Camelot-MC_white logo

Privacy Policy

Effective date:  May 15, 2024

Camelot Management Consultants AG (hereafter “Camelot”) takes the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the legal data protection regulations and this privacy policy.

This page informs you about everything you need to know about how Camelot protects your personal data and what your rights are with respect to your personal data.

If you have any questions about data protection, you can contact us at any time:

Any changes we make in the future to our data protection regulations to the declarations published here will be posted on this page.

Who is the data controller?​

Responsible for data processing in accordance with the data protection laws:

Camelot Management Consultants AG
Theodor-Heuss-Anlage 12
68165 Mannheim

If you have any questions regarding the handling of your personal data, please feel free to contact us via email at

Alternatively, you may also reach out to our designated Data Protection Officer: Nextwork GmbH, represented by Marco Peters:

What personal data do we collect?

Personal data is information that can be used to determine your identity – such as your name, address or telephone number. We collect personal data from our employees, applicants, suppliers, business contacts, partners and website users.

Our website can be used without providing your personal data. If personal data is collected on our website, the provision of your data usually is no obligation but can be provided voluntarily.

For what purpose do we process personal data?

Camelot collects and uses personal data to provide the websites as well as our contents and services within the framework of the provisions of Art. 6 para. 1 a to f DSGVO, i.e., as far as the DSGVO or another legal provision allows it, or the user has consented to the processing. 

Regarding sensitive personal data

In general, we do not attempt to collect sensitive personal data through this website or in any other way. In the limited instances where we collect such data, we will comply with the requirements of local data protection laws. If you provide us with sensitive personal data without request, you consent to our use of that information in accordance with applicable law as described in this Privacy Policy.

The term ‘sensitive personal data’ refers to the different categories of personal data for which European and other data protection law(s) define the need for specific treatment, including the need for explicit consent in certain circumstances.

Do we share your personal data with other Camelot companies and external parties?

We may share personal data Personal data with other Camelot companies that may be located in other countries. It may be necessary for us to provide our contracted service providers and consultants with access to the personal data you provide (e.g., if we host a joint event, forum, webinar).

For the transfer of personal data to a country outside the EU / EEA, we will always take the necessary steps to ensure adequate protection of your personal data in accordance with Art. 44 -49 DSGVO.

What about data security?

As an international company with global IT systems, we may route, store or transfer personal data collected by us internationally within the Camelot Group or from our suppliers in accordance with applicable data protection laws.

We take adequate measures to maintain the security of the personal data personal data collected. With respect to your use of our website, you should be aware that due to the open nature of the Internet, information and personal data may flow over networks that connect you to our systems without security measures and may be accessed and used by people who should not receive it. We would like to point out that data transmission over the Internet (e.g., when communicating by e-mail) can have security gaps. A complete protection of data against access by third parties is not possible.

Our website may occasionally contain links to or from the sites of our partners, social media or other Camelot companies. If you follow a link to any of these sites, please note that each of these sites has its own privacy policy and we do not assume any responsibility or liability for those policies or sites. Please check the relevant policies before submitting any personal data to these sites.

How long will your data be kept and what rights do you have regarding your stored data?

We store personal data only as long as it is necessary for the respective purpose of collection or as long as you have given your consent, as long as there are no legal obligations to the contrary, e.g., commercial or tax law retention periods.

You have the right to information about whether we have personal data about you. If this is the case, you can request access to this personal data and its correction if the data is incorrect.

In principle, we do not make decisions solely by automatic measures; however, should we do so, you have the right to object.

You can contact us at any time to exercise your rights.

CAMELOT complies with the data protection laws applicable in the European Economic Area, which, where applicable, include the following rights:

  • if the processing of personal data is based on your consent, you have the right to withdraw this consent at any time about future processing
  • You have the right to ask us to access, correct or delete your personal data
  • You have the right to limit or object to the processing of your personal data
  • You have the right to data transferability
  • You have the right to lodge a complaint with the competent data protection authority.

What information do we collect on the Camelot websites?

The Camelot website is first and foremost a business tool to help you learn more about us. Our websites are managed by Camelot ITLab GmbH (Hosting Provider). We want you to feel safe when you visit our website and are committed to protecting your privacy there.

CAMELOT collects the information on its websites in two ways:

  • Directly, for example, when you provide information to subscribe to a newsletter, download a study, fill out the contact form or register for one of our events
  • Indirectly, for example by using certain technologies on our website.

The data is stored for the purpose of processing the request transmitted with your communication and, if necessary, to contact you. We delete the data accrued in this context after the storage is no longer necessary or restrict the processing if there are legal obligations to retain data.

We may collect and process the following information:

  • If you contact us, we may keep a record of that correspondence
  • Our website collects information about your computer, including your IP address, operating system and browser type for statistical reporting purposes. This information is stored in so-called cookies (small text files that are stored in the visitor’s Internet browser and serve to recognize the Internet browser).

If you wish to do without the advantages of our cookies, you can read in the help function of your browser how to set your browser to prevent it from accepting new cookies or to delete existing cookies. There you can also find out how to block your browser for all new cookies or which settings you have to make to get a hint for new cookies.

If this information relates to you or if you are identifiable through this, we treat it as “personal data”.

Cookie Consent with CookieYes

Our website uses cookie consent technology to obtain your consent to the storage of certain cookies in your browser and for their data privacy protection compliant documentation. The provider of this technology is CookieYes – CookieYes Limited of 3 Warren Yard Warren Park,  Wolverton Mill, Milton Keynes, MK12 5NW, United Kingdom, company number 13074037, VAT  number GB381305513.  (hereinafter referred to as Cookieyes).

Whenever you visit our website, a Cookieyes cookie will be stored in your browser, which archives any declarations or revocations of consent you have entered. These data are not shared with the provider of the Cookieyes technology.

The recorded data shall remain archived until you ask us to eradicate them, delete the Cookieyes cookie on your own or the purpose of storing the data no longer exists. This shall be without prejudice to any retention obligations mandated by law. To review the details of cookieyes, data processing policies, please visit

We use the Cookieyes cookie consent technology to obtain the declarations of consent mandated by law for the use of cookies. The legal basis for the use of such cookies is Art. 6 Sect. 1 Sentence 1 lit. c GDPR.

How do we use the information collected through the website?

We use personal data to provide the information you request, and for other purposes that we describe to you at the time of collection or that are obvious to you, for example:

  • To meet your requirements for study downloads and other content
  • To personalize your experience on our website
  • To contact you for marketing purposes, if you have agreed to this
  • For surveys to generate market studies (in which, however, no conclusions can be drawn about individual personal data)
  • Additionally for the error-free provision of the website and for the analysis of user behavior


We process the data that you send us in connection with your application in the applicant portal in order to check your suitability for the position (or any other open positions in our companies) and to carry out the application process.

This website uses the services of SAP SuccessFactors, a provider of cloud software for human capital management (HCM) and talent management.

When data is entered for the purpose of an application, it is stored on the SuccessFactors servers. SuccessFactors has several certifications for data protection and information security and stores the data in Datacenter, Frankfurt (DC 33 – Frankfurt). Further information on the processing of personal data in the application process can be found at

Data processing is based on your consent and the initiation of a potential contractual relationship.

 The data you have stored with us for the purpose of your application will be deleted six months after receipt of your application unless you have given us your consent to store the data in our talent pool.

If your data is stored in the talent pool, we will delete it after one calendar year or obtain further consent. Data stored by us for other purposes (e.g. e-mail addresses for sending newsletters) remain unaffected by this.


Our website contains a contact form and contact information that enables quick communication with us.

if you fill out the contact form, arrange a call back or get in contact with us in any other way we process and store your name, e-mail,  phone number, or other personal data that you might share with us. The information is automatically stored or, if necessary, manually transferred into our systems. The processing of your personal data is voluntary. However, without providing this data, we cannot get in touch with you.

The legal basis for processing the data you provide when sending an email or making a phone call is either the fulfillment of a contract or necessary for the performance of pre-contractual measures, our legitimate interest in effectively handling the inquiries directed to us or your consent.

There is no disclosure of these personal data to third parties.

The data in this context is processed only for as long as it is needed.

Which website tracking tools does Camelot use and how can you limit the tracking function?

Google Analytics 4:

If you have given your consent, this website uses Google Analytics 4, a web analytics service provided by Google LLC. The controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).

Google Analytics uses cookies that enable us to analyse your use of our website. The information collected by the cookies about your use of this website is usually transferred to a Google server in the USA and stored there.

In Google Analytics 4, the anonymisation of IP addresses is activated by default. Due to IP anonymisation, your IP address will be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

During your visit to the website, your user behaviour is recorded in the form of “events”. For example: Page views, First visit to the website, Start of the session, Websites visited, Your approximate location (region), Date and time of the visit, Your IP address (in truncated form)

Technical information about your browser and the end devices you use (e.g. language setting, screen resolution).

The data may be shared with companies affiliated with Google.

For the USA, the European Commission adopted its adequacy decision on 10 July 2023. Google LLC is certified under the EU-US Privacy Framework. Since Google servers are distributed worldwide and a transfer to third countries (for example to Singapore) cannot be completely ruled out, we have also concluded the EU standard contractual clauses with the provider.

The data sent by us and linked to cookies is automatically deleted after 2. The legal basis for this data processing is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR and § 25 para. 1 sentence 1 TTDSG.

You can revoke your consent at any time with effect for the future by accessing the cookie settings and changing your selection there.

You can also prevent the storage of cookies from the outset by configuring your browser software accordingly. However, if you configure your browser to reject all cookies, this may restrict the functionality of this and other websites.

You can find more information on the terms of use of Google Analytics and on data protection at Google at and at


Camelot uses Hubspot, a service of Hubspot Inc. on its websites for analysis purposes.

So-called “web beacons” are used and “cookies” are also set, which are stored on your computer and enable us to analyze your use of the website. Hubspot will use the information collected (e.g., IP address, geographic location, browser type, length of visit and pages viewed) to generate reports about your visit and the Camelot pages you visited.

When subscribing to Camelot e-mail news and obtaining studies and other documents, Hubspot also allows us to link a user’s visits to Camelot websites with their personal data (especially name and e-mail address) based on their consent, thereby collecting personal data and informing users individually and specifically about preferred topics.

If collection by Hubspot is generally not desired, the storage of cookies can be prevented at any time by appropriate browser settings. For more information about how Hubspot works, please see Hubspot’s Privacy Policy.

Hubspot Privacy Policy:

Which social media services are integrated on our website?

So-called social media services are integrated on our website. With the help of these services, you can recommend articles from our website. These are only integrated on our website as links to the corresponding services. After clicking on the integrated icon, you will be redirected to the page of the respective provider, i.e. only then will user information be transferred to the respective provider. For information on how your personal data is handled when using these websites, please refer to the respective data protection regulations of the providers.

  • Facebook recommend function (“like button”): Facebook Inc.1601 S. California Ave, Palo Alto, CA 94304, USA,
  • Xing Share button: XING AG, Dammtorstrasse 30, 20354 Hamburg, Germany,
  • LinkedIn Recommend Button: LinkedIn Corporation, 2029 Stierlin Court, Mountain View,CA 94043, USA,
  • Google Ireland Limited Gordon House, Barrow Street Dublin 4. Irland.

How does CAMELOT use personal data for marketing purposes?

The majority of the personal data we collect and use for marketing purposes relates to individual employees of our customers with whom we maintain an existing business relationship. In addition, we may obtain contact information from public sources, including content published on public and social media websites, to establish initial contact with a relevant person at a customer or other company.

In accordance with applicable marketing regulations, we send promotional emails to individuals at our customers’ premises or at those of other companies with whom we intend to establish or maintain a business relationship. For existing business relationships, we use the mailing tool Hubspot. Our targeted e-mail messages (e.g., as part of a mailing campaign for trade fairs, forums, webinars, business breakfasts) contain cookies and similar technologies that allow us to find out whether you have opened an e-mail message we have sent.

When you click on a link in a marketing e-mail sent by CAMELOT, we use a cookie to record which pages were viewed, which hyperlinks were clicked and what content was downloaded from our websites.

Where do we store your data?

Like all large companies, Camelot uses a Customer Relationship Management (CRM) database technology to manage and track our marketing efforts. Our CRM databases contain personal data of individuals at our customers and other companies with whom we already have a business relationship or wish to establish one. Personal data used for these purposes includes relevant business information, such as contact information, publicly available information, your responses to targeted e-mails (including web activity to follow the links contained in our e-mails) and other business information provided by Camelot employees based on their personal interaction with you. If you wish to be excluded from the CRM databases, please contact our Privacy Office.

What rights do you have to restrict / stop marketing communication?

You may exercise your right to opt-out of marketing communications with you by ticking certain boxes on the forms we use to collect your personal data or by using the opt-out mechanism in the emails we send to you. You may also opt out of marketing communications or have your personal data removed from our Customer Relationship Management (CRM) database at any time. Please contact for this purpose.

In these cases, we will retain a minimum of personal data to record that you have been removed from marketing communications to prevent you from being contacted again.

Who can you contact regarding questions about data protection/ rights/complaints?

Please contact us if you:

  • Have further questions about how Camelot protects your personal data
  • Wish to exercise your data protection rights (e.g., a copy of the personal data we hold about you);
  • Want to stop marketing communications directed to you
  • Wish to have your personal data removed from our Customer Relationship Management (CRM) databases
  • Have concerns regarding our use of your personal data
  • Wish to make a complaint, or
  • Would like to address a more general question on the subject of data protection to us.