Version April 7, 2022
To provide our management consulting services to our clients as well as to operate as a business on the market it is essential that we process your personal data in the role such as a contact person, a business executive, a client, a supplier, an employee or another third party. We process your personal data only in the case it is required for the performance of a contract and eventual steps to enter such a contract, in the case of legal obligations, or in the case of our legitimate interest in the sense of entrepreneurial activity as a management consultancy on the market.
We classify personal data in the following main categories:
- Data about natural persons
- Data about juridical persons
- Data about bank and financial transactions
- Data about employment relationships
- Data about contractual relationships including consulting contracts
- Data in regards to the performance of individual consulting contracts
We process this in the following data categories:
- Name / company
- Profession / job description
- Date of birth
- Company and commercial registers
- Contact person
- Project staff
- Business address and other addresses of the client
- Contact information (phone number, e-mail address, etc.)
- Bank accounts and credit card data
- VAT number
- Order information
- Areas of interest in terms of topics and business focus
- Further data over the course of specific consultancy contracts, employee contracts, and other contracts
If you do not provide elements or all the required data, it could under certain circumstances happen that we cannot fulfill requested services or specific contractual obligations. Please note that such cases would not represent a contractual failure of performance on our side.
Lawfulness, Purpose, and Scope of Processing
We process your personal data only as far as it is required. The following table provides an overview of the purpose and the corresponding legal basis.
|Purpose||Legal Basis (Article 6 GDPR)|
|Administration of the business relationship including financial accounting and performing business activities||Processing for the performance of a contract, respectively taking steps to enter a potential contract|
|Administration of the employment relationship||Processing for the performance of a contract, respectively taking steps to enter a potential contract|
|Recruiting of personnel including contacting suitable applicants and administering the recruiting process||Legitimate interest in the sense of entrepreneurial activity as a management consultancy on the market|
|Performance of management consulting services||Processing for the performance of a contract, respectively taking steps to enter a potential contract|
|Compliance with legal obligations and assistance in legal procedures||Legal obligations|
|Usage of the corporate website incl. potential processing of contact information, contact requests, or direct arrangements of business appointments||Legitimate interest in the sense of entrepreneurial activity as a management consultancy on the market|
|Direct marketing for potential business services (As far as data processing for such a purpose has not been disagreed previously)||Legitimate interest in the sense of entrepreneurial activity as a management consultancy on the market|
Purposes that are based on legitimate interest follow the guidelines of the GDPR incl. a balancing of interests, a regular review of the compliance with GDPR, and the respect of your rights. We process your personal data for the previously mentioned purposes based on your upfront consent, provided that your upfront consent is mandatory according to the legal basis.
As an external, independently acting management consulting firm on the market we fulfill our role as “controller” according to article 4 item 7 of the GDPR actively. In addition, we could act in the role of a “processor” which is dependent on the specific client context and the specific initiating consulting engagement. In such cases, we would agree on an individual “data processing agreement” for the specific consulting engagement.
Transfer of Data to Third Parties and Handling of Business Sensitive Data of our Clients
Considering our corporate purpose, our company size, and our market position, as well as the complexity of today’s data processing operations it can occur that we sometimes engage service providers outside of the European Union. In such cases, we take care by the selection of the specific service provider with his service offerings, his market position, his specific configuration options in the products, or by additional guarantees, that the European level of privacy and level of security standards are reached. In addition, we follow new developments in the context of potential future legal guidelines, potential future legal regulations, as well as new or complemented agreements between the European Union and specific third countries, as far as this possible considering the principle of proportionality, respectively as far as we are obliged to do so.
In general, our recipients of personal data are structured in the following categories:
- Employees of CKC
- Engaged IT service providers, especially
- Microsoft Ireland Operations Ltd in Ireland, where the data location setting is configured with “European Union” (“data at rest”)
- Engaged host of the corporate website, especially
- ALL-INKL.COM - Neue Medien Münnich, owner: René Münnich, in Germany
- Engaged service provider for financial accounting and tax advisory, especially
- MGI Linz Steuerberatung Gesellschaft m.b.H. in Austria
- Administrative authorities, courts, and bodies governed by public law
- Insurance companies in the course of concluding an insurance contract, of providing a possible benefit up to the occurrence of an insured event
- Banks when processing payment transactions
- Customers with their bodies, representatives, project staff, and stakeholders during a consulting assignment
- Any cooperation partners, legal representatives, and sub-contractors
- Other recipients specified by the client in particular cases
We would like to point out that in addition to respecting legal requirements for the protection of personal data, we are eminently protecting the business-sensitive data of our clients as well. For the required processing and storing of such data in the course of performing an individual consulting engagement, we can rely on end-devices and central storage which are in possession of CKC, and – among other aspects – are physically protected, updated on a regular basis, and encrypted adequately. We are happy to discuss this in further detail during the phase of entering a potential consulting engagement as well as during the actual consulting engagement, according to your interest and requirements. Where applicable we can make further agreements.
Visitors to our Website
We operate a company website to inform interested visitors about our company and our possible services, as well as to offer contact options for potential future and current business clients. To ensure the functionality of the website, as well as to ensure the security of the service and to improve the website, the following data is logged in log files:
- Website visited
- Time of access
- Amount of data sent in bytes
- Source/link from which website the visit originated
- Browser used
- Operating system used
- IP address used
ALL-INKL.COM - Neue Medien Münnich, owner: René Münnich, is engaged to host the website in Germany.
The website offers the possibility to book a business meeting directly by providing your contact details. For this purpose, the Microsoft Bookings service by Microsoft Ireland Operations Ltd in Ireland is used. This service is integrated and linked using the HTML function iFrame. When using this service, technically necessary cookies are set by the Microsoft Bookings service. If you do not want to use this service and want to arrange a business appointment with us, you always have the option of contacting us via email or telephone.
When visiting our website, no other cookies besides the Microsoft Booking Service, are currently used.
CKC as a Participant in Digital Business Networks
CKC points out that it participates in the two internationally known digital business networks LINKEDIN and XING as a user, to be able to get in touch with other users of these respective business networks. CKC is also participating in the HUDDLEX.AT business network, which is regionally established in Austria as a service of the Upper Austrian Chamber of Commerce. We would like to point out that you use these business networks on your own responsibility.
The contact information for LINKEDIN is:
The contact information for XING is:
The contact information for HUDDLEX.AT is:
Chamber of Commerce Upper Austria (WKOÖ)
Professional Association UBIT – Management Consulting, Accounting & IT
Tel. +43 5 90 909 4712
In general, your data is retained for the duration of the business relationship, respectively the duration of the employment relationship. Beyond that we are obliged to retain relevant data for a longer period due to the following reasons:
- For reasons of liability / statute of limitations for an additional 3 years or deviating from this, if there is a different individual agreement with you or a different legal requirement
- For tax reasons for an additional 7 years or deviating from this, if a special legal requirement would require a longer period
- For the creation of a certificate of service (“Dienstzeugnis”) for an additional 30 years
For the purpose of making contact in terms of advertising and in terms of informing about future service offers from us, and in terms of communicating possible needs from you, we store personal data from natural and legal persons for a period of time that corresponds to the legal requirements. In doing so, we take into account any legal requirements on a necessary prior consent, as well as any upfront withdrawal from you for this particular purpose of data processing. We also carry out a regular updating process to keep this data factually correct.
The log data with personal data content which is technically generated on the IT systems under our control, e.g., on our website, is kept for a maximum of 183 days unless a legal requirement speaks against it. We are using this setting in consideration of ensuring data minimization and storage limitation as well as having a relevant data basis for developing our IT systems in terms of performance, functionality, and security further. In addition, log data is an essential source of information for us, to be able to identify unauthorized or abusive use in suspected cases and to initiate further actions.
Information on Legal Remedies
You have the right to receive information about your personal data. Under certain conditions, you have the right to have your data corrected or deleted. Furthermore, there is the right to restriction of processing, objection, and data transferability provided that the legal provisions are given. For this, please contact us directly.
You can withdraw your consent at any time. A withdrawal means that we will no longer process your data from this point in time for the purposes stated in the withdrawal. For a withdrawal please contact email@example.com.
If you have the feeling that the processing of your personal data violates data protection law or that your data protection claims have otherwise been violated in a specific way or that we were unable to answer your concerns accordingly, you can contact the supervisory authority. In Austria, the corresponding authority is the data protection authority ("Datenschutzbehörde") https://www.dsb.gv.at/.
We are at your disposal for questions and other concerns in the context of data protection. You can reach us at the email address: firstname.lastname@example.org.
You can also contact us by post at our company address, or you can call the company owner – Christian Kaliauer – directly via the number +43 660 514 94 94.
Responsible for the Processing
Christian Kaliauer Consulting .e.U.
Owner: Christian Kaliauer
Im Kornfeld 4
Tel.: +43 660 514 94 94