Last modified on June 15, 2022
Welcome to Roland Berger's Privacy Notice ("Privacy Notice")
Protecting your Personal Data and complying with the General Data Protection Regulation (GDPR) and other relevant data protection legislation are matters that we take very seriously. This policy is intended to give you an overview of how we ensure this protection and compliance, what kinds of data we collect and why, and how we deal with it.
By "Personal Data" we mean, in accordance with the GDPR, any information relating to an identified or identifiable individual. This is broader than just information of a personal or private nature and also includes information such as your name, date of birth, and email address.
Responsibility for data processing in connection with this website rests with Roland Berger Holding GmbH, Sederanger 1, 80538 Munich, Germany ("Roland Berger", "we", "us"). For more detailed information about Roland Berger, please see How to contact us .
There are some points on our websites where we collect data for information and marketing purposes with your consent. This is generally done for all Roland Berger entities as joint controllers (Art. 26 GDPR).
Roland Berger uses our website to present general information about our company and what we do. There are some areas of our websites or individual pages that serve more specific purposes and for which separate data protection notices apply:
- Then there is our alumni area, where people who used to work for Roland Berger can keep in touch with their former colleagues and the company itself (refer to the supplementary Data Protection Notice for alumni);
- Our websites offer information and marketing material, as well as the possibility to register for events. If you use such services, we will usually send you the requested material by email. For this we ask you for your consent.
We collect, process and use your data for the above reasons unless there are more specific reasons, which we will give when collecting that data (e.g. for applicants ). We use data only for the purpose intended in each case.
1. Personal Data collected automatically in server logs
When you visit our websites, we record the following information:
- your IP address;
- the data you requested from the website;
- how much data you downloaded;
- the website from which your accessing system came to our website;
- the server reply code on the request from your browser;
- information about the browser you used;
- the date and time you visited, and for how long; and
- other similar data and information that serves to avert the risk of an attack on our information technology systems.
Roland Berger generally cannot attribute this data to any specific person.
This information is required in order to:
- properly deliver the contents of our websites;
- continually optimize our websites;
- ensure the continued functioning of our information technology systems and the technology of our websites; and
- provide law enforcement authorities with the necessary information for prosecution in the event of a cyberattack.
2. Personal Data obtained from you directly
We record and process information you enter on our websites or send us otherwise. This includes data you enter in forms or contact fields (e.g. for the subscription of newsletters) or select from lists or menus.
On our websites, you also have the possibility to contact Roland Berger using the contact forms, email addresses, telephone and fax numbers provided there. When you contact us through the above channels, we will store and process the resulting personal data for the purposes of dealing with your request. Your information can be stored in our Customer Relationship Management (CRM) system. All data are used exclusively for the processing of your request.
The legal basis for the processing of the data is Art. 6 para. 1 lit. f) GDPR (general requests). Where the data are processed in order to take steps prior to entering into a contract at your request, the legal basis shall be Art. 6 para. 1 lit. b) GDPR. We process the personal data we collect solely for the purposes of effectively handling the requests addressed to us. These purposes also constitute our legitimate interest in processing personal data pursuant to Art. 6 para. 1 lit. f) GDPR.
We will retain the data you transfer to us in contact requests until you ask for their deletion, object to their storage, or the purpose for their storage no longer applies. The purpose for the storage of the data no longer applies when it becomes evident that the underlying issue has been conclusively settled.
3. Profile and login information for access-protected areas
There are some access-restricted areas of the websites for which you need to register before you can use them, like the recruiting/applicant and alumni areas in particular. When registering, there are some details you have to enter that the registration form itself requires, particularly your email address, a password, and some information about yourself. Any other details you enter are voluntary. We process and save this data in accordance with the supplementary Privacy Policies for applicants and alumni.
In some areas of our websites, like our alumni network in particular, some of your registration data or contributions you make can be seen by other users once they log in. It is up to you to decide whether you want other registered users of this site to see your information and, if so, what. You can change these settings at any time. During the registration process, we will ask you to give your consent for processing and saving that data. The legal basis for processing that data is Art. 6 para 1 lit.a) GDPR.
4. Information and marketing services
There are many points on Roland Berger's website where we offer the possibility to subscribe to newsletters and studies, participate in surveys, receive similar information and marketing materials, or register for events. If you would like to use these services, we will need a working email address for you and details to enable us to verify that this email address is really yours and whether you agree to receive the newsletters. For legal reasons, an email will be sent to the email address you provided asking for confirmation in a double-opt-in procedure after signing up for our newsletter. The legal basis for sending newsletters is Art. 6 para. 1 lit. a) GDPR.
When you register, we record the following data:
- Title (required)
- First name (required)
- Last name (required)
- Email (required)
- Company (required)
- Job title (required)
- Country (optional)
The Personal Data collected when ordering information and marketing material will be used exclusively for the following purposes:
- Sending the newsletter
- Consulting, marketing and advertising
- Composing the topics of the newsletter according to your interests
If you register for one of our events, we also use your Personal Data for the following purposes: to identify you as a registered participant of the event, to grant you access to the event, to send reminders and to inform you if there are any changes to the event (e.g. a change of date and time) and to contact you after the event to ask for your feedback in accordance with Art. 6 para. 1 lit. b) GDPR.
In addition, photos can be taken at the event. If you do not wish to be photographed, please let the photographer know on the spot. We process the photos for the purposes of documentation of the event, for printed and for online publicity on our publicly available websites or/and on social media (a.o. Instagram, Facebook, LinkedIn). For controllers in the EU the legal basis for taking and publishing of photos is our legitimate interest in reporting on the event pursuant to Art. 6 para. 1 lit. f) GDPR. We ask for your separate consent pursuant to Art. 6 para. 1 lit. a) GDPR for the publication of photos, if the content and composition of the photos or the intended use requires this.
Our newsletters and other automatically sent emails with information and marketing material as well as emails in connection with events contain so-called web beacons for statistical analysis. We use these to optimize the content of the newsletters and adapt them better to user interests. By integrating these web beacons, we can identify when an email was opened by a person concerned and which links in the email were opened. This will only be done with your consent when requesting such emails.
In case Roland Berger organizes a competition on a social media channel of Facebook or Instagram following personal data will be process:
- participant´s account name on social media channel;
- winners last name, first name, birthday, address.
A processing of the data is carried out exclusively for the implementation of the competition (for the purpose of the implementation of the participation contract and in particular for the notification of the prize). The legal basis for this data processing is Art. 6 para. 1 lit. b) GDPR and Art. 6 para. 1 lit. f) GDPR.
6. Fulfilment of compliance requirements
We may carry out sanction list / compliance screenings with regard to the business relationship with you and in compliance with legal compliance obligations. Any such use of your Personal Data is based on the permission to process Personal Data in order to comply with statutory obligations (Art. 6 para. 1 lit. c) GDPR) and our legitimate interest (Art. 6 para. 1 lit. f)) or under the equivalent provisions under applicable law.
7. Data from public sources
In some cases, we search and use Personal Data from public sources (such as LinkedIn, Xing and other publicly available sources on the internet) to complete or correct your data (first name, company, country, etc.). We store this data in our CRM system. The legal basis for this is Art. 6 para. 1 lit. f) GDPR.
8. Objection and withdrawal of consent
If you have given us your consent to process your Personal Data (Art. 6 para 1 lit. a) GDPR), you can withdraw your consent at any time with future effect. If we process your Personal Data based on Art. 6 para 1 lit. f) GDPR (legitimate interest), you can object at any time to the processing of your Personal Data for marketing reasons.
Please use either the link included in each newsletter email we send you or, alternatively, contact Roland Berger Holding GmbH via mail, fax, email or using the contact details given below under How to contact us .
Where does data go once it reaches Roland Berger?
External service providers
We may involve service providers who support us in the processing of Personal Data or otherwise and who may come into contact with your Personal Data. This will only happen after the prior conclusion of a Data Protection Agreement that obligates our service providers to process Personal Data only according to our instructions and to keep it confidential. Should your Personal Data be transferred to a country outside the European Union (EU) or the European Economic Area (EEA) that is not subject to a comparable level of data protection, we will ensure that the data transfer is based on an adequacy decision or conclusion of the EU standard contractual clauses.
Intra-group sharing, Joint Controllers
Within the Roland Berger Group's organization, there is a need to exchange Personal Data on an intra-group basis as Joint Controllers. For this reason, Roland Berger will transfer and share your Personal Data within the Roland Berger Group's organization for the purposes set out in this Privacy Notice. Roland Berger entities might also be established outside the European Union or the European Economic Area. In such cases, we will ensure that there are adequate safeguards (i.e. EU standard data protection clauses) in place to protect your Personal Data. We at Roland Berger are responsible for informing you about your rights as a data subject under applicable data protection laws. You can address any requests or complaints you may have with regard to your Personal Data to Roland Berger. The other Roland Berger entities within the Roland Berger Group's organization that might also keep your Personal Data will give us reasonable cooperation, assistance and information in order to comply with such requests or complaints.
Sending data to third parties
As a fundamental rule, we do not disclose, transfer, sell or otherwise market Personal Data to third parties, such as other companies or organizations, without your express consent except as required to meet our contractual obligations between Roland Berger and you, the website user.
Transfer of data to countries outside the EU/EEA
Where there is a sufficient legal basis, your Personal Data may be transferred to and processed outside the EU/EEA in other countries where laws and provisions governing the processing of Personal Data may be less stringent. In such cases, we will ensure that the data transfer is based on an adequacy decision or conclusion of the EU standard contractual clauses.
Within our online offering, we use content or service offers from third parties on the basis of our legitimate interests (i.e. interest in the analysis, optimization and efficient operation of our online offering within the meaning of Art. 6 para. 1 lit. f) GDPR) in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as "content"). This is only possible if our third-party providers of such content are aware of the user's IP address. Without the IP address, they would not be able to send the content to their browsers. The IP address is therefore necessary in order to display this content. We make every effort to use only such content whose respective providers use the IP address only to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring websites, visiting times and other details about the use of our online offering, and may also be linked to such information from other sources.
In the following you will find an overview of third-party providers and their content as well as links to their privacy policies, which contain further information on the processing of data and – in some cases already mentioned here – the possibility to object (known as opting out). You can, of course, change or withdraw any consent you may have given for cookies that are not absolutely technically necessary in this data protection declaration under Cookie Declaration:
We use the function 'anonymizeIP' (so-called IP-Masking): Due to the activation of IP-anonymization on this website, your IP-address will be shortened by Google within member states of the European Union or in other signatory states of the Agreement on the European Economic Area. Only in exceptional cases the full IP address will be transferred to a Google server in the USA and shortened there. The IP address transmitted by your browser within the framework of Google Analytics is not merged with other data from Google.
During your website visit the following data will be collected:
- the pages you call up,
- your "click behaviour“
- Achievement of "website goals" (conversions, e.g. newsletter registrations, downloads, purchases)
- Your user behavior (for example clicks, dwell time, bounce rates)
- Your approximate location (region)
- Your IP address (in abbreviated form)
- technical information about your browser and the end devices you use (e.g. language settings, screen resolution)
- Your internet provider
- the referrer URL (via which website/advertising medium you came to this website)
On behalf of the operator of this website, Google will use this information to evaluate your (pseudonymous) use of the website and to compile reports on website activity. The reports provided by Google Analytics serve to analyse the performance of our website and the success of our marketing campaigns.
The data recipient is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland as data processor. For this purpose, we have concluded a contract with Google. Google LLC, headquartered in California, USA, and, if applicable, US authorities can access the data stored at Google. A transfer of data to the USA cannot be excluded. The data sent by us and linked to cookies is automatically deleted after 14 months. Data is automatically deleted once a month as soon as the storage period is reached.
You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by
- a) not giving your consent to the setting of the cookie or
- b) downloading and installing the browser add-on to disable Google Analytics HERE ( https://tools.google.com/dlpage/gaoptout?hl=en).
By setting your browser software accordingly you can also prevent the storage of cookies. If your browser is set to refuse all cookies, the functionality of this and other websites may be limited.
Your consent is the legal basis for this data processing, Art. 6 para.1 lit.a) GDPR. You can revoke your consent at any time with effect for the future by changing your selection in the cookie settings https://www.rolandberger.com/en/Privacy/#cookie-declaration
Google Tag Manager
This website uses Google Tag Manager. Google Tag Manager is a solution that allows marketed website tags to be managed using an interface. The Tag Manager tool itself (which implements the tags) is a cookie-less domain and does not register Personal Data. The tool causes other tags to be activated that may, for their part, register data under certain circumstances. Google Tag Manager does not access this information. If recording has been deactivated at the domain or cookie level, this setting will remain in place for all tracking tags implemented with Google Tag Manager. Your consent is the legal basis for this data processing, Art. 6 para.1 lit. a) GDPR.
Our website uses the cookie consent technology of Cookiebot to obtain your consent to store certain cookies in your browser and to document these in accordance with data protection regulations. Cookiebot is a self-service cloud service of the company Cybot ( https://www.cookiebot.com/de/about/).
When you enter our website, a Cookiebot cookie in which the consents you have given or the withdrawal of these consents are stored is stored in your browser. This data is not passed on to the provider of Cookiebot.
The data collected will be stored until you ask us to delete it or until you delete the cookie yourself or until the purpose for data storage no longer applies. Mandatory legal retention periods remain unaffected. For details on data processing by Cookiebot, please visit https://www.cookiebot.com/de/privacy-policy/.
The legal basis for the processing is our legitimate interests Art. 6 para. 1 lit. f) GDPR for necessary cookies (to distinguish between humans and bots) and your consent Art. 6 para. 1 lit. a) GDPR for non-necessary cookies (efficient and quick processing of user requests, applications and optimization of our online offering).
LinkedIn Insight Tag
This website uses LinkedIn Conversion Tracking provided by LinkedIn (LinkedIn Inc.). LinkedIn Conversion Tracking is an analytics tool powered by the LinkedIn Insight-Tag. LinkedIn Conversion Tracking offers aggregated and anonymized reports on LinkedIn ad campaigns run by Roland Berger and aggregated and anonymized information on user behavior on the Roland Berger website. We use LinkedIn Conversion Tracking to track ad conversions and show website visitors more relevant ads on LinkedIn. You can prevent the collection of data generated by the cookie and its processing by LinkedIn by following the instructions on this site: www.linkedin.com/psettings/guest-controls/retargeting-opt-out.The LinkedIn Insight Tag enables the collection of data regarding members' visits to our website, including the URL, referrer, IP address, device and browser characteristics, timestamp, and page views. This data is encrypted, then de-identified within seven days, and the de-identified data is deleted within 90 days. LinkedIn does not share the personal data with the website owner, it only provides aggregated reports about the website audience and ad performance. LinkedIn also provides retargeting for website visitors, enabling the website owner to show personalized ads from its website by using this data, but without identifying the member.
Our website uses features of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.
Each time you access one of our pages that contains LinkedIn features, a connection to LinkedIn servers is established. LinkedIn will be notified that you have visited our sites using your IP address. If you click on LinkedIn's "Recommend" button and are logged into your LinkedIn account, LinkedIn is able to track your visit to our site to you and your account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by LinkedIn.
We use Awesome Table provided by Google Inc. ("Google") to display data in maps and tables on our website.
We use the Services of MyNewsdesk AB ("MyNewsDesk") to publish press releases and photos on our website. Additionally, MyNewsDesk is used to display a Feed of the Roland Berger Social Media Channels of Facebook, Instagram, Twitter and YouTube on our website.
We have implemented the career inspiration platform of PathMotion S.A.S ("PathMotion") to connect people who are in interested in our company directly with Roland Berger employees to provide a look behind the scenes.
We have embedded videos from YouTube (YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA) in our website. This has been done using the "double click" procedure. This means that, initially, only a thumbnail is displayed on our website without a connection to YouTube being established. Only when you click on the respective thumbnail is a connection to YouTube established and your IP address forwarded to the YouTube servers. YouTube is thus informed that our website was visited with your IP address. We do not obtain any information about the data collected in this way or how it is used.
If you are signed in to your YouTube or Google account, Google may add the processed information to your account and treat it as personal data, depending on your account settings, see in particular https://www.google.de/policies/privacy/partners/.
We integrate YouTube so that you can watch videos directly on our website. By including external videos, we reduce the load on our servers and can thus use these resources elsewhere, which can increase the stability of our servers. Your consent is the legal basis for this data processing, Art. 6 para.1 lit. a) GDPR. Further information on data processing by Google is available at https://policies.google.com/privacy.
We have embedded Vimeo videos in our website. These videos are stored on www.vimeo.com and are directly playable from our website. The video platform is operated by Vimeo, Inc. By visiting a website with embedded Vimeo videos, a direct connection is established between your browser and a server of Vimeo in the US. Vimeo stores information about your visit to our website including your IP address. If you have a Vimeo account and do not wish Vimeo to collect information about you through this website and associate this information with your member data on Vimeo, you must log out before visiting this website. Further information on the purpose and scope of data collection and processing by the third-party provider, as well as on your rights and options for protecting your privacy, can be found at vimeo.com/cookie_policy or vimeo.com/privacy.
We use the NewRelic software on our website. This enables analysis of your website usage. The information stored by the cookie about your use of this website (including your IP address) is transferred to a NewRelic server in the US. We process this data due to our predominant interest in the optimal marketing of our online offering according to Art. 6 para. 1 lit. f) GDPR.
New Relic will use the stored information to evaluate your use of the website, compile reports on website activities for the website operators and provide further services related to website and internet use. We have concluded so-called standard contractual clauses with New Relic, Inc.
Further information on data protection can be found at https://newrelic.com/termsandconditions/privacy.
The embed functionality of Soundcloud allows us to integrate music tracks from Soundcloud into our pages.
Typeform is used to set cookies that, for example, enable the user to switch to different pages or prevent a form from being sent multiple times. Typeform thus receives your IP address and can deduce that our website was called up with this IP address. According to its own information, Typeform does not store any data by which users can be personally identified (see Typeform: https://help.typeform.com/hc/en-us/articles/360029581691-What-happens-to-my-data).
MyFonts Web fonts
Within the Join section of our Roland Berger website, the so-called "Meta Pixel" (formerly Facebook Pixel) of the social network Meta, which is operated by Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Meta"), is used.
With the help of the Meta pixel, it is possible for Meta, on the one hand, to determine you as a visitor to our online offer as a target group for the display of advertisements (so-called "social media ads"). Accordingly, insofar as you have declared your consent, we use the meta pixel to display the social media ads placed by us only to those meta users who have also shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics determined on the basis of the websites visited), which we transmit to Meta (so-called "Custom Audiences"). With the help of the Meta pixel, we also want to ensure that our social media ads correspond to the potential interest of the users and do not have a harassing effect. With the help of the Meta Pixel, we can further track the effectiveness of the Meta Ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Meta Ad (so-called "conversion").
Meta Pixel uses, among other things, cookies, which are small text files that are stored locally in the cache of your web browser on your terminal device. If you are logged in to Meta (formerly Facebook) with your user account, your visit to our online presence will be noted in your user account. The data collected about you is anonymous for us, so it does not allow us to draw any conclusions about the identity of the user. However, Meta may link this data to your user account there. If you have a user account with Meta and are registered, Meta can assign your visit to your user account.
The Meta Pixel is used on the basis of Art. 6 para. 1 lit. a) GDPR for marketing and optimization purposes, in particular in order to place relevant and interesting ads for you on Meta and thus improve our services, make them more interesting for you as a user and avoid annoying ads.
Data Processing Agreement
For the processing of data for which Meta acts as a processor, we have concluded a data processing agreement with Meta, in which we oblige Meta to protect our customers' data. This applies to the processing of data relating to contact information for matching (2.a.i. of the Meta Business Tools Terms) and event data for measurement and analytics services (2.a.ii. of the Meta Business Tools Terms).
We have entered into a Joint Controller Agreement with Meta for the processing of the Data for which we act as Joint Controller with Meta. This applies with respect to Event Data for ads targeting (2.a.iii. of the Meta Business Tools Terms) and Event Data to improve ad delivery, personalize features and content, and to improve and secure Meta products (2.a.v. of the Meta Business Tools Terms).
Required information pursuant to Art. 13 para. 1 lit. a) and lit. b) GDPR can be found in Meta's Data Policy at https://www.facebook.com/about/privacy.
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. Data will be deleted after 180 days at the latest.
Since a transfer of personal data to the USA takes place, further protection mechanisms are required to ensure the level of data protection of the GDPR. To ensure this, Meta concludes standard data protection clauses with its subcontractors in accordance with Art. 46 para. 2 lit. c) GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe.
You can find another opt-out option in our Cookie-Deklaration .
We would like to point out that this setting will also be deleted when you delete your cookies.
Data subjects have rights with respect to Roland Berger Holding GmbH in relation to their Personal Data in accordance with Art. 15-21 GDPR. In particular, you have the right to:
- request a copy of the Personal Data we hold about you (right of access, Art. 15 GDPR);
- ask that we update the Personal Data we hold about you, or correct any Personal Data that you think is incorrect or incomplete (right to rectification, Art. 16 GDPR);
- ask that we delete Personal Data that we hold about you, or restrict the way in which we use your Personal Data (right to erasure, Art. 17 GDPR and right to restriction of processing, Art. 18 GDPR)
- object to our processing of your Personal Data (right to object, Art. 21 and 22 GDPR)
- request that your Personal Data be transferred to you or another data controller (right to data portability, Art. 20 GDPR).
If you are unhappy with the way we have handled your Personal Data or any data protection query or request that you have raised with us, you have a right to complain to the competent supervisory authority.
We store Personal Data in accordance with legal storage periods. We routinely delete this Personal Data or block it once these periods expire or the reasons for storage cease to apply, in accordance with data protection rules.
The security of your data is important to us, so all the areas of our websites where you can actively input data use encryption systems such as SSL (Secure Socket Layer) to protect your data from being accessed by unauthorized third parties.
If you register to use access-protected areas of Roland Berger's websites, you should keep the login details you receive in a safe place and protected from access by third parties. If you log in on a computer that is used by more than one person, please do not forget to log off properly at the end of each session and close the browser window you were using.
Roland Berger takes extensive technical and organizational security precautions to protect your Personal Data from being manipulated, either accidentally or deliberately, or being lost, destroyed or accessed by unauthorized third parties. We are constantly improving these precautions as technology develops.
We welcome your feedback. If you have any comments, complaints or questions regarding this Privacy Notice or our processing of your Personal Data, or would like to exercise any of your rights, you can contact us at:
Roland Berger Holding GmbH
The contact details of our data protection officer are:
Roland Berger Holding GmbH
This Privacy Notice was last modified on June 15, 2022. We may occasionally modify or amend it from time to time. When we make changes to this Privacy Notice we will update the revision data at the top of this Privacy Notice. Where those changes are material, we will take steps to let you know. The new modified or amended Privacy Notice will apply as from that revision date. Please always verify whether you have consulted the latest version of the Privacy Notice.