Privacy Policy

We manage our websites according to the principles set out below:

We pledge to comply with the legal provisions on data protection and strive to always respect the principles of data avoidance and data minimization.

1. Name and Address of the Responsible Organization as well as the Data Protection Officer


The organization responsible in terms of the General Data Protection Regulation and other national data protection laws of the member states of the European Union as well as other data protection regulations is:

VESTIGA Consulting GmbH
The company is represented by Thomas Arzt (Managing Director)
Reitmorstr. 50
80538 München
Tel.: 089/ 1250109 – 01
Fax: 089/ 1250109 – 49


The data protection officer of the responsible organization is:

Holger Loos
Unterdürrbacherstr. 8
97080 Würzburg
Tel.: 0931/41726241

2. Term Definitions

We have designed our privacy policy in accordance with the principles of clarity and transparency. Should you require further information or if you have questions or issues needing clarification, please click this link. []

3. Legal Basis for Processing Personal Data

We process your personal data such as your name and first name, your e-mail address and IP address, etc. only if there is a legal basis for this. Here in particular three regulations come into consideration under the General Data Protection Regulation:

a) You gave us the permission to use your personal data for one or more purposes, Art. 6 Abs. 1 S. 1 lit. a DSGVO. In this context you will be informed in detail about the purpose or the purpose of the processing and your explicit consent will be documented with us.

b) The processing of your personal data is required to fulfill a contract or to perform pre-contractual action with you Art. 6 Abs. 1 S. 1 lit. b DSGVO.

c) The processing of personal data is necessary for the protection of our legitimate interests unless your interests or fundamental rights and freedoms prevail. Art. 6 Abs. 1 S. 1 lit. f DSGVO.

However, we will always point out to you at the respective places on which legal basis the processing of your personal data shall take place.

4. Disclosure of Personal Data

A transmission of your personal data to third parties for purposes other than those listed below will not take place. We only disclose your personal information to third parties if:

a) you have given us your explicit consent according to Art. 6 Abs. 1 S. 1 lit. a DSGVO.

b) the disclosure of information according Art. 6 Abs. 1 S. 1 lit. f DSGVO is required for assertion, exercise or defense of legal claims and there is no reason to believe that you have a predominant legitimate interest in not disclosing your personal data.

c) there is a legal obligation for the transfer according Art. 6 Abs. 1 S. 1 lit. b DSGVO

d) this is legally permissible according Art. 6 Abs. 1 S. 1 lit. b DSGVO and necessary for the substantiation, amendment or settlement of the terms and conditions of the contract with you.

5. Storage Duration and Deletion

We store all personal data that you submit to us only as long as they are needed to fulfill the purposes for which the data was transmitted or as long it is required by law. After fulfilment of the purpose and/or the expiration of legal retention periods the relevant data will be deleted or blocked by us.

6. SSL-Encryption

This site uses SSL encryption for security reasons and to protect the transmission of confidential content, such as the inquiries you send to us as a site operator. An encrypted connection indicates that the browser’s address line changes from “http: //” to “https: //” and on the lock icon in your browser line.

If the SSL encryption is activated, the data you transfer to us cannot be read by third parties.

7. Recording and Storage of Personal Data as well as the nature and purpose of their use

a) Contact Form/Email contact

We offer a contact form on our website to give you the opportunity to get in touch with us any time. In order to be able to use the contact form, one is required to provide one’s name for a personal address and a valid email address to get in touch, so that we know who initiated the inquiry and therefore can process it properly.

If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provided there as well as your IP address according to Art. 6 Abs. S. 1 lit. b and f DSGVO will be utilized, in order to carry out precontractual measures that were initiated by your inquiry or rather serve our business interest.

You are welcome to send us an email instead, by using the email address provided on our website. In this case we save and process your email address and the information you provided according to Art. 6 Abs. S. 1 lit. b und f DSGVO.

The requests and the associated data will be deleted no later than 3 months after receipt unless they are needed for a further contractual relationship.

b) The Use of Google Maps

This website uses Google Maps API. When you use Google Maps, the information that you are using such as the web page, (including your IP address), is sent to a Google server (Google Inc., 1600 Amphitheatre Parkway, Mountain View, California, 94043 in the United States, where it is stored. Google might pass on the data which were collected using Google Maps. If this is required by law or a third party processes the data at the behest of Google. In no case will your IP address be connected to any other data from Google. Nevertheless, we are obliged to inform you that it could be possible for Google to identify some users based on the data. The provider of this website has no influence on this data transfer. Therefore, you have the possibility of deactivating Google Maps service and preventing data from being transferred to Google: to do this, deactivate JavaScript in your browser. Note, however, that by doing so you will be unable to use the maps features.

For further information, please see Google Inc.’s Privacy Policy:

The use of Google Maps is in the interest of an appealing representation of our online offers and for an easy findability of the places indicated by us on the website. This represents a legitimate interest within the meaning of Art. 6 Abs. 1 lit. f DSGVO.

8. Cookies

Our website makes use of cookies to recognize repeated use of our website by the same user. Cookies are small text files that your internet browser downloads and stores on your computer. They are used to improve our website and services. It is not possible however to identify a person by using cookies.

Cookies serve to make our service more user-friendly, effective and secure. that would not be possible without the cookie setting. This represents a legitimate interest within the meaning of Art. 6 Abs. 1 lit. f DSGVO.

Most browsers automatically accept cookies based on browser preference. However, you can configure your browser so that either no cookies are stored on your computer or at least a hint is displayed before a new cookie is stored. If you completely disable the cookie feature in your browser It could be possible that you will not be able to make full use of features on our website.

Below we list the different types of cookies that are used on our website.

a) Session-Cookies

By means of a cookie, the information and offers on our website can be optimized with the user in mind. Cookies allow us, as previously mentioned, to recognize our website users. A session cookie, on the other hand, will expire at the end of the user session when the web browser is closed.

b) Temporary Cookies

To an extent, however, these cookies also pass along information used to automatically recognize you. Recognition occurs through an IP address saved to the cookies. The information thereby obtained is used to improve our services and to expedite your access to the website.

c) Cookies for Marketing and Optimization Purposes

Finally, we utilize cookies for marketing and optimization purposes. These cookies statistically track the use of our website and are evaluated for the optimization of our service. These cookies enable the recognition of your internet browser when you visit our website.

These cookies are deleted after a certain period of time.

9. Analysis and Tracking Tools

Below we list the different types of analysis and tracking tools that are used on the site. These serve the purpose of continued optimization of our website and manage it according to our needs. This represents a legitimate interest within the meaning of Art. 6 Abs. 1 lit. f DSGVO. The respective data processing purposes and data categories can be found in the corresponding tools.

Google Analytics

This website uses the following Google Analytics, a web analytics service provided by Google, Inc. ( (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; („Google“)).

Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information garnered by a cookie about your use of the website such as:

  • The browser being used
  • The operating system of your computer
  • The website from which our site was accessed (Referrer-URL)
  • The IP address of the inquiring computer
  • Time of server request

will be transmitted to and stored by Google on servers in the United States.

Since the IP anonymization was activated on our website, Google will truncate and anonymize the last section of the IP address for Member States of the European Union as well as for other parties to the Agreement on the European Economic Area. Only in exceptional cases, the full IP address is sent to and shortened by Google servers in the United States.

On our behalf Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage to the website provider. Google will not associate your IP address with any other data kept by Google.

You can prevent cookies from being installed by adjusting the settings on your browser software accordingly. You should be aware, however, that by doing so you may not be able to make full use of all the functions of our website.

You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this, you may not be able to use the full functionality of this website.

In addition, you can prevent Google from collecting and processing the data generated by the cookie (including your IP address) related to your use of the website, as well as the processing of this data by Google by downloading the browser plug-in available under the following link And install it at

You can prevent the collection of your data by Google Analytics. An opt-out cookie is set which prevents the collection of your data on future visits to this website by clicking the following link:

Deactivate Google Analytics

10. Social Media

a) Use of Google +1

Our pages use the functions from Google +1. The provider is Google Inc., (1600 Amphitheatre Parkway Mountain View, CA 94043, USA).

Recording and transferring information

By means of the Google +1 button, you can publish information globally. You and other users can obtain personalized contents from Google and its partners via the Google +1 button. Google stores the information that you clicked +1 for a certain content, as well as information on the page which you were looking at when clicking +1.

Your +1 clicks can be shown as hints together with your profile name and your photo in Google services such as search results or your Google profile or other places on websites and internet notifications.

Google records information on your +1 activities in order to improve services for you and others. In order to be able to use the Google +1 button, you need a public Google profile which is visible globally and which at least includes the name chosen for the profile. The said name will be used in all Google services. In some cases this name can also replace another name which you have been using when sharing contents via your Google account. The identity of your Google profile can be shown to users which know your e-mail address or have other identifying information about you.

Using the recorded information

Apart from the purpose of use mentioned above, the information provided by you will be used in line with the applicable Google Data Protection provisions (

Google may publish combined statistics on +1 activities of users and/or may pass them on to users and partners such as publishers, advertisers or connected websites.

b) LinkedIn

Our website uses functions provided by LinkedIn. Provider is LinkedIn, Ireland Unlimited Company (Wilton Place, Dublin 2, Irland).

For each access to one of our pages containing functions provided by LinkedIn, a connection to the LinkedIn servers is established. This is only possible if you are logged-in with your LinkedIn account.

For further information on data protection please click the LinkedIn data protection statement at:

11. Rights of Persons Affected

You have the following rights:

a) Information

As an affected person, you can assert certain rights. Thus, you may request information from our company whether personal data is collected and if so, to what extent, for what purpose and for which duration and what interests collection serves Art. 15 DSGVO This right covers information about

  • The purpose of processing
  • The categories of personal data concerned
  • The recipients to whom the data has been or will be disclosed
  • The planned storage duration or, if not possible the criteria to determine that period
  • The existence oft he data subject’s rights to deletion, rectification, restriction of processing or the right to object
  • The right to lodge a complaint with the Supervisory Authority – The origin of your personal data, in case the data was not collected by us
  • The existence of automated decision-making including profiling and where possible information about relevant details

b) Rectification

In the scope of the right of rectification Art. 16 DSGVO, the affected person has the right to immediately demand the rectification or completion of incorrect personal data.

c) Deletion

Furthermore, the affected person has the right to the deletion or restriction of processing (Art. 17, DSGVO), unless the following exceptions from the data subject right to deletion apply:

  • Exercising the right of freedom of expression and information
  • For compliance with a legal obligation which requires processing by European Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
  • For reasons of public interest in the area of public health in accordance with paragraphs Art. 9 Abs. 2 lit. h and i as well as Art. 9 Abs. 3 DSGVO
  • For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 Abs. 1 DSGVO in so far as the right referred to in paragraph a) is likely to render impossible or seriously impair the achievement of the objectives of that processing
  • For the establishment, exercise or defence of legal claims

d) Right to restriction of processing

Any person affected by the processing of personal data has the right, to restrict the processing if one of the following conditions applies Art. 18 DSGVO:

  • The accuracy of the personal data is contested by the data subject
  • The processing is unlawful, the data subject refuses to delete the personal data and instead requests the restriction of the use of personal data.
  • We no longer need the personal data for the purposes of processing, but the data subject requires them to assert, exercise or defend legal claims.
  • The person concerned has objection to the processing acc. Art. 21 Abs. 1 DSGVO

e) Notification Obligation

We shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Art. 16, Art. 17 Abs. 1 and Art. 18 DSGVO to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. We shall inform the data subjects about those recipients upon request.

f) Right to data portability

Any person affected by the processing of personal data shall have the right to obtain the personal data concerning him/ her provided to us by the data subject in a structured, common and machine-readable format. The person also has the right to have this data transferred to a third party provided that the processing is based on the consent pursuant to (Art. 6 Abs.1 S. 1 lit. a) or (Art. 9 Abs. 2 lit. a DSGVO), or on a contract pursuant to (Art. 6 Abs.1 lit. b DSGVO) and by means of automated processes.

g) Withdrawal of consent

The data subject shall have the right to withdraw his or her consent at any time in accordance with (Art. 7 Abs. 3 DSGVO). The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. The processing of personal data which was based on your consent shall not be continued in the future.

h) Right to lodge a complaint

In accordance with Art. 77 every data subject has the right to lodge a complaint with a supervisory authority if you think that your personal data have been processed in violation of the DSGVO

i) Right to object

The data subject shall have the right to object,on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her or when it is related to direct marketing Art. 6 Abs. 1 S. 1 lit. f DSGVO. In the latter case the data subject has a general right of objection that will be implemented by us specification of the particular situation. If you want to exercise your right to object, please send an email to

h) Automated decisions in individual cases including profiling

Any person concerned by the processing of personal data shall have the right not to be subject to a decision based solely on automated processing, – including profiling – which has a legal effect on it or, in a similar manner, significantly affects it; unless the decision

i. is necessary for the conclusion or performance of a contract between the data subject and us, or

ii. is permitted by the European Union or Member State legislation to which the controller is subject, and that legislation provides for appropriate measures to safeguard the rights and freedoms as well as the legitimate interests of the data subject; or

iii. with the express consent of the data subject.

However decisions shall not be based on special categories of personal data referred to in Art. 9 Abs. 1 DSGVO unless Art. 9 Abs. 2 applies and suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests are in place.

In the cases referred to in points i and iii the data we shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of a person on our side, to express his or her point of view and to contest the decision.

12. Change of privacy policy

We will mark any changes of our privacy policy on our website.

Last updated 05/14/2018