Legal notice

1. Privacy at a glance

GENERAL NOTES

The following information provides a simple overview of what happens to your personal data when you visit our website. Personal data refers to all data by which you can be personally identified. You will find detailed information on the subject of data protection in our privacy policy, which is detailed below.

DATA COLLECTION ON THIS WEBSITE

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. Their contact details can be found in the section entitled “Information regarding the data controller” in this privacy policy.

How do we collect your data?

Firstly, your data is collected when you share it with us. This may include data that you enter in a contact form, for example.

Other data is collected automatically by our IT systems or with your consent when you visit the website. This mainly includes technical data (e.g. Internet browser, operating system or time when the page was visited). This data is collected automatically as soon as you visit the website.

What do we use the data for?

Some data is collected in order to ensure the website functions properly. Other data is used to analyse your user behaviour.

What rights do you have with regard to your data?

You have the right to obtain information about the origin, recipient and purpose of the personal data stored by us free of charge at any time. You also have the right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time with future effect. In addition, you have the right to request the restriction of the processing of your personal data in certain circumstances. You also have the right to appeal to the competent supervisory authority.

You can contact us at any time at the address provided if you have any further questions on the subject of privacy and data protection.

ANALYSIS TOOLS AND THIRD PARTY TOOLS

When you visit our website, your navigation behaviour can be statistically evaluated. This is done primarily with cookies and analytical programs.

You will find detailed information on these analytical programs in the following privacy policy.

2. Hosting und Content Delivery Networks (CDN)

Host Europe

We host our website at Host Europe. The provider is Host Europe GmbH, Hansestrasse 111, 51149, Cologne (hereinafter referred to as Host Europe) When you visit our website, Host Europe collects various log files including your IP addresses.

Details can be found in the privacy policy of Host Europe: https://www.hosteurope.de/AGB/Datenschutzerklaerung/.

Host Europe is used on the basis of Article 6 para. 1 lit. f DSGVO. We have a legitimate interest in presenting our website as reliably as possible. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Article 6 para. 1 lit. a DSGVO and § 25 Abs. 1 Telemedia Data Protection Act (TTDSG), insofar as the consent includes the storage of cookies or access to information in the end device of the user (e.g. for device fingerprinting) within the meaning of the TTDSG. This consent may be withdrawn at any time.

Order processing

We have concluded an order processing agreement with the provider named above. This is an agreement required by data protection law, which ensures that the above-mentioned provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

Google Cloud CDN

We use the content delivery network Google Cloud CDN. The service provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google offers a content delivery network distributed worldwide. Technically, the transfer of information between your browser and our website is routed via the Google network. This enables us to increase the global accessibility and performance of our website.

The use of Google Cloud CDN is based on our legitimate interest in providing our website as error-free and secure as possible (Article 6, para. 1, lit. f GDPR).

The transfer of data to the USA is based on the standard contractual clauses of the EU Commission. Details can be found at:https://cloud.google.com/terms/eu-model-contract-clause.

Details can be found at: https://cloud.google.com/cdn/docs/overview?hl=de.

Order processing

We have concluded an order processing agreement with the provider named above. This is an agreement required by data protection law, which ensures that the above-mentioned provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

3. General notes and mandatory information

DATA PROTECTION

The operators of these web pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection legislation as well as this privacy policy.

When you use this website, various personal data is collected. Personal data refers to data with which you can be personally identified. This privacy policy explains which data we collect and what we use it for. It also explains how and for what purpose this is done.

We would like to point out that the online transmission of data (such as communication via email) may be exposed to security gaps. Completely protecting data against third-party access is impossible.

INFORMATION REGARDING THE DATA CONTROLLER

The data controller responsible for processing data on this website is:

Huhn Holding GmbH
Hauptstrasse 44
57489 Drolshagen / Germany

Phone: +49 (0) 2763 81 – 0
E-Mail: info@heinrich-huhn.de

The data controller is the natural or legal person who alone or, together with others, decides on the purposes and means of processing personal data (e.g. names, email addresses, etc.).

STORAGE DURATION

Unless a specific retention period is specified in this privacy policy, your personal data will remain with us until the purpose for the data processing no longer applies. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the data will be deleted once these reasons no longer apply.

GENERAL INFORMATION ON THE LEGAL BASIS OF DATA PROCESSING ON THIS WEBSITE

If you have consented to data processing, we process your personal data on the basis of Article 6 para. 1 lit. a DSGVO bzw. Art. 9 Abs. 2 lit. a GDPR, if special data categories are processed according to Article 9 para. 1 GDPR. . In the event of express consent to the transfer of personal data to third countries, data processing is also based on Article 49 para. 1 lit. a GDPR. If you have consented to the storage of cookies or have granted access to information in your end device (e.g. via device fingerprinting), data processing is also carried out on the basis of Section 25 para. 1 TTDSG. This consent may be withdrawn at any time. If your data is required for the performance of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Article 6 para. 1 lit. b DSGVO. Furthermore, we process your data if it is required to fulfil a legal obligation on the basis of Article 6 para. 1 lit. c GDPR. Data processing can also take place on the basis of our legitimate interest in accordance with Article 6 para. 1 lit. f GDPR. Information on the relevant legal basis in each individual case is provided in the following paragraphs of this privacy policy.

DATA PROTECTION OFFICER

We have appointed a data protection officer for our company.

Dipl.-Ing. Karsten Kunde
VIA Consult GmbH & Co. KG
Martinstraße 25
57462 Olpe / Biggesee

Phone: 02761/83668-0
E-Mail: datenschutz@via-consult.de

INFORMATION ABOUT DATA TRANSFER TO THE USA AND OTHER THIRD COUNTRIES

We use tools from companies based in the USA and other third countries that are subject to different data protection agreements. Whenever these tools are active, your personal data can be transferred to these third countries and processed there. Please note that we cannot guarantee the same degree of data protection as is customary within the EU. For example, US companies are obliged to hand over personal data to security authorities without you as a data subject being able to take legal action to prevent this. Therefore, it cannot be ruled out that US authorities (e.g. intelligence services) may process, evaluate and permanently store your data located on US servers for surveillance purposes. We have no influence over these processing activities.

WITHDRAWAL OF YOUR CONSENT TO DATA PROCESSING

Many data processing operations are only possible with your express consent. If you have previously given your consent, you can revoke it at any time. The legality of the data processing carried out prior to the revocation remains unaffected by the revocation.

Right to object to data collection in special cases and to direct marketing (Art. 21 DSGVO).

IF THE DATA PROCESSING IS BASED ON ARTICLE 6 PARA 1 LIT. E OR F OF THE GDPR, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA FOR REASONS THAT ARISE FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. AFTER YOU EXERCISE YOUR RIGHT TO OBJECT, WE SHALL NO LONGER PROCESS YOUR DATA FOR THESE PURPOSES, UNLESS WE ARE ABLE TO PROVIDE PROOF OF COMPELLING AND LEGITIMATE GROUNDS FOR THE PROCESSING THAT OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES THE PURPOSE OF EXERCISING, ENFORCING OR DEFENDING OF LEGAL CLAIMS. (OBJECTION PURSUANT TO ARTICLE 21 PARA. 1 GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS ASSOCIATED WITH SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL THEN NO LONGER BE USED FOR THE PURPOSE OF DIRECT ADVERTISING (OBJECTION PURSUANT TO ARTICLE 21 PARA. 2 GDPR).

RIGHT TO LODGE A COMPLAINT WITH THE COMPETENT SUPERVISORY AUTHORITY

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with the competent supervisory authority, in particular in the Member State of their habitual residence, place of work or the place of the alleged breach. The right to lodge a complaint is without prejudice to any other administrative or judicial remedy.

RIGHT TO DATA PORTABILITY

In the case of data which we process automatically on the basis of your consent or in fulfilment of a contract, you have the right to have this data transferred to you or to a third party in a common, machine-readable format. If you request the data to be transferred directly to another data controller, this will only take place if it is technically feasible.

SSL- TLS ENCRYPTION

This site uses SSL and TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator. You can ensure that you have an encrypted connection by checking that the browser address field has changed from “http://” to “https://” and that there is a lock symbol in the browser address bar.

If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.

INFORMATION, DELETION AND CORRECTION

Within the scope of the applicable legal provisions, you have the right at any time to obtain information free of charge concerning the personal data we have stored about you. You also have the right to know the origin of the data, who is receiving it and for what purpose the data is being processed.If necessary, you also have the right to have this data corrected or deleted. You can contact us at any time at the address given if you have any further questions on the subject of personal data protection.

RIGHT TO RESTRICTION OF PROCESSING

You have the right to request the restriction of processing of your personal data. Feel free to contact us at any time. You have the right to restrict the processing of your data in the following circumstances:

• If you dispute the accuracy of the personal data we have stored about you, we usually need time to verify this. For the duration of the verification process, you have the right to request the restriction of processing of your personal data.
• If your personal data has been or is being unlawfully processed, you may request the restriction of data processing instead of the deletion of your data.
• If we no longer require your personal data, however you need it to exercise, defend or enforce legal claims, you have the right to demand the restriction of processing instead of the deletion of your personal data.
• • If you have filed an objection pursuant to Article 21 para. 1 GDPR, a balance must be made between your interests and ours. As long as it is not clear whose interests prevail, you have the right to request the restriction of processing of your personal data.

If the processing of your personal data has been restricted, such data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.

4. Data collection on this website

Cookies

Our Internet pages use so-called “cookies”. Cookies are small text files and do not cause any damage to your device. They are stored on your device, either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your device until you delete them yourself or your web browser automatically deletes them.

In some cases, cookies from third-party companies may also be stored on your device when you enter our site (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for processing payment services).

Cookies have various functions. Numerous cookies are technically necessary because certain website features would not work without them (e.g. the shopping cart feature or video playback). Other cookies are used to evaluate user behaviour or to display advertising.

Cookies that are required to carry out the electronic communication process, to provide certain functions you want (e.g. for the shopping cart function) or to optimize the website (e.g. cookies for measuring the web audience) (necessary cookies) are stored on the basis of Article 6 para. 1 lit. 1 lit. f of the GDPR provided that no other legal basis has been stipulated. The website operator has a legitimate interest in the storage of necessary cookies in order to ensure the technically error-free and smooth provision of its services. If consent to the storage of cookies and comparable recognition technologies was requested, processing takes place exclusively on the basis of this consent (Article 6 para. 1 lit. a GDPR and Section 25 para. 1 Telemedia Data Protection Act (TTDSG)); the consent can be revoked at any time.

You can configure your browser to inform you about the use of cookies so that you can decide to accept or reject cookies on an individual basis. Alternatively, your browser can automatically accept cookies under certain conditions or always reject them, and you can also tell it to automatically delete cookies when closing your browser. Disabling cookies may limit the functionality of this website.

Insofar as cookies are used by third-party companies or for analytical purposes, you will be separately informed of this in this privacy policy and your consent may be required.

CONSENT WITH USERCENTRICS

This website uses the consent technology from Usercentrics to obtain your consent to the storage of certain cookies on your device or to the use of certain technologies and to document them in compliance with data protection regulations. The provider of this technology is Usercentrics GmbH, Sendlinger Strasse 7, 80331 Munich, website: https://usercentrics.com/de/ (hereinafter referred to as “Usercentrics”).

When you enter our website, the following personal data is transferred to Usercentrics:

• Your consent or the revocation of your consent
• Your IP address
• Information about your browser
• Information about your device
• Time of your visit to the website

Usercentrics also saves a cookie in your browser in order to be able to assign the consent you have given or to be able to revoke it. The data collected in this way will be stored until you ask us to delete it, delete the Usercentrics cookie yourself or the purpose for data storage no longer applies. Mandatory statutory retention requirements remain unaffected.

Usercentrics is used to obtain the legally required consent for the use of certain technologies. The legal basis for this is Article 6 para. 1 lit. c GDPR.

Order processing

We have concluded an order processing agreement with the provider named above. This is an agreement required by data protection law, which ensures that the above-mentioned provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

ENQUIRIES BY EMAIL, PHONE OR FAX

If you contact us by email, telephone or fax, your enquiry, including all resulting personal data (name, enquiry), will be stored and processed by us for the purpose of processing your enquiry. We will not share this information without your consent.

The legal basis for collecting this data is Article 6 para. 1 lit. 1 lit. b GDPR, where your enquiry is in connection with fulfilment of a contract, or is required for execution of pre-contractual activities. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries sent to us (Article 6 para. 1 lit. f GDPR) or on your consent (Article 6 para. 1 lit. a GDPR if this was requested; the consent can be revoked at any time.

The data you send to us via the contact form will remain with us until you request that we delete it, revoke your consent to its storage or the purpose of its storage no longer applies (e.g. after we have completed processing your request). Mandatory statutory provisions, especially statutory retention periods, remain unaffected.

5. Social media

Facebook

Elements of the social media network Facebook are integrated on this website. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected will also be transferred to the USA and other third countries.

An overview of the Facebook social media elements can be found here: https://developers.facebook.com/docs/plugins/?locale=de_DE.

If the social media element is active, a direct connection is established between your end device and the Facebook server. Facebook thereby receives the information that you have visited this website with your IP address. If you click the Facebook “Like” button while you are logged into your Facebook account, you can link the content of this website to your Facebook profile. This enables Facebook to assign your visit to this website to your user account. Please note that as the operator of the website, we have no knowledge about the content of the data transmitted or its use by Facebook. You can find more information on this in Facebook’s privacy policy at: https://de-de.facebook.com/privacy/explanation.

Insofar as consent has been obtained, the above-mentioned service is implemented on the basis of Article 6 para. 1 lit. a GDPR and Section 25 Telemedia Data Protection Act (TTDSG). This consent may be withdrawn at any time. If no consent has been obtained, the use of the service is based on our legitimate interest in the widest possible visibility on social media.

Insofar as personal data is collected on our website and forwarded to Facebook using the tool described here, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Article 26 GDPR). Joint responsibility is explicitly limited to collecting the data and passing it on to Facebook. The processing by Facebook after the forwarding is not part of the joint responsibility. Our joint obligations have been set out in a joint processing agreement. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for issuing data protection information when using the Facebook tool and for implementing the tool on our website in a secure manner in accordance with data protection law. Facebook is responsible for the data security of Facebook products. You can assert your rights as data subjects (e.g. requests for information) regarding the data processed by Facebook directly on Facebook. If you assert the rights of data subjects with us, we are obliged to forward them to Facebook.

The transfer of data to the USA is based on the standard contractual clauses of the EU Commission. Details can be found at: https://www.facebook.com/legal/EU_data_transfer_addendum, https://de-de.facebook.com/help/566994660333381 and https://www.facebook.com/policy.php.

Instagram

Functions of the Instagram service are integrated on this website. These functions are offered by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

If the social media element is active, a direct connection will be established between your end device and the Instagram server. Instagram thereby receives information about your visit to this website.

If you are logged into your Instagram account, you can link the content of this website to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate your visit to this website with your user account. Please note that as the provider of the pages, we do not know anything about the content of the transmitted data or its use by Instagram.

Insofar as consent has been obtained, the above-mentioned service is implemented on the basis of Article 6 para. 1 lit. a GDPR and Section 25 Telemedia Data Protection Act (TTDSG). This consent may be withdrawn at any time. If no consent has been obtained, the use of the service is based on our legitimate interest in the widest possible visibility on social media.

Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook or Instagram, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Article 26 GDPR). Joint responsibility is explicitly limited to collecting the data and passing it on to Facebook. The processing by Facebook or Instagram after forwarding is not part of the joint responsibility. Our joint obligations have been set out in a joint processing agreement. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for issuing data protection information when using the Facebook or Instagram tool and for implementing the tool on our website in a secure manner in accordance with data protection law. Facebook is responsible for the data security of Facebook and Instagram products. You can assert your rights (e.g. requests for information) regarding the data processed on Facebook or Instagram directly on Facebook. If you assert the rights of data subjects with us, we are obliged to forward them to Facebook.

The transfer of data to the USA is based on the standard contractual clauses of the EU Commission. Details can be found at: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/566994660333381.

You can find more information on this in Instagram’s privacy policy: https://instagram.com/about/legal/privacy/.

LinkedIn

This website uses elements of the LinkedIn network. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

Each time a page on this website that contains LinkedIn elements is accessed, a connection to the LinkedIn servers is established. LinkedIn is informed that you have visited this website with your IP address. If you click the LinkedIn “Recommend” button and are logged into your LinkedIn account, LinkedIn is able to assign your visit to this website to you and your user account. Please note that we, as the provider of the website, know nothing with regards to the content of the transmitted data or its use by LinkedIn.

Insofar as consent has been obtained, the above-mentioned service is implemented on the basis of Article 6 para. 1 lit. a GDPR and Section 25 Telemedia Data Protection Act (TTDSG). This consent may be withdrawn at any time. If no consent has been obtained, the use of the service is based on our legitimate interest in the widest possible visibility on social media.

The transfer of data to the USA is based on the standard contractual clauses of the EU Commission. Details can be found at: https://www.linkedin.com/help/linkedin/answer/62538/datenubertragung-aus-der-eu-dem-ewr-und-der-schweiz?lang=de

You can find more information on this in LinkedIn’s privacy policy at: https://www.linkedin.com/legal/privacy-policy.

XING

This website uses elements of the XING network. The provider is New Work SE, Dammtorstrasse 30, 20354 Hamburg, Germany.

Each time one of our pages containing elements from XING is accessed, a connection to the XING servers is established. As far as we understand, personal data will not be stored in the process. In particular, no IP addresses are stored or usage behaviour evaluated.

Insofar as consent has been obtained, the above-mentioned service is implemented on the basis of Article 6 para. 1 lit. a GDPR and Section 25 Telemedia Data Protection Act (TTDSG). This consent may be withdrawn at any time. If no consent has been obtained, the use of the service is based on our legitimate interest in the widest possible visibility on social media.

For further information on data protection and the XING share button, please refer to XING’s privacy policy which is available at: https://www.xing.com/app/share?op=data_protection.

6. Plug-ins and tools

Google Web Fonts

To ensure that fonts are presented as uniformly as possible, this website uses “web fonts”, which are made available by Google. When you access a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.

To do this, your browser must connect to Google’s servers. This gives Google knowledge that this website was accessed via your IP address. The website operator has a legitimate interest in the uniform presentation of the typeface on its website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Article 6 para. 1 lit. a GDPR and Section 25 para. 1 Telemedia Data Protection Act (TTDSG), insofar as the consent includes the storage of cookies or access to information in the end device of the user (e.g. for device fingerprinting) within the meaning of the TTDSG. This consent may be withdrawn at any time.

If your browser does not support web fonts, a default font will be used by your computer.

Further information on Google Web Fonts can be found at: https://developers.google.com/fonts/faq and in Google’s privacy policy https://policies.google.com/privacy?hl=de.

7. In-house services

HANDLING OF APPLICANT DATA

We give you the opportunity to apply for a position with us (e.g. by email, or post). In the following, we will give you information regarding the scope, purpose and use of your personal data collected as part of the application process. We confirm that collection, processing and use of your data complies with applicable data protection law and all other legal directives, and your data will be treated in strictest confidence.

Scope and purpose of data collection.

If you send us an application, we will process the associated personal data (e.g. contact and communication data, application documents, notes made as part of job interviews etc.), where this is required for a decision about justifying an employment relationship. The legal basis for this is Section 26 Federal Data Protection Act (BDSG) under German law (initiation of an employment relationship), Article 6 para. 1 lit. b GDPR (general initiation of contract) and – where you have given consent – Article 6 para. 1 lit. a GDPR. This consent may be withdrawn at any time. Your personal data will only be passed on to persons within our company who are involved in processing your application.

If your application is successful, the data you have supplied will be saved in our data processing system based on Section 26 BDSG (new) and Article 6 para. 1 lit. b GDPR for purposes of executing the employment relationship.

Retention period of the data

If we are unable to make you a job offer, you reject a job offer or withdraw your application, we reserve the right to store the data you have transmitted on the basis of our legitimate interests (Article 6 para. 1 lit. f GDPR) for up to 6 months from the termination of the application process (rejection or withdrawal of the application). The data will then be deleted and the physical application documents will be destroyed. The storage serves in particular as evidence in the event of a legal dispute. If it is apparent that the data will be required after the 6 month period has expired (e.g. due to an impending or pending legal dispute), it will only be deleted if the purpose for further storage no longer applies.

A longer storage can also take place if you have given your consent (Article 6 para. 1 lit. a GDPR) or if statutory retention requirements prevent deletion.

Admission to the pool of applicants

If we do not make you a job offer, it may be possible to include you in our pool of applicants. If you are accepted, all documents and information from the application will be transferred to the applicant pool so that you can be contacted if there are suitable vacancies.

Inclusion in the pool of applicants takes place exclusively on the basis of your express consent (Article 6 para. 1 lit. a GDPR). Giving your consent is voluntary and has no connection to the ongoing application process. The data subject can revoke their consent at any time. In this case, the data will be irrevocably deleted from the applicant pool, provided there are no legal reasons for retention.

The data from the applicant pool will be irrevocably deleted no later than two years after the consent has been given.