Privacy policy (EU)

We are very pleased about your interest in our company. Data protection is of particular importance to the management of VFS Personalberatung GmbH. The use of the internet pages of VFS Personalberatung GmbH is possible without any indication of personal data. However, if a data subject wishes to use special services of our company via our website, processing of personal data may be necessary. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the data subject.

The processing of personal data, such as the name, address, e-mail address or telephone number of a data subject, is always carried out in accordance with the General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations applicable to VFS Personalberatung GmbH. By means of this data protection declaration, our company would like to inform the public about the nature, scope and purpose of the personal data we collect, use and process. In addition, data subjects are informed about their rights by means of this data protection declaration.

As the controller, VFS Personalberatung GmbH has implemented numerous technical and organisational measures to ensure the most complete protection of the personal data processed via this website. However, Internet-based data transmissions can generally have security vulnerabilities, so absolute protection cannot be guaranteed. For this reason, any data subject is free to transmit personal data to us by alternative means, for example by telephone.

1. Definitions

The data protection declaration of VFS Personalberatung GmbH is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our privacy policy should be easy to read and understand for the public as well as for our customers and business partners. In order to ensure this, we would like to explain the terms used in advance.

In this Privacy Policy, we use the following terms, among others:

a) Personal data

Personal data is any information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”). Identifiable is a natural person who can be identified directly or indirectly, in particular by association with an identifier such as a name, identification number, location data, online identifier or one or more specific characteristics that are an expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.

b) data subject

The data subject is any identified or identifiable natural person whose personal data is processed by the controller.

c) Processing

Processing is any operation or series of operations carried out with or without the help of automated procedures in connection with personal data such as the collection, collection, organisation, ordering, storage, adaptation or modification, reading, querying, use, disclosure by transmission, dissemination or any other form of provision, comparison or linking, restriction, deletion or destruction.

d) Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of restricting their future processing.

e) Profiling

Profiling is any form of automated processing of personal data that consists in the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to work performance, economic situation, health, personal preferences, interests, reliability, behaviour, whereabouts or relocation of that natural person.

f) Controller

The person responsible for processing or the controller is the natural or legal person, authority, body or other body which decides, alone or jointly with others, on the purposes and means of processing personal data. Where the purposes and means of such processing are determined by Union law or the law of the Member States, the controller may or may provide for the specific criteria for his designation in accordance with Union law or the law of the Member States.

g) Consent

Consent is any statement of intent voluntarily made by the data subject in an informed and unequivocal manner in the form of a declaration or other unambiguous affirmative act in which the data subject indicates that he or she agrees to the processing of the personal data concerning him or her.

2. Name and address of the controller

The responsible person for the purposes of the General Data Protection Regulation, other data protection laws in force in the Member States of the European Union and other provisions of a data protection nature is:

VFS Personalberatung GmbH

Schumannstraße 27

60325 Frankfurt am Main


Tel.: + 49 69 97546-140



3. Name and address of the Data Protection Officer

The data protection officer of the controller is:

VFS Personalberatung GmbH

Data Protection Officer

Schumannstraße 27

60325 Frankfurt am Main


Tel.: + 49 69 97546-140



Any data subject can contact our data protection officer directly at any time with any questions or suggestions regarding data protection.

4. Collection of general data and information

The website of VFS Personalberatung GmbH collects a series of general data and information with each call-up of the website by a data subject or an automated system. This general data and information is stored in the log files of the server. The browser types and versions used (1) can be recorded, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrers), (4) the sub-websites, which are accessed via an accessing system on our website, (5) the date and time of access to the website, (6) an Internet protocol address (IP address), (7) the internet service provider of the accessing system and other data (8) other data , which are designed to prevent attacks on our information technology systems.

When using this general data and information, VFS Personalberatung GmbH does not draw any conclusions about the data subject. Rather, this information is needed to (1) correctly deliver the contents of our website, (2) to optimize the content of our website and the advertising for it, (3) to ensure the long-term functioning of our information technology systems and the technology of our website, and (4) to provide law enforcement authorities with the information necessary for law enforcement in the event of a cyber attack. This anonymously collected data and information is therefore evaluated statistically by VFS Personalberatung GmbH on the one hand and further with the aim of increasing data protection and data security in our company, in order to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.

5. Possibility of contact via the website

Due to legal regulations, the website of VFS Personalberatung GmbH contains information that enables a quick electronic contact to our company as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If a data subject contacts the controller by e-mail or via a contact form, the personal data transmitted by the data subject will be automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the controller shall be stored for the purpose of processing or contacting the data subject. This personal data will not be passed on to third parties.

6. Your rights:

With regard to the personal data concerning you, you have the right against us:

a) to request confirmation as to whether personal data about you is processed (Art. 15 GDPR),

b) to receive free information about the personal data stored about you at any time and a copy of this information (Art. 15 GDPR),

c) to demand the immediate correction of your incorrect personal data or their supplementation (Art. 16 GDPR),

d) to demand the deletion of your personal data without undue delay, e.g. in the event of revocation of consent (Art. 17 GDPR),

e) to demand the restriction of processing under certain conditions (Art. 18 GDPR),

f) to data portability, which grants, among other things, a right to receive the relevant personal data provided by you in a structured, commonly used and machine-readable format (Art. 20 GDPR),

g) for reasons arising from your particular situation, to enter an objection at any time to the processing of personal data concerning you on the basis of Article 6 (1) (e) or (f) GDPR (Art. 21 GDPR),

The VFS Personalberatung GmbH shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate reasons for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.

h) not to be subject to a decision based exclusively on automated processing – including profiling – (Art. 22 GDPR)

i) to complain to a data protection supervisory authority about the processing of your personal data by us (Art. 77 GDPR),

If you, as the data subject, wish to exercise the above rights, you may at any time contact the aforementioned responsible body, e.g. by email to

7. Routine deletion and blocking of personal data

The controller shall only process and store the data subject’s personal data for the period necessary to achieve the purpose of storage or if this has been provided for by the European legislator or another legislator in the laws or regulations to which the controller is subject.

If the purpose of storage is waived or a storage period prescribed by the European legislator or another competent legislator expires, the personal data will be blocked or deleted routinely and in accordance with the statutory provisions.

8. Legal basis for processing

Article 6 (1) lit. a GDPR serves as the legal basis for our company for processing operations in which we obtain consent for a specific processing purpose. Where the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, in the case of processing operations necessary for the supply of goods or the provision of any other service or consideration, the processing shall be based on Article 6 (1) lit.b GDPR. The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, for example in cases of enquiries about our products or services. If our company is subject to a legal obligation which requires the processing of personal data, such as the fulfilment of tax obligations, the processing shall be based on Article 6 (1) lit.c GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our company were to be injured and his name, age, health insurance data or other vital information had to be passed on to a doctor, hospital or other third parties. The processing would then be based on Article 6 (1) lit. d GDPR.

Ultimately, processing operations could be based on Article 6 (1) lit. f GDPR. This legal basis is based on processing operations which are not covered by any of the aforementioned legal bases where the processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject do not prevail. We are allowed to do this kind of processing, in particular because they have been specifically mentioned by the European legislator. In that regard, it took the view that a legitimate interest could be presumed if the data subject is a customer of the controller (recital 47 sentence 2 GDPR).

9. Legitimate interests in the processing pursued by the controller or a third party

Based on Article 6 (1) lit. f GDPR, our legitimate interest in carrying out our business for the benefit of the well-being of all our employees and our shareholders is based on Article 6 (1) lit. f GDPR.

10. Duration for which the personal data will be stored

The criterion for the duration of the storage of personal data is the respective legal retention period. After the expiry of the period, the relevant data will be routinely deleted, provided that they are no longer necessary for the performance of the contract or initiation of the contract.

11. Legal or contractual provisions for the provision of personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of non-provisioning

We inform you that the provision of personal data is partly required by law (e.g. tax regulations) or may also result from contractual regulations (e.g. information about the contractual partner).

In some ways, it may be necessary for a data subject to provide us with personal data, which must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with him or her. Failure to provide the personal data would mean that the contract with the data subject could not be concluded.

Before providing personal data by the data subject, the data subject must contact one of our employees. Our employee clarifies on a case-by-case basis whether the provision of the personal data is required by law or contract or is required for the conclusion of the contract, whether there is an obligation to provide the personal data and what consequences the non-provision of the personal data would have.

12. Existence of automated decision-making

As a responsible company, we do not use automatic decision-making or profiling.