Privacy Policy



Ginkgo Management Consulting GmbH (“Ginkgo”) is a company registered in Germany, Hamburg (Amtsgericht Hamburg HRB 76968)
You can reach our appointed Data Security Officer (“Datenschutzbeauftragter”) under:

An den Datenschutzbeauftragten der
Ginkgo Management Consulting GmbH c/o
mioso – IT Solutions GmbH & Co. KG
Jarrestraße 42
D-22303 Hamburg, Germany

E-Mail to: [email protected] or phone:  +49.40.2286164-65

Ginkgo, together with the other subsidiaries (“we/us/our”), are committed to safeguarding the privacy of third with whom we interact, including our clients, third parties who visit our websites (“websites”) and/or to who we provide services to or otherwise engage with (“you/your”) all in accordance to European General Data Protection Regulation (EU-GDPR).

This Privacy Policy sets out our personal information collection and sharing practices for our websites and through the other channels described below. If you provide your information to us (either via this website, in person, over the phone or by email (or by other means of electronic communication)) you accept the processing set out in this Privacy Policy. Further notices highlighting certain uses we wish to make of your personal information, together with the ability to opt in or out of selected uses may also be provided to you when we collect personal information from you.

This Privacy Policy is intended to explain our privacy practices and covers the following areas:

(a) What personal information about you we may collect

(b) How we may use your personal information

(c) Who we may disclose your personal information to

(d) How we protect your personal information

(e) Contacting us & your rights in marketing and to access and update your personal information

(f) Our Cookies Policy

(g) How changes to this Privacy Policy will be made



2.1 We may collect personal data about you from the following sources:

(a) Our correspondence: if you contact us by post, telephone, email or other electronic means we may keep a record of that correspondence;

(b) Information you provide to us: personal information that you provide to us and use the websites or otherwise interact with us, including your name, title, position and contact details;

(c) Your transactions: details of transactions you carry out through electronic or other channels and of the fulfilment of the services we provide

(d) Website and communication usage: details of your visits to the websites and information collected through cookies and other tracking technologies including, but not limited to, your IP address and domain name, your browser version and operating system, traffic data, location data, web logs and other communication data, and the resources that you access


2.2 For the purposes assessing possible employment or collaboration (“Engagements”), to provide services to our clients we may collect and process the following personal information about you;

(a) Information we may collect on you: we may collect information about you which may include your name, academic and professional background and employment history, including the identities of your current and former employers and job titles/positions, from publicly available sources such as information that can be found using search engines, on corporate websites and information which you have clearly decided to make public.

(b) Information you provide to us: personal information that you provide to us including your name, address, telephone numbers, email address(es) and other contact details, detailed information in respect of your academic and professional background and employment history (and other information typically contained in a detailed CV/resume).


2.3 Service provision data: if you are a Client (or a prospective client), in addition to the information referred to in paragraph 2.1, we may collect personal data on you in the ordinary course of our business relationship with you ie the provision of our services to you.


We may use your personal information in the following ways. For each use, we note the grounds we use to justify each use of your personal information – please see paragraph 3.4 for a more detailed explanation of these grounds.


(a) For Service development purposes: to analyse it in order to better understand your and our customers’ service requirements, to better understand our business and develop our products and services.
Use justification/legal basis: legitimate interests (to allow us to improve our services).

(b) To monitor certain activities: to monitor calls and transactions to ensure service quality, compliance with procedures and to combat fraud.
Use justifications: legal obligations, legal claims, legitimate interests (to ensure the quality and legality of our services).

(c) To inform you of changes: to notify you about changes to our services and products.
Use justification: legitimate interests (to notify you about changes to our service).

(e) To reorganise or make changes to our business: In the event that we are (i) subject to negotiations for the sale of our business or part thereof to a third party, (ii) sold to a third party or (iii) undergo a re-organisation, we may need to transfer some or all of your personal information to the relevant third party (or its advisors) as part of any due diligence process or transfer it to that re-organised entity or third party and use it for the same purposes as set out in this policy or for the purpose of analysing any proposed sale or re-organisation.
Use justification: legitimate interests (in order to allow us to change our business).

(f) In connection with legal or regulatory obligations: Law enforcement, regulators and the court service. We may process your personal information to comply with our regulatory requirements or dialogue with regulators as applicable which may include disclosing your personal information to third parties, the court service and/or regulators or law enforcement agencies in connection with enquiries, proceedings or investigations by such parties anywhere in the world or where compelled to do so. Where permitted, we will direct any such request to you or notify you before responding unless to do so would prejudice the prevention or detection of a crime.
Use justification: legal obligations, legal claims, legitimate interests (to cooperate with law enforcement and regulatory authorities).


If you are an Applicant or Business Partner:

(a) To provide our services effectively to our clients: we gather the personal data described above in order to be able to identify Applicants or Business Partners and to introduce them to our clients. We use and analyse the information which we collect about you in order to identify Engagements which may be within your field of expertise and of interest to you. We may disclose information about you to clients who may wish to consult with you through Engagements. We may provide prospective clients with your biographical information for the purposes of demonstrating the quality and coverage of our consultants. We may provide your contact details to clients with which you have agreed to take part in an Engagement.
Use justification: consent; legitimate interests.

(b) To ensure that you are paid: to ensure that you are paid for the services which you have provided.
Use justification: contract performance, legal claims, legitimate interests.


If you are a Client or a Prospective Client:

(a) To provide our services effectively to you and conduct our business: to administer our services, including to carry out our obligations arising from any agreements entered into between you and us. Use justification: consent, contract performance, legitimate interests (to enable us to perform our obligations and provide our services to you).

(b) To provide you with marketing materials: to provide you with updates, where you have chosen to receive these. We will provide an option to opt-in to further communication on any electronic marketing communication sent to you or you may opt out by contacting us as set out in paragraph 1 above.
Use justification: consent.

(c) To ensure that we are paid: to recover any payments due to us and where necessary to enforce such recovery through the engagement of debt collection agencies or taking other legal action (including the commencement and carrying out of legal and court proceedings).
Use justification: contract performance, legal claims, legitimate interests (to ensure that we are paid for our services).


Use of personal information under EU data protection laws must be justified under one of a number of legal “grounds” and we are required to set out the grounds in respect of each use in this policy. An explanation of the scope of the grounds available can be found below. We note the grounds we use to justify each use of your information next to the use in paragraphs above:

Consent: where you have consented to our use of your information (you will have been presented with a consent form in relation to any such use).
Contract performance: where your information is necessary to enter into or perform our contract with you.
Legal obligation: where we need to use your information to comply with our legal obligations.

Legitimate interests: where we have a legitimate interest in using your data and our reasons for using it and this is not outweighed by any adverse impact on your interests, fundamental rights or freedoms.
Legal claims: where your information is necessary for us to defend, prosecute or make a claim against you, us or a third party.



4.1 No data transmission over the Internet or website can be guaranteed to be secure from intrusion. However, we maintain commercially reasonable physical, electronic and procedural safeguards to protect your personal information in accordance with data protection legislative requirements.

4.2 All information you provide to us is stored on our or our subcontractors’ secure servers and accessed and used subject to our security policies and standards.


4.3 As our business is international we may need to transfer your personal information to members of the Ginkgo group. Your data may be accessed by staff, transferred to, and/or stored at, a destination outside the European Economic Area (EEA) in which data protection laws may be of a lower standard than in the EEA.

Certain countries outside the EEA have been approved by the European Commission as providing essentially equivalent protections to EEA data protection laws and therefore no additional safeguards are required to export personal information to these jurisdictions. In respect of other countries we will transfer it subject to European Commission approved contractual terms that impose equivalent data protection obligations directly on the recipient unless we are permitted under applicable data protection law to make such transfers without such formalities (or if the information (limited to information specified in paragraph 2.2(a)) is already publicly accessible there). Please contact us as set out in paragraph 1 above if you would like to see a copy of the specific safeguards applied to the export of your personal information.


4.4 We will retain your personal information for as long as is necessary for the processing purpose(s) for which they were collected and any other permitted linked purpose (for example certain transaction details and correspondence may be retained until the time limit for claims in respect of the transaction has expired or in order to comply with regulatory requirements regarding the retention of such data). So if information is used for two purposes we will retain it until the purpose with the latest period expires; but we will stop using it for the purpose with a shorter period once that period expires.

4.5 We restrict access to your personal information to those persons who need to use it for the relevant purpose(s). Our retention periods are based on business needs and your information that is no longer needed is either anonymised (and the anonymised information may be retained) or securely destroyed.



5.1 If you have any questions in relation to our use of your personal information, you should contact us as per paragraph 1 above. Under certain conditions, you may have the right to require us to:

(a) provide you with further details on the use we make of your information;

(b) provide you with a copy of information that you have provided to us;

(c) update any inaccuracies in the personal information we hold

(d) delete any personal information the we no longer have a lawful ground to use;

(e) where processing is based on consent, to withdraw your consent so that we stop that particular processing

(f) object to any processing based on the legitimate interests ground unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights; and

(g) restrict how we use your information whilst a complaint is being investigated.

5.2 Your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege). If you exercise any of these rights we will check your entitlement and respond in legitimate within a month.

5.3 If you are not satisfied with our use of your personal information or our response to any exercise of these rights you have the right to complain to the supervisory authority.


5.5 We will use reasonable endeavours to ensure that your personal information is accurate. In order to assist us with this, you should notify us of any changes to the personal information that you have provided to us by contacting us as set out in paragraph 1 above.


5.6 If you have any questions in relation to this policy, please contact our Data Protection Officer as set out in paragraph 1.


6.1 We do not use cookies on our website

6.2 We do not use Google Analytics to keep track of our website traffic


7.1 We may change the content of our websites and how we use cookies without notice, and consequently our Privacy Policy may change from time to time in the future. We therefore encourage you to review them when you visit the website from time to time to stay informed of how we are using personal information.

7.2 This privacy policy was last updated on 25 May 2018


By completing your online application form or submitting it by email, you declare that you understand that, as part of the application procedure, your data will be stored and used by Ginkgo Management Consulting in accordance to the applicable legislation. Ginkgo Management Consulting GmbH, including all subsidiaries (hereinafter referred to as “Ginkgo Management Consulting”), takes the protection of your personal data very seriously. Therefore, we would like you to know when we store your data and how we use it:


Personal data will only be recorded if you have made it available to us, for example, by completing forms or sending emails as part of the application procedure. Your personal data will not be passed on or shared in any way with any third party. Should it be the case we will request your consent upfront and unless we are under a legal injunction to do so.


The personal data which you have provided will only be used for the purpose of your possible engagement into a working relationship with Ginkgo Management Consulting.


You have the right to access and rectify any of your personal data stored by us if you feel this data is outdated and incorrect. In this case, please contact us by email as specified in the Legal Notice.


You are entitled to withdraw your consent for the use of your personal data with immediate effect at any time. In this case, an email request to the email address given in the Legal Notice will be sufficient. The same applies if you wish for your data to be deleted.


We store personal data for as long as is necessary to consider and evaluate the possibility of engagement into a working relationship. The data will be immediately deleted as soon as it is concluded that these are no grounds or potential to explore a professional relationship and that any legal proceedings and obligations concerning the General Act on Equal Treatment have been completed. Any further storage is only permissible after obtaining your explicit consent for this purpose.


Ginkgo Management Consulting has implemented technical and organisational security measures to protect the data made available to us from accidental or willful manipulation, loss, destruction, or unauthorized access. Our security measures are subject to regular revision and refinement in line with technological development.