Privacy policy

Westernacher Consulting AG
Im Schuhmachergewann 6
69123 Heidelberg, Germany
Tel.: +49 6221 187 62 – 0
Fax: +49 6221 187 62 – 11
Email: [email protected].
as the operator of this website ( is the responsible authority for the use of personal data when using this website.
We protect your privacy and base our activities on the data protection requirements. With this privacy policy we wish to inform you which of your data are processed when you visit our website and what we use them for.


Data protection officer

You can contact our data protection officer on the following email address for information:
Secorvo Security Consulting GmbH
Ettlinger Str. 12-14
76137 Karlsruhe
[email protected]


Sending of data to third parties (outside the EU)

As part of the use of the website it may be necessary to forward your personal data to countries outside of the EU. This occurs exclusively in compliance with the measures to ensure a suitable level of data protection set out in Article 44 et seqq. GDPR. Where no resolution on suitability has been passed by the Commission on the country in which the recipient is established, standard contractual clauses are used. You can find more information in the contact details under 1.1 and 1.2.


Transfer security

When data is transferred, this website has what is known as the SSL security system (Secure Socket Layer) preset along with 128-bit encryption to protect the data against accidental or intentional manipulation, loss, destruction or access by unauthorised parties. The security measures are continuously adapted to technological developments. You can determine that data are being sent in an encrypted manner from the closed image of a key or lock symbol in the lower status bar of your browser.


Your rights

As a data subject, you have the following rights with respect to us:

You can request information about the data we have stored relating to you at any time via the contact details for Westernacher Consulting GmbH or the data protection officer listed above.

Correction, restriction and deletion
You also have the right to request the correction of inaccurate data or where there are legal requirements for this to request the restriction or deletion of your data.

You can object to the use of your data for purposes of direct advertising or market research informally at any time.
You can also revoke consent you have granted on this website informally via the contact details given above or the links intended for this on this website or in emails that are based on your consent.
You can revoke consent for the use of web analysis tools, tracking services, re-targeting services and generally the recording of your usage data via the links relating to this for the services in this privacy policy.
You can revoke consent for the storage of your data when you use communication forms on this website informally via the contact details given above. In this case, Westernacher will cease to process your data unless there are compelling legitimate reasons that outweigh the interests of the person revoking consent for further storage or the processing is used to pursue legal claims.

Data portability
On request, we will send you the data we have stored relating to you in a structured, commonly-used and machine-readable format that you can use for further processing.
Please send any such requests to the address given in the imprint stating “data protection” or to the email address [email protected]. Any transfer of data requires you to provide unequivocal evidence that you are the data subject and can only be sent to the address you have previously set in your data.

Right to lodge a complaint
You also have the right to lodge a complaint with the data protection supervisory authorities competent for you or for Westernacher Consulting AG. The competent supervisory authority for Westernacher Consulting AG is

The State Officer for Data Protection, Baden-Württemberg
Dr Stefan Brink
PO box 10 29 32
70025 Stuttgart
Tel.: +49 (0) 7 11/61 55 41 – 0
Fax: +49 (0) 7 11/61 55 41 – 15
Email: [email protected]

If you have any questions or complaints about data protection you can also contact our data protection officer at any time on the contact details given above.



If you wish to apply for a job with us, the application tool of the provider JazzHR is provided for you on our website. Westernacher is responsible for the collection of usage data on the use of the portal. The application data you send are recorded by JazzHR on our behalf and only provided to selected employees internally. The processing of your data is carried out in collaboration with the United States of America, along with other countries. JazzHR is part of the PrivacyShield and ensures the compliant handling of your data ( The transfer of the information provided by you on the web form is via a secure TLS connection.
Data that are essential for your application to be accepted are marked with an asterisk.
All of the documents you send will be deleted no later than six months after completion of the application process if we do not conclude an employment contract with you.
If we are interested in storing your documents (for example for consideration in a subsequent recruitment process), you will be asked in advance for your consent unless you already granted this in your application form. In this case your data will then be stored for a further six months. A message will be sent before your data are deleted so you have the option of consenting to further storage. If your application is not for a specific role and is not part of a specific recruitment process (talent pool), we will store your data for two years.


External links

These websites contain links to external websites not operated by Westernacher. The contact for this (“responsible authority”) is the respective provider. The respective provider’s privacy policy applies to the use and processing of your data. You can identify websites of this kind from the marking “external”.


Collection of usage data when you visit this website

A series of information about you as a user is recorded when you use any website which, at least in theory can be attributed to a specified user via the IP address, the specific user settings, the cookies or other possible methods of identification. These data are used for technical purposes to display the site and to optimise the site by means of the statistical recording of user behaviour, but they can also be used to display information that has already been entered or entries that have already been made in the event that the process is aborted. The usage data that are collected on this website and the further services that are used on this website are shown below.

Where third party services are used, revocation of consent is enabled in the description of the individual services offered by third party providers.

Sending of browser data and settings
If the website is used purely for information purposes, in other words if you do not register or send information in any other way, we only collect the personal data that your browser sends to our server. If you want to look at our website, we collect the following data that are technically necessary for us to display our website for you and to ensure stability and security. The legal basis for this processing is Article 6 paragraph 1F GDPR (legitimate interest):

  • IP address
  • Date and time of query
  • Content of the request (specific web page)
  • Access status/https or http status code, error codes
  • The quantity of any data transferred
  • Website from which the request came
  • Browser used
  • Operating system
  • Language and version of the browser software
  • Cookies/Flash cookies
  • Referrer
  • Additional technical parameters e.g.
    • JavaScript support
    • Number and type of plug-ins installed
    • Size of the browser window
    • Screen resolution
    • Languages supported
    • Fonts installed

The data mentioned above are deleted after 30 days and are not evaluated with reference to a person.

Do not track

You can refuse the tracking of your visits to websites using what is known as the “do not track” setting. This setting is offered by a range of browsers. If you have activated the “do not track” option, your visits cannot be tracked:

Cookies placed by the website provider

Information on the website usage is also collected when you use the website through what are known as browser cookies. These are text files that are stored on your data carriers and store certain settings and data on the exchange with the website via your browser. The cookies used regularly contain the domain names, information on the age of the cookies and an identifier. Your device can be recognised so settings you have previously adjusted will be available immediately. Cookies known as session cookies help to recognise users again when they visit the website.
The cookie ID is not combined with your personal data such as name, email address or IP address. If you do not want cookies to be used on this website, you can adjust your browser to ensure that storage of the cookie is not accepted. The legal basis of this data processing is Article 6 paragraph 1F GDPR, legitimate interest in providing cookie-based functions during use of the website.


Usage and web analysis services

Usage and web analysis services (tracking services) are generally used to measure the reach of the website and improve the website content using a statistical evaluation of user behaviour. The services used record the pages from which visits originate and the content that is accessed, among other things.

Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses what are known as “cookies”. The information generated by the cookie is generally transferred to a Google server in the USA and stored there. In order to avoid the sending of personal data, this website uses the IP anonymisation offered by Google. Your IP address is abbreviated before it is sent. Only in exceptional cases is the full IP address transferred to a Google server in the USA and abbreviated there. Google will use this information on behalf of the operator of this website to analyse, to prepare reports on the website activities and to provide further services to the website operator linked to the use of the website and the use of the internet. The IP address sent by your browser as part of Google Analytics is not combined with other Google data. You can prevent the storage of cookies at any time by setting your browser software accordingly; we wish to note, however, that if you do this you will not be able to use all of the functions of this website to the full extent. You can also prevent the detection of the information generated by the cookie and related to the use of the website (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plug-in available via this link (

You can prevent the collection of data by Google Analytics by clicking on the following link. This sets an opt-out cookie which prevents the future capture of your data when you visit this website.

Deactivate Google Analytics

You can find more information on the terms and privacy on and on

The legal basis for the data processing by Westernacher is a legitimate interest in optimising the design of the website, Article 6 paragraph 1F GDPR.

Google reCAPTCHA

On this website we also use the reCAPTCHA function of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). This function is mainly used to differentiate whether an input is made by an actual person or whether it is misused by mechanical and automated processing. The service includes the dispatch of the IP address and browser data to Google required for technical provision within the scope of the input check and is carried out in accordance with Art. 6 Para. 1 lit. f DSGVO on the basis of our justified interest in establishing the personal declaration on the Internet and avoiding misuse and spam. Google LLC, headquartered in the USA, is certified for the US-European data protection agreement “Privacy Shield”, which guarantees compliance with the data protection level applicable in the EU. Further information on Google reCAPTCHA and Google’s privacy policy can be found at:

Content Delivery Networks (CDN)

Our website uses Content Delivery Networks (CDN). CDN shortens the loading time of common Java-Script libraries and fonts. The use of CDN is in the interest of a uniform and appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO. Since the retrieval takes place via your browser, your IP address is transmitted among other things. The providers operate servers in the EU, but it cannot be ruled out that your browser may also access servers outside the EU. You can install a JavaScript blocker in your browser to prevent the execution of JavaScript as a whole.
– CDN Service Provider, [Address], [Link Privacy Information and Opt Out]]



Re-targeting or remarketing services are used to display interest-based advertising when users visit other websites after they have visited these websites. Tracking of the advert is recorded and evaluated for billing purposes, among other things.
The legitimate interest on the part of Westernacher in targeted advertising is the legal basis for the data processing, Article 6 paragraph 1F GDPR.

Custom Audiences by Facebook Inc.
The remarketing function “Custom Audiences” by Facebook Inc. is used on the websites covered by this privacy policy. This function is used to present users who visit this website with interest-based advertising when they visit Facebook. In order to do this, remarketing tags in the form of individual pixels are implemented on our website that link to Facebook servers. Facebook receives information about your visit to the website in this way.
Further information on the collection and use of the data by Facebook and about your rights and the options in terms of protecting your privacy can be found in the Facebook data policy on Alternatively, you can deactivate the remarketing function “Custom Audiences” on You have to be logged in to Facebook to do this.

Conversion tracking by the company LinkedIn Corp.
The “Conversion Tracking” function by LinkedIn Corp. is also used. This function is used to present users who visit this website with interest-based advertising when they visit LinkedIn. In order to do this, remarketing tags in the form of individual pixels are implemented on our website that link to LinkedIn servers. LinkedIn receives information about your visit to the website in this way.

Further information on the collection and use of your data by LinkedIn is available on Your options in terms of protecting your data and refusing related services can be found on


Data collection when you interact on the website

If you use the following services that are available on our website, the personal data you enter will be stored and processed for the purposes indicated in each case, for example during registration, a survey or the conclusion of a contract.

Contact form
You can use the contact form on the website to contact us. Your name including a form of address (optional), a valid email address, your affiliation to the company and the content of your message are collected so your query can be processed. The data you enter are sent via a secure TLS connection.
The information sent are forwarded to the area responsible for your concern and only used to process your query. Your data are deleted as soon as your query has been processed unless storage of these data is offered for reasons of traceability, customer service or legal retention periods.
If your request relates to other sites within our company, your data will be passed on.
You can revoke consent for the storage of your data informally via the contact details given above. In this case, we will cease to process your data unless there are reasons that outweigh the interests of the person revoking consent for further storage or the processing is used to pursue legal claims.

If you want to receive the newsletter offered by this website, you will need to provide a valid email address. We will only use the data provided to us during registration to send the desired newsletter to you at regular intervals. What is known as the double opt-in process is used to prevent unauthorised parties signing up to a newsletter, in other words the newsletter is only sent after you have confirmed that you want to sign up for the newsletter by clicking the link sent to your email address.
Each newsletter that is sent will include the option to change your personal information or unsubscribe from the newsletter at the click of a mouse. Your data will not be passed on to third parties at any time. If our newsletter includes advertisements by affiliated companies, these are exclusively sent by us ourselves.

If you enter your email address on, you can receive information about the webinars offered by Westernacher.
Your email address will be used exclusively to send information about the specific webinar in which you have expressed an interest. Your email address will be deleted six weeks after the information has been sent.

Status: July 23, 2018