Privacy Policy

  1. General Information

    In the following, we will give you an overview of the processing of personal data in the sense of the General Data Protection Regulation (GDPR) and other applicable data protection laws by us, Boardside Executive Transition, and inform you about your rights under data protection law. If you use only some of our services, not all parts of this information will apply to you.

  2. Responsibility for Data Protection

    1. Person responsible for data processing

      Boardside Executive Transition GmbH
      Dr. Berit Bretthauer
      Mangerstraße 26
      14467 Potsdam

    2. Data Protection Officer

      Hoffmann Liebs Partnerschaft von Rechtsanwälten mbB
      Kaiserswerther Straße 119
      40474 Düsseldorf

  3. Processing of personal data by Boardside Executive Transition

    1. In general and in the context of contractual relations

      We process personal data that we receive from our customers, employees, candidates, suppliers or other parties concerned in the course of our activities. In addition, we process – as far as necessary for the provision of our services – personal data which we permissibly obtain from publicly accessible sources (e.g. press, Internet, career platforms such as LinkedIn or Xing) or which are legitimately transmitted to us by third parties.

      Relevant personal data are personal details (name, address, other contact details, date and place of birth and nationality), education-related information, professional development, awards, further education, legitimation data (e.g. identification data), data from the fulfillment of our contractual obligations such as account numbers, documentation data (e.g. advisory protocol) as well as other data comparable to the categories mentioned (e.g. IP address).

    2. Data processing within the scope of visiting our website
      1. Log files

        Every time a person concerned accesses our website, general data and information is stored in the log files of our system:

        • Date and time of the access (time stamp)
        • Request details and destination address (protocol version, HTTP method, referrer, UserAgent string)
        • Name of the retrieved file and transferred data volume (requested URL incl. query string, size in bytes)
        • message whether the retrieval was successful (HTTP Status Code)

          When using this general data and information, we do not draw any conclusions about the person concerned. There is no personal evaluation or an evaluation of the data for marketing purposes or a profile formation. The IP address is not stored in this context.

          The legal basis for the temporary storage of the data is Art. 6 para. 1 lit. f GDPR. The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the secure operation of our website. Consequently, there is no possibility of objection on the part of the person concerned.

      2. Detection of damaging software and log data analysis

        We collect log data that are generated during the operation of our company’s communication technology and evaluate them automatically, as far as this is necessary to detect, limit or eliminate disturbances or errors in the communication technology or to defend against attacks on our information technology especially the detection and defense against damaging software.

        The legal basis for the temporary storage and evaluation of the data is Art. 6 para. 1 lit. f GDPR. The storage and evaluation of the data is absolutely necessary for the provision of the website and for its secure operation. Consequently, the person concerned has no possibility to object.

      3. Hosting

        The hosting services we use serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we use for the purpose of operating our website.

        For this purpose, we or our order processor process inventory data, contact data, content data, contract data, usage data, meta and communication data of users of our website on the basis of our legitimate interests in an efficient and secure provision of this online offer in accordance with Art. 6 Para. 1 lit. f GDPR in conjunction with Art. 28 GDPR (conclusion of an agreement for order processing).

      4. Google Web Fonts

        To ensure that fonts used on this website are uniform, this website uses so-called Web Fonts provided by Google. When you access a page on our website, your browser will load the required web fonts into your browser cache to correctly display text and fonts.

        To do this, the browser you use will have to establish a connection with Google’s servers. As a result, Google will learn that your IP address was used to access this website. The use of Google Web Fonts is based on Art. 6 Sect. 1 lit. f GDPR. The website operator has a legitimate interest in a uniform presentation of the font on the operator’s website. If a respective declaration of consent has been obtained (e.g. consent to the archiving of cookies), the data will be processed exclusively on the basis of Art. 6 Sect. 1 lit. a GDPR. Any such consent may be revoked at any time.

        If your browser should not support Web Fonts, a standard font installed on your computer will be used.

        For more information on Google Web Fonts, please follow this link: and consult Google’s Data Privacy Declaration under:

    3. Data processing in the context of establishing a contact
      1. Contact by e-mail

        You can contact us by e-mail using the e-mail addresses published on our website.

        If you use this contact method, the data you provide (e.g. last name, first name, address), at least however the e-mail address, as well as the information contained in the e-mail together with any personal data you may have provided will be stored for the purpose of contacting you and processing your request. In addition, the following data is collected by our system:

        • IP address of the calling computer
        • Date and time of the e-mail.

          The legal basis for the processing of personal data in the context of e-mails sent to us is Art. 6 para. 1 lit. b or lit. f GDPR.

      2. Contact by letter and fax

        If you send us a letter or a fax, the data transmitted by you (e.g. surname, first name, address) and the information contained in the letter or fax will be stored together with any personal data you may have transmitted for the purpose of contacting you and processing your request.

        The legal basis for the processing of personal data in the context of letters and faxes sent to us is Art. 6 para. 1 lit. b or lit. f GDPR.

    4. Online presence in social media

      We maintain online presences within social networks (LinkedIn) in order to inform the users active there about our services and, if interested, to communicate via the platforms. Our social media channels can only be accessed via an external link. As soon as you access the respective social media profiles in the respective network, the terms and conditions and data processing guidelines of the respective operators apply.

      We have no influence on the data collection and its further use by the social networks. There is no knowledge of the extent to which, where and for how long the data is stored, to what extent the networks comply with existing deletion obligations, what evaluations and links are made with the data and to whom the data is passed on. We therefore point out that your data (e.g. personal information, IP address) will be stored and used for business purposes by the operators of the networks in accordance with their data use guidelines.

      We process data with regard to social media presences insofar as comments or direct messages are sent to us via these. The legal basis for the processing of data after the user’s consent is Art. 6 para. 1 lit. a GDPR.

  4. Purposes and legal basis of the processing of personal data

    We process personal data in accordance with the provisions of the GDPR and the Federal Data Protection Act of Germany (BDSG)

    1. to fulfill contractual obligations (Art. 6 para.1 b GDPR)

      The processing of data is carried out in order to fulfil the company’s purpose, namely the provision of executive search, executive assessment and coaching services. The purposes of data processing are primarily based on the specific data subject (e.g. employee, supplier, customer, candidate). Further details on the data processing purposes can be found in the relevant individual contracts.

    2. In the context of the balancing of interests (Art. 6 para. 1 f GDPR)

      As far as necessary, we process your data beyond the actual fulfillment of the contract to protect legitimate interests of us or third parties. Examples:

      • Processing of personal data such as name and date of birth for company management, employee development and leadership,
      • Examination and optimization of procedures for the analysis of needs for the purpose of direct contact with candidates,
      • Assertion of legal claims and defense in legal disputes, ensuring IT security and IT operation of the company,
      • Prevention and investigation of criminal offences,
      • Measures for building and plant security (e.g. access controls),
      • Risk management within the company.
    3. based on your consent (Art. 6 para. 1 a GDPR)

      If you have given us your consent to process personal data for specific purposes, the lawfulness of this processing is based on your consent. You can revoke your consent at any time. The revocation of a consent is only effective for the future and does not affect the legality of the data processed until the revocation.

  5. Recipients of personal data

    In our company, only those departments or persons who need access to your data in order to fulfil the contractual and legal obligations of our company and whose duties include this within the scope of our business activities are granted access to your data. Service providers and vicarious agents employed by us may also receive data for these purposes if they guarantee data protection. These are companies in the categories IT services, logistics, printing services, research & assessment services, telecommunications, sales, and consulting.

    With regard to the transfer of data to recipients outside our company, the following applies: We may only pass on information about our customers, business partners, candidates or other persons if required by law, if the person concerned has given his or her consent or if there is another reason for permission. Under these conditions, recipients of personal data can be, for example:

    • Public bodies and institutions (e.g. tax authorities, criminal prosecution authorities) in case of a legal or official obligation,
    • Service providers, which we call upon within the framework of contract processing relationships.

      Other data recipients can be those entities for which you have given us your consent to transfer data or to which we are authorized to transfer personal data based on a weighing of interests.

  6. Transfer of personal data to non-member countries

    A data transfer to places outside the European Union (so-called non-member countries) takes place, if

    • it is necessary for the execution of contractual obligations,
    • we use service providers located there within the framework of contract processing relationships (e.g. Knigth Executive Research),
    • it is required by law, or
    • you have given us your consent.

      Furthermore, a transfer to bodies in non-member countries is planned in the following cases:

    • Through cloud systems used by us or Google functionalities.
  7. Duration of storage or other processing

    We process and store your personal data as long as this is necessary for the fulfilment of our contractual and legal obligations. If the data is no longer required for the fulfilment of contractual or legal obligations, it will be regularly deleted, unless its – temporary – further processing is necessary for the following purposes:

    • Fulfilment of commercial and tax law obligations to retain data, which may arise, for example, from German Commercial Code (HGB) or German Fiscal Code (AO). The periods of retention or documentation specified there are usually two to ten years.
    • Preservation of evidence within the framework of the legal limitation periods. According to §§ 195 ff. of the German Civil Code (BGB), these limitation periods can be up to 30 years, whereby the regular limitation period is 3 years.
  8. Affected parties’ rights

    Every data subject has the right of information pursuant to Article 15 GDPR, the right of correction pursuant to Article 16 GDPR, the right of deletion pursuant to Article 17 GDPR, the right of limitation of processing pursuant to Article 18 GDPR, the right of objection pursuant to Article 21 GDPR and the right of data transfer pursuant to Article 20 GDPR. With regard to the right of information and the right of deletion, the restrictions pursuant to Sections 34 and 35 BDSG apply. In addition, there is a right of appeal to a competent data protection supervisory authority (Article 77 GDPR in conjunction with Article 19 BDSG).

    You can revoke your consent to the processing of personal data at any time. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected.

  9. Obligation to supply data?

    Within the scope of a contractual relationship with our company, you must provide us with the personal data required for the initiation, execution and termination of such a contractual relationship and for the fulfillment of the associated contractual obligations or which we are legally obliged to collect. You can also decide not to make your personal data available. Without this data, we will generally not be able to conclude, execute and/or terminate a contract with you.

  10. Right of objection according to Article 21 GDPR

    1. Right of objection in individual cases

      You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you, which is carried out on the basis of Article 6 paragraph 1 letter e GDPR (data processing in the public interest) and Article 6 paragraph 1 letter f GDPR (data processing based on a balancing of interests).

      If you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate reasons for processing that outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims.

    2. Recipient of an objection

      The objection can be made in any form with the subject “Objection”, stating your name, address and date of birth and should be addressed to:

      Boardside Executive Transition
      Dr. Berit Bretthauer
      Mangerstraße 26
      14467 Potsdam