Skip to main content

Data Protection Policy

1. Introduction

Thank you for visiting our website. We take data protection very seriously and strive to protect your personal data within the framework of our website offer.

Within the meaning of Art. 4 No. 1 of the EU General Data Protection Regulation (GDPR) we define personal data as all data relating to the personal and factual circumstances of a natural person. Personal data collected on our website is used exclusively for our own purposes.

1.1 Hosting provider

Our website is hosted on the server of a hosting provider (currently: Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen) in the Federal Republic of Germany. The personal data processed by us and described in detail below is stored on this server. Our systems are consistently encrypted according to the state of the art. Strictly speaking, access by the hosting provider to the personal data should therefore hardly be possible. Nevertheless, we have concluded an order processing agreement with the hosting provider purely as a precaution.

2. Data protection contact

Responsible for the data processing within the meaning of Art. 4 No. 7 GDPR is

ifp – Institut für Personal- und Unternehmensberatung,
Will und Partner GmbH & Co. KG
Brückenstraße 21
50667 Köln
Tel: +49 (0) 2 21 / 20 50 60
E-Mail: ed.en1731003307ilno-1731003307pfi@o1731003307fni1731003307

Date protection officer within the meaning of Art. 37 GDPR is

SICODA GmbH
Rechtsanwalt Oliver Gönner
Tel: +49 (0) 2 28 / 28 61 40 61
E-Mail: ed.en1731003307ilno-1731003307pfi@z1731003307tuhcs1731003307netad1731003307

3. Legal basics

The legal basis for our data processing within the EU General Data Protection Regulation results from Art. 6 GDPR. In detail, depending on the situation in which we process your data, different legal bases may arise.

Consent
If your consent for processing operations of personal data has been obtained, Art. 6 Abs. 1 lit. a) GDPR is the legal basis for data processing. Consent given can be revoked with effect for the future at any time.

Contract
If data has been collected for the performance of a contract to which you are a party, the legal basis is Art. 6 Abs. lit. 1 b) GDPR This also applies to processing operations that are necessary for the performance of pre-contractual measures.

Statutory duty
If the processing of data is necessary for the fulfilment of a statutory duty to which our company is subject, Art. 6 Abs. 1 lit. c) GDPR serves as the legal basis.

Vital interests
If your or another natural person’s vital interests make the processing of data necessary, Art. 6 Abs. 1 lit. d) GDPR is the legal basis.

Legitimate interest
If the processing is necessary to protect a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first mentioned interest, Art. 6 Abs. 1 lit. f) GDPR serves as legal basis for the processing. Our company’s legitimate interest consists in carrying out our business activities.

Employment relationship
According to Art. 88 GDPR in conjunction with section 26 of the Federal Data Protection Act (BDSG), personal data of employees shall be processed for the purposes of the employment relationship if it is necessary for the establishment of an employment, its implementation or termination or for the exercise or fulfilment of the right and obligations of the employee’s representation of interests resulting from a law or collective agreement, a company agreement or a service agreement.

4. Rights of data subjects

Within the context of us processing data, your personal data will be processed. Towards our company, you are entitled to the rights given in the third chapter of the GDPR.

You have

  • the right to request information about your personal data processed by us to the extent specified in Art. 15 GDPR;
  • the right to request the correction of incorrect or incomplete personal data stored by us without delay according to Art. 16 GDPR;
  • the right to request the deletion of your personal data stored by us in accordance with Art. 17 GDPR, unless further processing is necessary to exercise the right to freedom of expression and information; to comply with legal obligations; for reasons of public interest or to assert, exercise or defend legal claims;
  • the right to demand the restriction of the processing of your personal data according to Art. 18 GDPR if you deny the accuracy of the data; the processing is illegal but you object its erasure; we no longer require the data but you need it for the assertion, exercise or defense of legal claims; or you objected to the processing in accordance with Art. 21 GDPR;
  • he right to receive the personal data that you have provided for us in a structured, common and machine-readable format or to request its transfer to another controller according to Art. 20 GDPR;
  • the right to object to the processing of personal data concerning you according to 21 GDPR if the processing is based on a legitimate interest;
  • the right to complain to a supervisory authority according to Art. 77 GDPR As a rule, you can contact the supervisory authority located at your place of residence, workplace or our company headquarters for this purpose.

5. Storage duration

We only store your personal data as long as necessary and permissible for the purpose for which the data was collected, unless legal retention periods prevent deletion, or you have given us your express consent to continue storing your personal data.

If certain data is subject to statutory retention periods, we store them until the corresponding retention periods have expired.

If you have given us your express consent to continue storing certain data, we will retain your data until you revoke your consent. The following e-mail address can be used for revocation: ed.en1731003307ilno-1731003307pfi@f1731003307urred1731003307iw1731003307.

6. Data transfer

In some cases, we may transfer your personal data to a service provider that has its headquarters in a so-called third country, a country outside the EU/EEA.

In these cases, we ensure that the requirements imposed by the GDPR pursuant to Art. 44 et seq. GDPR for a third country transfer are fulfilled.

7. Contact form/e-mail

IThe contact forms available on our website enable you to send us any data. This data will be forwarded by e-mail from our web server to our company’s e-mail box.

When sending a message, the following data is stored:

  • Ihre IP-Adresse
  • Datum und Uhrzeit der Nachrichtenabsendung

Please note that communication via the contact form is not encrypted. Please use a secure communication channel to ensure confidential communication in your own interest. For this purpose, you can use one of the e-mail addresses provided as an alternative means of contact.

By sending your message, you agree that we may process your personal data for the purpose of handling your contact request. You can object to the processing at any time and without giving reasons. However, please note that in the event of your revocation we will no longer be able to deal with your request.

The legal basis for the processing of your personal data is your consent in accordance with Art. 6 (1) a) GDPR if it is a contact request.

If the contact is established in connection with the initiation or implementation of a contract, the legal basis is Art. 6 para. 1 lit b) GDPR.

8. Web analytics

The following of your data is processed in the context of the web analysis:

  • the type and version of the browser used (if transmitted by the user)
  • the operating system
  • the date and time of the server request
  • the number of visits
  • the time spent on the website
  • the website previously visited (if transmitted by the user)
  • the user’s IP address is anonymized before it is stored.

The collection, processing and use of this data as well as its evaluation is solely done for statistical purposes and for optimizing the website content. We use these statistics exclusively to measure activities and to improve or adapt our websites to the needs of users. The statistics are created with already anonymized data. It is not possible to establish a personal reference.

The legal basis is according to Art. 6 para. 1 lit. f) GDPR

This analysis takes place exclusively on our server.

9. Application

You may apply for open positions directly via our website and send us your application documents.

All personal data processed by us within the scope of the establishment, implementation or termination of the employment relationship shall be processed in accordance with the statutory data protection provisions.

According to Art. 88 GDPR in conjunction with , personal data of employees shall be processed for the purposes of the employment relationship if it is necessary for the decision on the establishment of an employment relationship or, after the establishment of an employment relationship, for its implementation or termination or for the exercise or fulfilment of the rights and obligations of the employee’s representation of interests resulting from a law or collective agreement, a company agreement or a service agreement.

The data is processed for the duration of the employment relationship. Any further processing will only take place if we are obliged to store the personal data of our employees due to other legal regulations if you have given us your consent to do so or if this is legally permissible.

If your application is not successful, we will delete your personal data after 7 months at latest.

If you have given us your consent to also use your personal data to contact you about other positions that may be of interest to you during the application process, we will store your personal data until you revoke your consent. Please send your revocation to ed.en1731003307ilno-1731003307pfi@f1731003307urred1731003307iw1731003307. In the event of a revocation, the stored data will be deleted immediately.

10. Web server logs

Within the context of the use of our internet offer, the connection information is stored in the server log files.

Such information includes:

  • IP address of the calling system
  • browser information such as operating system used and screen resolution
  • web page accessed
  • original website
  • time of the call

The web server logs are processed exclusively for security purposes. The legal basis for this processing is Art. 6 Abs. 1 lit. f) GDPR, the legitimate interest of the person responsible.

We only use the log data for statistical evaluations for the purpose of the operation, security and optimization of the offer. However, we reserve the right to subsequently check the log data if there is a justified suspicion of unlawful use due to concrete indications.

11. Wordfence

For security purposes, the Wordfence firewall operated by Defiant Inc, 800 5th Ave, Suite 4100, Seattle, WA 98104, is used. Wordfence protects the website from unauthorized third parties attempting to obtain personal information, embed malware on the website, or perform other illegal activities.

As part of this, the following data is processed: visitor IP address, visitor proxy address, URL visited, full HTTP header, HTTP request text and file name if malware was detected. This data is processed for security purposes only.

The legal basis for the use of the firewall is our legitimate interest in ensuring the security of our website pursuant to Art. 6 para. 1 lit. f) GDPR. For more information on data protection at Wordfence, please visit: https://www.wordfence.com/privacy-policy/.

12. Social media

As part of our social media presence, we maintain a company page on the following social media platforms:

  • LinkedIn
  • Xing
  • Kununu

If you visit our company page on one of these social media platforms, your personal data may be processed.

12.1 LinkedIn

For the purpose of processing personal data within our LinkedIn page, we are a joint controller with LinkedIn Ireland Unlimited Company (“LinkedIn”), Wilton Plaza, Wilton Place, Dublin 2, Ireland.

If you visit our LinkedIn page and respond to our content, your personal data such as your username, the content published by you on LinkedIn and your responses to content published by our company may be processed by us in such a way that we respond to them or mention your account or your content in content published by us.

Users can object to certain kind of data processing by LinkedIn. Options for that can be found here: https://www.linkedin.com/help/linkedin/answer/93516/widerspruch-gegen-die-datenverarbeitung-einschrankung-der-datenverarbeitung?lang=en

LinkedIn provides us with statistics for our website in form of anonymized company page analytics which help us gain insights into the performance of our company page. LinkedIn processes your data shared with LinkedIn when you visit, follow or interact with our site. We have established a separate agreement with LinkedIn for this purpose. It can be found here: https://legal.linkedin.com/pages-joint-controller-addendum. LinkedIn has agreed to assume responsibility regarding this processing and obligations regarding the guarantee of data subjects’ rights. More information can be found here: https://www.linkedin.com/help/linkedin/answer/a547077/linkedin-page-analytics-overview?lang=en.

This processing of personal data serves our legitimate interest in communication via the medium LinkedIn and the optimization of our offer on this medium. The legal basis for processing this data is our overriding legitimate interest in this processing pursuant to Art. 6 para. 1 lit. f) GDPR.

LinkedIn Ireland Unlimited Company (“LinkedIn”), Wilton Plaza, Gardner House 4,5,6 2 Dublin, Ireland is responsible for the further processing of personal data in the context of the use of LinkedIn.

Among other things, LinkedIn processes the data you voluntarily provide when using you LinkedIn account, such as your name, username, e-mail address and telephone number.

If you publish and share content on LinkedIn, LinkedIn can evaluate it to find out which topics you are interested in and to send you information about similar content and, if applicable, advertising.

In addition to that, LinkedIn also collects so-called log data such as your IP address, your browser type, the operating system you use, information about the website you previously visited and the pages you accessed, your location, your mobile phone provider, the end device you use, the search terms you used and cookie information. Please note that this data is also processed by LinkedIn if you do not have a LinkedIn account.

If you have a LinkedIn account, you may have the option the restrict the processing of your personal data by LinkedIn within the framework of the settings for your LinkedIn account.

We have no knowledge of and no influence on the scope and nature of the data processing and the further processing and use of your personal data by LinkedIn.
More information on data processing by LinkedIn here: https://de.linkedin.com/legal/privacy-policy.

We expressly point out that the use of LinkedIn may result in the transfer of personal data to a country outside the EU/EEA (a so-called third country) where the level of protection of the GDPR regarding personal data cannot be guaranteed.

12.2 Xing

We use the services of Xing (New Work SE, Am Strandkai 1, 20357 Hamburg, Germany) to present our company and to look for new employees and contact them via Xing.

We would like to point out that you use Xing service and its functions on your own responsibility. This applies in particular to the use of interactive functions (e.g., sharing, commenting). Alternatively, you can also access the offered information via our offer on the internet at https://www.xing.com/pages/ifp-personalberatungmanagementdiagnostik abrufen.

The data collected about you when using the service is processed by Xing and may be transferred to countries outside the European Union. This data includes your IP address, the application you use, details about the terminal device you use (including device ID and application ID), information about websites you have visited, your location and your mobile phone provider.

This data is assigned to the data of your Xing account or profile. We have no influence on the type and scope of the data processed by Xing, the type of processing and use of the transfer of this data to third parties. More information about which data is processed by Xing and for which purposes can be found in the Xing data protection declaration (https://privacy.xing.com/en/privacy-policy) . To find out whether and which personal data is processed by Xing look here: https://privacy.xing.com/de/datenschutzerklaerung/welche-rechte-koennen-sie-geltend-machen/auskunftsrecht.

We also process your data if you contact us via the Xing platform. In this case, Xing collects your data and makes it available to us. Under certain circumstances, we may also store and process your data further.

Data freely published and disseminated by you on Xing may be used by us and made available to third parties.

The click path function allows us to see hits from logged in users on our Xing page, including our job offers. If you do not want us to see that you have seen our offers, you should log out before accessing them.

There are options for you to restrict the processing of your data in the settings. In addition to that, you can restrict Xing’s access to contact and calendar data, photos, location data etc. on mobile devices (smartphones, tablet computers) in the setting options there. However, this depends on the operating system you use. Further information about this here: https://privacy.xing.com/de/ihre-privatsphaere.

If you have given your consent regarding the processing of the aforementioned data to the social network provider with effect for us, the legal basis is Art. 6 para. 1 lit. a) GDPR.

12.3 Kununu

We mantain a profile on Kununu operated by New York SE, Am Strandkai 1, 20357 Hamburg, Germany. Employees can rate our company and leave information about salary there.

We would like to point out that you use the Kununu offered here and its functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g., rate). As a rule, data about your identity will not be transmitted to us. More about that can be found here: https://arbeitgeber-support.kununu.com/hc/de/articles/5259259147281-Herausgabe-der-User-Daten.

The data collected about you when you use the service is processed by Kununu and may be transferred to countries outside the European Union. This data includes your IP address, the application you use, information about the terminal device you use (including device ID and application ID), information about websites you visited, your location and your mobile provider.

Information on what data is processed by Kununu and for what purposes can be found in Xing’s privacy policy (https://privacy.xing.com/en/privacy-policy) as well as on the possibility to find out whether and which personal data concerning you is processed by Xing. https://privacy.xing.com/de/datenschutzerklaerung/welche-rechte-koennen-sie-geltend-machen/auskunftsrecht.

The insights feature allows us to view aggregated statistical data from our company site.

You can restrict the processing of data your data in the settings. In addition, you can restrict Xing’s access to contact and calendar data, photos, location data, etc. on mobile devices (smartphones, tablet computers) in the setting options there. However, this depends on the operating system used. Further Information on these points is available at: https://privacy.xing.com/en/your-privacy.

If you have given your consent to the social network provider for the aforementioned data processing with effect for us, the legal basis is Art. 6 (1) lit. a GDPR.