datenschutz

1. Responsible within the meaning of the GDPR

Lohmann & Lohmann GbR
Klopstockplatz 15
22765 Hamburg, Germany
Managing partners: Markus Lohmann & Dominique Lohmann
Phone: +49 (0) 40 3346 8280
Email: datenschutz@lohmannexecutives.de

2. Purpose of data processing

We process personal data exclusively for the purpose of providing our services in the following areas:

Executive Search (DeepMatch Core)
Optional: DeepMatch Diagnostics (LPP Candidate Check)
Optional: 90-day executive onboarding coaching
Customer communication & contract processing
Operation of our website and IT systems

Processing is carried out in accordance with the GDPR, in particular Art. 6 (1) (a), (b) and (f).

3. What types of data we process

3.1 Data from clients/companies

We process, among other things:

Contact details (name, position, telephone number, email)
Company data, billing and contract data
Information on position, team structure, culture, requirements
Project data within the scope of the executive search mandate

Legal basis: Contract fulfillment (Art. 6 (1) (b)), legitimate interest (Art. 6 (1) (f)).

3.2 Candidate data

We process candidates' personal data exclusively on the basis of their voluntary consent (Art. 6 (1) (a) GDPR) or for the purpose of implementing pre-contractual measures within the framework of an executive search process (Art. 6 (1) (b) GDPR). Consent may be given in any appropriate form.

Depending on the stage of the process, the data processed includes, in particular:

Contact details (name, email address, telephone number)
Professional information (resume, career history, qualifications, references)
Information on availability, notice periods, salary expectations
Information on motivation, previous management responsibility, or professional orientation
Notes from interviews conducted as part of the executive search
References (only with express consent)
Results of optional diagnostic procedures (only with express consent)

Storage: The data is processed and stored exclusively in secure, GDPR-compliant systems. It is not passed on to unauthorized third parties.

Deletion: Candidate data is generally deleted 12 months after the last contact, unless further consent or a legal retention obligation exists.

4. DeepMatch Diagnostics (LINC Personality Profiler)

In the diagnostics module, we optionally use the LPP Candidate Check, based on the LINC Personality Profiler (LPP).
Processed data

Character traits (Big Five oriented)
Motives & values

Important information

Only carried out with the voluntary consent of the person being tested
Clients only receive results if the person being tested agrees

Technical service provider: LINC GmbH, Lüneburg (order processing in accordance with Art. 28 GDPR)

The storage period is a maximum of 24 months; earlier deletion is possible at any time upon request.

5. Data in DeepMatch Onboarding Coaching

The following data is processed for the 90-day executive onboarding coaching:

Coaching notes and virtual flipchart via Conceptboard (qualitative content)
Topic blocks and goal definitions
Possibly supplementary LPP data (only with consent)

This content remains strictly confidential and is not passed on to the client unless the coachee expressly requests this.
The storage period is a maximum of 24 months, but earlier deletion is possible at any time upon request.

6. Data transfer

Data will only be transferred:
a) to clients

only with the consent of the candidates
only to authorized contact persons
only for the purpose of filling the respective position

b) to external service providers (processors), e.g., to:

Starhunter (recruiting software)
LINC GmbH (diagnostics)
Microsoft Ireland Operations Limited (cloud and email services within the scope of Microsoft 365) Data is stored exclusively within the EU/EEA within the scope of the “EU Data Boundary.” Microsoft is contractually bound as a processor in accordance with Art. 28 GDPR.

c) never

to third parties for advertising or analysis purposes
in countries outside the EU/EEA without an adequate level of data protection

There is no automated decision-making or profiling within the meaning of Art. 22 GDPR.

7. Deletion periods

We only store personal data for as long as is necessary for the purposes of processing or as required by statutory retention periods. Basic retention periods:

Candidate data: generally 12 months after the last contact
Data from diagnostic procedures (e.g., LINC Personality Profiler) and coaching data: maximum 24 months, unless further consent has been given
Customer data and billing-related documents in accordance with statutory retention requirements, 6 to 10 years
Website and technical data after the purpose has ceased to apply or in accordance with industry-standard IT security standards.

After expiry of the respective periods or cessation of the purpose, the data will be deleted in accordance with legal requirements, unless there are legal retention obligations that prevent this. The deletion processes are documented internally.

8. Your rights

In accordance with the GDPR, you have the right at any time to:

Information (Art. 15)
Rectification (Art. 16)
Erasure (Art. 17)
Restriction of processing (Art. 18)
Data portability (Art. 20)
Withdrawal of consent (Art. 7 (3))
Objection (Art. 21)

Please address any complaints to:
Hamburg Commissioner for Data Protection and Freedom of Information
Ludwig-Erhard-Str. 22
20459 Hamburg
www.datenschutz-hamburg.de

9. Security

Personal data is processed exclusively in secure, GDPR-compliant systems. It is stored in encrypted form and is only accessible to authorized persons who use individual accounts and password-protected access. We use technical and organizational measures, including:

Securely hosted cloud environments
Password and role management
Access restrictions for authorized persons
Regular security updates
Documented deletion processes

No data is transferred to unauthorized third parties. Data processing agreements in accordance with Art. 28 GDPR are in place with all external service providers.

10. Hosting and Website

Our website is hosted by Strato AG, Otto-Ostrowski-Straße 7, 10249 Berlin. Technical access data (e.g., IP address, browser type, timestamp) is processed to ensure stability and security (Art. 6 (1) (f) GDPR).

The website was created with Wix.com Ltd, Nemal St. 40, 6350671 Tel Aviv, Israel. Wix processes technical usage data in the context of providing the website platform. Israel is considered a safe third country according to a decision by the European Commission. Further information can be found at: https://www.wix.com/about/privacy

11. Social Media (LinkedIn & XING)

We maintain company profiles on LinkedIn and XING in order to communicate with customers, candidates, and interested parties and to provide information about our range of services. When you visit our profiles, the respective platform operators process personal data, including data from individuals who do not have their own user account. In particular, usage data, technical data (e.g., IP address), and data from interactions (e.g., likes, comments, messages) may be processed. We process personal data exclusively for the purpose of responding to inquiries and for communication (Art. 6 (1) (a), (b), and (f) GDPR).
Further information on data processing can be found in the providers' privacy policies:

12. Contact by email, telephone, or via forms

If you contact us by email, telephone, or via a form, we will store the personal data you provide solely for the purpose of processing your inquiry and for the implementation of pre-contractual measures or contractual relationships. Legal basis:

Art. 6 (1) (b) GDPR (contract/pre-contractual measures)
Art. 6 (1) (f) GDPR (legitimate interest in communication)
Art. 6 (1) (a) GDPR (consent, if applicable)

The data will be deleted as soon as your request has been finally processed, provided that there are no legal retention obligations.

13. Cookies

We only use technically necessary cookies (session cookies, CSRF protection).
No tracking, marketing, or analytics cookies.

14. Updates and changes

This privacy policy will be updated as necessary if legal or technical changes make this necessary.

​