top of page

Data protection

We, Chairos Consulting GmbH (hereinafter: “the company”, “we” or “us”) take the protection of your personal data seriously and would like to inform you here about data protection in our company.

As part of our data protection responsibility, the entry into force of the EU General Data Protection Regulation (Regulation (EU) 2016/679; hereinafter: "GDPR") has imposed obligations on us to protect the personal data of the person affected by the processing (we are you as a data subject, hereinafter also referred to as "customer", "user", "you", "you" or "data subject").

To the extent that we decide on the purposes and means of data processing either alone or jointly with others, this primarily includes the obligation to inform you transparently about the type, scope, purpose, duration and legal basis of the processing (see Articles 13 and 14 GDPR). . With this declaration (hereinafter: “Data Protection Notice”) we inform you about how your personal data is processed by us.


A. General
(1) Definitions

Following the example of Art. 4 GDPR, this data protection notice is based on the following definitions:

"Processor" (Art. 4 No. 8 GDPR) is a natural or legal person, authority, institution or other body that processes personal data on behalf of the person responsible, in particular in accordance with his instructions (e.g. IT service provider). In the sense of data protection law, a processor is not a third party.

"Third party" (Art. 4 No. 10 GDPR) is any natural or legal person, authority, institution or other body other than the data subject, the controller, the processor and the persons authorized under the direct responsibility of the controller or processor, to process the personal data; This also includes other legal entities belonging to the group.

"Consent" (Art. 4 No. 11 GDPR) of the data subject means any voluntary, informed and unambiguous expression of will in the specific case in the form of a statement or other clear confirmatory act by which the data subject indicates that that she agrees to the processing of personal data concerning her.

“Personal data”(Art. 4 No. 1 GDPR) is all information that relates to an identified or identifiable natural person (“data subject”). A person can be identified if they are directly or indirectly, in particular by reference to an identifier such as a name, an identification number, an online identifier, location data or with the help of information about their physical, physiological, genetic, psychological, economic, cultural or social identity characteristics can be identified. Identification can also be achieved by linking such information or other additional knowledge. The origin, form or embodiment of the information is not important (photos, video or audio recordings can also contain personal data).

"Controller" (Art. 4 No. 7 GDPR) is the natural or legal person, authority, institution or other body that alone or jointly with others decides on the purposes and means of processing personal data.

“Processing” (Art. 4 No. 2 GDPR) is any process in which personal data is handled, whether with or without the help of automated (i.e. technology-based) procedures. This includes, in particular, collecting (ie procurement), recording, organizing, classifying, storing, adapting or changing, reading out, querying, using, disclosing by transmission, disseminating or otherwise making available, and comparing , the linking, restriction, deletion or destruction of personal data as well as the change of a goal or purpose on which data processing was originally based.


(2) Name and address of the person responsible for processing
We are the body responsible for processing your personal data within the meaning of Article 4 No. 7 GDPR:

Chairos Consulting GmbH
Gellertstrasse 18, 22301 Hamburg

T +49 (40) 69 64 63 9 – 0
F +49 (40) 69 94 93 9 – 19

For further information about our company, please see the legal notice on our website (

(3) Legal basis for data processing
In principle, any processing of personal data is prohibited by law and is only permitted if the data processing falls under one of the following justifications:

Art. 6 Paragraph 1 Sentence 1 Letter a GDPR ("Consent"): If the data subject has voluntarily, informedly and unambiguously indicated by a statement or other clear confirmatory action that he/she consents to the processing of his/her data consents to the personal data concerned for one or more specific purposes;

Art. 6 Paragraph 1 Sentence 1 Letter b GDPR: If the processing is necessary to fulfill a contract to which the data subject is a party or to carry out pre-contractual measures that are carried out at the request of the data subject;

Art. 6 Paragraph 1 Sentence 1 Letter c GDPR: If the processing is necessary to fulfill a legal obligation to which the controller is subject (e.g. a statutory retention obligation);

Art. 6 Paragraph 1 Sentence 1 Letter d GDPR: If the processing is necessary to protect the vital interests of the data subject or another natural person;

Art. 6 Paragraph 1 Sentence 1 Letter e GDPR: If the processing is necessary for the performance of a task that is in the public interest or in the exercise of official authority vested in the person responsible

Art. 6 Paragraph 1 Sentence 1 Letter f GDPR ("Legitimate Interests"): If the processing is necessary to safeguard legitimate (in particular legal or economic) interests of the person responsible or a third party, provided that there are no conflicting interests or rights of the data subject outweigh (especially if it involves a minor). 

Storage of information in the end user's terminal equipment or access to information already stored in the end equipment is only permitted if covered by one of the following justifications:

Section 25 Paragraph 1 TTDSG: If the end user has consented on the basis of clear and comprehensive information. Consent must be given in accordance with Article 6 Paragraph 1 Sentence 1 Letter a GDPR;

§ 25 Para. 2 No. 1 TTDSG: If the sole purpose is to carry out the transmission of a message via a public telecommunications network or

§ 25 Para. 2 No. 2 TTDSG: If storage or access is absolutely necessary so that the provider of a telemedia service can provide a telemedia service expressly requested by the user.

For the processing operations we carry out, we indicate below the applicable legal basis in each case. Processing can also be based on several legal bases.

(4) Data deletion and storage period
Your personal data will be deleted or blocked as soon as the purpose or legal basis for storage no longer applies. 

However, storage can take place beyond the specified time in the event of an (imminent) legal dispute with you or other legal proceedings or if storage is required by legal regulations to which we as the responsible party are subject (e.g. § 257 HGB, § 147 AO). If the storage period prescribed by statutory regulations expires, the personal data will be blocked or deleted, unless further storage by us is necessary and there is a legal basis for this.

(5) Data Security
We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties (e.g. TSL encryption for our website), taking into account the state of the art, the implementation costs and the nature, scope, context and purpose of the processing as well as the existing risks of a data breach (including their likelihood and impact) for the data subject. Our security measures are continuously improved in line with technological developments.

We will be happy to provide you with further information on this upon request. Please contact us about this.

(6) Collaboration with processors
We use IT service providers to organize our technical infrastructure. They only act according to our instructions and are contractually obliged to comply with data protection regulations in accordance with Art. 28 GDPR.

To provide and operate this website, WIX processes the collected data as a processor to the extent specified below. 

7) Requirements for the transfer of personal data to third countries
As part of our business relationships, your personal data will generally not be passed on or disclosed to third parties. Exceptions only exist if our hosting service provider processes your data as part of order processing. Your data may also be stored outside of the European Economic Area (EEA), i.e. in third countries. Such processing takes place exclusively to fulfill contractual and business obligations and to maintain your business relationship with us (legal basis is Art. 6 Para. 1 lit. b or lit. f in conjunction with Art. 44 ff. GDPR). We will inform you about the respective details of the transfer below at the relevant points.

The European Commission certifies that some third countries have data protection comparable to the EEA standard through so-called adequacy decisions (you can find a list of these countries and a copy of the adequacy decisions here: topic/data-protection/international-dimension-data-protection/adequacy-decisions_en).However, in other third countries to which personal data may be transferred, there may not be a consistently high level of data protection due to a lack of legal regulations. If this is the case, we ensure that data protection is sufficiently guaranteed. This is possible via the European Commission's standard contractual clauses for the protection of personal data in accordance with Art. 46 para. 1, 2 lit. c GDPR (the standard contractual clauses from 2021 are available at https: //eur-lex.europa .eu/legal-content/EN/TXT/?uri=CELEX%3A32021D0915&locale-en).

(8) No automated decision making (including profiling)
We will not use any personal data collected from you for any automated decision-making process (including profiling).

(9) Legal obligation to transmit certain data
Under certain circumstances, we may be subject to a special statutory or legal obligation to make lawfully processed personal data available to third parties, in particular public bodies (Art. 6 Para. 1 Sentence 1 Letter c GDPR).

(10) Your Rights
You can assert your rights as a data subject regarding your processed personal data at any time using the contact details provided at the beginning of A.(2). As a data subject, you have the right:


  • in accordance with Art. 15 GDPR, to request information about your data processed by us. In particular, you can obtain information about the purposes of processing, the category of data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing or objection, and the existence of a right to lodge a complaint , request the origin of your data, if it was not collected by us, as well as the existence of automated decision-making including profiling and, if necessary, meaningful information about its details;

  • in accordance with Art. 16 GDPR, to immediately request the correction of incorrect data or the completion of your data stored by us;

  • according to Art. 17 GDPR, to request the deletion of your data stored by us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims is;

  • in accordance with Art. 18 GDPR, to demand the restriction of the processing of your data if you dispute the accuracy of the data or the processing is unlawful;

  • in accordance with Art. 20 GDPR, to receive your data that you have provided to us in a structured, common and machine-readable format or to request transmission to another person responsible ("data portability");

  • in accordance with Art. 7 Para. 3 GDPR, your consent given once (also before the GDPR came into force, i.e. before May 25, 2018) - i.e. your voluntary, informed and unambiguous will made clear through a statement or other clear confirmatory action, that you agree to the processing of the personal data in question for one or more specific purposes - to revoke your consent to us at any time if you have given such consent. This means that we are no longer allowed to continue the data processing based on this consent in the future

  • in accordance with Art. 77 GDPR, to complain to a data protection supervisory authority about the processing of your personal data in our company, for example to the data protection supervisory authority responsible for us: The Hamburg Commissioner for Data Protection and Freedom of Information: https:  //www.datenschutz-hamburg .de .

    You also have the right to object to the processing in accordance with Art. 21 GDPR, provided that the processing takes place on the basis of Art. 6 Paragraph 1 Sentence 1 Letter e or Letter f GDPR. This is particularly the case if the processing is not necessary to fulfill a contract with you. Unless it is an objection to direct advertising, when exercising such an objection we ask you to explain the reasons why we should not process your data as we do. In the event of your justified objection, we will examine the situation and will either stop or adjust data processing or show you our compelling legitimate reasons on the basis of which we continue processing.

    (11) Changes to the data protection information
    As data protection law develops and technological or organizational changes occur, our data protection information is regularly checked for any need for adjustments or additions. You will be informed about changes in particular on our German website. This data protection notice is current as of March 2023.

    B. Visiting our website
    (1) Explanation of the function

    When you visit our websites, your personal data may be processed. Otherwise, our websites have purely informational purposes. Our goal is not to actively increase the website's traffic or make it visible via search engines. We therefore do not use any tools for marketing or advertising purposes.

    (2) Processed personal data
    When you use our websites for information purposes, we collect, store and process the following categories of personal data:

    “Log data”: When you visit our websites, a so-called log data record (so-called server log files) is stored temporarily and anonymously on our web server. This consists of:


    • the name and URL of the requested page

    • the page from which the page was requested (so-called referrer URL)

    • the name and URL of the requested page

    • the date and time of the call

    • the description of the type, language and version of the web browser used

    • the IP address of the requesting computer, 

    • the amount of data transferred

    • the operating system

    • the message as to whether the call was successful (access status/Http status code)

    • the GMT time zone difference



(3) Purpose and legal basis of data processing
We process the personal data specified above in accordance with the provisions of the GDPR and other relevant data protection regulations and only to the extent necessary. To the extent that the processing of personal data is based on Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR, the purposes mentioned also represent our legitimate interests.

The processing of the log data serves to improve the quality of our website, in particular the stability and security of the connection (legal basis is Art. 6 Para. 1 Sentence 1 lit. a or lit. f GDPR).


If the storage of information in your end device or access to information that is already stored in the end device is necessary for the processing of the data, Section 25 Paragraphs 1 and 2 TTDSG is the legal basis for this.

(4) Duration of data processing
Your data will only be processed for as long as is necessary to achieve the processing purposes set out above; The legal bases specified in the context of the processing purposes apply accordingly. 

Third parties used by us will store your data on their system for as long as is necessary in connection with the provision of services for us in accordance with the respective order.

(5) transfer of personal data to third parties; Basis of justification
The following categories of recipients, who are usually processors (see A.(6)), may have access to your personal data:

Service providers for the operation of our website and the processing of the data stored or transmitted by the systems (e.g. for data center services, IT security). The legal basis for the transfer is then Article 6 Paragraph 1 Sentence 1 Letter b or Letter f of the GDPR, unless it concerns contract processors;

State bodies/authorities, insofar as this is necessary to fulfill a legal obligation. The legal basis for the transfer is then Article 6 Paragraph 1 Sentence 1 Letter c GDPR;

For the guarantees of an appropriate level of data protection when data is transferred to third countries, see A.(7). 

In addition, we will only pass on your personal data to third parties if you have given your express consent to this in accordance with Article 6 Paragraph 1 Sentence 1 Letter a GDPR.

(6) Use of cookies, plugins and other services on our website
When you use our website, only necessary cookies are stored on your computer without your express consent. Cookies are small text files that are stored on your hard drive by the browser you are using and enable us, as the entity that set the cookie, to receive certain information. Cookies cannot run programs or transmit viruses to your computer. They serve to make the Internet offering more user-friendly and effective overall.

Use of cookies:

  • Temporary cookies are automatically deleted when you close your browser. These include, in particular, session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the shared session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.

  • Permanent cookies remain stored even after the browser is closed. In this way, for example, settings or preferences can be saved.

  • First-party cookies are set by the respective website operator themselves, whereas third-party cookies are used by third parties (e.g. advertising partners).

  • Necessary cookies (also called "required" cookies) are absolutely necessary for the operation of a website (e.g. to enable technically flawless access to the website) or are required for security reasons.

  • There are also cookies that are set, for example, for personalization, statistical purposes or marketing.

  • This website does not use marketing or personalization cookies. Cookies are only set for statistical purposes, provided you consent in accordance with Art. 6 Para. 1 a) GDPR.


This website also only uses necessary cookies. The legal basis for necessary cookies, which are absolutely necessary to provide you with the expressly requested service, is Section 25 Paragraph 2 No. 2 TTDSG, Art. 6 Paragraph 1, f) GDPR. Any use of cookies that is not absolutely technically necessary represents data processing that can only be carried out with your express and active consent in accordance with Section 25 Paragraph 1 TTDSG in conjunction with Art. 6 Paragraph 1 Sentence 1 Letter a DS- GMOs are allowed. 


Our interest in maintaining the functionality of our website is to be viewed as legitimate within the meaning of the aforementioned regulation. Otherwise, no plugins or other services are used.

bottom of page