Data Privacy Policy

Data protection notices for clients, employees, website visitors and other stakeholders

With the following information, we would like to give you an overview of how FTI-Andersch AG (“FTI-Andersch“) processes your personal data and of your rights under data protection law. Which individual data is processed and how it is used depends substantially on your relationship with us, whether you are a client, an applicant, employee, website visitor or otherwise affected data subject (such as a freelancer employed by us for a certain project or parties interested in our services). For this reason, not all parts of this information will apply to you.

Note

For reasons of better readability, we use the masculine form (generic masculine) for gender-specific designations and personal nouns. We always mean all genders in the sense of equal treatment. The abbreviated language form has editorial reasons and does not contain any value judgements.

Who is responsible for data processing (the controller) and whom can I contact?

The controller is

FTI-Andersch AG
Taunusanlage 9-10
60329 Frankfurt am Main
Germany

You can reach our data protection officer at:

Attorney at Law
Dr. Karsten Kinast, LL.M.
KINAST Rechtsanwaltsgesellschaft mbH
Hohenzollernring 54
50672 Cologne
Germany

datenschutz@fti-andersch.com

What data and sources do we use?

We process personal data that we receive from our clients in the course of our business relationship and from applicants and employees (including interns and working students) for hiring decisions or carrying out the employment relationship, from visitors to our website or other data subjects. In addition, we process – insofar as necessary for the provision of our service – personal data that we have obtained legally from publicly accessible sources (e.g. commercial and company registers, land registers, press, Internet) or which have been made available to us by third parties (e.g. by a credit agency).

Relevant personal data are personal details (name, address and other contact details, date and place of birth and nationality) and identification data (e.g. information on passports or ID cards). In addition, this may also include order information (e.g. from our order letter), data from fulfilling our contractual obligations (e.g. from our payment transactions), documentation data (e. g. consultation report) as well as other data comparable with the categories mentioned.

Why and on which legal basis do we process your data?

We process personal data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

(1) Within the scope of employment (Sec. 26 para. 1 s. 1 BDSG)

We process personal data of our employees (including interns and working students) for the purpose of hiring, carrying out and terminating the respective employment relationship.

(2) Based on consent (Art. 6 para. 1 s. 1 lit. a GDPR)

If you have given us your consent to process personal data for certain purposes (e.g. contacting, newsletter mailing, registration for our annual restructuring meeting), the lawfulness of this processing is based on your consent. Consent given can be revoked at any time. This also applies to the revocation of declarations of consent given to us before the GDPR came into force, i.e. before 25/05/2018. The revocation of consent only takes effect for the future and does not affect the lawfulness of the data processed until the revocation.

(3) To fulfill (pre)contractual obligations (Art. 6 para. 1 s. 1 lit. b GDPR)

The processing of personal data of our clients and freelancers employed by us on a project basis is carried out for the provision of our services in the context of the performance of our contracts with our clients or for the implementation of pre-contractual measures, which are carried out upon request. Further details on the data processing purposes can be found in the relevant contractual documents and terms and conditions.

(4) Based on legal obligations (Art. 6 para. 1 s. 1 lit. c GDPR)

In addition, as a stock corporation we are subject to various legal obligations (e. g. in the German Commercial Code (HGB), Stock Corporation Act (AktG), Securities Trading Act (WphG), the German Money Laundering Act (GwG), tax laws). Processing purposes include, among others, the identification obligation for the prevention of money laundering, the obligation to create and retain manual files and the fulfillment of reporting obligations under tax law.

(5) Based on a balancing of interests (Art. 6 para. 1 s. 1 lit. f GDPR)

If required in order to safeguard legitimate interests on our part, we will process your data beyond the purposes stated above, especially for

  • Measures for business management and further development of services and products
  • Advertising (also by way of direct approach) and market research insofar as you have not objected to the use of your data,
  • Assertation of legal claims and defense in legal disputes.

Who gets my data?

At FTI-Andersch, access to your data is granted to those persons who need it to fulfill our contractual and legal obligations. We also use service providers outside our company (esp. freelancers and IT service providers) and vicarious agents may receive data for these purposes and are contractually obligated to maintain confidentiality and comply with data protection regulations in this regard. If the conditions for this exist, we also conclude data processing agreements. Other data recipients may be those entities for which you have given us your consent to transfer data or to which we are authorized to transfer personal data based on a balancing of interests.

Will data be transferred to a third country?

A data transfer to entities in countries outside the Euro-pean Union (in so-called "third countries") does not take place in principle, unless,

  • it is required by law (e.g. due to reporting obligations under tax law, regulations to combat money laundering, terrorist financing and other criminal acts),
  • you have given us your consent to do so, or
  • it is necessary to ensure the IT operation and the CRM system at FTI-Andersch to possibly transfer your personal data to an IT service provider in the USA or another third country in compliance with the European data protection level or
  • it is personnel data of the employees of FTI-Andersch, which due to the employment relationship (e.g. for the purpose of human resources and general business administration, administration of performance evaluation, sick leave and absence management, disciplinary and complaint management), are transferred to FTI Consulting Inc. and affiliated companies to the USA.

How long will my data be stored?

We process and store your personal data as long as it is necessary for the fulfillment of our contractual and legal obligations. It should be noted that our business relationship is a continuing obligation, which in any case is intended to last for several months and in many cases for years

If the data are no longer required for the fulfillment of contractual or legal obligations, they are regularly deleted, unless their (temporary) further processing is necessary for the following purposes:

  • Fulfillment of retention obligations under commercial and tax law, which may arise especially from the German Commercial Code, the German Stock Corporation Act, the German Money Laundering Act, the German Securities Trading Act and the German Fiscal Code. The periods specified there for the retention of corresponding documentation are generally two to ten years.
  • Preservation of evidence within the limits of the statutory limitation provisions. According to Sec. 195 et seqq. of the German Civil Code, these limitation periods can be up to 30 years, whereby the regular limitation period being three years.

What data protection rights do I have?

Each data subject has the

  • Right to withdraw consent according to Art. 7 para. 3 GDPR,
  • Right of access according to Art. 15 GDPR,
  • Right to rectification according to Art. 16 GDPR,
  • Right to erasure according to Art. 17 GDPR,
  • Right to restriction of processing according to Art. 18 GDPR,
  • Right to object according to Art. 21 GDPR,
  • Right to data portability according to Art. 20 GDPR.

Regarding the right of access and the right to erasure, the restrictions pursuant to Sec. 34 and 35 BDSG apply. In addition, there is a right of appeal to a competent data protection supervisory authority pursuant to Art. 77 GDPR in conjunction with Sec. 19 BDSG. The data protection supervisory authority responsible for FTI-Andersch AG is the Hessian Commissioner for Data Protection and Freedom of Information. He can be reached at the following contact details:

The Hessian Commissioner for Data Protection and Freedom of Information
P.O. Box (Postfach) 3163
65021 Wiesbaden
Germany

Telephone: +49 611 1408 – 0

You can revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent given to FTI-Andersch before the applicability of the GDPR, i.e. before 25/05/2018. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected.

How is the right to object under Art. 21 GDPR designed?

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of a balance of interests (Art. 6 para. 1 s. 1 lit. f GDPR); this also applies to profiling based on this provision within the meaning of Art. 4 no. 4 GDPR. In the case of so-called "profiling", we process your data in part automatically with the aim of evaluating certain personal aspects, for example in order to be able to provide you with targeted information and advice about our products and services. This enables us to provide needs-based communication, advertising and market research.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

In individual cases, we process your personal data in order to conduct direct advertising. You have the right to object at any time to the processing of personal data concerning you for the purposes of such advertising; this also applies to profiling, insofar as it is connected with such direct advertising.

If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.

The objection can be made informally with the subject "objection", stating your name, address and date of birth, and should be addressed to our data protection officer (see above).

Is there an obligation for me to provide data?

In the context of your business relationship with FTI-Andersch, you must provide all personal data that is necessary for the establishment, performance and termination of a business relationship and for the fulfillment of the associated contractual obligations, or which we are legally obligated to collect. Without this data, we will generally not be able to enter into, perform or terminate a contract with you.

In particular under money laundering regulations we are obliged to identify you by means of your identification document prior to the establishment of the business relationship and to collect and record your name, place of birth, date of birth, nationality, address and identification data (cf. Sec. 11 para.1, 4 of the Money Laundering Act). In order for us to comply with this legal obligation, you must provide us with the necessary information and documents in accordance with the Money Laundering Act and notify us immediately of any changes arising in the course of the business relationship. If you do not provide us with the necessary information and documents, we may not enter into or continue the business relationship requested by you.

To what extent does automated decision-making or profiling take place?

For the establishment and performance of business relationships, FTI-Andersch does not use fully automated decision-making pursuant to Art. 22 GDPR.

We process your data partly automatically with the aim of evaluating certain personal aspects (so-called profiling), for example, in order to be able to inform and advise you specifically about our products and services. This enables us to provide needs-based communication, advertising and market research.

What data is collected, processed or used for what purpose on the FTI-Andersch website?

(1) Cookies

The Internet pages of FTI-Andersch use cookies. They are used to recognize the users of our Internet pages (website visitors) and to make our offer user-friendly, effective and secure. Cookies are text files that are stored on the end device via the Internet browser.

The use of technically required cookies is based on the legitimate interest of FTI-Andersch pursuant to Art. 6 para. 1 s. 1. lit. f GDPR or Sec. 25 para. 2 nr. 2 of the German Telecommunication-Telemedia Data Protection Act (TTDSG).

The use of technically not required cookies is based on consent pursuant to Art. 6 para. 1 s. 1 lit. a GDPR or Sec. 25 para. 1 TTDSG.

Website visitors can prevent the setting of cookies by our Internet pages at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. It may then not be possible to use all the functions of our Internet pages to their full extent.

Furthermore, cookies that have already been set can be deleted via the Internet browser or other software programs. In addition, you can revoke your consent to the setting of cookies on our websites at any time via the cookie preferences settings at the bottom of our website (by clicking on “Cookies preferences”). For the rest, please refer to our cookies preferences under “Cookies” at the bottom of our websites.

Cookie consent with Usercentrics
This website uses the cookie consent technology of Usercentrics to obtain your consent to the storage of certain cookies on your terminal device or to the use of certain technologies and to document this in accordance with data protection law. Provider is

Usercentrics GmbH
Sendlinger Str. 7
80331 Munich
Germany
Website: usercentrics.com (hereinafter “Usercentrics”).

When you enter our website, the following personal data is transferred to Usercentrics:

  • Your consent(s) or revocation of your consent(s)
  • Information about your browser
  • Information about your terminal device
  • Time of your visit to the website

Furthermore, Usercentrics stores a cookie in your browser in order to be able to assign the consent you have given or its revocation to you. The data collected in this way is stored until you request us to delete it, until you delete the Usercentrics cookie yourself or the purpose for storing the data no longer applies. The consent data (consent and revocation) are stored for three years. Mandatory legal storage obligations remain unaf-fected.
Usercentrics is used to obtain legally required consents for the use of certain technologies. The legal basis for this is Art. 6 para. 1 s. 1 lit. c GDPR.

Data processing by Usercentrics takes place within the EU/EEA. For a data transfer outside the EU/EEA, written consent by FTI-Andersch is required.

Conclusion of a data processing agreement
We have concluded a so-called data processing agreement (hereinafter: DPA) with Usercentrics in which we oblige Usercentrics to protect the data of our website visitors. Through the DPA, Usercentrics undertakes to implement technical and organizational measures to protect the data.

Standard contractual clauses
For the provision of those services, Usercentrics uses Google Cloud EMEA Ltd. for hosting as a sub-processor with whom Usercentrics has agreed standard contractual clauses. The servers are located in the EU.

(2) Logging

The websites of FTI-Andersch collect a series of general data and information with each call. General data and information are stored in the server's log files. The following can be recorded

  • the browser types and versions used,
  • the operating system used by the accessing system,
  • the website from which an accessing system arrives at our website (so-called Referrer),
  • the sub-websites that are accessed via an accessing system on our website,
  • the date and time of an access to the website,
  • an Internet Protocol (IP) address,
  • the Internet service provider of the accessing system and
  • other similar data and information that serve to avert danger in the event of attacks on our information technology systems.

When using these general data and information, FTI-Andersch does not draw any conclusions about the data subject. Rather, this information is needed to

  • display the contents of our websites correctly,
  • optimize the content of our websites and the advertising for them,
  • ensure the long-term functionality of our information technology systems and the technology of our website, and
  • provide law enforcement authorities with the information necessary for prosecution in the event of a cyberattack.

Therefore, FTI-Andersch analyzes anonymously collected data and information on one hand for statistical purposes and on the other hand for the purpose of increasing the data protection and data security of our company, with the aim of ensuring an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from any personal data provided by a data subject.

(3) Login data

To contact you as offered on our websites, send newsletters to you, register you for our annual restructuring meeting or similar we ask for your name, address and e-mail address via a form-like input mask. By entering your data, you give us your consent to store the data as well as to use it for the respective purpose above. Consent given can be revoked at any time.

(4) Contact form and contacting per e-mail

You can contact us using a form provided on our website or by email. The data you provide (in particular your e-mail address, your first and last name and the text of your request and, if applicable, other information you have provided in the contact form or by e-mail) will be stored by us when you contact us in order to process your request and respond to your concern.
The data processing is justified under Art. 6 para. 1 s. 1 lit. f GDPR. We have an interest in contacting you through the website to address your concern. Insofar as your request is aimed at the fulfillment of a contractual or pre-contractual measure with you as a natural person, Art. 6 para. 1 s. 1 lit. b GDPR is legal basis for data processing.
We will delete the data generated during your concern/contact as soon as it is no longer required for processing your concern. Insofar as legal storage obligations exist, the data will be stored for the duration of the legally prescribed storage obligation. The use of the contact form is completely voluntary for you.

(5) Newsletterdata

If you would like to receive a newsletter offered by FTI-Andersch, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data are not or only collected on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.

The processing of the data entered in the newsletter registration form is based exclusively on your consent (Art. 6 para. 1 s. 1 lit. a GDPR). You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time, for example via the “unsubscribe” link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.

The data you provide to us for the purpose of receiving the newsletter will be kept by us until you unsubscribe from the newsletter. It will also be stored by the newsletter service provider and deleted from the newsletter distribution list after unsubscribing from the newsletter. Data stored by us for other purposes remain unaffected by this.

After you have unsubscribed from the newsletter distribution list, your e-mail address will be stored by us or the newsletter service provider and if applicable it will be stored in a blacklist to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para.1 s. 1 lit. f GDPR). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.

(6) CleverReach

FTI-Andersch uses CleverReach for sending newsletters and event invitations.

CleverReach GmbH & Co. KG
//CRASH Building
Schafjückenweg 2
26180 Rastede
Germany
(Hereinafter: “CleverReach” or “Newsletter Service Provider").

CleverReach is a service that allows among others the sending of newsletters which can be organized and analyzed ("Newsletter Service Provider"). The data entered by you for the purpose of receiving the newsletter (e.g. e-mail addresses) are stored on CleverReach's servers in Europe. If you do not want to receive the newsletter, you must unsubscribe. For this purpose, a corresponding link is provided in each newsletter message.

Data analysis by CleverReach
With the help of CleverReach we can analyze our newsletter campaigns. In the reports, data of the recipients opening and clicking is presented anonymously. Technical information is also collected (e.g. Time of retrieval, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. They are used solely for statistical analysis of our newsletter campaigns to enable us to better tailor future newsletters to the interests of recipients.

CleverReach's privacy policy can be found at:
https://www.cleverreach.com/en-de/privacy-policy/

Legal basis
The data processing is based on your consent (Art. 6 para. 1 s. 1 lit. a GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.

Storage period
The data you provide to us for the purpose of receiving the newsletter will be stored by us or by the newsletter service provider until you unsubscribe from the newsletter. After unsubscribing from the newsletter, they are deleted from both our servers and CleverReach's servers. Data that has been stored by us for other purposes remains unaffected by this.

After you have unsubscribed from the newsletter distribution list, your e-mail address will be stored by us or the newsletter service provider. If applicable it will be stored in a blacklist to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para.1 s. 1 lit. f GDPR). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.

Conclusion of a contract for data processing
We have concluded a so-called data processing agreement with CleverReach in which we oblige CleverReach to protect our customers' data and not to pass it on to third parties.

(7) Recruitee

In order to optimize applicant management and for purposes of personnel restructuring and talent acquisition, FTI-Andersch uses the Recruitee recruiting software.

Recruitee B.V.
Keizergracht 313
1016 EE Amsterdam
Netherlands
(hereinafter: “Recruitee”).

Data processing by Recruitee
The processing of personal data relates to applicants, potential applicants, candidates and potential candidates for jobs and for project work at FTI-Andersch. In addition, the personal data of visitors to the FTI-Andersch careers website and of all persons who visit the referral website are processed.
Recruitee processes the following categories of personal data of candidates on behalf of FTI-Andersch:

  • Contact details, including names
  • CVs
  • E-mail correspondence
  • Address
  • Professional career
  • Letter of motivation and other application documents
  • Candidate information collected via integrations between services and via third party services on behalf of FTI-Andersch.
  • Notes on candidates
  • Candidate reviews
  • Other personal data processed in the context of the services in relation to candidates

On behalf of FTI-Andersch, Recruitee processes the following personal data in relation to visitors to the careers website:

  • Traffic source
  • HTTP requests and responses
  • Cookies
  • Date and time of use
  • Other personal data related to visitors and processed within the scope of the services.

Recruitee may process the above mentioned personal data only to the extent that it falls within the scope of the service used by FTI-Andersch and will store them on Recruitee's servers in Europe except where personal data has been anonymized and used to improve the services.

Recruitee takes and maintains appropriate technical and organizational measures to protect your personal data from destruction, loss or unauthorized access or other forms of unauthorized or unlawful processing of personal data.

Storage period
Application documents

The use and storage of application documents and the personal data contained therein are exclusively for the purpose of the application and in the event of an unsuccessful conclusion of the application process, the documents provided will be deleted after the expiry of eight months from receipt of the application, unless mandatory legal provisions and/or official or judicial requirements prevent deletion, or longer storage has been expressly agreed to (e.g. storage in the talent program).

In special cases, FTI-Andersch may ask for consent to store data for a longer period of time, e. g. for inclusion in the talent program or in the freelancer list.
In this case, you will receive a request for consent to store or for extension of the storage of your data and, if necessary to receive company news. You will receive a link to provide consent and have 30 days to respond to the link. If you decline the request or do not respond, your status will be reset to what it was before you sent the request.

Conclusion of a contract for data processing

We have concluded a so-called data processing agreement with Recruitee in which we oblige Recruitee to protect our customers' data and not to pass it on to third parties.

https://recruitee.com/en/terms#toc-supplement-data-processing-dpa-.

Standard Contractual Clauses
Recruitee does not transfer personal data to third countries unless Recruitee has received prior written consent from FTI-Andersch, which is only given if candidates and other visitors to the careers website consent to such transfer. Recruitee uses standard contractual clauses in the event that no proper adequacy decision or other appropriate mechanism for the transfer of personal data to a third country applies and a transfer requires such a decision or mechanism under applicable data protection legislation.

In addition, Recruitee subcontracts Google Cloud Platform, Ziggeo, Amazon Web Services, Recruitee, Textkernel and Mailgun.

For more information, please visit https://recruitee.com/en/terms.

(8) Google Analytics, Google-AdWords

Google Analytics

FTI-Andersch has integrated the Google Analytics component (with anonymization function) on its websites. Google Analytics is used exclusively via cookies and only after the website visitor has consented to the use of marketing cookies.

Google Analytics is a web analytics service. Web analysis is the collection, compilation and evaluation of data about the behavior of visitors to websites. A web analysis service collects, among other things, data about the website from which a data subject has accessed a website, which subpages of the website have been acessed, or how often and for how long a subpage has been viewed.

For web analysis via Google Analytics, the controller uses the add-on "_gat._anonymizeIp". By means of this addition, the IP address of the Internet connection of the data subject is shortened and anonymized by Google if access to our websites takes place from a member state of the European Union or from another state party to the Agreement on the European Economic Area. Only in exceptional cases the full IP address is transmitted to Google's server in the USA and shortened there.

The purpose of the Google Analytics component is to analyze the flow of visitors to our websites. Among other things, Google uses the data and information obtained to evaluate the use of our website, to compile online reports for FTI-Andersch showing the activities on our website, and to provide other services related to the use of our website.

Website visitors have the option to object to the collection of data generated by Google Analytics and related to the use of this website as well as to the processing of this data by Google and to prevent such processing.
For this purpose, the website visitor can change or revoke the consent he granted at any time via the settings of the cookies preferences according to the link at the bottom of our websites (by clicking on "Cookies preferences"). For the rest, please refer to the contents of our cookies preferences under "Cookies" at the bottom of our websites.

Website visitors who wish to allow marketing cookies, but only want to exclude the Google Analytics component, have the option to install a browser add-on at the link https://tools.google.com/dlpage/gaoptout to download and install. This browser add-on tells Google Analytics via JavaScript that no data and information about website visits may be transmitted to Google Analytics. The installation of the browser add-on is considered by Google as an objection. If the information technology system of the website visitor is deleted, formatted or reinstalled at a later point in time, the data subject must reinstall the browser add-on in order to deactivate Google Analytics. If the browser add-on is uninstalled or deactivated by the data subject or another person within his or her control, it is possible to reinstall or reactivate the browser add-on.

Google Analytics is explained in more detail at the address https://marketingplatform.google.com/about/analytics/.

Google Ads

FTI-Andersch has also integrated Google Ads on its websites.

Google Ads is an Internet advertising service that allows advertisers to place ads both in Google's search engine results and in the Google advertising network. Google Ads allows an advertiser to specify certain keywords in advance, by means of which an ad is displayed in Google's search engine results exclusively when the user retrieves a keyword-relevant search result using the search engine. In the Google advertising network, ads are distributed on topic-relevant websites by means of an automatic algorithm and in compliance with the previously defined keywords.

The purpose of Google Ads is to advertise our websites by displaying interest-relevant advertisements on the websites of third-party companies and in the search engine results of the Google search engine and, if appli-cable, an insertion of third-party advertising on our Internet pages.

Website visitors have the option to object to interest-based advertising by Google. For this purpose, the data subject must, from any of the Internet browsers he or she uses, visit the address www.google.de/settings/ads and make the desired settings there.

Both Google Analytics and Google Ads set in principle cookies on the information technology system of the respective data subject (for cookies see above).

The operating company of the Google Analytics component and of Google Ads is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Further information and the applicable Google privacy policy can be found at https://policies.google.com/privacy and at https://marketingplatform.google.com/about/analytics/terms/en/.

(9) YouTube

FTI-Andersch has integrated YouTube components on its website.

The operating company of YouTube is

YouTube, LLC
901 Cherry Ave., San Bruno
94066 California (USA)

YouTube, LLC is a subsidiary of the

Google Inc.
1600 Amphitheatre Pkwy, Mountain View
94043-1351 California (USA)

YouTube is an Internet video portal that allows video publishers to post video clips free of charge and enables other users to view, rate and comment on them, also free of charge. YouTube allows the publication of all kinds of videos, which is why complete film and TV shows, but also music videos, trailers or videos made by users themselves can be accessed via the Internet portal.

Each time one of the websites operated by FTI-Andersch is called up, on which a YouTube component (YouTube video) has been integrated, the Internet browser on the information technology system of the data subject is automatically caused by the respective YouTube component to download a representation of the corresponding YouTube component from YouTube.

Within the scope of this technical procedure, YouTube and Google receive information about which specific subpage of our website is visited by the data subject by setting cookies. When a subpage containing a YouTube video is called up, YouTube recognizes which specific subpage of our website the data subject is visiting. This information is collected by YouTube and Google.

Data processing
YouTube and Google store personal data such as the IP address and the behavior of the data subject on our websites.
YouTube and Google use the collected data to personalize their own services. These include among others the provision of recommendations and personalized content.

Legal basis
Data processing by YouTube
We use the extended privacy mode of YouTube.
YouTube always receives information via the YouTube component that the data subject has visited websites if the data subject has consented to the setting of YouTube cookies after calling up our websites. The data processing by YouTube is thus based on your consent (Art. 6 para. 1 s. 1 lit. a GDPR). You can change or revoke this consent at any time by setting the cookies preferences according to the link at the bottom of our web pages (by clicking on "Cookies preferences").
You can also change or revoke your consent on the website by clicking on the fingerprint icon at the bottom left of the screen.

Data processing by Google
Google receives information via the YouTube component that the data subject has visited our websites as soon as the data subject calls up our websites. This takes place regardless of whether the data subject clicks on a YouTube video or not. Such transmission of this information to Google cannot be prevented. This connection to the Google network can trigger further data processing operations without our influence.

The privacy policy published by YouTube, is available under the following link:

https://policies.google.com/privacy.

More information about YouTube can be found at https://www.youtube.com/intl/ALL_en/howyoutubeworks/.

(10) LinkedIn

FTI-Andersch has integrated components of the LinkedIn Corporation on its websites.

LinkedIn is an Internet-based social network that allows users to connect with existing business contacts and make new business contacts.

With each individual call up of our websites that are equipped with a LinkedIn component (LinkedIn plug-in), this component causes the browser used by the data subject to download a corresponding representation of the component from LinkedIn. As part of this technical process, LinkedIn receives information about which specific subpage of our website is visited by the data subject.

If the data subject is logged in to LinkedIn at the same time, LinkedIn recognizes which specific subpage the data subject is visiting each time the data subject calls up our websites and for the entire duration of the re-spective stay on our websites. This information is collected by the LinkedIn component and assigned by LinkedIn to the respective LinkedIn account of the person concerned. If the data subject activates a LinkedIn button integrated on our website, LinkedIn assigns this information to the personal LinkedIn user account of the data subject and stores this personal data.

LinkedIn always receives information via the LinkedIn component that the data subject has visited our website if the data subject is logged into LinkedIn at the same time as calling up our website; this takes place regardless of whether the data subject clicks on the LinkedIn component or not. If the data subject does not want this information to be transmitted to LinkedIn, he or she can prevent the transmission by logging out of his or her LinkedIn account before accessing our website.

LinkedIn offers the ability to unsubscribe from e-mail messages, SMS messages, and targeted ads, as well as ad settings at https://www.linkedin.com/psettings/guest-controls. LinkedIn also uses partners such as Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua and Lotame, which may set cookies. Such cookies can be found at https://www.linkedin.com/legal/cookie-policy to be rejected.

The operating company of LinkedIn is LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA. For privacy matters outside the U.S., LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland, is responsible.

LinkedIn's applicable privacy policy is available at https://www.linkedin.com/legal/privacy-policy. LinkedIn's cookie policy is available at https://www.linkedin.com/legal/cookie-policy.

Further information on LinkedIn plug-ins can be found at https://developer.linkedin.com/plugins.

LinkedIn Insights and Conversion Tracking

The websites of FTI-Andersch use the LinkedIn Insight Tag of the LinkedIn network.

Provider is the LinkedIn Corporation,
2029 Stierlin Court,
Mountain View,
CA 94043,
USA.

The LinkedIn Insight Tag creates a LinkedIn "browser cookie" that collects the following data:

  • IP address,
  • Timestamp,
  • Page activities,
  • demographic data from LinkedIn, if the user is an active LinkedIn member.

Using this technology, FTI-Andersch can generate reports on the performance of our advertisements as well as website interaction information. For this purpose, the LinkedIn Insight tag is integrated on the websites of FTI-Andersch, whereby a connection to the LinkedIn server is established if you visit this website and are logged into your LinkedIn account at the same time.

FTI-Andersch processes their data to evaluate campaigns and collect information about website visitors who may have reached FTI-Andersch through campaigns on LinkedIn.

We process your data because you have consented to this, Art. 6 para. 1 s. 1 lit. a GDPR. FTI-Andersch stores your data for as long as we need them for the respective purpose (campaign evaluation), resp. you have not objected to the storage of their data or revoked your consent. The collected data is encrypted.

(11) Xing

FTI-Andersch has integrated components of Xing on its websites.

Xing is an Internet-based social network that allows users to connect with existing business contacts and make new business contacts. Individual users can create a personal profile of themselves on Xing. Companies can create company profiles or publish job offers on Xing.

With each individual call up of our websites on which a Xing component (Xing plug-in) has been integrated, the Internet browser on the information technology system of the data subject is automatically caused by the respective Xing component to download a representation of the corresponding Xing component from Xing. Further information on the Xing plug-ins can be found at https://dev.xing.com/plugins. As part of this technical process, Xing receives information about which specific subpage of our website is visited by the data subject.

If the data subject is logged in to Xing at the same time, Xing recognizes which specific subpage of our website the data subject is visiting each time the data subject calls up our website and for the entire duration of the respective stay on our website. This information is collected by the Xing component and assigned by Xing to the respective Xing account of the person concerned. If the data subject activates one of the Xing buttons integrated on our website, for example the "Share" button, Xing assigns this information to the personal Xing user account of the data subject and stores this personal data.

Xing always receives information via the Xing component that the data subject has visited our website if the data subject is logged into Xing at the same time as calling up our website; this takes place regardless of whether the data subject clicks on the Xing component or not. If the data subject does not want this information to be transmitted to Xing, he or she can prevent the transmission by logging out of his or her Xing account before accessing our website.

The operating company of Xing is XING SE, Dammtorstraße 30, 20354 Hamburg, Germany.

The privacy policy published by Xing, which can be found at https://www.xing.com/privacy, provide information about the collection, processing and use of personal data by Xing. Furthermore, Xing has published Privacy notices for the Xing Share button at https://www.xing.com/app/share?op=data_protection.

(12) Parlant GmbH (Burokrat)

FTI-Andersch uses the web form services of Parlant GmbH to enable contacting FTI-Andersch via contact forms.

Parlant GmbH
Großgörschener Str. 15
06686 Lützen
Germany
(hereinafter: Parlant)

Data processing by Parlant

Parlant stores the information you provide via the contact forms so that FTI-Andersch can contact you afterwards and process your request. In addition, Parlant analyzes the information provided in the contact forms and connection data for the purpose of sorting unwanted contract form entries.
Therefore, Parlant processes the following categories of personal data:

  • Names
  • Telephone numbers
  • E-mails
  • Behavioral data
  • Communication data
  • All personal data that you additionally and voluntarily enter in the free text field of the contact form

Group of persons affected by the data processing:

  • Visitors
  • Interested parties
  • Customers/clients
  • Applicants

Legal basis

Data processing is based on our legitimate interest according to Art. 6 para. 1 s. 1 lit. f GDPR, as we have an interest in responding to your request. Insofar as your request is aimed at the fulfillment of a contractual or pre-contractual measure, we base the processing on Art. 6 para. 1 s. 1 lit. b GDPR.

Storage period

Parlant automatically deletes the personal data stored in the context of your request/your contact via the contact form after a maximum of three months, provided that this deletion does not conflict with any further statutory retention period.

Conclusion of an agreement for data processing

We have concluded a so-called data processing agreement with Parlant in which we oblige Parlant to protect the data. The transfer of your personal data by Parlant to third parties such as service providers occurs only in limited circumstances. The service providers to whom data is transferred are contractually obligated to comply with the level of data protection and to ensure an adequate level of security.

In addition, Parlant processes your personal data exclusively in the EU/EEA.

For more information, please visit https://www.burokrat.eu/datenschutz/.

(13) Jotform

FTI-Andersch uses Jotform when creating forms among others to query event attendance.

Jotform Inc.
111 Pine St. #1815
San Francisco, CA 94111
USA.

Representative of Jotform according to Art. 27 GDPR for a controller or processor not established in the EU pursuant to Art. 27 GDPR:

Maetzler Rechtsanwalts GmbH & Co. KG
c/o Jotform
Schellinggasse 3/10
1010 Vienna
Austria

Data processing by Jotform
If you fill out a form via FTI-Andersch, Jotform collects and stores your form responses and, in some cases, transmits them on behalf of FTI-Andersch using third-party providers such as Amazon Web Services or Google Cloud.
Even with anonymous form responses, certain questions on the form may ask you for personal information or data that can be used to identify you.

The form submission data is managed by FTI-Andersch as the form producer. Jotform treats this information as private unless you have made it publicly available.

Jotform does not sell personal information collected from form responses. Jotform also does not share them with third parties without permission. The transfer of your information by Jotform to third parties such as service providers occurs only in limited circumstances. The service providers to whom transmission is made are contractually obligated to ensure technical protective measures to ensure the confidentiality of your personal information and data. In addition, Jotform will not use your contact information to contact you.

Conclusion of an agreement for data processing
We have a so-called data processing agreement concluded with Jotform, in which we oblige Jotform to protect the data and to not pass it on to third parties.

In addition, Jotform stores your personal data only in Europe (Germany). For more information, please see Jotform's Privacy Policy at https://www.jotform.com/privacy/.

Legal basis
The data processing is based on your consent (Art. 6 para.1 s. 1 lit. a GDPR) that you give at the time of sending the form. You can revoke this consent at any time and request deletion. The revocation is to be sent to: FTI-Andersch AG, Taunusanlage 9-10, 60329 Frankfurt am Main or datenschutz@fti-andersch.com. The legality of the data processing operations already carried out remains unaffected by the revocation.

(14) Typeform SL (Videoask)

FTI-Andersch uses the service "Videoask" of the provider for recording and playing videos.

Typeform SL
Carrer Bac de Roda, 163, local,
08018 - Barcelona (Spain)
(hereinafter: Typeform)

Typeform is a service for providing interactive videos to website visitors.

Data processing by Typeform
For the provision of its services, Typeform processes personal data in the sense of data collection, storage, organization, hosting and deletion.

Legal basis
The data processing is based on your consent (Art. 6 para. 1 s. 1 lit. a GDPR). You can change or revoke this consent at any time via the cookie preferences settings according to the link at the bottom of our websites (by clicking on "Cookies Preferences").

Storage period
The data will be stored as long as FTI-Andersch as data exporter needs the services of Typeform.

Conclusion of an agreement for data processing
We have a so-called data processing agreement with Typeform, in which we obligate Typeform to protect the data of our website visitors.

Standard contractual clauses
For the provision of the services, it may be necessary for Typeform to transfer the data to other countries, also outside the EU, and to process it there. The data may be transferred to subcontracted processors for this purpose. In such a case, Typeform uses standard contractual clauses.

For more information, visit https://admin.typeform.com/to/eWpkapYC

(15) Bonza Interactive Group LLC (Verse)

FTI-Andersch uses the service "Verse" of the provider for recording and playing videos.

Bonza Interactive Group LLC
43-01 22nd Street,
Studio 501
Long Island City
10065 New York (USA)
(hereinafter: Bonza)

Bonza is a service that allows website visitors to be provided with interactive videos.

Data processing by Bonza

Data processing
Bonza undertakes to never disclose personal data to third parties for their sales and marketing purposes. Personal data will only be disclosed to third parties for our own business purposes or to fulfill contractual or legal obligations.

Standard contractual clauses
Bonza also transfers personal data outside of Germany, for example to the USA. To make data transfers secure, Bonza enters into standard contractual clauses or implements other security measures as necessary.

Storage period
Data is stored for as long as necessary for the business purposes for which it was collected and processed.

For more information on the privacy policy, please visit https://www.verse.com/privacy-policy/
https://www.verse.com/terms-and-conditions/

(16) Sanity AS

FTI-Andersch uses the content management system hosting service of Sanity AS

Sanity AS
Trondheimsveien 2
0560 Oslo (Norway)

Data processing by Sanity
On behalf of FTI-Andersch, Sanity processes personal data of customers. The customer data is always stored within the EU. Temporarily, it is possible that customer data may be stored outside the EU e.g. in network devices or browser caches.

Legal basis
The data processing is based on your consent (Art. 6 para. 1 s. 1 lit. a GDPR). You can change or revoke this consent at any time via the cookie preferences settings according to the link at the bottom of our websites (by clicking on "Cookies Preferences").

For more information on the privacy policy, please visit https://www.sanity.io/legal/privacy#2426b2eb5396

(17) Vercel, Inc.

FTI-Andersch uses services of the provider Vercel, Inc.

Vercel Inc
340 S Lemon Ave #4133
Walnut
91789 California (USA)
(hereinafter: Vercel)

Vercel offers a cloud platform for on-demand delivery, related hosting and sharing services, and analytics tools.

Data processing by Vercel
On behalf of FTI-Andersch, Vercel operates and hosts the website and provides other analytics tools. In connection with these services, FTI-Andersch may collect personal data from its customers. In order for Vercel to provide its services, Vercel processes the information of FTI-Andersch customers when they use FTI-Andersch's websites or other web applications. Vercel processes among others the following information of the FTI-Andersch customers

  • IP addresses
  • System configuration information
  • Other information about traffic to and from FTI-Andersch websites
  • Location information derived from IP addresses

Vercel's data processing takes place primarily in the USA. The data may also be processed in all other jurisdictions where Vercel operates.

Legal basis
The data processing is based on your consent (Art. 6 para. 1 s. 1 lit. GDPR, Art. 49 para. 1 lit. a GDPR). You can change or revoke this consent at any time via the cookie preferences settings according to the link at the bottom of our websites (by clicking on "Cookies Preferences").

Storage period
Prior to the termination of the agreement between FTI-Andersch and Vercel, Vercel will process the stored customer data for the purpose of providing the services until FTI-Andersch decides to delete these customer data through the Vercel services.

Conclusion of an agreement for data processing
We have a so-called data processing agreement concluded with Vercel, which is based on the standard contractual clauses. In this agreement, Vercel is obligated to protect our customers' data and, in the case of sub-contracted processing, to enter into data protection regulations corresponding to our data processing agreement.
Where Vercel transfers personal data to sub-processors in third countries, Vercel uses standard contractual clauses if no ordinary adequacy decision applies to the transfer of personal data to a third country and a transfer requires such a decision under applicable data protection legislation.

You can find more information on the data protection provisions at
https://vercel.com/legal/privacy-policy

(18) Microsoft 365

FTI-Andersch uses Office applications and cloud services from Microsoft 365, among others Microsoft Exchange (e-mail, address book, calendar, tasks), SharePoint (file storage and editing, application platform), Microsoft Teams (file sharing, chat, telephony, video conferencing solution) and Microsoft Forms (survey creation and execution).

The operating company of Microsoft 365 is the
Microsoft Ireland Operations Limited
One Microsoft Place
South County Business Park
Leopardstown
Dublin 18
Ireland (hereinafter "Microsoft")

Data processing by Microsoft
The purpose of the processing by Microsoft is to provide a workplace that enables collaboration and communication within and outside of FTI-Andersch. Collaboration here is understood to mean, for example, joint work on files, e-mail communication, meetings, live broadcasts and innovative tools.

The processing of personal data refers to employees of FTI-Andersch and all persons such as customers and contractors (current, former, future) who communicate with FTI-Andersch via Microsoft 365 applications.

Microsoft processes on behalf of FTI-Andersch among others the following categories of personal data:

  • Professional contact, work, and organizational data (e.g. first name, last name, e-mail, company, social media identifiers, if applicable photo)
  • Private telephone numbers and private data that users enter into the system
  • Authentication data (e.g. user name, password or PIN code, security question)
  • Unique identification numbers and signatures (e. g. IP addresses, signature)
  • Position data and location data (e.g. location at start/end of call)
  • Administrative events (e.g. joining a team, creating a channel, sending an e-mail, etc.)
  • Photos, videos and audio
  • Contents (e.g. contents of the files and communications you enter, upload, receive, create, and control)
  • Metadata (for example, about calls and meetings (e.g. network status, date/time/duration, terminals used, audio quality data))
  • Internet activities (e.g. browsing history, search history)
  • Device identification (e.g. SIM card number)

Data processing especially with the use and application of Microsoft Forms
FTI-Andersch regularly uses Microsoft Forms as part of Microsoft Office 365 for the purpose of conducting internal anonymous and non-anonymous online surveys (employee surveys). Surveys can be addressed in different ways (via hyperlink, QR code, embedding in web page or e-mailing). Participation in surveys is voluntary and possible without user registration with Microsoft.

An employee survey is considered anonymous if FTI-Andersch cannot draw any conclusions about the responding employee (e.g. Team Call surveys, query feedback Academies). On the basis of the survey results, anonymous evaluations are made by the processor, which have no reference to the respondent.

In the case of a non-anonymous employee survey, FTI-Andersch can draw conclusions about the responding employee and identify him or her (e.g. query participation/content of management jour fix, query participation in FTI-events and related information such as overnight stays, meal requests, allergies, etc.). In this case, the recipients of the personal data are the creator of the employee surveys and other persons at FTI-Andersch (e.g. HR), if required for the purpose of the employee survey. If personal data is specifically collected and further processed via surveys, FTI-Andersch will inform the employees separately in advance and - if necessary - ask for their consent. For more information on privacy for Microsoft Forms, visit https://support.microsoft.com/en/office/security-and-privacy-in-microsoft-forms-7e57f9ba-4aeb-4b1b-9e21-b75318532cd9.

In particular the following personal data is processed by Microsoft Forms:

  • Name and contact details
  • Login information
  • Demographic data
  • Device and usage data
  • Position data
  • contents specified in the employee survey and, if applicable
  • Health data

In the case of anonymous employee surveys, FTI-Andersch may view the following data:

  • Content specified in the employee survey

In the case of non-anonymous employee surveys, FTI-Andersch may view the following data depending on the purpose of the query/survey:

  • Name, first name
  • Content specified in the employee survey
  • Health data (e.g. allergies, food preferences)

Data processing specifically when deploying and using Microsoft Teams
Through the Microsoft Teams video conferencing solution, FTI-Andersch can offer participation via video/audio in online events. FTI-Andersch uses Microsoft Teams to conduct online events, enable collaborative work on files and internal company communication. In doing so, FTI-Andersch uses the Team Meetings mode with Microsoft Teams. In general, there is no recording of the event.
In exceptional cases, recording may take place under the following conditions:

  • Prior explicit announcement of the planned recording to the participants twice (firstly when inviting and secondly before the start of the event to be recorded)
  • Participants will be provided with the link to this general data protection information at https://www.fti-andersch.com/en/data-privacy-policy/ made available.
  • Participants are provided with the following supplemental privacy information:
    - Concrete purpose of the recording
    - Person responsible for recording (function, role)
    - Authorized users of the recording or Addressees to whom the recording is to be made available
    - Location and duration of the recording.

In particular the following personal data is processed by Microsoft Teams:

  • Communication data (e.g. e-mail address, if this is specified on a personal basis).
  • Log files, log data
  • Metadata (e.g. IP address, time of participation, etc.)

Microsoft implements and maintains technical and organizational measures to protect your personal data from destruction, loss, or unauthorized access or other forms of unauthorized or unlawful processing of personal data.

Cookies
Microsoft uses cookies and similar technologies to store and maintain preferences and settings.

Legal basis
The data processing is carried out for the fulfillment of (pre)contractual obligations according to Art. 6 para. 1 s. 1 lit. b GDPR for external parties, according Art. 6 para.1 s. 1 lit. b GDPR in conjunction with Sec. 26 para. 1 BDSG for internal employees and, in the case of image and sound recordings, on the basis of consent in accordance with Art. 6 para. 1 s. 1 lit. a GDPR. Processing within the scope of log files and metadata is carried out on the basis of legitimate interest pursuant to Art. 6 para. 1 s. 1 lit. f GDPR (legitimate interest to detect misuse and ensure IT security and continuous improvement of services). You can revoke your consent at any time, among others by sending an e-mail to datenschutz@fti-andersch.com. The revocation of consent only takes effect for the future and does not affect the lawfulness of the data processed until the revoca-tion.

Disclosure of data within the scope of the processing activity to recipients or categories of recipients
In some cases, data is passed on to FTI Consulting, Inc. Sharing takes place through the forwarding of e-mails that contain personal information, as well as communication via Microsoft Teams (video conference, phone call, chat) with FTI Consulting, Inc. held.

Storage period
The personal data will be processed and stored as long as FTI-Andersch uses Microsoft 365 applications.
Metadata from calls and meetings are stored by Microsoft for a maximum of 120 days (depending on the date). Here the data will be deleted automatically. Adjustment for deadlines for live events (120 days) and teams meetings/calls (90 days) is not available.
If FTI-Andersch deletes the personal data itself, it will also be deleted by Microsoft after 180 days at the latest, provided that this deletion does not conflict with any further statutory retention period.
If no active deletion of the personal data takes place on the part of FTI-Andersch, the personal data will be deleted no later than 180 days after the expiration of the termination of a Microsoft 365 subscription.

Conclusion of an agreement for data processing
We have concluded a so-called data processing agreement with Microsoft in which we oblige Microsoft to process the data of our employees etc. in accordance with the data protection laws. The standard contractual clauses are included in this data processing contract.

Standard contractual clauses
It cannot be excluded that in individual cases personal data may also be transferred to other countries outside the EU (e.g. to the USA) and processed there. The data may also be transferred to subcontracted processors for this purpose. In such a case Microsoft uses standard contractual clauses.
You can find more information at: https://privacy.microsoft.com/de-de/privacystatement#mainnoticetoendusersmodule