This Privacy Statement was last updated in September 2024.
It sets out the data protection practices carried out through the use of the Internet and any other electronic communications networks by BearingPoint Holding BV and its associated companies (all together “BearingPoint”; “we”, “us”) and with respect to bearingpoint.com, hcube.io, ministerialkongress.de, ps.bearingpoint.com, bearingpointbill.com, bearingpoint.services, survey.bearingpoint.com, arcwide.com and other BearingPoint websites, applications and online services that link to this website privacy statement (together referred to as the “Site”).
We may provide a separate privacy statement in connection with certain websites and applications that we offer, and where we do so, such privacy statement will apply to our collection and use of personal information collected through such websites and applications. A full list of our main offices can be found at https://www.bearingpoint.com/en-gb/locations/ and at https://www.arcwide.com/en/contact/.
1.1 BearingPoint collects personal information from you that you provide, such as your email address, job title or company name through the use of registration forms, for instance every time you sign up for an electronic newsletter, when you choose to send us an application to be considered for employment, when you register for an event or conference organized by BearingPoint, when you submit a request for proposal or for information, when you request the authorization of downloading a document, when you enter an online competition or when you send us a message via an email reply mechanism provided on the BearingPoint sites or when you choose to provide your information for surveys, quizzes or benchmarking surveys.
We use a customer relation management system (the BearingPoint CRM) to store personal information about our business contacts. We collect and use business contact details for individuals associated with existing and potential BearingPoint clients to manage and maintain our relationship with those individuals.
BearingPoint also uses Microsoft Bookings. Microsoft Bookings is a Microsoft 365 app supporting the scheduling and the managing of appointments; it includes a web-based booking calendar. The legal basis is the legitimate interest (Art. 6 (1) lit. f GDPR; we want to give you the opportunity to easily schedule an appointment with us.
The personal data required for an appointment via Microsoft Bookings (name and email address) as well as your additional, voluntary information (address, telephone number, notes) are processed and stored by us only to the extent that this is necessary for the processing of the appointment, but no longer than 120 days. Since Microsoft Bookings is a Microsoft 365 service, Microsoft (One Microsoft Way, Redmond, WA 98052-6399, USA) also receives access to the data you provide in the form.
Further information on the handling and use of data by Microsoft can be found in Microsoft’s privacy policy: https://privacy.microsoft.com/en-us/privacystatement.
2.1 We process personal information collected via the BearingPoint sites for the purposes of:
3.1 When you visit one of the BearingPoint sites, we collect information automatically about those visits.
3.2 In particular, your browser automatically sends us certain Internet-related information, such as the Internet Protocol (IP) address of the computer you are using.
3.3 We also collect information through the use of cookies to better understand how visitors use the BearingPoint sites, to identify problems with our servers, prepare aggregate demographic information and other information regarding the use of the BearingPoint sites, and to improve the functions of the BearingPoint sites. Cookies do not collect any information that enables you to be identified as an individual.
3.4 BearingPoint uses “Google reCAPTCHA” (hereafter “reCAPTCHA”) on its websites. Provider is Google LLC 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”). With reCAPTCHA we want to check if the data entry on our websites (for example in a contact form) is done by a human or by an automated program. For this, reCAPTCHA analyzes the behavior of the site visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For analysis, reCAPTCHA evaluates various information (for example, the IP address, the time a site visitor spends on the website or mouse movements made by the user). The data collected during the analysis will be forwarded to Google. The reCAPTCHA analyzes are completely in the background. Site visitors are not advised that an analysis is taking place. Data processing takes place on the basis of Art. 6 para. 1 lit. f GDPR. BearingPoint has a legitimate interest in protecting its websites from abusive automated spying and SPAM. For more information about Google reCAPTCHA and Google’s privacy policy, please visit the following links:
https://www.google.com/intl/en/policies/privacy/ and https://www.google.com/recaptcha/about/.
3.5 When you visit or use our social media websites such as Facebook, we use Facebook Pixel, which allows us to display interest-based advertisements ("Facebook Ads") to users of the website when they visit the social network or other websites also using this tool. In this way, we pursue the interest in displaying advertisements that are of interest to you in order to make our website or offers more interesting for you. With the help of the Facebook Pixel, we can also track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad ("conversion").
The processing of this data by Facebook takes place within the framework of Facebook's data policy: https://www.facebook.com/policy.php.
Special information and details about the Facebook pixel, the Conversions API and its functionality can also be found in the Facebook help area: https://www.facebook.com/business/help/742478679120153?id=1205376682832142.
We also use lead ads on Facebook, e.g. for recruiting purposes. If you, as a platform user, click on an add, you will be prompted to fill out a lead ad forms. After submitting it, your leads data will be stored on Facebook’s servers for no more than 90 days, and we may download your leads data from it. The downloaded data will be further stored in our recruitment system for no longer than 6 months. Facebook will use the information submitted by users through the lead ad, subject to its data policy: https://www.facebook.com/policy. Further details about how Lead ads work on Facebook can be found here: https://www.facebook.com/business/help/1481110642181372?id=735435806665862.
When operating with lead ads, BearingPoint together with Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (Facebook) are Joint Controllers for the collection and transfer of data in this process. The following processes are therefore not covered by joint controllership:
We transfer the data within the scope of joint controllership based on the legitimate interest pursuant to Art. 6 (1) f GDPR. Further information on how Facebook processes personal data, including its legal basis and further information on the rights of data subjects can be found here: https://www.facebook.com/about/privacy.
3.6 Google Analytics 4.
BearingPoint also uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, on its websites. In order to protect your data as best as possible, the version “Google Analytics 4” (GA4, anonymized tracking, cookieless tracking) is used. Thus, only anonymized aggregated data is transmitted to us, which we evaluate for web statistics and therefore want to improve our offer. No individual profiles are created, but rather user groups. A personal reference can no longer be established.
GA4 uses IP address anonymization by default, which cannot be deactivated. Lawful cookies have a duration of 2 months.
The legal basis for the use of GA4 and the resulting coverage measurement is the legitimate interest (Art. 6 (1) lit. f GDPR).
The collected data may be transmitted to Google in Europe, or also to Google servers in the USA. BearingPoint has no influence on the data transfer to Google. Furthermore, BearingPoint has no influence on whether Google can draw conclusions about your person.
We are reviewing relevant rulings of the European Data Protection Agencies and/or other authorities which might impact the use of Google Analytics.
Further information on the handling of user data can be found in Google's privacy policy: https://policies.google.com/privacy?hl=en&gl=de.
3.7 CleanTalk anti-spam check
We use the "CleanTalk" service, which protects the Site from spam when a data entry on a Site is done (for example in a contact form). The legal basis is the legitimate interest (Art. 6 (1) lit. f GDPR.
For security reasons and as protection against spam, your data is processed in the CleanTalk Cloud Service and stored in log files for a maximum of 45 days. After expiry of the aforementioned period, this data will be completely deleted. CleanTalk may use information about spam activity from IP or email addresses to provide appropriate anti-spam protection to all websites connected to its service.
Further information on the handling and use of data by CleanTalk can be found in CleanTalk Inc’s privacy policy: https://cleantalk.org/publicoffer#privacy.
3.8 Akismet
BearingPoint also uses the “Akismet” service which protects the site from spam when a data entry in a contact form is done by you. Provider of the Akismet service is Automattic Inc, 60 29th St, #343 San Francisco, CA 94110, United States.
The legal basis is the legitimate interest (Art. 6 (1) lit. f GDPR).
Automattic is processing your data in the USA; it is an active participant of the EU-US Data Privacy Framework, the Swiss-US Data Privacy Framework and the UK Extension to the EU-US Data Privacy Framework. Automattic may use your user IP, user agent, referrer, Site URL (along with other information directly provided by you in the contact forms such as your name, company address, job title, function and the comment itself). Automattic has retention periods between two weeks and ninety days for the vast majority of spamrelated data, at which point it is automatically deleted from Akismet’s databases. A Data Processing Agreement including the Standard Contractual Clauses is in place.
Further information on the handling and use of data by using Akismet can be found in the Automattic privacy policy: https://automattic.com/privacy/
4.1 A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:
4.2 Microsoft Dynamics 365
We use cookies or tracking pixels from Microsoft Dynamics 365, which is provided by Microsoft Ireland Operations Limited, Ireland. Microsoft Dynamics uses the following cookies:
4.3 We use Microsoft Clarity and Microsoft Advertising to better understand the needs of our users and to optimise the offer on this website. The Clarity technology gives us a better understanding of our users' experiences (e.g. how much time users spend on which pages, which links they click on, what they like and dislike, etc.). This helps us to tailor our offering to our users' feedback. Clarity works with cookies and other technologies to collect information about the behaviour of our users and their devices (in particular IP address of the device (only stored in anonymised form), screen size, device type (unique device identifiers), information about the browser used, location (country only), preferred language for displaying our website). Clarity stores this information in a pseudonymised user profile. The information is not used by Clarity or by us to identify individual users or merged with other data about individual users. The legal basis for data processing is your consent in accordance with Art. 6 (1) lit. a GDPR. The data is transferred to Microsoft Ireland Operations Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Microsoft Corporation is committed to complying with the data processing principles of the Data Pricacy Framework (DPF). On this basis, data transfer to the USA, which cannot be excluded, is possible. If you have any questions about data protection at Microsoft, you can contact them at https://www.microsoft.com/en-us/concern/privacy. You can find the Microsoft privacy policy at https://privacy.microsoft.com/en-us/privacystatement.
4.4 Furthermore, when browsing the BearingPoint website you may get access to embedded media and other external sources which may store cookies. As cookies from externally embedded media may be used or modified without BearingPoint’s knowledge or consent, you are invited to consult the following links for further information.
Media | Link to their privacy statement |
https://twitter.com/en/privacy | |
YouTube | https://policies.google.com/privacy |
https://www.linkedin.com/legal/privacy-policy | |
https://www.facebook.com/policy.php | |
4.5 You have the right to choose whether or not to accept cookies. You can exercise this right by amending or setting the controls on your browser to reflect your cookie preferences. However, please note that if you choose to refuse cookies you may not be able to use the full functionality of the BearingPoint sites.
4.6 The "help" portion of the toolbar on most Internet browsers will tell you how to change your browser cookie settings, including how to have the browser notify you when you receive a new cookie, and how to disable cookies altogether. For further information about cookies and how to control their use, please visit the following third-party educational resources: https://www.allaboutcookies.org/ and https://www.youronlinechoices.eu/.
5.1 We will only disclose personal information to other companies within our group of companies, business partners, government bodies and law enforcement agencies, successors in title to our business and suppliers we engage to process data on our behalf. In these circumstances we will share your personal information for purposes such as our legitimate business purposes and to comply with legal obligations.
6.1 This Privacy Statement applies only to information collected by a BearingPoint site.
6.2 BearingPoint sites contain links to other sites that are not owned or administered by BearingPoint. Please be aware that BearingPoint is not responsible for the privacy practices of such other third party sites. We encourage you to read the privacy statements of every Website you visit.
7.1 We maintain safeguards to protect against unauthorized disclosure, use, alteration, or destruction of the personal information you provide to us through the BearingPoint sites. Please note, however, that perfect security does not exist on the Internet. Therefore, while we endeavor to protect your personal data, when data is transferred over the Internet it may potentially be accessed and used by unauthorized parties.
8.1 We want to make sure that any information we hold on you is up to date and correct. You can request from BearingPoint information in particular pursuant to Art. 15 to 18, 21 GDPR, as to your personal data held by us as a controller, the purpose of the storage and obtain certain other information about how and why we process your personal data. Furthermore, and within the legal framework, you have the right to request for your personal data to be amended or rectified where it is inaccurate, the right to restrict our processing of your personal data and the right to object or to obtain deletion of your personal data. If you have any requests concerning your personal information BearingPoint holds about you, to obtain a copy or any queries with regard to these practices please contact us at the contact listed below:
BearingPoint Data Protection Department
Group Compliance Officer
BearingPoint Berlin
Invalidenstraße 73
10557 Berlin
Fax: +49 30- 880041040
E-Mail (for requests that do not have confidential or sensitive content):
datasubject-request@bearingpoint.com.
8.2. We use the Zendesk ticketing system, a customer service platform provided by Zendesk Inc, 989 Market Street, San Francisco, CA 94103, to process your requests submitted by email.
We use Zendesk to be able to process your requests quickly and efficiently. This constitutes a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. We have concluded a Data Processing Agreement (DPA) with Zendesk, which contains the Standard Contractual Clauses ("Model Clauses") approved by the European Commission.
A request sent to us remains with us until you make a request to delete it or the purpose for storing the data no longer applies (e.g. after processing your request has been completed). Mandatory legal provisions - in particular retention periods - remain unaffected.
For more information about Zendesk, please see the Zendesk privacy policy: https://www.zendesk.com/company/agreements-and-terms/privacy-policy-2021-06-01/.
Design and maintenance of our websites by RYZE Digital GmbH, Mombacher Str. 4, 55122 Mainz, Germany. The webserver is hosted by aiticon GmbH Stephanstraße 1, 60313 Frankfurt, Germany.
10.1 Given that the Internet is a global environment, using the Internet to collect and process personal data necessarily involves the transmission of data on an international basis. Therefore, by browsing the BearingPoint sites and communicating electronically with us, you acknowledge our processing of personal data in this way. However, we will endeavor to protect all personal information collected through the BearingPoint sites in accordance with strict data protection standards.
We reserve the right to amend this Statement at any time without advance notice in order to address future developments of BearingPoint, the Website or changes in industry or legal trends. We will post the revised Statement on the Website or announce the change on the home page of the Website. You can determine when the Statement was revised by referring to the "Last Updated" date on the top of this Statement. Any changes will become effective upon the posting of the revised Statement on the Website. By continuing to use the Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Statement, in whole or part, you can choose to not continue to use the Website.
If you have any general questions or concerns about how we process personal information please contact us at privacy@bearingpoint.com.