Privacy Policy

We take the protection of your personal data seriously and adhere to the rules of the applicable data protection laws, in particular the EU Data Protection Regulation (EU-DSGVO) and the German Federal Data Protection Act (BDSG), as well as this privacy policy. We process personal data of our users only insofar as this is necessary for the provision of a functional website as well as our content, services, offers, etc..

Personal data is any information relating to an identified or identifiable natural person.

The data protection declaration gives you an overview of what kind of personal data is processed and for what purpose. Furthermore, this privacy statement indicates how we ensure the protection of your personal data.


1. Name and contact details of the controller

This privacy information applies to data processing by:

iwp Consulting Group AG
Im Höhngesgarten 35
51491 Overath

Represented by:
Volker Wendland – Executive Board
Günther Mand – Chairman of the Supervisory Board

Phone: +49 (0) 2206- 910755
Fax: +49 (0) 2206-910754


2. Collection and storage of personal data as well as type and purpose of their use

a) During the informative visit of our website

You can visit our website without having to provide us with any information about yourself (who you are).

In the case of such purely informational use of our website, i.e. if you do not register or otherwise provide us with information about yourself, we only process the personal data that your browser transmits to our server. When you call up our website, information is automatically sent to our website server by the browser used on your end device. This information is temporarily stored in a so-called log file. The following information is automatically collected and stored until it is deleted (see the following explanations under point 5.):

  • IP address of the requesting computer,
  • Date and time of access,
  • Name and URL of the file accessed,
  • website from which the access was made (referrer URL),
  • browser used and, if applicable, the operating system of your computer as well as the name of your access provider,
  • language and version of the browser software

The aforementioned data is processed by us for the following purposes:

  • Ensuring a smooth connection setup of the website,
  • Ensuring a comfortable use of our website,
  • evaluation of system security and stability, and
  • for other administrative purposes.

The legal basis for the data processing is Art. 6 para. 1 p. 1 lit. f) EU-DSGVO. Our legitimate interest follows from the purposes for data collection listed above. In no case do we use the collected data for the purpose of drawing conclusions about your person.

In addition, we use cookies when you visit our website. Cookies do not cause any damage to your computer and do not contain viruses. You can find more detailed explanations of this in section 3 of this data protection declaration.

b) When using our contact form

In order to enable you to send us your questions, comments, etc., we have provided a contact form on the website. For its use, the specification of your e-mail address and your first and last name are mandatory so that we know to whom we must respond; you can provide further information voluntarily.

The legal basis for data processing is your voluntarily given consent (Art. 6 para. 1 p. 1 lit. a) EU-DSGVO).

The personal data collected by us for the use of the contact form will be deleted after completion of your request.


3. Transfer of data to third parties

Your personal data will not be passed on to third parties for purposes other than those listed below. In particular, no data will be passed on to third parties, e.g. for advertising purposes, without your express consent.

We will only pass on your personal data to third parties if:

  • you have given your express consent to this in accordance with Art. 6 para. 1 p. 1 lit. a) EU-DSGVO;
  • this is necessary according to Art. 6 para. 1 p. 1 lit. b) EU-DSGVO for the processing of contractual relationships with you, e.g. to credit institutions for the processing of contractually agreed payments, in the event of non-fulfillment of contractually agreed payments for the purposes of legal enforcement to lawyers and legal services companies;
  • in the event that a legal obligation exists for the disclosure pursuant to Art. 6 (1) p. 1 lit. c) EU-DSGVO; or
  • the disclosure according to Art. 6 para. 1 p. 1 lit. f) EU-DSGVO is necessary for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data.


4. Cookies

We use cookies on our website. These are small text files that are automatically created by your Internet browser and stored on your end device (e.g. PC, laptop, tablet, smartphone or similar) when you visit our site. Cookies do not cause any damage to your end device, do not contain viruses, Trojans or other malware. In the cookie, information is stored that arises in each case in connection with the specific end device used. However, this does not mean that we gain direct knowledge of your identity.

The use of cookies serves, among other things, to make the use of our offer more pleasant for you. For example, we use cookies to recognize whether you have already visited individual pages of our website. These are automatically deleted after you leave our site. Furthermore, in order to optimize user-friendliness, we use cookies that are stored on your terminal device for a certain fixed period of time. If you visit our site again to use our services, it is automatically recognized whether you have already been to our site and which entries and settings you have made so that you do not have to enter them again.

A distinction must be made between cookies that are absolutely necessary to provide the services on this website (necessary cookies) and those that are not absolutely necessary for this purpose (non-necessary cookies).

Without the use of necessary cookies, this website will not function properly. Such cookies are used exclusively by us (so-called first party cookies) and all information stored in these cookies is sent only to this website.

Necessary cookies are used regardless of the granting of your consent. In this case, the legal basis for data processing is our legitimate interests, i.e., our interest in the analysis, optimization and economic operation of our website and our services (Art. 6 para. 1 sentence 1 lit. f) EU-DSGVO).
Non-essential cookies used by us can be divided into the categories of preference, statistics and marketing. Marketing cookies are used by external companies (so-called third-party cookies) to collect information about the websites you visit, for example, to create targeted advertising.

Non-essential cookies are only used after you have given your consent. By giving your consent in each case in a so-called consent tool provided by us on this website to the use of the cookies listed there and selected by you, you consent to the use of these cookies. The legal basis for data processing in this case is your consent (Art. 6 para. 1 p. 1 lit. a) EU-DSGVO).

You can adjust your cookie settings individually at any time by activating or deactivating individual cookies – with the exception of necessary cookies – in the Consent Tool.

You can set your web browser in such a way that the storage of cookies on your end device is generally prevented or you are asked each time whether you agree to the setting of cookies. Once cookies have been set, you can delete them at any time. How this works is described in the help function of the respective web browser.

A general deactivation of cookies can possibly lead to functional restrictions of this website.


5. Storage period and data deletion

In particular, your personal data will be deleted as soon as it is no longer necessary for the purposes for which it was collected or otherwise processed (Article 17 (1) (a) EU GDPR). Hereafter, the data will be deleted unless, for example, storage is necessary for compliance with a legal obligation which requires the processing under the law of the Union or the Member States to which the controller is subject (Art. 17 (3) (b) EU-DSGVO) or for the assertion, exercise or defense of legal claims (Art. 17 (3) (e) EU-DSGVO). A legal obligation is represented by the statutory retention obligations, e.g. according to § 147 para. 1 no. 4, para. 3 p. 1 AO there is a retention period of 10 years for accounting data incl. order and payment data as well as according to § 257 para. 1 no. 2, 3, para. 4 HGB a retention period of 6 years for commercial correspondence, e.g. e-mail messages. The assertion and exercise of legal claims as well as the defense against such claims is possible until the expiration of 3 years. During the period of the storage obligations, the data is blocked, after which it is deleted.


6. Data subject rights

You have the right

  • in accordance with Art. 7 (3) EU-DSGVO to revoke your consent once given to us at any time. This has the consequence that we may no longer continue the data processing based on this consent for the future. The legality of the data processing carried out until the revocation remains unaffected by your revocation;
  • to request information about your personal data processed by us in accordance with Art. 15 EU-DSGVO. In doing so, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details;
  • in accordance with Art. 16 EU-DSGVO, to immediately request the correction of incorrect or completion of your personal data stored by us;
  • pursuant to Art. 17 EU-DSGVO, to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the assertion, exercise or defense of legal claims;
  • pursuant to Art. 18 EU-DSGVO, to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing pursuant to Art. 21 DSGVO;
  • pursuant to Art. 20 EU-DSGVO, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller;
  • complain to a supervisory authority in accordance with Art. 77 EU-DSGVO. The competent supervisory authority is the state data protection commissioner of the federal state in which our company is based. The address of the data protection supervisory authority responsible for our company is: Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen, Kavalleriestr. 2-4, 40213 Düsseldorf, Germany, telephone number: +49 211 38424-0 / fax number: +49 211 211 38424-10 / e-mail:


7. Right of objection

Insofar as your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) p. 1 lit. f) EU-DSGVO, you have the right to object to the processing of your personal data pursuant to Art. 21 DSGVO, insofar as there are grounds for doing so that arise from your particular situation. In the event of your justified objection, we will review the factual situation and either discontinue or adapt the data processing or show you our compelling legitimate grounds on the basis of which we will continue the processing.

If you wish to exercise your right of revocation or objection, an e-mail to the e-mail address will suffice.


8. Data security

We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

We also use SSL or TLS encryption (SSL = Secure Sockets Layer; TLS = Transport Layer Security; SSL is the previous name of TLS) within your website visit. You can recognize the correspondingly encrypted connection by the prefix “https://” in the address line of the browser as well as by the lock symbol protruding from the browser line.


9. Status and possible changes to this data protection declaration

This data protection declaration has the status August 2020.

Due to technical developments and/or changes in legal or regulatory requirements, it may be necessary to change this privacy policy. You will know if changes have been made if the “Status” of the document has been updated in the first paragraph of this section 9.

You can access and print out the current data protection declaration at any time on our website at