Deutsch
Menu
Become Member
Deutsch
Kontakt

Data privacy

Information on the processing of your data in accordance with Art. 13 of the European General Data Protection Regulation (GDPR).

References to legal provisions refer to the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) in their current versions (including amendments by the Telecommunications and Telemedia Data Protection Act (TTDSG) and supplementary EU regulations such as the AI Act and the Data Act, as applicable from 2025). Please note that from 2025, new regulations such as the EU AI Act (phased implementation, e.g., prohibitions from February 2025 and obligations from August 2025) and the Data Act (from September 2025) may impose additional requirements on the handling of personal data and AI systems. The BDU continuously reviews the relevance of these changes for its activities.

I. Scope

This privacy policy applies to the website of the Federal Association of German Management Consultants BDU e.V. and BDU-Servicegesellschaft für Unternehmensberatungen mbH (hereinafter jointly referred to as “BDU”) at www.bdu.de as well as to the personal data collected via these web pages. For websites of other providers, which are referred to via links, for example, the data protection information and declarations provided there apply.

II. Responsible party

The following party is responsible for processing personal data on this website:

Bundesverband Deutscher Unternehmensberatungen BDU e.V.

Represented by the Executive Board:
Iris Grewe (President), Dr. Bernhard Braunmüller (Vicepresident), Harald R. Fortmann (Vicepresident), Ricarda Memel (Vicepresident), Dr. Klaus Neuhäuser (Vicepresident), Wolfram Tröger (Vicepresident).

Joseph-Schumpeter-Allee 29
53227 Bonn
register of associations Bonn, 20VR6924
phone: (+49) 228 91 61 0
Fax: (+49) 228 91 61 26
email: info@bdu.de
www.bdu.de

BDU-Servicegesellschaft für Unternehmensberatungen mbH
Joseph-Schumpeter-Allee 29
53227 Bonn
phone: (+49) 228 91 61 0
Fax: (+49) 228 91 61 26
email: info@bdu.de
www.bdu.de

HRB 5686 AG Bonn

VAT ID number: DE246890924

Tax number: 206/5905/1808

Management: Kai Haake

 

III. Data Protection Officer

You can reach and contact our data protection officer at the following address:

Data Protection Officer of Bundesverbands Deutscher Unternehmensberater BDU e.V.

Joseph-Schumpeter-Allee 29

53227 Bonn

email: datenschutz@bdu.de

The data protection officer is appointed in accordance with Section 38 of the German Federal Data Protection Act (BDSG) and supports the BDU in complying with data protection regulations. Please note that possible changes to the BDSG (e.g., raising the threshold for mandatory appointment from 20 to 50 employees) may be considered from 2025 onwards; the BDU will adapt its structures accordingly.

 

IV. Hosting

The website is hosted on servers by a service provider commissioned by us. Our service provider is:

LightsOn GmbH
Leonhardstr. 15
87437 Kempten

We have concluded a contract for order processing (AVV) for the use of the above-mentioned service. This is a contract required by data protection law in accordance with Art. 28 GDPR, which ensures that the personal data of our website visitors is only processed in accordance with our instructions and in compliance with the GDPR.

Hosting is provided by Mittwald CM Service GmbH & Co. KG, which acts as a subcontractor to LightsOn GmbH. Further information on data processing by Mittwald CM Service GmbH & Co. KG can be found at: www.mittwald.de/datenschutz.

The servers automatically collect and store information in so-called server log files, which your browser automatically transmits when you visit the website. The information stored is:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Date and time of the server request
  • IP address

This data is not merged with other data sources. This data is collected on the basis of Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website – for this purpose, the server log files must be collected.

The website server is located in Germany and is provided by Mittwald CM Service GmbH & Co. KG, which acts as a subcontractor for LightsOn GmbH. Further information on the server location and the processing of data by Mittwald CM Service GmbH & Co. KG can be found here: https://www.mittwald.de/darum-mittwald/technologie.

 

IV. How we handle your data

1. Personal data
According to Art. 4 GDPR, personal data is any information relating to an identified or identifiable natural person; A natural person is considered identifiable if they can be identified, directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier, or one or more special characteristics that express the physical, physiological, genetic, psychological, economic, cultural, or social identity of that natural person.

2. Contact form and email contact
If you contact us via a contact form or by email, we will process the data you provide (e.g., name, email address, telephone number) exclusively for the purpose of processing your inquiry. The processing is based on Art. 6 (1) lit. b GDPR (contract fulfillment or pre-contractual measures) or Art. 6 (1) lit. f GDPR (legitimate interest in communication). Data will only be passed on to third parties if this is necessary for processing (e.g., to member companies).

3. Newsletters and events
If you subscribe to our newsletter or register for events, we process your data (e.g., name, email address) on the basis of your consent (Art. 6 (1) (a) GDPR). You can revoke your consent at any time. The double opt-in procedure ensures the authenticity of your registration.

4. Member data
As an association, we process our members' data (e.g., contact details, areas of expertise) in order to fulfill our statutory tasks (Art. 6 (1) (b) GDPR). This includes maintaining the membership directory and organizing networks.

5. Storage period
Personal data is stored for as long as is necessary for the purpose of processing or as long as there are legal retention obligations (e.g., 10 years under tax law in accordance with § 147 AO). Server logs are anonymized or deleted after 7 days at the latest. Contact and newsletter data will be deleted after revocation or termination of the purpose. Member data will be retained until resignation plus statutory periods.

6. Usage data
When you visit our website, the following data is logged for technical reasons:

  • Date and time of the request
  • Name of the requested file
  • Page from which the file was requested
  • Access status (file transferred, file not found, etc.)
  • Web browser and operating system used
  • Full IP address of the requesting computer
  • Amount of data transferred

This data is used for technical security purposes (e.g., defense against attacks) and is anonymized after 7 days at the latest (Art. 6 (1) (f) GDPR). It is not passed on to third parties.

7. Cookies and analysis tools
Our website only uses cookies where technically necessary (e.g., for functionality). Non-essential cookies (e.g., for analysis) are only set with your consent (Art. 6 (1) (a) GDPR in conjunction with § 25 TTDSG). We do not use external analysis tools such as Google Analytics. You can manage cookies in your browser settings.

 

V. Recipients or categories of recipients

Personal data is generally only processed internally. Possible recipients are:

  • Processors (e.g., hosting service providers such as LightsOn/Mittwald)
  • Member companies (in the case of inquiries)
  • Authorities (in the case of legal obligations, e.g., tax authorities)

 

No transfer to third countries without adequate safeguards (e.g., EU standard contractual clauses).

 

VI. Your rights

As a data subject, you have the following rights under the GDPR:

1. Right of access (Art. 15 GDPR): You can request information about your processed data.

2. Right to rectification (Art. 16 GDPR): Incorrect data can be corrected.

3. Right to erasure (Art. 17 GDPR): Under certain conditions (e.g., no longer necessary for the purposes of processing).

4. Right to restriction of processing (Art. 18 GDPR).

5. Right to data portability (Art. 20 GDPR).

6. Right to object (Art. 21 GDPR): For reasons relating to your situation, insofar as processing is based on legitimate interest.

7. Right to withdraw consent (Art. 7(3) GDPR): At any time, without affecting the lawfulness of past processing.

These rights may be limited by legal restrictions (e.g., Section 34 BDSG). Contact us at datenschutz@bdu.de.

You have the right to lodge a complaint with a supervisory authority, e.g., the State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia, P.O. Box 20 04 44, 40102 Düsseldorf, Tel.: 0211/38424-0, Email: poststelle@ldi.nrw.de.