Privacy Policy

The controller responsible for processing personal data on this website is:

Momentum Advisory GmbH
Kieler Str. 72
24119 Kronshagen
Germany
Email: info@momentumadvisory.de
Phone: +49 431 556062-00

If you have any questions about data protection, you can contact us at any time at datenschutz@momentumadvisory.de.

A separate data protection officer has not been appointed.

We process personal data exclusively within the framework of the applicable data protection laws, in particular the General Data Protection Regulation (GDPR) and the German Telecommunications Digital Services Data Protection Act (TDDDG).

We process personal data in particular when you visit our website, contact us, use forms, grant or withdraw consent for cookies or similar technologies, download content or submit consulting inquiries.

Our services are not directed at children. We do not knowingly process personal data of children.

When you access our website, technically required data is processed in order to deliver the website, ensure the security and stability of the systems and prevent misuse.

The following data in particular may be processed:

• IP address
• date and time of access
• requested URL or resource
• referrer URL
• browser type and browser version
• operating system
• access status / HTTP status code
• amount of data transferred
• technical log and connection data

Processing is carried out for the purpose of providing the website, analysing errors, ensuring system security, defending against abusive access and technical administration.

**Legal basis:** Art. 6(1)(f) GDPR; where information is stored on or read from your terminal device, Section 25 TDDDG also applies.

We use technical infrastructure and service providers to provide the website and related functions. This includes in particular hosting and infrastructure services as well as email services.

In this context, we process personal data in particular via the following providers or infrastructure components:

• Hetzner
• IONOS
• Postale.io

Our website is provided via a multi-layer technical infrastructure that includes, in particular, reverse proxy, web frontend, API backend and database functions. Processing is carried out for the secure and efficient provision of our online services, for technical administration, for communication and for handling inquiries and leads.

**Legal basis:** Art. 6(1)(f) GDPR and, where contractually or pre-contractually required, Art. 6(1)(b) GDPR.

We use technically necessary and, depending on your selection, optional cookies and similar technologies on our website, such as local storage, session storage, tracking scripts or comparable identifiers.

Where the storage of information on your terminal device or access to information already stored there is required for a function, this only takes place on the basis of your consent or, where legally permitted, because the respective technology is strictly necessary to provide a digital service expressly requested by you or to transmit a message.

Consent and withdrawal management is carried out via a consent and cookie handling solution implemented by us. In particular, consent status, the time of the decision, affected categories and technical identifiers may be processed and documented.

**Legal bases:** Section 25(1) TDDDG in conjunction with Art. 6(1)(a) GDPR for technologies requiring consent; Section 25(2) TDDDG in conjunction with Art. 6(1)(f) GDPR or Art. 6(1)(b) GDPR for technically necessary technologies.

If you contact us by email, via contact forms or in the context of a consulting inquiry, we process the data you provide in order to handle your request.

Depending on the form and request, the following data in particular may be processed:

• name
• company
• email address
• phone number
• content of your message
• information about your request
• further voluntary information
• information related to downloads, publications or consulting inquiries

Processing is carried out in order to handle your request, communicate with you and, where applicable, carry out pre-contractual measures.

**Legal bases:** Art. 6(1)(b) GDPR insofar as your request is aimed at concluding or performing a contract; additionally Art. 6(1)(f) GDPR for general inquiries and communication.

To process inquiries, form submissions, requests for advice and leads, we use a self-developed CRM and lead management system hosted within the EU.

The following data in particular may be processed in this system:

• master data
• contact data
• communication content
• inquiry and transaction data
• status information on leads and business transactions
• voluntarily shared project-related information

Processing is carried out for the handling of your inquiries, the initiation and execution of business relationships and internal process and contact management.

**Legal bases:** Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR.

If you communicate with us by email, we process the personal data contained in your message as well as the related communication data and metadata in order to handle your request.

Sending and receiving emails may be handled via technical service providers, in particular via Postale.io.

**Legal bases:** Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR.

Where you grant your consent, we may use services for audience measurement, web analytics, conversion measurement as well as marketing and tracking services. This may include in particular services from Google and Microsoft/Bing.

The following data in particular may be processed:

• IP address
• cookie and identifier data
• device and browser information
• usage and interaction data
• referrer information
• conversion and campaign data

Such services are only activated after the relevant consent has been given, where required by law.

**Legal basis:** Art. 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG.

On individual pages, we may integrate or link to external content or functions. This may include in particular the following categories:

• video platforms
• map and location services
• document and publication platforms
• social media integrations
• tracking or marketing services

If such content is technically loaded or embedded, personal data may be processed by the respective providers. Where consent is required for this, integration only takes place after you have made the corresponding selection.

**Legal bases:** Art. 6(1)(a) GDPR, Art. 6(1)(f) GDPR and, where applicable, Section 25 TDDDG.

Personal data may be transferred to the following categories of recipients insofar as this is necessary for the stated purposes:

• internally responsible departments
• technical service providers and processors
• hosting and infrastructure providers
• providers of email, consent, form, security or communication services
• providers of integrated external services
• authorities or other bodies where there is a legal obligation to do so

Where services from providers based outside the EU or the EEA are used on individual pages, personal data may be transferred to third countries. This concerns in particular constellations in which services from Google, Microsoft/Bing, video platforms, social media providers or other external platforms are integrated.

In such cases, processing only takes place on the basis of an appropriate legal basis and, where required, with suitable safeguards, in particular standard contractual clauses or other legally recognised transfer mechanisms.

We store personal data only for as long as this is necessary for the respective purposes or as long as statutory retention obligations exist.

The following criteria are relevant in particular:

• duration of processing your request
• duration of an existing business relationship or contract initiation
• statutory retention periods
• necessity for asserting or defending legal claims
• necessity for ensuring IT security, system operation and abuse prevention

After that, the data is deleted or processing is restricted unless statutory obligations prevent this.

Under the statutory provisions, you have in particular the following rights:

• right of access
• right to rectification
• right to erasure
• right to restriction of processing
• right to data portability
• right to object
• right to withdraw consent granted with effect for the future

To exercise your rights, you can contact info@momentumadvisory.de or datenschutz@momentumadvisory.de.

Where we process your data on the basis of Art. 6(1)(f) GDPR, you have the right to object to this processing at any time on grounds relating to your particular situation.

Where personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data for such marketing.

You have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data.

The competent authority is, in particular, the Independent State Centre for Data Protection Schleswig-Holstein.

According to the current status, automated decision-making including profiling within the meaning of Art. 22 GDPR does not take place.

We reserve the right to amend this privacy policy if this becomes necessary due to technical, legal or organisational changes. The version published on this website shall apply in each case.