← Back to start

Privacy Policy

Information according to GDPR

I. Name and address of the controller

Kirchhoff Consult GmbH
Borselstraße 20
22765 Hamburg
Germany
Phone: +49 - 40 - 60 91 86 0
www.kirchhoff.de
E-Mail: info@kirchhoff.de

II. Contact details of the data protection officer

Mr Frank Thomsen, reachable via the above address or:
Phone: +49 - 40 - 60 91 86 0
E-mail: datenschutz@kirchhoff.de

III. General information about data processing

1. Scope
We collect and use personal data only as needed to provide a functional site and services. Routine processing occurs with consent unless permitted by law.

2. Legal basis
Art. 6(1)(a) GDPR (consent); Art. 6(1)(b) GDPR (contract); Art. 6(1)(c) GDPR (legal obligation); Art. 6(1)(d) GDPR (vital interests); Art. 6(1)(f) GDPR (legitimate interests).

3. Storage
Data is deleted or blocked once the purpose ceases to apply, unless statutory retention applies; then deletion follows after expiry.

IV. Provision of the website and log files

Data collected: browser type/version, OS, ISP, IP address, date/time, referrer, pages visited. Stored in logs without linkage to other personal data.

Legal basis: Art. 6(1)(f) GDPR.

Purpose: enable delivery, ensure functionality/security, optimise the site; no marketing use. Legitimate interest per Art. 6(1)(f) GDPR.

Storage duration: session data until session ends; logs max. seven days (longer only with anonymised IPs).

Objection: collection/storage is essential for operation; no opt-out.

V. Use of cookies

a) Description
This policy template references Google Analytics and Matomo use. If active, cookies may transmit usage data (including IP) to providers; IP anonymisation is typically applied.

b) Legal basis
Art. 6(1)(f) GDPR for necessary cookies; Art. 6(1)(a) GDPR for analytics with consent.

c) Purpose
Technically necessary cookies enable core functionality; analytics improve quality and content.

d) Storage / objection
You control cookies via browser settings; disabling may limit functionality. Flash cookies require Flash settings.

VI. Advertising analysis by Matomo

Scope: Matomo may set cookies; stores truncated IP (2 bytes), pages, referrers, subpages, duration, frequency. Runs on own servers; no third-party sharing; IPs masked.

Legal basis: Art. 6(1)(f) GDPR.

Purpose: analyse behaviour to improve usability; legitimate interest per Art. 6(1)(f) GDPR; IP anonymisation protects users.

Storage: deleted after documentation needs end (e.g., 90 days).

Objection: disable cookies in browser; may limit functionality. Google Analytics opt-out tools may apply if used.

VII. Applications

Applicant data is processed for application handling; electronic submissions included. If hired, data is stored for employment; if not, deletion after six months unless legal interests (e.g., AGG) require retention.

VIII. Contact form and email contact

Data processed: Name, Company, Phone, E-mail, Subject, Message; plus technical data during send.

Legal basis: Art. 6(1)(a) GDPR (consent); Art. 6(1)(f) GDPR (email requests); Art. 6(1)(b) GDPR if pre-contractual.

Purpose: handle correspondence; prevent misuse; ensure IT security.

Storage: deleted when conversation ends; technical data within seven days.

Objection: revoke consent anytime; objection to storage ends conversation; stored personal data then deleted.

IX. Data security

SSL/TLS encryption (typically 256-bit; fallback 128-bit) indicated by lock icon. Technical and organisational measures protect data; measures evolve with technology.

X. Rights of the data subject

You have rights of access, rectification, restriction, erasure, notification, data portability, objection (including to marketing), withdrawal of consent, freedom from certain automated decisions, and to lodge a complaint with a supervisory authority.

Privacy Policy

(for the “Winter Olympics” microsite and its interactive game features)

1. Controller

The controller responsible for processing personal data within the meaning of the General Data Protection Regulation (GDPR) is:

Kirchhoff Consult GmbH
Borselstraße 20
22765 Hamburg
Germany

Phone: +49 (0)40 609186-0
Email: datenschutz@kirchhoff.de
Website: https://www.kirchhoff.de

The Data Protection Officer (if appointed) can be reached via the contact details provided in the general privacy policy:
https://www.kirchhoff.de/en/data-protection

2. Scope and Key Information

This microsite is designed to provide an interactive game experience. We process personal data only to the extent necessary to operate the website, ensure security, and provide the game and high score functionality.

  • No tracking: We do not use analytics or marketing tools (e.g., Google Analytics, Matomo, pixels).
  • No consent-based cookies: We do not use consent-based cookies. The site may use browser localStorage for technical purposes.
  • No data sharing: We do not sell personal data and do not share it with third parties for advertising purposes.

3. Server Log Files

When you visit this website, the hosting provider automatically collects and stores information in server log files, in particular:

  • IP address (shortened or anonymised where technically possible)
  • date and time of access (timestamp)
  • requested resource (request/URL)
  • HTTP status code
  • browser type and version (user agent)
  • referrer URL

Purpose: ensuring technical operation, stability and security (e.g., defence against attacks) and troubleshooting.

Legal basis: Art. 6(1)(f) GDPR (legitimate interests in secure and reliable operation).

Retention period: log files are generally stored for up to 7–14 days and then deleted, unless longer retention is required for security-related reasons.

4. LocalStorage (No Cookies)

This microsite uses the browser’s localStorage for technically necessary functions. localStorage is stored on your device and is not automatically transmitted to us.

Depending on the game feature set, localStorage may store:

  • an anonymous client ID (e.g., to recognise a device for high score handling)
  • optional settings (e.g., audio on/off)
  • optional game progress (save states)

Purpose: providing the game, improving usability, and preventing duplicate high score entries.

Legal basis: Art. 6(1)(b) GDPR (performance of a contract / provision of the requested service) and Art. 6(1)(f) GDPR (legitimate interests in functionality).

Retention period: data remains stored until you delete it in your browser.

How to delete / object: you can remove localStorage at any time via your browser settings (delete site data).

5. Audio Playback and User Interactions

When the game starts, audio (e.g., music or sound effects) may be played. In addition, we process user interactions required to run the game (e.g., control inputs, score calculation, entering a name for the high score list).

Purpose: providing the interactive game experience.

Legal basis: Art. 6(1)(b) GDPR.

6. High Score Data

If you choose to submit a high score, we process the following data:

  • player name (1–3 characters, freely chosen)
  • score
  • where applicable, an anonymous client ID to help prevent duplicate entries

Storage and format: high score entries are stored on our server in a JSON file (file storage). The data is used solely to display the high score list and is not shared with third parties.

Purpose: displaying a public high score list and enabling in-game comparison.

Legal basis: Art. 6(1)(b) GDPR (provision of the feature) and Art. 6(1)(f) GDPR (legitimate interests in operating the high score feature). Where applicable, Art. 6(1)(a) GDPR applies if we request your explicit consent for optional features.

Retention period: high score entries are stored until deletion, or as part of regular rotation/overwriting of older entries.

7. Contact

If you contact us (e.g., by email), we will process the information you provide solely for the purpose of handling your request.

Legal basis: Art. 6(1)(b) GDPR (pre-contractual/contractual communication) and Art. 6(1)(f) GDPR (legitimate interests in communication).

8. External Links

This microsite may contain links to external websites (e.g., imprint, other projects). If you click such a link, data processing is carried out by the respective provider. We do not transmit your data to these providers unless you actively access the linked page.

9. Fonts, Scripts and Third-Party Resources

We do not use tracking technologies. Where possible, resources (such as fonts) are provided locally to avoid data transfers to third parties. If external resources are used in exceptional cases, this will be done in compliance with applicable data protection law and will be reflected in this privacy policy.

10. SSL / TLS Encryption

This website uses TLS encryption (HTTPS) to protect transmitted data from unauthorised access by third parties.

11. Your Rights

Under the GDPR, you have the right to access, rectification, erasure, restriction of processing, objection, and data portability. You also have the right to lodge a complaint with a competent supervisory authority.

12. Changes to This Privacy Policy

We may update this privacy policy to reflect changes in legal requirements or functionality. The current version published on this website applies.