Privacy Statement
Last updated: 20 February 2026
Controller
Rhino Management Consulting GmbH
Louisenstraße 120
61348 Bad Homburg
Germany
Phone: +49 6172 944 6572
Email: info@rhino-mc.de
Data Protection Contact
For any questions regarding data protection, please contact:
Email: dataprotectionofficer@rhino-mc.de
A formal Data Protection Officer has not been appointed.
General Information on Data Processing
3.1 Legal Bases
We process personal data on the basis of:
Art. 6(1)(b) GDPR (contract / pre-contractual measures)
Art. 6(1)(c) GDPR (legal obligation)
Art. 6(1)(f) GDPR (legitimate interests)
Art. 6(1)(a) GDPR (consent)
Where cookies or similar technologies are used, Section 25 German TDDDG additionally applies.
3.2 Storage Duration
We retain personal data only as long as necessary for the respective purpose or as required by statutory retention obligations.
3.3 Recipients and Service Providers
We use external service providers (hosting, IT services, analytics tools). These act either as processors pursuant to Art. 28 GDPR or as independent controllers.
Data Processing When Visiting Our Website
4.1 Hosting (IONOS)
Our website is hosted by:
IONOS SE
Elgendorfer Straße 57
56410 Montabaur
Germany
When accessing our website, the hosting provider automatically processes server log files, including:
IP address
Date and time of access
Accessed page/file
Referrer URL
Browser type and operating system
HTTP status code
Purpose: secure and stable website operation, error analysis, protection against attacks
Legal basis: Art. 6(1)(f) GDPR
Retention period: generally up to 30 days
Cookies and Consent Management
5.1 Use of Cookies
Our website uses:
technically necessary cookies
optional cookies (e.g. analytics), only based on consent
5.2 Consent Management (CookieYes)
We use CookieYes to manage and document user consent.
Processed data: consent status, timestamp, technical browser information
Legal basis: Art. 6(1)(c) and Art. 6(1)(f) GDPR
Withdrawal: at any time via “Cookie Settings” on our website
Web Analytics (Google Analytics)
Subject to your consent, we use Google Analytics 4.
Provider: Google Ireland Limited, Ireland
Recipient where applicable: Google LLC, USA
Processed data: usage data, device information, pseudonymous identifiers
Legal basis: Art. 6(1)(a) GDPR in conjunction with Section 25 TDDDG
Withdrawal: via cookie settings
International transfer: USA – based on EU Standard Contractual Clauses and/or EU-US Data Privacy Framework where applicable
Contact Requests
If you contact us via email, phone, or contact form, we process:
name and contact details
content of your request
Purpose: responding to inquiries
Legal basis: Art. 6(1)(b) or Art. 6(1)(f) GDPR
Retention: until the inquiry is fully resolved, thereafter in accordance with statutory obligations
Applications
If you apply via our website or email, we process:
contact details
application documents (CV, certificates, etc.)
communication data
Purpose: recruitment process
Legal basis: Section 26 German Federal Data Protection Act (BDSG) in conjunction with Art. 6(1)(b) GDPR
Retention: up to 6 months after completion of the process, longer only with consent
Use of AI Systems (EU AI Act)
We use AI-supported systems to enhance internal processes and improve communication and knowledge workflows.
Depending on context, personal data may be processed, particularly communication content.
We ensure that the use of such systems complies with the GDPR and, where applicable, the EU Artificial Intelligence Act (EU AI Act).
No automated decision-making within the meaning of Art. 22 GDPR takes place.
9.1 Fireflies.ai (Meeting Transcription)
We use Fireflies.ai for meeting transcription and structured summaries, including meetings with clients and business partners.
Provider: Fireflies.ai, Inc., USA
Data processed: audio recordings, transcripts, participant information
Legal basis: Art. 6(1)(b) or Art. 6(1)(f) GDPR
International transfer: EU Standard Contractual Clauses
9.2 Pipedrive AI (CRM Support)
We use Pipedrive AI to support CRM and sales processes.
Provider: Pipedrive OÜ, Estonia
Data processed: contact data, CRM metadata
Legal basis: Art. 6(1)(f) GDPR
9.3 OpenAI Platform / ChatGPT Enterprise
We use OpenAI services (Enterprise/Pro versions with training disabled) to support analytical, text-based and knowledge-related processes.
Provider: OpenAI, L.L.C., USA
Important note: Enterprise configurations are used under which submitted data is not used for model training.
Legal basis: Art. 6(1)(f) GDPR and Art. 6(1)(b) GDPR where used in contractual context
International transfer: EU Standard Contractual Clauses
9.4 Google Gemini
We use Google Gemini to support research and knowledge processes.
Provider: Google Ireland Limited, Ireland
Recipient where applicable: Google LLC, USA
Legal basis: Art. 6(1)(f) GDPR
International transfer: appropriate safeguards under GDPR
9.5 AI-Based Website Chatbot
Our website may include an AI-supported chatbot to provide initial information.
Processed data: user input content, technical metadata
Legal basis: Art. 6(1)(a) GDPR (consent) or Art. 6(1)(f) GDPR
Please do not enter sensitive personal data or confidential information into the chatbot.
Your Rights
You have the following rights:
Right of access (Art. 15 GDPR)
Right to rectification (Art. 16 GDPR)
Right to erasure (Art. 17 GDPR)
Right to restriction (Art. 18 GDPR)
Right to data portability (Art. 20 GDPR)
Right to object (Art. 21 GDPR)
Right to withdraw consent (Art. 7(3) GDPR)
To exercise your rights, contact: dataprotectionofficer@rhino-mc.de
Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority.
The competent authority for us is typically:
The Hessian Commissioner for Data Protection and Freedom of Information (HBDI)
Gustav-Stresemann-Ring 1
65189 Wiesbaden
Germany
Amendments
We reserve the right to amend this Privacy Policy if our data processing activities, website, or legal requirements change.