Strategy, Governance & AI

Privacy Policy

General Information

The following privacy notice provides an overview of how your personal data is processed when you visit our website. Personal data means all data that can be used to personally identify you.

Responsibility for Data Processing

The party responsible for data processing according to Article 4 (7) of the General Data Protection Regulation (GDPR) on this website is:

Prof Dr. Marc Eulerich
Chair for Internal Auditing & Dean
Mercator School of Management
University of Duisburg-Essen
Lotharstraße 65
47057 Duisburg
Germany

Email: marc.eulerichatuni-due.de
Phone: +49 203 379 2521

Data Collection on Our Website

We process your personal data only to the extent necessary to provide a functional website as well as its content and services. The processing of personal data takes place to fulfill the specified purposes. Your personal data is partly collected automatically if it is required for the operation of the website, or through your voluntary input or after you have given us consent to process the data.

Where we obtain your consent for the processing of personal data, Article 6 (1) (a) GDPR serves as the legal basis. When processing personal data necessary for the performance of a contract with you, Article 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations necessary to carry out pre-contractual measures. Where processing of personal data is necessary to comply with a legal obligation, Article 6 (1) (c) GDPR serves as the legal basis. If processing is necessary to safeguard our legitimate interests or those of a third party, and the interests, fundamental rights, and freedoms of the data subject do not override such interests, Article 6 (1) (f) GDPR serves as the legal basis for processing.

Data Deletion and Storage Duration

Your personal data will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may continue as long as it is required to perform/settle contracts or is required by laws, regulations, or other legal provisions.

Data Collection When Providing the Website and Creation of Logfiles

Every time our website is accessed, our system automatically collects data and information from the computer system of the requesting device. We need this data to operate our website securely and to make your visit to the website as easy as possible. The legal basis for this processing is our legitimate interest in the secure and disruption-free provision of our website, pursuant to Article 6 (1) (f) GDPR.

The following data is collected:

  • IP address
  • Internet browser used
  • Operating system
  • Date and time of website access

Your full IP address is stored for 7 days to detect attacks and is then anonymized. The anonymized log files may subsequently be analyzed for up to 400 days.

Data Transfer to Third Parties / Transfer Outside the European Union

We may use external service providers to process your data. These have been carefully selected and contractually commissioned in writing. They are bound by our instructions and regularly monitored by us. If these service providers are located outside the scope of the GDPR, we will inform you in the explanation of the processing activity in this privacy notice. Currently, no data transfer outside the European Union takes place.

Otherwise, your personal data will only be disclosed to third parties with your consent under Article 6 (1) (a) GDPR, for contract fulfillment under Article 6 (1) (b) GDPR, due to a legal obligation under Article 6 (1) (c) GDPR, or on the basis of our legitimate interest under Article 6 (1) (f) GDPR.

Web Hosting

This website is hosted on servers of Everscreen Medienagentur – Jochen Kubon & Lars Dittmar GbR, Corrunnastraße 6, 58636 Iserlohn. Your data is processed on servers located in Germany. The processing of your personal data by Strato takes place on the basis of our legitimate interest in the economical and secure provision of the website under Article 6 (1) (f) GDPR.

Cookies and Similar Technologies

Cookies are small text files stored on the device you use to visit our website or access our services. When visiting our website, a technically necessary session cookie is set to provide optimal navigation across pages during your visit. The cookie is stored for the duration of your visit or until you close your browser and is then deleted. No personal data is processed through this cookie.

This cookie is set based on our legitimate interest in providing our website optimally, pursuant to Article 6 (1) (f) GDPR.

Beyond this, no analysis of your user behavior and no further tracking or profiling of your activities takes place, unless the data is required to trace misuse or criminal activities such as attacks or hacking.

Requests by Email or Telephone

If you contact us via email or telephone, your details, including the contact data you provide, will be stored by us for the purpose of processing your request and in case of follow-up questions.

Your data is processed either on the basis of your consent under Article 6 (1) (a) GDPR, in the course of carrying out (pre-)contractual measures under Article 6 (1) (b) GDPR, or based on our legitimate interest under Article 6 (1) (f) GDPR to process your inquiry appropriately.

The data you provide will be stored as long as it is necessary to process your request and no further storage is required, e.g., due to legal obligations.

Rights of Data Subjects

You have the right:

  • under Article 7 (3) GDPR to withdraw consent you once gave us at any time. This means we may no longer continue the data processing based on this consent in the future;
  • under Article 15 GDPR to request information about your personal data processed by us. In particular, you may request information about the purposes of processing, the categories of personal data, the categories of recipients to whom your data has been disclosed or will be disclosed, the planned storage duration, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, and the existence of automated decision-making including profiling (Article 22 GDPR) and, where applicable, meaningful information about its details;
  • under Article 16 GDPR to request the rectification of inaccurate or the completion of your personal data stored by us without undue delay;
  • under Article 17 GDPR to request the erasure of your personal data stored by us, unless the processing is required for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims;
  • under Article 18 GDPR to request the restriction of the processing of your personal data where the accuracy of the data is contested by you; the processing is unlawful, but you oppose its erasure; we no longer need the data, but you require it for the establishment, exercise, or defense of legal claims; or you have objected to processing pursuant to Article 21 GDPR;
  • under Article 20 GDPR to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format or to request transmission to another controller;
  • under Article 21 GDPR, on grounds relating to your particular situation, to object at any time to the processing of your personal data based on Article 6 (1) (e) or (f), including profiling or direct marketing based on these provisions. If you wish to exercise your right of objection, you can contact us using the contact details above.
  • under Article 77 GDPR to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority at your habitual residence, workplace, or our company headquarters.