Data protection is particularly important to us

Responsibility in accordance with Article 4, Paragraph 7 of the EU General Data Protection Regulation (GDPR): ExpertHeads Consulting, August-Wilhelm-Kühnholz-Str. 5, 26135 Oldenburg Germany, (see site notice page).

Collection and storage of personal data, plus the type and purpose of its use


a) When visiting the website

When you visit our website, the browser you are using on your device automatically sends information to our website’s server. This information is temporarily stored in a log file. Without any action on your part, the following information is collected and saved until its automatic deletion.

The IP address of the device making the request

The date and time of the request

The name and URL of the requested file 

The website from which you came to ours (referrer URL)

The browser used and potentially also your device’s operating system and the name of your internet access provider.


We process the stated types of data for the following purposes:

To ensure trouble-free connection to our website

To ensure convenient use of our website

For analyses of system security and stability, plus

Other administrative purposes.


The legal foundation for the processing of this data is Article 6 (1) (f) GDPR. Our legitimate interest stems from the above-mentioned purposes for data collection. On no account do we use the data collected to identify you as an individual.


b) When using our contact form

Our website features a contact form, so that you can contact us with any enquiries you may have. To use this contact form, a valid email address is required. This ensures we know who sent us the enquiry and that we can respond to it. You also have the opportunity to voluntarily provide other information.

In the event that you contact us, your data is processed in accordance with Article 6 (1) (a) GDPR, on the basis that you have voluntarily consented to this.

The personal data we collect if you use our contact form is automatically deleted once your enquiry has been dealt with, provided the purpose of this data collection has been fulfilled. Your details may be stored in our customer relationship management (CRM) system or a comparable enquiries management system, if this is appropriate for the purpose of your enquiry. Should you wish to exercise your right to object or your right to revoke your consent, an email to the above address is all it takes.


Consent by minors

Persons under the age of 18 should not transmit personal data to us without parental agreement/agreement of their legal guardian. In accordance with Article 8 GDPR, children up to 16 years old require parental agreement/agreement of their legal guardian in order to declare their consent. We do not knowingly collect and process minors’ personal data.


Data transfer

Personal data is not transmitted to third parties for purposes other than those stated below.

We only transfer your personal data to third parties under the following circumstances:

If you have given your express permission for us to do so, in accordance with Article 6 (1) (a) GDPR

Data transfer in accordance with Article 6 (1) (f) GDPR is required in order to assert, exercise or defend legal claims, and there is no reason to assume that you have an overriding legitimate interest in your data not being transferred.

In the event that there is a legal obligation to transfer your data, in accordance with Article 6 (1) (c) GDPR, and

This is legally permissible and is required in order to fulfil a contract with you, in accordance with Article 6 (1) (b) GDPR.




Our website uses cookies. These are small files that your browser automatically creates and which are stored on your device (computer, tablet, smartphone etc) when you visit our website.

Cookies do not harm your device in any way, and do not contain viruses, Trojan horses or other malicious software.

These cookies store information relating to the specific device you are using. However, this does not mean that we are directly able to identify you personally.

On the one hand, cookies ensure our web presence is more convenient for you to use. For instance, we use so-called session cookies to determine whether you have already visited individual pages of our website.

These cookies are automatically deleted once you leave our website.

Furthermore, and also in order to optimise usability of our website, we use temporary cookies, which are stored on your device for a certain defined length of time.

If you visit our website again, in order to take advantage of our services, we automatically detect that you have already visited us, as well as any information you previously input and settings you made. This means you do not have to enter this information again.

We also use cookies to perform statistical analyses of usage of our website, in order to help us optimise our web presence (see point 5). Should you visit our website again, these cookies enable us to automatically detect that you have already visited us. These cookies are automatically deleted after a certain defined length of time.

The data processed by these cookies is required for the above-mentioned purposes, in order to guarantee our legitimate interests and those of third parties, in accordance with Article 6 (1) (f) GDPR.

Most browsers automatically accept cookies.

However, you can configure your browser so that cookies are not stored on your device, or so that a prompt appears before a new cookie is created. Completely deactivating cookies can however result in you being unable to use all our website’s functions.



Use of Google Analytics

On the basis of our legitimate interest (that is to say, our interest in analysing and optimising our online offering, as well as its cost-effective operation, as understood under Article 6 (1) (f) GDPR)), we use Google Analytics and Google Search Console. These are website analysis services provided by Google LLC (hereafter: ‘Google’). Google uses cookies. The information that the cookie generates about usage of our online offering is generally transferred to one of Google’s servers in the USA, where it is saved.

Google is certified under the Privacy Shield Agreement, and therefore guarantees it will comply with European data protection law (

Under contract to us, Google uses this information to analyse use of our online offering and to create reports on user activity for this online offering. It also provides us with additional services relating to use of our online offering and internet usage. In the course of this, pseudonymous user profiles may be created from the processed data. We use Google Analytics to ensure that advertisements placed through Google’s advertising services and its partners are only shown to users who have shown interest in our online offering or who exhibit certain characteristics (such as for instance interest in certain subjects or products, as determined by the web pages they visit). We transfer this information to Google (so-called ‘remarketing’ or Google Analytics Audiences).

With the help of remarketing audiences, we wish to ensure that our advertisements match users’ potential interests, and are not perceived as annoying.

We only use Google Analytics with IP anonymisation activated. This means that users’ IP addresses are shortened within member states of the European Union or other states party to the Agreement on the European Economic Area. Only in exceptional cases are full IP addresses sent to one of Google’s servers in the USA and shortened there.

The IP address established on the basis of the user’s browser will not be merged with other data held by Google. Users can prevent cookies being saved by making the relevant setting in their browser software. Users can also prevent Google collecting and processing the data generated by the cookie, relating to their use of our online offering, by downloading and installing the browser plugin found at the following link:

You can find further information about Google’s use of data, as well as settings options and the options for lodging an objection, on Google’s web pages: (‘How Google uses information from sites or apps that use our services’), (‘How Google uses cookies in advertising’), (‘Managing information that Google uses to show you ads’).

As well as this, and also on the basis of our legitimate interest (that is, our interest in analysing and optimising our online offering, as well as its cost-effective operation, as understood under Article 6 (1) (f) GDPR)), we use the web analysis service Optimizely, provided by Optimizely Inc, which we use for A/B tests and multivariate tests. This service uses cookies in order to identify a user’s browser and to analyse use of this website. These cookies do not collect personal data. For more information on how Optimizely processes your personal data, see You can deactivate tracking by Optimizely at any time by following the instructions at


Use of Google Maps

Our website uses the Google Maps component provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA (hereafter: ‘Google’).

Every time the component Google Maps is loaded, Google sets a cookie, so that when a page containing Google Maps is shown to users, user settings and data can be processed. This cookie is generally not deleted when you close your browser. It instead expires after a certain period of time, unless you manually delete it beforehand.

If you do not agree to your data being processed in this way, it is possible to deactivate Google Maps, therefore preventing your data being transferred to Google. To do so, you must deactivate JavaScript in your browser. We would however like to point out that, if you do so, you may be unable to use Google Maps, or only able to use it with limited functionality.

Use of Google Maps and the information obtained by Google Maps occurs in accordance with Google’s terms of use and the additional terms of use for Google Maps


Google Fonts

To ensure our website has a uniform appearance, we use web fonts, provided by Google. When you visit a page, your browser stores the required web fonts in your browser cache, in order to show text and fonts properly. To do so, your browser must be able to establish a connection to Google’s servers. As a result of this, Google obtains the information that our website was visited by your IP address. We use Google Fonts in the interest of ensuring our online presence has an appealing, uniform appearance.

If your browser does not support web fonts, your device’s standard installed fonts are used instead.

For further information on the purpose and scope of data collection and processing by the supplier, see the supplier’s privacy policy. Here you can also find additional information concerning your related rights, as well as settings options to protect your privacy: Google also processes your personal data in the USA, and is subject to the EU–US Privacy Shield



Your rights

You have the right:

In accordance with Article 15 GDPR, to request we provide you with information about the personal data of yours that we have processed. In particular, you may demand information about: the reasons for data processing; the categories of recipients your data was or will be disclosed to; the planned storage period; the existence of a right to correction, deletion or restriction of processing or of the right to object; the existence of a right to complain; the origin of your data, if this was not collected by us; the existence of automated decision-making, including profiling, and where relevant meaningful information on the specific details.

In accordance with Article 16 GDPR, to demand that incorrect personal data we hold is promptly corrected or completed.

In accordance with Article 17 GDPR, to demand deletion of your personal data that we hold, provided that processing is not required in order to exercise the right to freedom of expression and information, to fulfil a legal obligation, is in the public interest or to assert, exercise or defend legal claims.

In accordance with Article 18 GDPR, to demand that processing of your personal data is restricted, insofar as you dispute the correctness of the data, processing is unlawful, you do not agree to deletion of the data and we no longer require the data, but you need the data in order to assert, exercise or defend legal claims, or you have lodged an objection to data processing in accordance with Article 21 GDPR.

In accordance with Article 20 GDPR, to demand we supply you with the personal data you have provided to us in a common, structured machine-readable form, or for it to be transferred to your representative.

In accordance with Article 7, Paragraph 3 GDPR to revoke at any time your previously given consent to data processing. This means that, in future, we are no longer permitted to continue the data processing you previously consented to.

In accordance with Article 77 GDPR, to complain to a regulatory body. To do so, you can generally contact the regulatory body at your usual place of residence or work, or alternatively, our registered office.

If you would like to avail yourself of any of these rights, simply send a relevant email to the address given above.


Right to object

Provided that your personal data is processed on the basis of legitimate interest in accordance with Article 6 (1) (f) GDPR, in accordance with Article 21 GDPR, you have the right to object to processing of your personal data, provided there are grounds to do so resulting from your own particular situation, or you wish to object to direct marketing. In this second case, you have a general right to object, which we will implement without you having to state a particular situation.

If you would like to avail yourself of your right to object or your right to revoke consent, simply send a relevant email to the address given above.


Data security

During your visit to our website, we use the widespread SSL (secure socket layer) method, in conjunction with the highest level of encryption your browser supports. This is usually 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. A locked key or lock icon in your browser’s bottom status bar or address bar shows you that an individual page of our online presence is transmitted encrypted.

We also take advantage of appropriate technical and organisational security measures, in order to protect your data from accidental or deliberate manipulation, partial or complete loss, destruction or unauthorised access by third parties. We continuously improve our security measures in line with technical advancements.

We would like to point out that transfer of data via the internet (such as for example communication by email) can be subject to security vulnerabilities. It is not possible to guarantee that this data cannot be accessed by third parties. This applies in particular if you contact us by email on your own initiative. In this case, you yourself are responsible for taking suitable steps to transmit your data securely and to protect it against unauthorised access by third parties.

Validity and last change to this privacy policy

This privacy policy is currently valid, and was last updated in December 2020.