Privacy Policy

Privacy Policy

Effective Date: 06-10-2025

This privacy policy informs you about the type, scope, and purpose of processing of personal data (hereinafter referred to as “data”) within our company and online presence. Personal data means all data that relates to you personally, such as name, address, email address, or online behavior.

1. Controller

mengelkamp & schwarz IT GmbH
Prof. Dr. Aaron Mengelkamp
Nelkenring 11
31249 Hohenhameln
Germany
Tel: +49 177 836 4701
Email: amengelkamp@msit-solutions.com
Website: https://www.msit-solutions.com

2. Supervisory Authority

If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority. The competent authority for us is:

The State Commissioner for Data Protection Lower Saxony
Prinzenstraße 5
30159 Hannover
Germany
Website: https://lfd.niedersachsen.de

3. Data Processing in Our Business

We process personal data to provide our IT services, consulting, training, and related business activities. This includes contractual and pre-contractual relationships, communication, and lead management.

  • Processed data: contact data, contract data, payment data, inquiry details 
  • Data subjects: customers, prospective customers, business partners, webinar participants
  • Legal bases:
    • Art. 6 (1) (b) GDPR – performance of contract and pre-contractual measures
    • Art. 6 (1) (c) GDPR – legal obligations (e.g., retention periods)
    • Art. 6 (1) (f) GDPR – legitimate interests (business operations, communication, IT security)
    • Art. 6 (1) (a) GDPR – consent, if requested

Contact via Email or Forms:

If you contact us by email or via a contact form on our website, we process your data (such as name, email address, phone number, and message content) solely for the purpose of handling your request.

  • Legal bases: Art. 6 (1) (b) GDPR (pre-contractual inquiries) and Art. 6 (1) (f) GDPR (legitimate interest in communication).

4. Web Hosting (Hetzner)

Our website is hosted on servers provided by Hetzner Online GmbH (Industriestr. 25, 91710 Gunzenhausen, Germany). Hetzner processes all data transmitted via your browser when visiting our website (e.g., IP address, requests, metadata). We have concluded a Data Processing Agreement (DPA) with Hetzner.

5. DNS & Security (Cloudflare)

We use Cloudflare, Inc. (101 Townsend St, San Francisco, CA 94107, USA) as DNS provider and to improve security and performance of our website. This involves the transfer of your IP address and related connection data to Cloudflare servers.

  • Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in security and availability).
  • Data transfer to the USA is based on EU Standard Contractual Clauses (SCCs).

6. Analytics (Plausible)

We use Plausible Analytics to analyze website usage. We host our own instance of Plausible on servers rented at Hetzner (Germany). No personal data (such as IP addresses or tracking cookies) is stored. The data is fully anonymized and aggregated.

  • Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in improving our website).

7. Social Media & External Platforms

We maintain company pages on LinkedIn and YouTube. When you interact with us there, the respective platform providers process your personal data under their own responsibility.

  • LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
  • Google Ireland Limited (for YouTube), Gordon House, Barrow Street, Dublin 4, Ireland

 

We do not have full control over the data processing of these platforms. For details, please refer to their privacy policies:

 

Embedded YouTube Videos:
When YouTube videos are embedded on our website, data (including your IP address and cookies) may be transmitted to Google servers. This occurs only after you have given your consent via our cookie consent tool.

8. Webinars (Google Meet & Registration)

We host webinars which you can register for via our website or LinkedIn.

  • Registration data (name, email, company, job title) is processed to manage participation.
  • Webinars are conducted via Google Meet (Google Ireland Limited). During webinars, audio, video, chat messages, and shared content may be processed.
  • Provider: Google Meet (Google Ireland Limited).
  • Legal bases:
    • Art. 6 (1) (b) GDPR – performance of contract (registration & participation)
    • Art. 6 (1) (f) GDPR – legitimate interest in providing online seminars
  • Data transfers to the USA are based on Standard Contractual Clauses (SCCs).

9. CRM & Lead Management (SuiteCRM)

We store leads and customer data in our SuiteCRM system, hosted on servers rented from Hetzner (Germany). This includes registration data from seminars and contacts acquired via LinkedIn.

  • Legal basis: Art. 6 (1) (b) GDPR (contractual relationship) and Art. 6 (1) (f) GDPR (business communication).

10. Cookies & Consent

Our website uses cookies.

  • Necessary cookies are required for the basic operation of our site (e.g., login, security, preferences).
  • Statistical/marketing cookies are only set if you give your consent.

We use a cookie consent management tool on our website, which allows you to accept or reject non-essential cookies. You can change or withdraw your consent at any time.

Legal bases:

  • Art. 6 (1) (a) GDPR in conjunction with § 25 TTDSG – consent
  • Art. 6 (1) (f) GDPR – legitimate interest (for technically necessary cookies)

11. Your Rights

Your rights under the GDPR According to the GDPR, you are entitled to the following rights, which you can assert at any time with the controller named in section 1 of this data protection declaration:

  • Right to information: You have the right to request information from us about whether and which data we process about you.
  • Right to rectification: You have the right to request the rectification of inaccurate data or the completion of incomplete data.
  • Right to erasure: You have the right to request the erasure of your data.
  • Right to restriction: In certain cases, you have the right to request that we only process your data to a limited extent.
  • Right to data portability: You have the right to request that we transmit your data to you or another controller in a structured, common and machine-readable format.
  • Right to complain: You have the right to complain to a supervisory authority. The supervisory authority responsible is the supervisory authority of your habitual residence, your place of work, or our headquarters.
  • Right of withdrawal You have the right to revoke your consent to data processing at any time.
  • Right to object You have the right to object at any time to the processing of your data based on our legitimate interest pursuant to Art. 6 (1) (f) GDPR. If you exercise your right of objection, we ask you to explain the reasons. We will then no longer process your personal data unless we can demonstrate to you that compelling legitimate grounds for data processing outweigh your interests and rights.

 

Notwithstanding the above, you have the right to object to the processing of your personal data for advertising and data analysis purposes at any time. Please send your objection to the contact address of the controller provided above.

12. Data Retention

We delete your data when we no longer need it or when you instruct us to do so. This means that – unless otherwise stated in the individual data protection notices of this privacy policy – we delete your data.

If the purpose of the data processing no longer applies and the respective legal basis stated in the individual data protection notices no longer exists, for example:

  • after the termination of the contractual or membership relationship between us (Art. 6 (1) (a) GDPR) or
  • after our legitimate interest in the further processing or storage of your data no longer applies (Art. 6 (1) (f) GDPR),
  • if you exercise your right of withdrawal and there is no other legal basis for processing within the meaning of Art. 6 (1) (b)-(f) GDPR,
  • if you exercise your right of objection and there are no compelling legitimate reasons that prevent deletion.

 

However, if we need to retain (certain parts of) your data for other purposes, such as tax retention periods (usually six years for business correspondence or ten years for accounting documents) or the assertion, exercise, or defense of legal claims arising from contractual relationships (up to four years), or if the data is needed to protect the rights of another natural or legal person, we will delete (that part of) your data only after these periods have expired. However, until these periods have expired, we limit the processing of this data to these purposes (fulfillment of retention obligations).

13. Security

Our website uses SSL/TLS encryption to protect your transmitted data from unauthorized access.

Education & Thought Leadership

Education & Thought Leadership is a service area focused on building expertise, inspiring innovation, and empowering individuals or organizations through structured knowledge sharing in the domain of B2B risk management.

We are happy to support you in establishing knowledge in the areas of (social) media monitoring, data analysis, or artificial intelligence within your company through

  • lectures
  • seminars
  • individually tailored training events.
Contact us

Consulting & Data Analysis

We are looking forward to leverage the potential of your data in order to enable you to make better decisions, optimize performance, and gain competitive advantages.

While working with clients on projects in risk management we ..

... develop processes for data analysis and decision making, ...

... advise them on appropriate information bases for risk decisions ...

... and conduct data analyses in order to gain new insights based on our clients data e.g. combined with external information. Hereby we often work together with scientific institutions e.g. as by the following projects:

Comparison of ratings, information from sales, payment history and (social) media data regarding their ability to anticipate insolvencies of debtors in cooperation with a leading German mechanical engineering company

Up to 72,9% of bad debt can be reduced if the information base for B2B-credit risk assessment - usually including ratings, payment history, sales information and balance sheet analysis -  is enhanced by data from (social) media platforms

It is advisable to start the (social) media monitoring with selected business partners by taking into account e.g. business volume, dependance or risk and scale up the monitoring after establishing processes with high maturity level

(see: Mengelkamp, A.: Verringerung von Forderungsausfällen durch Integration von Daten aus (sozialen) Medien in Bonitätsprüfungsprozesse, in: van Koeverden, A.; Schneider-Maessen, J.; Da Silva, F.; Schumann, M. (Hrsg.): Bundeskongress 2024 – Strategisches Credit Management zur partnerschaftlichen Vertriebskooperation, Kleve, 2024, S. 43 – 56.)

Analysis of social media data regarding insolvencies of suppliers in cooperation with a leading German automobile manufacturer

Suppliers can be classified as prospectively solvent or insolvent with up to 84% accuracy when solely data from social media platforms is considered

While implementing social media analysis for supplier risk management, decisions especially regarding self or external development and hosting of the software, integration of social media data in existing risk management systems as well as reporting and alerting processes were made

(see: Vogel, C. F., Mengelkamp, A.: Bonitätsprüfung auf Basis von Daten aus sozialen Medien zur Bewertung der Lieferantenstabilität in der Automobilbranche, in: van Koeverden, A.; Schneider-Maessen, J.; Da Silva, F.; Schumann, M. (Hrsg.): Bundeskongress 2023 – In der Zeitenwende Klima, Konflikte und Kosten mit aktivem Credit Management meistern, Kleve, 2023, S. 55-75.)

Contact us

(Social) Media Monitoring of Business Partners

Our cloud-based platform for (social) media analysis enables companies to monitor their suppliers and customers – integrate the data into third-party systems and rely on your existing systems landscape.

Homescreen on laptop
Assess your overall risk exposure and keep up with latest events
Detailview on laptop
Identify individual risks of your business partners and discuss countermeasures
Dashboard_compare
Compare the development of KPIs regarding your business partners over a defined timespan
weeklyreport
Receive (weekly) summaries with latest information concerning your business partners

Our software is most often used in the domains of:

Supplier Risk Management

Identify vulnerabilities in the supply chain and initiate stabilization measures

Credit Risk Management

Evaluate the (financial) health and creditworthiness of customers in order to ensure full, punctual and reliable payment

Use the most up-to-date and powerful AI technologies to analyse (social) media communication regarding your business partners in real time

Profit from our established reporting and alerting infrastructure and receive latest news regarding your business partners customized to your requirements

Overcome deficits of traditional information e.g. analysis of balance sheets and payment behavior commonly used for monitoring the stability of business partners

- Balance sheets are published with time delay, represent past circumstances and to not reflect recent events

- Payment behavior can only be updated when new transactions take place. Within academic studies, cases were encountered, where companies paid invoices in time in order to maintain a clean payment history but delayed or reduced payment of employees. This behavior can only be deteced when integrating data from (social) media platforms in credit risk processes

Always act in compliance with latest legal regulations by integrating our (social) media data and software into your risk management processes

Contact us