Data Protection

hugo consulting GmbH stands for transparency in all matters. It is therefore important to us to provide you with comprehensive information about what happens to your personal data when you use the website.

When you use this website, your personal data is processed by us as the data controller and stored for the period required to fulfill the specified purposes and legal obligations. In the following, we will inform you about what data is involved, how it is processed and what rights you have in this regard.

According to Art. 4 No. 1 of the General Data Protection Regulation (GDPR), personal data is any information relating to an identified or identifiable natural person (hereinafter “data subject”).

  1. name and contact details of the data controller

This data protection information applies to data processing on the website by the controller

hugo consulting GmbH

represented by the managing director Stefan Happe

Hildebrandtstraße 24A

40215 Düsseldorf

(hereinafter referred to as “HUGO”)

Phone: +49 (0) 211.86652.0

Fax: +49 (0) 211.86652.200


HUGO has appointed an internal data protection officer for all matters relating to data protection, who can be reached at the following contact details:

hugo consulting GmbH

(Mr. Maik Erkelenz)

Hildebrandtstraße 24 A

D-40215 Düsseldorf

Phone: +49 211 86652 234


  1. processing of personal data and purposes of processing
  2. a) Web hosting

We use the web hosting service Domain Factory of domainfactory GmbH, Oskar-Messter-Str. 33, 85737 Ismaning, Germany (hereinafter: “Domain Factory”) to provide this website. Domain Factory stores this website on its servers (hosting).

In order to offer a website, it is necessary to commission a web hosting service. Domain Factory is used in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR due to our legitimate economic interest in making our offer available on this website.

In connection with hosting, Domain Factory processes personal data on our behalf that is generated during the following user actions

    When visiting the website;

    When using the application form.

We have concluded an order processing contract with Domain Factory. Through this contract, Domain Factory ensures that it processes the data in accordance with the General Data Protection Regulation and guarantees the protection of the rights of the data subject.

  1. b) When visiting the website

You can access the website without having to disclose any information about your identity. The browser used on your end device only automatically sends information to the server of our website (e.g. the operating system of your computer and the browser you are using, the name of your Internet access provider, the name and URL of the file accessed, the date and time of access, the website from which access was made).

This also includes the IP address of your requesting device. This is temporarily stored in a log file and automatically deleted after 7 days:

The IP address is processed for technical and administrative purposes of connection establishment and stability in order to ensure the security and functionality of our website and to be able to prosecute any illegal attacks on it if necessary.

The legal basis for the processing of the IP address is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest follows from the aforementioned security interest and the need to provide our website without disruption.

We cannot draw any direct conclusions about your identity from the processing of the IP address and other information in the log file.

We also use cookies and analysis services when you visit our website. You can find more detailed explanations on this in sections 4 and 5 of this privacy policy.

  1. c) When using the application form

You have the opportunity to apply via our online application portal in the area of our job advertisements. The following information is mandatory:


    First name and surname

    e-mail address

We need your data to determine who the application is from and to be able to answer and process it. In addition, you can voluntarily provide your title, address, date of birth, telephone number, possible start date, notice period and desired salary as well as feedback on how you heard about HUGO and a text on the background to the application. In addition, you can optionally attach and upload documents such as a cover letter, CV, references, work samples and a photo of your application.

Data processing is carried out at your request and only insofar as it is necessary in the context of responding to an application to carry out pre-contractual measures in accordance with Art. 6 Para. 1 S. 1 lit. b) GDPR or to safeguard the legitimate interests of us or third parties in accordance with Art. 6 Para. 1 S. 1 lit. f) GDPR. This includes in particular the transfer of applicant data to subsidiaries of CROSSMEDIA (Brandlocal GmbH, earnesto GmbH and Touchpoint GmbH), as the applicant portal also contains job advertisements for these subsidiaries.

The online applicant portal is operated by the software provider HANSALOG Services GmbH, Manfred-Wörner-Straße 115, 73037 Göppingen (hereinafter referred to as “HANSALOG”). We use the service provider HANSALOG on the basis of our legitimate economic interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR to ensure the application via our website.

Your online application data is encrypted during transmission using Secure Socket Layer (SSL) technology and stored exclusively on a server within Germany.

The personal data collected by us for the use of the application form will be automatically deleted four months after completion of the application process.

  1. d) Newsletter

If you would like to subscribe to our newsletter, we would be pleased if you would register using the form provided. All you have to do is enter your e-mail address. Further personal details (e.g. name so that we can address you personally) are optional.

In order to ensure that you really want to receive our newsletter (and that your e-mail address has not been entered by someone else) and to record that you agree to the processing of your personal data in the context of sending the newsletter, we use the so-called double opt-in procedure. This means that you will receive a confirmation email from us after entering your email address (and any other data). You are only registered for our newsletter once you have clicked on the activation link in the confirmation email.

Since we only process your data for sending the newsletter if you agree to this, i.e. you have given us your consent (in accordance with Art. 6 para. 1 lit. a GDPR), we must store the data required for the corresponding proof.  For these purposes, in addition to your email address, we also store the time of your registration, the time of your confirmation and the relevant IP address.

We process your data exclusively for sending the newsletter and to prove your consent. In addition, a so-called web beacon (a pixel-sized file that is retrieved from the server of our mailing service provider when the newsletter is opened) is used to collect technical information such as information about the browser, the operating system you are using, your IP address and the time of retrieval. This information is processed to compile statistics that provide us with information about your reading behavior (retrieval media and times), the opening rate of our newsletter and any links you may have clicked on. We do not intend to use this data to create a profile. Rather, we use the data and statistical evaluations to optimize the newsletter content and our services.

You can withdraw your consent at any time with effect for the future by clicking on the corresponding unsubscribe link, which you can find at the end of every newsletter.

As soon as you withdraw your consent, we will no longer send you the newsletter. Based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in the verifiability of legally compliant data processing, we reserve the right to store your e-mail address together with the logging data of your consent for a further 3 years. In this case, we will retain the aforementioned data exclusively for this purpose and block it for other processing.

To optimize the sending of our newsletter, we use the mailing service provider HubSpot, Inc., 25 First Street, Cambridge, MA 02141 USA. Further information on data protection and data security at rapidmail can be found in the following external link:

We use HubSpot on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR). We have concluded an order processing agreement with the shipping service provider (Art. 28 GDPR), according to which HubSpot may process your personal data exclusively for our purposes and in accordance with our instructions. We also remain responsible for the protection of your data. By concluding the contract, the service provider used is not considered a so-called third party. If necessary, HubSpot processes data that cannot be assigned to a specific person in order to improve the service offered or for statistical purposes. Data will not be passed on to third parties.

  1. transfer of personal data to third parties

Your personal data will be passed on to third parties insofar as this is permitted by law and is necessary in accordance with Art. 6 para. 1 sentence 1 lit. b) GDPR for the processing of contractual relationships with you or in accordance with Art. 6 para. 1 lit. f) to protect our interests or those of third parties. The data passed on may only be used by the third party for the stated purposes.

In addition, a transfer of personal data may only be considered if

    you have given your express consent to this in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, and

    in the event that there is a legal obligation for the transfer pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR.

A transfer of personal data to a third country or an international organization is excluded.

  1. cookies

We use cookies on our website. These are small files that your browser automatically creates and that are stored on your end device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not cause any damage to your end device and do not contain any viruses, Trojans or other malware.

Information is stored in the cookie that results in each case in connection with the specific end device used. However, this does not mean that we obtain direct knowledge of your identity.

On the one hand, the use of cookies serves to make the use of our website more convenient for you. For example, we use session cookies to recognize that you have already visited individual pages of our website.

In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your end device for a specified period of time. If you visit our site again to use our services, it is automatically recognized that you have already visited us and which entries and settings you have made so that you do not have to enter them again.

On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you (see section 5). These cookies enable us to automatically recognize that you have already visited our website when you visit it again. These cookies are automatically deleted after a defined period of time.

The data processed by cookies is required for the purposes mentioned to protect our legitimate interests and those of third parties in accordance with Art. 6 para. 1 sentence 1 lit. f) GDPR.

Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a message always appears before a new cookie is created. However, completely deactivating cookies may mean that you cannot use all the functions of our website.

  1. rights of data subjects

You have the right:

    in accordance with Art. 7 para. 3 GDPR, to withdraw your consent once given to us at any time. As a result, we may no longer continue the data processing based on this consent in the future;

    to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of appeal, the origin of your data if it was not collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information on its details;

    in accordance with Art. 16 GDPR, to demand the immediate correction of incorrect or incomplete personal data stored by us

    in accordance with Art. 17 GDPR, to demand the erasure of your personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims

    in accordance with Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR

    in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request its transmission to another controller; and

    to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.

  1. information about your right to object pursuant to Art. 21 GDPR

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(e) GDPR (data processing in the public interest) and Article 6(1)(f) GDPR (data processing on the basis of a balancing of interests); this also applies to profiling based on this provision of Article 4(4) GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

If you object to the processing of data for the purpose of direct marketing, we will cease processing immediately. In this case, it is not necessary to specify a particular situation. This also applies to profiling insofar as it is associated with such direct advertising.

If you wish to exercise your right to object, simply send an email to

  1. data security

All data transmitted by you personally is encrypted using the generally accepted and secure TLS (Transport Layer Security) standard. TLS is a secure and proven standard that is also used in online banking, for example. You can recognize a secure TLS connection by the s appended to the http (i.e. https://..) in the address bar of your browser or by the lock symbol at the bottom of your browser.

We also use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

  1. up-to-dateness and amendment of this privacy policy

This privacy policy is currently valid and was last updated in January 2024.

Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this data protection declaration. The current privacy policy can be viewed at any time on the website at and printed out by you.