Data protection information

Name and contact details of the data controller, data protection officer and responsible data protection authority

Thank you for visiting our website. The protection of your personal data is of great importance to us. Therefore, we would like to inform you in the following about data processing at Prognos. We confirm that we fully comply with the legal requirements of the General Data Protection Regulation (‘GDPR’), and other data protection regulations.

Responsible for the data processing is:

Prognos AG, Goethestraße 85, 10623 Berlin, Deutschland;
Telephone: +49 (0)30 – 52 00 59 210
Fax: +49 (0)30 – – 52 00 59 201

The data protection officer is:

Mrs Angelina Thevessen

The responsible data protection authority is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219, 10969 Berlin, telephone: +49 (0)30 13889-0, Email:



Privacy Policy

1. Overview data processing operations

a) Website visit

When visiting our website our server collects information from the browser of your device. This information is temporarily stored in a so-called log file. The following data may be stored without your intervention until its automatic deletion.

  • IP-address,
  • date of access,
  • the website previously visited (referrer-URL),
  • browser used and, if applicable, operating system,
  • server status code,
  • transferred data volume.

The above-mentioned data is processed by us for the following purposes:

  • ensuring a smooth connection of the website,
  • ensuring convenient use of our website,
  • evaluation of system security and stability as well as for other administrative purposes.

The legal basis of the data processing is Art. 6 para. 1 s. 1 lit. f GDPR. Our legitimate interest derives from the above-listed purposes. Under no circumstances the collected data is used for inferences concerning your person.  

Additionally, we use cookies and analysis services (detailed information here).

b1)    Newsletter receipt and registration

When you register for our newsletter, the e-mail address and, if applicable, the type of organisation are collected. In addition, when receiving the newsletter, the opening rates and click rates of the user are individually measured, stored and evaluated. This is done with the help of small graphics embedded in the newsletter (so-called pixels). We use this data for general statistical evaluations and to optimise and further develop our content. The legal basis for the use of the email address, the type of organisation as well as the individual user behaviour is the consent given by the subscriber following Art. 6 Para. 1 a) DSGVO.

Furthermore, the date, time and IP addresses are collected as part of the double-opt-in procedure to confirm registration. This serves to document the consent given and to protect against improper registration. The legal basis for this is Art. 6 para. 1 f) DSGVO (legitimate interests).

The dispatch of our newsletter is carried out by Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany. For the processing of personal data, an order processing agreement according to Art. 28 DSGVO has been concluded with Sendinblue. For more information, please see the data protection information of Sendinblue:

b2)    Newsletter receipt without registration

If you receive the newsletter without having registered for it, we have a business relationship with you, you hold a public office and/or we assume based on your activity that you have an interest in being informed about our most important study results, events from our company and the publication of the Prognos magazine trendletter. The legal basis for this is Art. 6 (1) f) DSGVO (legitimate interests of the responsible parties).

c)    Using our contact form  

For questions of any kind, we offer the possibility to contact us via a form on the website. A valid email address and full name must be provided so that we know who the request is from and can respond to it.
Data processing for the purpose of contacting us is performed in accordance with Art. 6 para. 1 p. 1 lit. a GDPR on the basis of your freely given consent.

The personal data collected by us for the use of the contact form will be deleted after completion of your request.

d)    Survey participation

If you have been invited by us to participate in a survey, we process the personal data collected from you on the legal basis stated in the survey (e.g., consent) and for the stated purpose (usually evaluation of the survey as part of a specific project). The evaluation of the survey results is usually anonymized, i.e., it is not possible to draw conclusions about individual response behaviour. Once the purpose has been achieved, the data is deleted.

e)    Use of Karriere-Netzwerk and application forms

When you apply via our online platform Karriere-Netzwerk, the following data is collected.

  • name, email address, address, telephone number
  • letter of motivation
  • application details (working time, salary expectations, willingness to relocate etc.)
  • data regarding professional career (degree, references, CV)
  • Xing-/LinkedIN-profile
  • if applicable, information on special personal data according to Art. 9 GDPR (e.g., severely disabled status)

The data you entered on the online platform will be used by us as part of the application process for the decision on the establishment of an employment relationship. Furthermore, we may process your personal data to the extent necessary to defend asserted legal claims against us arising from the application process. If an employment relationship is established, we may further process the personal data already received for the purposes of the employment relationship if this is necessary for the implementation or termination of the employment relationship or for the exercise or fulfilment of the rights and obligations of the employee representative body resulting from a law or a collective agreement

In the case of an application for an announced position, the legal basis is Art. 88 para. 1 GDPR in conjunction with § 26 para. 1 S. 1 1. Var. BDSG. If it is an initiative application, the processing is based on consent in accordance with Art. 6 para. 1 lit. a GDPR. For the defence of asserted legal claims arising from the application process, the legal basis is Art. 6 para. 1 lit. f GDPR; the legitimate interest is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG). If an employment relationship is established, data already received may be processed in accordance with § 26 para. 1 BDSG.

The personal data transmitted in the application process will be stored by Prognos for as long as is necessary to fulfil the purpose of the processing. They will be deleted no later than six months after completion of the application process if no employment relationship has been established. If there are legal obligations to store data, the period of which is longer, longer storage may take place. The data will be deleted earlier if the applicant withdraws his or her application or, in the case of a speculative application, revokes his or her consent to data processing. If an employment relationship is established, the data will be stored for the duration of the employment relationship and, if there are legal obligations to store data, beyond that.

2. Transmission of data

Your personal data will not be transmitted to third parties for purposes other than those listed below.

Personal data will be transmitted only if:

  • you have given consent according to Art. 6 para. 1lit. a GDPR,
  • if the disclosure is necessary for the enforcement, exertion, and defence of legal claims, assuming the absence of overriding interests in the non-discloser of your personal data, (Art. 6 para. 1 lit. f) GDPR
  • in case of a legal obligation, Art. 6 para. 1 lit. c) GDPR, and
  • if the disclosure is legally permissible and necessary for the contract processing Art. 6 para. 1 lit. b) GDPR.

3. Rights of the data subject

As the data subject you have the right:

  • in accordance with Art. 15 GDPR to request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it was not collected by us, as well as the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details;
  • in accordance with Art. 16 GDPR to immediately demand the correction of incorrect or completion of your personal data stored by us;
  • in accordance with Art. 17 GDPR to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise, or defence of legal claims;
  • in accordance with Art. 18 GDPR to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer need the data, but you need it for the assertion, exercise or defence of legal claims or you have objected to the processing in accordance with Art. 21 GDPR;
  • in accordance with Art. 20 GDPR to receive your personal data that you have provided to us in a structured, common, and machine-readable format or to request the transfer to another controller;
  • in accordance with Art. 7 para. 3 GDPR to withdraw your consent given to us at any time. As a result, we are no longer allowed to continue the data processing based on this consent for the future, and
  • in accordance with Art. 77 GDPR to complain to a supervisory authority. In general, you can contact the supervisory authority of your usual place of residence or workplace or our offices for this purpose.

4. Right to object

If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 lit. 1 lit. f) GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that there are grounds for doing so that arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which is implemented by us without specifying a particular situation.

If you wish to exercise your right of revocation or objection, it is sufficient to send an e-mail to

5. Data security

During the website visit, we use the widespread SSL procedure (Secure Socket Layer) in connection with the highest encryption level supported by your browser. As a rule, this is a 256 bit encryption. You can tell whether an individual page of our website is encrypted by the closed key or lock symbol in the lower status bar of your browser.

We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.


6. Topicality and modification of this privacy policy

This data protection information is currently valid and has been updated as of June 2021.

Due to the further development of our website and offers or due to amended legal or official regulations, it may become necessary to amend this data protection information. You can access and print out the current data protection information at any time on the website at