Privacy Notice

Protecting your Personal Data and complying with the General Data Protection Regulation (GDPR) and other relevant data protection legislation are matters that we take very seriously. This Privacy Notice is intended to give you an overview of how we ensure this protection and compliance, what kinds of data we collect and why, and how we deal with it.

We refer to GDPR, when describing the processing of personal data, but because we operate globally, other relevant data protection legislation can apply. When reading the Privacy Notice, please note that the reference to the GDPR only applies when it is applicable.

By "Personal Data" we mean, in accordance with the GDPR, any information relating to an identified or identifiable individual. This is broader than just information of a personal or private nature and also includes information such as your name, date of birth, and email address.

Who is responsible and how to contact us?

We welcome your feedback. If you have any comments, complaints or questions regarding this Privacy Notice or our processing of your Personal Data, or would like to exercise any of your rights, you can contact us at:

OneBigWave
Döllingerstr. 43, 80639 Munich / Germany
Tel +49 176.12050061 | hello@onebigwave.com

There are some points on our websites where we collect data for information and marketing purposes with your consent.

Why and how do we collect, process and use your personal data?

This Privacy Notice explains how we collect, store, use, disclose and transfer (hereinafter “process”) your personal data. The personal data that we collect about you depends on the context of your interactions with us, the products, services and features that you use, your location, and applicable law. We process your data for the reasons described below and only for the purpose intended in each case.

Our services are neither aimed at nor intended for children.

It is important that the personal data we hold about you is accurate and current. Should your personal information change, please notify us of any changes of which we need to be aware of. Please use the contact details above or keep your contact person at OneBigWave informed.

Visitors to our website

Server logs
When you visit our websites, we record the following information:
- your IP address;
- the data you requested from the website;
- how much data you downloaded;
- the website from which your accessing system came to our website;
- the server reply code on the request from your browser;
- information about the browser you used;
- the date and time you visited, and for how long; and
- other similar data and information that serves to avert the risk of an attack on our information technology systems.
OneBigWave generally cannot attribute this data to any specific person.
This information is required in order to:
- properly deliver the contents of our websites;
- continually optimize our websites;
- ensure the continued functioning of our information technology systems and the technology of our websites; and
- provide law enforcement authorities with the necessary information for prosecution in the event of a cyberattack.
The legal basis for the processing of the data is Art. 6 para. 1 lit. a) GDPR (to optimize our websites), Art. 6 para. 1 lit. f) GDPR (to properly deliver the contents of our websites and to ensure the continued functioning of our information technology systems and the technology of our websites) and Art. 6 para. 1 lit. c) GDPR (to provide law enforcement authorities with the necessary information for prosecution in the event of a cyberattack).
Personal Data obtained from you directly
We record and process information you enter on our websites or send us otherwise. This includes data you enter in forms or contact fields (e.g. for the subscription of Newsletters) or select from lists or menus.

On our websites, you also have the possibility to contact OneBigWave using the contact forms, email addresses, telephone and fax numbers provided there. When you contact us through the above channels, we will store and process the resulting personal data for the purposes of dealing with your request. Your information can be stored in our Customer Relationship Management (CRM) system. All data are used exclusively for the processing of your request.

The legal basis for the processing of the data is Art. 6 para. 1 lit. f) GDPR (general requests). Where the data are processed in order to take steps prior to entering into a contract at your request, the legal basis shall be Art. 6 para. 1 lit. b) GDPR. We process the personal data we collect solely for the purposes of effectively handling the requests addressed to us.

Hubspot

We use the CRM, registration and marketing automation system "HubSpot", operated by our service provider HubSpot Germany GmbH (Unter den Linden 26, 10117 Berlin, Germany), and its subprocessors Hubspot Inc. (25 First Street, 2nd Floor, Cambridge, MA 02141, USA) and Hubspot Ireland ltd. (One Dockland Central, Dublin 1, Ireland). For this purpose, we have concluded a data processing agreement with Hubspot Germany, and additionally so-called standard contractual clauses, in which HubSpot Inc. undertakes to process user data only in accordance with our instructions and to comply with the EU level of data protection. Learn more about HubSpot's data privacy policy here: https://legal.hubspot.com/privacy-policy?__hstc=58164917.92db893f647e770cec64aa25d7be3520.1655197382375.1660634143408.1660643454424.28&__hssc=58164917.2.1660643454424&__hsfp=2571923803.

The legal basis for the processing is our legitimate interests Art. 6 para. 1 lit. f) GDPR for necessary cookies (to distinguish between humans and bots) and your consent Art. 6 para. 1 lit. a) GDPR for non-necessary cookies (efficient and quick processing of user requests, applications and optimization of our online offering).

Participants on Events, Webinars, Surveys, Interviews, Competitions and Newsletter Subscriber

If you have had contact with us for the purpose of concluding a contract (e.g. consulting agreement) between us, for example through emailing or meeting our representative, we collect, use and store limited amounts of personal information relating to you, such as your name, job title, employer organization, contact details and other information necessary for the contract (e.g. for advising to the Client).

We collect, process and store this personal information for the following purposes:
- Identification of shareholders and employees or contact persons of Client or Supplier
- Provision of advisory support to Client and for the performance of the contract
- For corresponding with the Client or Supplier or the contact persons of the Client or Supplier
- For invoicing
- In relation to managing disputes or any other legal complaints
- Contacting the shareholders or the contact persons of Client or Supplier in the event of future business transactions of interest to the shareholders and/or Client or Supplier
- To invite Client or Supplier to take part in marketing or other promotional events, or seminars or similar events, and to inform Client or Supplier about other topics which might interest them
- To carry out sanction list / compliance screenings (see more details below)
- To ask you for feedback (for instance, in a survey about our client services and to manage, review and act on feedback we are getting)
- To send you our Newsletter in case you have given us your business card for the purpose of sending you information and making further business contact

The legal basis for processing the data is Art. 6 para 1 lit. b) GDPR as it is necessary for the entering into a contract, for the establishment, execution and termination of the contract and for the mutual fulfilment of obligations arising from the contract, further Art. 6 para 1 lit. c) GDPR as it is legal obligation in case of managing disputes or any other legal complaints, further your consent according to Art. 6 para 1 lit. a) GDPR in case you have given us your business card, and Art. 6 para 1 lit. f) GDPR as it is necessary for the legitimate interests of OneBigWave.

We may carry out sanction list / compliance screenings with regard to the business relationship with you and in compliance with legal compliance obligations. Any such use of your Personal Data is based on the permission to process Personal Data in order to comply with statutory obligations (Art. 6 para. 1 lit. c) GDPR) and our legitimate interests (Art. 6 para. 1 lit. f) GDPR) or under the equivalent provisions under applicable law.

In some cases, we search and use Personal Data from public sources (such as LinkedIn, Xing and other publicly available sources on the internet) to complete or correct your data (first name, company, country, etc.). We store this data in our CRM system. The legal basis for this data processing is Art. 6 para. 1 lit. f) GDPR.

Your personal data, such as names, email addresses, organisational details, may also be processed by us in connection with the use of our Microsoft 365 Services. For this specific purpose separate data protection notice apply (refer to the supplementary Privacy Policy for Microsoft365 Cloud Services: https://www.rolandberger.com/publications/publication_pdf/MS365Cloud_Data_Protection_Notice.pdf).

To whom we may disclose your Personal Data?

Once you send data, or it is collected on our websites, we transmit it within OneBigWave to the recipients who need to know it.
We may involve service providers who support us in the processing of Personal Data or otherwise and who may come into contact with your Personal Data. This will only happen after the prior conclusion of a Data Protection Agreement that obligates our service providers to process Personal Data only according to our instructions and to keep it confidential.

How will you adapt to the new normal?