.
  3. Since it is our interest to solve legal disputes, we process your data in that specific case. It is also in our interest, in the event of litigation, to keep evidence until all relevant statutory limitation periods pursuant according to sections 195 and fallowing of the German Civil Code, have expired. For this purpose, we retain the relevant data about you in accordance with these limitation periods. The retention periods cannot be globally predicted, since they depend on the particular matter in dispute and the respective statutory limitation period, which can be up to 30 years. The regular limitation period is three years.
  4. In addition, it is in our interest to investigate suspected cases and to hand over relevant information to law enforcement authorities in case of a specific criminal suspicion.
  5. We perform (internal) audits and other control activities (e.g. data protection officer’s monitoring activities), because it is our legitimate interest to comply with legal provisions, to obtain transparency about our business processes, to constantly optimise these processes and to prevent and identify harmful acts against our business. In doing so, documents or data sets with your personal data may be processed.
  6. We process your data for testing IT systems and software products and for migrations. The processing is necessary for satisfying our legitimate interest in evaluating if new products are correct and if migrations are complete.


  1. Information about automated individual decision
    There are no automated individual decisions.


  1. Legal basis for the use of your data
    1. We process your data as described under Service provision, Display of fonts and Enquiries for the performance of the contractual relationship to you, so you can use and access our website (Art. 6 (1) (b) GDPR).
    2. We process your data in order to safeguard our legitimate interests (Art. 6 (1) (f) GDPR: It is in our interest to be able to guarantee data security. For this purpose, the data of each visit are stored in a log file and evaluated.


  1. Deletion periods (or retention periods)
    • Closing the browser window will automatically delete the session cookie.
    • The data processed for the purpose of data security will be deleted after maximum 3 days.
    • Deletion period for enquiries: 7 days after solving the issue.
    • For the preservation of evidence, we retain data in accordance with the statutory limitation periods according to sections 195 and following of the German Civil Code. The storage duration of your data may exceed the duration stated above. The statutory limitation periods can be up to 30 years. The normal limitation period is 3 years.


  1. Source of data

There is no data collection from third parties.

Who receives your data?

The following list shows which organisations (“data recipients”) receive your data in which cases. You can read about the specific data in the corresponding sections of this data protection notice. Transfer of your data may sometimes occur due to contractual or legal requirements. In other cases, we use selected vicarious agents and service providers who work for us as commissioned data processors (in accordance with Art. 28 GDPR) and may obtain access to your data in the required scope. Commissioned data processors are subject to numerous contractual obligations and may, in particular, process your personal data only on our instructions and solely for the fulfilment of the orders received from us.

  • Auditors
  • Data protection officer
  • Service providers for mass file destruction
  • Service providers for mailing and logistics
  • Service providers for fonts
  • Recipient’s e-mail provider (for communication via e-mail)
  • IT service providers
  • Lawyers, law enforcement agencies, public prosecutor, courts, opposing lawyers, state or federal criminal police (for legal disputes or actual suspicious cases only)
  • Service providers for telecommunication

Data recipients in non-EU countries

We use so-called Google Fonts by Google LLC (hereafter referred to as “Google”). When opening a page, your browser loads the required fonts into your browser cache in order to display texts and fonts correctly. Further information about the use of your data by Google can be taken from the respective provider’s Privacy Policy.

The EU Commission determines which non-EU countries have an appropriate level of data protection. The EU Commission recognizes companies in the US who participate in the EU-US Privacy Shield (also EU-US Privacy Shield) as data recipients with an adequate level of data protection. This agreement between the US and the EU ensures that data protection regulations when processing data in the US by EU-US Privacy Shield companies comply with the data protection standards of the European Union. According to their own statement, Google LLC has acceded to the EU-US Privacy Shield. Information on the appropriate or reasonable warranties and how to obtain a copy from them or where they are available may be requested upon request using the contact details provided above.

Your rights

You have the legal right to:

  • Access to your personal that we process (Art. 15 GDPR)
  • Rectification and completion of your data (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
    Data portability (Art. 20 GDPR)
  • Withdrawal of your consent (Art. 7 GDPR) with effect for the future. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
  • You have the right to demonstration of your own point of view and refutation of an automated decision (Art. 22 GDPR).
  • You also have the right to object to the processing of your data which is based on our legitimate interests or the legitimate interests of a third party at any time, on grounds relating to your particular situation (Art. 21 GDPR). This also applies to profiling based on these provisions within the meaning of Art. 4 (4) GDPR.
  • Objection to direct marketing – You have the right to object to the processing of your data for the purpose of direct marketing at any time without giving reasons.

To exercise these rights, you can contact us via the contact details mentioned above.

You also have the legal right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR).

Legal Disclaimer

Fischer HRM GmbH assumes no liability whatsoever for the correctness, completeness, topicality or quality of the information contained within this website, or for any third-party content linked to this site. The information on this website is to be used privately and exclusively for informational purposes.
The reproduction, alteration or dissemination of information and/or data content, and the use of texts (in whole or part), images or graphics in particular is prohibited without prior written permission from Fischer HRM GmbH. Unauthorised reproduction, usage, alteration or dissemination of individual content or entire pages will result in prosecution according to both criminal and civil law.