Privacy Policy.

As the operator of this website (https://westernacher.com), Westernacher Consulting is responsible for processing personal data when you use this site. The protection of your privacy and your personal data is very important to us. We process your data exclusively in accordance with the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and all other relevant data protection regulations.

This privacy policy explains what personal data we collect, how we use it, what rights you have and how you can exercise them. It applies to all content, functions, forms, application processes, newsletters, webinars and other interactions on our websites.

1 Responsible

Westernacher Consulting GmbH
Marlene-Dietrich-Platz 5
69126 Heidelberg, Germany
Telephone: +49 6221 187 62 – 0
Email: [email protected]

We are responsible for the collection, processing and use of your personal data in connection with this website.

2 Data protection officer

Mathias Sawatzki-Vogel
Westernacher Consulting GmbH
Marlene-Dietrich-Platz 5
69126 Heidelberg, Germany
[email protected]

You can contact our data protection officer at any time with questions, concerns or to exercise your rights.

3 Scope

This privacy policy applies to all domains and language versions of Westernacher Consulting GmbH, in particular:

www.westernacher.com
/de, /en, /es, /it, /fr, /ja, /zh-hans /zh-hant

It applies to all content, subpages, forms, application processes, newsletters, webinars and interactions offered via these domains.

4 Transfer to third countries

When using our website and the services provided, personal data may be transferred to so-called third countries outside the EU/EEA.

Transfers are only carried out under the conditions set out in Art. 44 ff. GDPR:

EU–US Data Privacy Framework (DPF) for certified US companies
Standard contractual clauses of the EU Commission (SCC)
Additional technical and organisational measures (e.g. encryption, pseudonymisation)
Contractual guarantees in accordance with Art. 46 GDPR
Case-by-case assessments to ensure an adequate level of protection

We ensure that all service providers used guarantee an adequate level of data protection.

5 Transmission security

Our website uses SSL/TLS encryption to protect data from unauthorised access. You can recognise the encryption by the display of a lock symbol in your browser.
We use technical and organisational measures to protect your data against loss, manipulation, unauthorised access and other risks. These measures are regularly reviewed and adapted to the state of the art.

6 Your rights as a data subject

You have the following rights:

Information about the data stored about you (Art. 15 GDPR)
Rectification of inaccurate or incomplete data (Art. 16 GDPR)
Deletion (“right to be forgotten”, Art. 17 GDPR)
Restriction of processing (Art. 18 GDPR)
Objection to direct marketing, tracking and legitimate interests (Art. 21 GDPR)
Data portability (Art. 20 GDPR)
Withdrawal of consent (Art. 7(3) GDPR)
Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

Competent data protection supervisory authority

The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg
Prof. Dr. Tobias Keber
Postal address: Postfach 10 29 32, 70025 Stuttgart
Street address: Lautenschlagerstraße 20, 70173 Stuttgart

Telephone: +49 711 615541-0
Fax: +49 711 615541-15
Email: [email protected]
Website: https://www.baden-wuerttemberg.datenschutz.de (baden-wuerttemberg.datenschutz.de in Bing)

If you have any questions or complaints, you can also contact our data protection officer at any time.

7 Application

We use the Lever applicant management system from Lever Inc., 1125 Mission Street, San Francisco, CA 94103, USA, for applications. Lever is used for order processing in accordance with Art. 28 GDPR and is certified under the EU–US Data Privacy Framework.

7.1 Processed data

In particular, we process:

Master data (name, contact details)
Application documents (CV, references, cover letter)
Qualification data
Communication data
Voluntary additional information
Technical usage data (e.g. log files, time stamps)

7.2 Purposes

Conducting the application process
Communication with applicants
Decision on the establishment of an employment relationship
Documentation of legal requirements (e.g. AGG)
Internal quality assurance and process optimization

7.3 Legal basis

Art. 6(1)(b) GDPR
Art. 6(1)(a) GDPR (talent pool)
Art. 6(1)(f) GDPR (legitimate interest in efficient recruiting)
Section 26 BDSG

7.4 Storage period

Deletion no later than 6 months after completion
Talent pool: up to 2 years (with consent, exclusively when applying for Westernacher India)
Notification before expiry
Upon hiring: transfer to personnel file

7.5 Use of LinkedIn for recruiting purposes

We use features of LinkedIn Talent Solutions (LinkedIn Ireland Unlimited Company, Dublin 2, Ireland) to approach potential candidates.

Processed data

Publicly visible profile information
Messages, documents, interactions
Professional qualifications
Technical usage data

Legal bases

Art. 6(1)(b) GDPR
Art. 6(1)(a) GDPR
Art. 6(1)(f) GDPR

LinkedIn is certified under the EU–US Data Privacy Framework.

8 External links

This website contains links to external websites that are not operated by Westernacher. External links are marked with the word “external”. The respective provider is solely responsible for the processing of personal data on these sites.

9 Collection of usage data

When you visit our website, technically necessary data is processed, including:

IP address
Date/time
Browser type and version
Operating system
Referrer
Technical parameters (e.g. screen resolution, plugins)

Legal basis: Art. 6(1)(f) GDPR.

9.1 Do Not Track – updated links

Firefox (support.mozilla.org in Bing)
Microsoft Internet Explorer 11
Chrome (support.google.com in Bing)
Safari(help.apple.com in Bing)
Opera(help.opera.com in Bing)

9.2 Cookie consent management

We use a consent management tool to manage your consent to cookies and similar technologies (Art. 6(1)(a) GDPR). You can change your settings at any time via the “Settings” link in the footer.

9.3 Cookies

We use the following categories:

Technically necessary cookies
functional cookies
analysis cookies
Marketing cookies (only with consent)

10 Usage and web analytics

10.1 Google Analytics

We use Google Analytics with IP anonymisation. Google LLC is certified under the EU–US Data Privacy Framework. Legal basis: Art. 6(1)(a) GDPR.

10.2 Google reCAPTCHA

We use the reCAPTCHA function from Google LLC to prevent misuse. Google is certified under the EU–US Data Privacy Framework. Data protection information: https://policies.google.com/privacy?hl=en

10.3 Content Delivery Networks (CDN)

We use Cloudflare to optimise loading times. Legal basis: Art. 6(1)(f) GDPR.

11 Re-targeting

11.1 Meta Custom Audiences

We use the remarketing function “Custom Audiences” from Meta Platforms Inc. (formerly Facebook Inc.). Data protection information: https://www.facebook.com/about/privacy/

11.2 LinkedIn Conversion Tracking

We use conversion tracking from LinkedIn. Further information: https://www.linkedin.com/help/lms/answer/a425420/linkedin-conversion-tracking?lang=en-US (linkedin.com in Bing)

12 Data collection during interactions

Contact form

Processing to handle your enquiry. Deletion after completion, provided there are no retention obligations.

News

Double opt-in procedure. You can unsubscribe at any time.

Webinars

Email address is used exclusively for the respective webinar.

Zoom-Info

Use only with consent. Data processing in accordance with the EU–US Data Privacy Framework.

13 Social media presence

We operate profiles on LinkedIn, YouTube, Instagram and Facebook. When visiting these sites, the data protection regulations of the respective providers apply. We only process data if you actively interact with us. Legal basis: Art. 6 (1) lit. f GDPR.

As of 02.03.2026