Privacy Policy

Preamble

Data Protection has a particularly high priority for our Company. In the following, we provide information about the collection of personal data when using our website and in connection with other offers of our Company. The data processing described herein can be found in the table of contents that we have prefixed to this data protection declaration.

Definitions

Our Data Protection Declaration is intended to be simple and understandable for everyone. In this Data Protection Declaration, the official terms of the General Data Protection Regulation (GDPR) are generally used. The official definitions are explained in Art. 4 GDPR. According to this, personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behavior (cf. Art. 4 No. 1 GDPR).

Legal Basis

The processing of personal data can be based on various legal bases. If we need your data to fulfill a contract with you or to respond to inquiries from you regarding a contract, the legal basis for this data processing is Art. 6 (1) lit. b GDPR.

If we obtain your consent for certain data processing, the legal basis is Art. 6 para. 1 lit. a GDPR.

We carry out some data processing on the basis of our and/or the legitimate interests of third parties, whereby a balancing of your interests worthy of protection and the legitimate interest in the data processing is always carried out. The legal basis for this is Art. 6 para. 1 lit. f GDPR. Insofar as the processing is necessary for the fulfillment of a legal obligation to which we are subject, the legal basis is Art. 6 para. 1 lit. c GDPR.

1. Controller for Data Processing

2. Contact Possibility of the Data Protection Officer

3. Collection of Personal Data when visiting our Website

4. Essential Technologies for Advanced Website Functionalities

4.1 Usercentrics Consent Management Platform

4.2 Google Tag Manager

4.3 Google Web Fonts (Offline Version)

5. Cookies

6. Newsletter

6.1 General Information

6.2 Newsletter Tracking

6.3 Use of Subcontractors

7. Download Whitepapers and Other Lead Generation Documents

8. Contact via E-mail, Telephone or Contact Form

9. Download of Media Content and Register for Webinars and Events

10. Vimeo

11. Transfer of Data

12. Data Security

13. Your Rights

13.1 General Rights

13.2 Rights in Data Processing according to Legitimate Interest

13.3 Rights in the Case of Direct Advertising

13.4 Right to Complain to a Supervisory Authority

14. Links to other Websites

15. Data Protection Declaration for Applicants

16. Changes to the Data Protection Declaration

The Controller pursuant to Art. 4 No. 7 GDPR for the processing of personal data described herein is

riskmethods GmbH,

Balanstraße 49,

81669 Munich,

Deutschland

E-Mail: info@riskmethods.net (hereinafter also „we“)

Further information can be found in our imprint

You can reach our data protection officer at privacy@riskmethods.net or our postal address with the addition of "the Data Protection Officer".

In the case of merely informational use of the website - i.e., if you do not register or otherwise transmit information to us (e.g., via a contact form) - we only collect the following technical information (log file data):

• Operating system of the end device with which you visit our website
• Browser (type, version & language settings)
• The amount of data retrieved
• The current IP address of the terminal device with which you visit our website
• Date and time of access
• The URL of the previously visited website (referrer)
• The URL of the (sub)page you are accessing on the website
• The Internet service provider of the accessing system

The collection of this data is technically necessary to display our website to you and to ensure its stability and security. We and our hosting and support service provider are regularly unaware of who is behind an IP address. We do not combine the data listed above with other data.

The legal basis is our legitimate interest according to Art. 6 para. 1 lit. f GDPR. In the context of the balancing of interests pursuant to Art. 6 (1) lit. f GDPR, we have taken into account and weighed our interest in providing and your interest in processing your personal data in accordance with data protection. Since the aforementioned data is technically necessary for the provision of our website and its processing is also necessary to ensure stability and security, in particular to provide protection against unauthorized access to the website, we have come to the conclusion that this data must be processed - while ensuring data security in line with the state of the art - taking due account of your interest in data protection compliant processing.

The data will be deleted as soon as they are no longer required to achieve the purposes of their collection described above. This is usually the case after one month at the latest.

In order to be able to use extended functionalities of our website in accordance with the applicable data protection law, we have implemented certain essential technologies. These are already activated when you access the website. These technologies are necessary to manage advanced functionalities of the website, to provide you with the information and choices required by law, and to allow us to demonstrate lawful data processing. The legal basis for the use of these essential technologies and the associated processing of personal data is our legitimate interest as described above (Art. 6 para. 1 lit. f GDPR).

4.1 Usercentrics Consent Management Platform

The use of certain other technologies and applications on our website requires your consent, or you have a right to object in this respect. In addition, we are required by law to inform you about the use of cookies and similar technologies (see also the section on "Cookies") on our website when you access the website. For this purpose, we use the service Usercentrics as a so-called cookie management manager. Usercentrics is software developed by Usercentrics GmbH, Rosental 4, 80331 Munich, Germany.

Usercentrics determines the language used by your browser in the process. A cookie is set to check whether you have already made a selection in our cookie management manager during a previous visit to our website. This cookie is necessary because it allows the website to recognize whether or not you have consented to the use of certain technologies. In addition, a log file is created for us in order to be able to prove any consent you may have given. This file contains the IP address in anonymized form, information about the browser that was used, data about the extent of consent, and the date and time of the visit.

The legal basis for the processing described above is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR. Furthermore, we are required by law to provide the information contained in the cookie management manager when you access our website and to allow you to decide which cookies and similar technologies we use (Art. 6 para. 1 lit. c GDPR).

The purpose of data processing is the user-friendly and legally compliant design of our website. We want to make it as easy as possible for you to give or revoke consent or to exercise a right of objection regarding the use of certain technologies. We also want to increase the transparency of data processing using cookies, pixels, tags or similar technologies on our website. Our legitimate interest also lies in these purposes of data processing.

The cookie containing your consent or refusal to use cookies will be stored on your terminal device for a period of six months; after this period, the cookie management manager will be displayed again when you visit our website and you can reconsider your decision to consent and change it if necessary. The consent data (consent given and revocation of consent) is stored for three years.

You can check and revoke your consent to the use of certain or all cookies and similar technologies at any time. To do this, you will find a "fingerprint" icon on our website (usually at the bottom right of your screen). By clicking on this "fingerprint" icon, you can reopen the cookie management manager at any time. The cookie management manager will then show you your current settings regarding the use of cookies and similar technologies, and you can change them by selecting the individual applications. Via the "History" tab, you can also retroactively track at which time or in which period you had selected which settings regarding the use of cookies and similar technologies for the above-mentioned period of time.

Cookies in connection with the use of the cookie management manager are stored on your computer and transmitted from it to our site. Therefore, you as a user also have full control over the use of cookies. By changing the settings of your Internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, the cookie management manager can no longer be used to its full extent and there may be functional and comfort restrictions in the use of our website.

4.2 Google Tag Manager

Google Tag Manager is a solution provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), which allows us to manage website tags through a common interface. Google Tag Manager is a cookie-less domain that does not itself collect any personal Seite 6 von 15 data. However, the Google Tag Manager may trigger other tags that collect personal data. Our cookie management manager contains special instructions for each of these tags, and they are only set with your prior consent. The Google Tag Manager does not access this data.

For more information about Google Tag Manager, you can access the details in our cookie management manager.

4.3 Google Web Fonts (Offline Version)

This page uses so-called web fonts provided by Google for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly. We have opted for the offline version, in which the Google Fonts are stored locally on our web server. The management of the fonts is then possible - using CSS - as with any other font family. A transmission of the IP address and other data to Google does not take place.

Google Web Fonts are used in the interest of a uniform and appealing presentation of our online offers with regard to efficiency and cost-saving considerations. This represents a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. If your browser does not support web fonts, a standard font is used by your computer.

For more information about Google Web Fonts, see https://developers.google.com/fonts/faq and Google’s privacy policy: https://www.google.com/policies/privacy/

Our website uses cookies. Cookies are files that are placed on your computer by a website you visit and allow your browser to be reassigned. Cookies transmit information to the entity that sets the cookie. Cookies can store various information, such as your language setting, the duration of your visit to our website or the entries you have made there. This prevents you, for example, from having to re-enter required form data each time you use the site. The information stored in cookies can also be used to recognize preferences and to tailor content according to areas of interest.

There are different types of cookies: session cookies are sets of data that are only temporarily held in memory and are deleted when you close your browser. Permanent or persistent cookies are automatically deleted after a specified duration, which may vary depending on the cookie. The information can also be stored in text files on your computer with this type of cookie. However, you can also delete these cookies at any time via your browser settings.

Initial Provider-cookies are set by the website you are currently visiting. Only that website is allowed to read information from these cookies. Third-party cookies are set by organizations that do not operate the website you are visiting. For example, these cookies are used by marketing companies.

The legal basis for possible processing of personal data by means of cookies and their storage period may vary. Insofar as you have given us consent, the legal basis is Art. 6 (1) lit. a GDPR. Insofar as the data processing is based on our overriding legitimate interests, the legal basis is Art. 6 (1) lit. f GDPR. The stated purpose then corresponds to our legitimate interest.

We use cookies to ensure the proper operation of the website, to provide basic functionality, to measure reach, and - with your consent - to tailor our services to preferred areas of interest.

The cookies used on this website can be found in detail in our cookie management manager. Please also check the information in the section on the "Usercentrics Consent Management Platform“.

You can delete cookies already stored on your end device at any time. If you want to prevent cookies from being stored, you can do this via the settings in your internet browser. You can find instructions for common browsers here: Internet Explorer, Firefox, Google Chrome, Google Chrome mobile, Microsoft Edge, Safari, Safari mobile. Alternatively, you can also install so-called ad blockers. Please note that individual functions of our website may not work if you have disabled the use of cookies.

6.1 General Information

You can subscribe to our newsletter on our website with each form submission, with which we inform you about the activities of our company, current developments around our services, special offers, promotions, events and competitions. The legal basis for sending the respective newsletter is your consent in accordance with Art. 6 Para. 1 lit. a GDPR in conjunction with sec. 7 para. 2 no. 3 UWG (German Act against Unfair Competition).

We will also send you a newsletter with follow-up advertising for our own similar goods or services on the basis of Art. 6 (1) lit. f GDPR, sec. 7 (3) UWG if we have received your e-mail address in connection with an order placed with us, unless you have objected to receiving such advertising.

You can object to the use of your e-mail address for direct advertising at any time without incurring any costs other than the transmission costs according to the basic rates. To do so, simply click on the link at the end of our newsletter or write a message to privacy@riskmethods.net. After your objection, we will Seite 8 von 15 permanently store your address on a so-called blacklist to ensure that we do not send you any more newsletters in the future.

As far as we ask for your consent to subscribe to our newsletters, we use the so-called double-opt-in procedure. This means that after your registration, we will send you an e-mail to the e-mail address you provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration, we will not include you in the distribution list for our newsletter.

Mandatory data in the context of consenting to the sending of the newsletter are only your first name, last name, company, country and e-mail address. The specification of all other data (e.g. salutation, title) is voluntary. We also use this data if we send you a newsletter with follow-up advertising; in this case, we also use information about your previous orders (customer history) in order to be able to restrict the content of this follow-up advertising to our own similar goods or services if necessary.

The aforementioned data is used to be able to address you personally and, if necessary, to be able to adapt the contents of the newsletter for you in a country-specific manner. After confirming your consent, we store your e-mail address for the purpose of sending the newsletter and until revoked. We also store your IP address current at the time of registration, the time of registration and confirmation for up to three years after registration (statute of limitations). The purpose of this procedure is to be able to prove your registration in case of doubt and, if necessary, to clarify any misuse of your personal data. The legal basis for logging the registration is our legitimate interest according to Art. 6 para. 1 lit. f GDPR in the proof of a formerly given consent, see also Art. 7 para. 1 GDPR.

You can revoke your consent to receive the newsletter and unsubscribe at any time. You can declare the revocation by clicking on the link provided in every newsletter email or by sending an email to privacy@riskmethods.net. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent up to the revocation.

6.2 Newsletter Tracking

We would like to point out that we evaluate your user behavior when sending the newsletter. For this evaluation, the emails sent contain so-called web beacons or tracking pixels that are stored on our website. For the evaluations, we link the above-mentioned data and the web beacons with your e-mail address and an individual ID. 

With the data obtained in this way, we create a user profile in order to tailor the newsletter to your individual interests. In doing so, we record when you read our newsletters, which links you click on in them and infer your personal interests from this. We link this data to actions you have taken on our website. The legal basis for this data processing is our legitimate interest in tailoring our newsletter as an information and advertising medium as precisely as possible to your interests as a recipient, in order to improve the reach of our newsletter.

You can object to this tracking at any time by clicking on the separate link provided in each email.

Moreover, such tracking is not possible if you have deactivated the display of images by default in your e-mail program. In this case, the newsletter will not be displayed to you in full and you may not be able to use all the functions. If you display the images manually, the above tracking takes place.

6.3. Use of Subcontractors

We use the "Pardot" application for sending and evaluating our newsletters as described in the previous sections. This application is provided to us by salesforce.com Germany GmbH, Erika-Mann-Straße 31-37, 80636 Munich. We have concluded an order processing agreement with Salesforce in accordance with Art. 28 GDPR. Salesforce also transfers personal data to its own group companies or other vicarious agents as part of the provision of services. If and to the extent that data is transferred to third countries outside the EU or the member states of the EEA, compliance with an adequate level of data protection is also ensured in these third countries via Salesforce's internal binding data protection regulations (Art. 47 GDPR) or via the EU standard contractual clauses (Art. 46 GDPR).

On websites of our advertising partners, you can obtain various whitepapers and PDF documents from us free of charge. Before downloading, you will be asked to give your consent (Art. 6 para. 1 lit. a GDPR) to the transmission of contact data by the advertising partner to us (e.g. first and last name, e-mail address, country, company, job title). This data will be stored by us and used to address you by e-mail for advertising purposes, for which you likewise already give your consent on the website of the advertising partner; in this respect, the explanations under section 6 ("Newsletter") apply accordingly. You may revoke your consent to the processing of your personal data for advertising purposes at any time with effect for the future. To do so, click on the unsubscribe link offered at the end of each newsletter e-mail or send us an e-mail to privacy@riskmethods.net and express your wish with effect for the future.

When you contact us via e-mail, telephone or a contact form, the data you provide (your e-mail address, name and telephone number, if applicable) will be stored by us in order to answer your questions and process your requests.

Insofar as we request information via our contact form that is not required for contacting us, we have always marked this as optional. This information is used to specify your request and to improve the processing of your request. A communication of this information - also in the case of communication via e-mail or telephone - takes place in the case of general inquiries expressly on a voluntary basis and with your consent, Art. 6 para.1 lit. a GDPR or in the case of (pre-)contractual inquiries on the basis of Art. 6 para. 1 lit. b GDPR. Insofar as this involves information on communication channels (for example, e-mail address, telephone number), you also consent to us contacting you via this communication channel, if necessary, in order to respond to your request. If the legal basis for the processing of your data is based on your consent, you can of course revoke this consent at any time with effect for the future; to do so, simply send an e-mail to privacy@riskmethods.net.

Your data that we have received in the course of contacting you will be deleted as soon as it is no longer required to achieve the purpose for which it was collected, your request has been fully processed and no further communication with you is necessary or desired by you. Please note that in the case of (pre-)contractual inquiries, legal retention obligations may arise for us and we may only be able to delete your data after their expiry.

We have implemented numerous technical and organizational measures to ensure the most complete protection possible for the personal data processed via this website. Nevertheless, Internet-based data transmissions can generally have security gaps. Absolute protection cannot be guaranteed; in any case, sending unencrypted e-mails is not secure. We therefore ask you not to send sensitive data by unencrypted e-mail, but to use either encrypted communication channels (e.g. our contact form) or the postal service.

You will receive media content from us such as white papers, brochures or checklists, and you can participate in webinars and events.

Mandatory information is only name, company, e-mail address, country. The provision of further, separately marked information is voluntary. In some cases, we conduct workshops and seminars in cooperation with partners. In these cases, we will pass on your details to the partner concerned.

The processing is based on Art. 6 para. 1 lit. b GDPR with regard to the mandatory data and on Art. 6 para. 1 lit. a GDPR for voluntary additional data.

Your data will be stored by us and used to address you by e-mail and/or telephone for advertising purposes; in this respect, the explanations under item 6 ("Newsletter") apply accordingly.

Please also note the information in the "Contact us" section. If you subscribe to our newsletter in connection with downloading media content or registering for webinars or events, please note the relevant information in the "Newsletter" section.

We also use the service of Vimeo LLC, 555 West 18th Street, New York, New York 10011, USA on our website to play out video content. These are loaded by Vimeo or transmitted via Vimeo. In the process, data may be transferred from you to Vimeo.

Vimeo offers us the possibility to provide you with information as video content in addition to text and images. We would like to present this content directly on our website instead of just providing you with a link, so you can watch the video right with us. When you visit a page in which a video is embedded via Vimeo, a connection is normally established to Vimeo's servers and, in the process, the content is displayed on the Internet page by communicating it to your browser.

In this case, we also use the service to protect your personal data in the so-called "Do-No-Track" mode, so that the setting of cookies by Vimeo is prevented.

The legal basis for the described data processing is our legitimate interest in being able to make multimedia content available to you directly on our website and thus increase its attractiveness, Art. 6 (1) lit. f GDPR. Seite 13 von 15 Further information on Vimeo's privacy policy is provided by Vimeo at the following link: https://vimeo.com/privacy.

Your personal data will not be transmitted to third parties for purposes other than those listed below. We will only share your personal information with third parties if:

• you have given your express consent to this (Art. 6 para. 1 lit. a GDPR),
• the disclosure is necessary for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data (Art. 6 para. 1 lit. f GDPR),
• in the event that there is a legal obligation for the disclosure (Art. 6 para. 1 lit. c GDPR), as well as
• this is legally permissible and necessary for the processing of contractual relationships with you (Art. 6 para. 1 lit. b GDPR).

External service providers and partner companies such as hosting/support providers only receive your data to the extent necessary, e.g. to process your order or to display our website to you. In these cases, the scope of the transmitted data is limited to the necessary minimum. Insofar as our service providers come into contact with your personal data, we ensure within the framework of order processing pursuant to Art. 28 GDPR that they comply with the provisions of data protection laws in the same way as we do. Please also note the respective data protection notices of the providers, insofar as we provide or link them herein.

The respective service provider is responsible for the content of third-party services that process your data under their own responsibility. If your data is transferred to such providers, we will check compliance with the legal requirements for such a transfer and inform you accordingly.

We make a point of processing your data within the EU / EEA. However, it may happen that we use service providers who process data outside the EU / EEA. In these cases, we ensure that an adequate level of data protection is established at the recipient before transferring your personal data. This means that a level of data protection comparable to the standards within the EU is achieved via EU standard contracts (possibly including additional security measures) or an adequacy decision of the European Commission.

We have taken extensive technical and operational precautions to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security procedures are regularly reviewed and adapted to technological progress.

You have the following rights with respect to us regarding personal data concerning you:

13.1 General Rights

You have a right to information, correction, deletion, restriction of processing, objection to processing and data portability (Art. 15 et seq. GDPR) under the respective legal conditions. Insofar as processing is based on your consent, you have the right to revoke this with effect for the future (Art. 7 para. 3 GDPR). To exercise your rights, please contact us by e-mail at privacy@riskmethods.net or by mail at riskmethods GmbH, Balanstraße 49, 81669 Munich, Germany. The exercise of your rights described in this section is free of charge for you.

13.2 Rights in Data Processing according to Legitimate Interest

Pursuant to Art. 21 (1) GDPR, you have the right to object at any time to the processing of personal data relating to you that is carried out on the basis of Art. 6 (1) (e) GDPR (data processing in the public interest) or on the basis of Art. 6 (1) (f) GDPR (data processing for the protection of a legitimate interest); this also applies to profiling based on this provision.

In the event of your objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

13.3 Rights in the Case of Direct Advertising

If we process your personal data for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing pursuant to Art. 21 (2) GDPR; this also applies to profiling insofar as it is related to such direct marketing. In the event of your objection to processing for the purpose of direct marketing, we will no longer process your personal data for these purposes.

13.4 Right to Complain to a Supervisory Authority

Without prejudice to the rights referred to above and the possibility of seeking any other administrative or judicial remedy, you may at any time exercise your right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes data protection law (Art. 77 GDPR).

The supervisory authority responsible for us is:

Bayerisches Landesamt für Datenschutzaufsicht
Promenade 27 (Schloss)
D-91522 Ansbach
Germany

Our websites may contain links to websites of other providers. We would like to point out that this Data Protection Declaration applies exclusively to the websites and other offers of our company. When accessing such websites of other providers, please check the data protection information stored there. We have no influence on and cannot control that such other providers comply with the applicable data protection provisions at all times and in full.

To learn more on how we process your personal data in connection with the job application, please check this link.

We reserve the right to change or adapt this Data Protection Declaration at any time in compliance with the applicable data protection regulations. The current version of this Data Protection Declaration is available on our website at all times, or we will refer you to this Data Protection Declaration in the context of the relevant data processing.

If we introduce new data processing procedures that require your prior consent or with regard to which you have a right of objection, we will ask you for your consent prior to the start of data processing or inform you separately about the right of objection you are entitled to.

Status June 2021