Privacy policy for the website idgard.com, the service idgard® and information for applicants, customers, suppliers and interested parties

Preamble

Technical data protection (Privacy by Design) is our business. We not only collect, store and process your personal data according to the regulations of the German Data Protection Regulation (DS-GVO), but we go far beyond this out of respect for your privacy and security needs. In this statement, you will therefore find far fewer words on the individual paragraphs than is otherwise customary on the Internet. This is explicitly not because this statement has not been drafted carefully enough, but because we are able to make the statements with such clarity.

·         Section A informs you about our data protection compliance measures.

·         Section B tells you what personal data we collect from you and how we process it when you use our idgard® service.

·         Section C informs customers, suppliers and interested parties.

·         Section D informs about the processing when visiting our websites (incl. social media).

·         Section E informs applicants about the processing of their personal data.

·         Please refer to Section F for your rights and complaint options.

A. Data protection organization

The responsible party for the data processing that takes place when using the Internet pages www.idgard.com or when using the service IDGARD® is:

Uniscon universal identity control GmbH

Ridlerstrasse 57

80339 Munich

Internet: www.idgard.com

Email: contact@uniscon.com

External data protection officer of Uniscon GmbH

c/o TÜV SÜD Academy GmbH

Westendstrasse 160

80339 Munich

E-mail: datenschutz@uniscon.com

Together with our data protection officer, we conduct a regular review, assessment and evaluation of the effectiveness of our data protection measures. In addition, the idgard® web service is audited for the data protection certificate of the pilot project Data Protection Certification as part of the Trusted Cloud Initiative of the German Federal Ministry for Economic Affairs and Energy (BMWi). In May 2015, the idgard® service became the only cloud vendor to achieve the highest protection class III for the first time in an assessment by TÜV Informationstechnik GmbH (TÜV Nord), a rating that is confirmed by regular retesting and certification. The certificate makes it much easier for the user of the idgard® service to fulfill his control duties. These are incumbent on him, if the use of the service is regarded as “commissioned processing” in the sense of Art. 28 DS-GVO. As a legal consequence, the user’s control obligation can be considered fulfilled by selecting the service idgard® with certificate.

Determine your protection needs at https://www.idgard.com/de/schutzbedarf-check/.

B. Processing of your personal data when using our service idgard®.

(1)   Data collection and processing when using our service idgard®.

Information on data collection and processing when using the idgard service can be found

here: https://www.idgard.com/dse/

C.  Information for suppliers, customers and interested parties

We process the personal data provided by you that is required to enable, fulfill, structure, amend and terminate the contractual relationship.

The provision of the relevant personal data is a prerequisite for the conclusion and performance of the contract. If the personal data is not provided, a proper implementation of pre-contractual measures or a fulfillment of contractual obligations cannot be guaranteed.

The types of data include in particular:

·         Identification data such as title, name

·         Contact data such as address, telephone number and e-mail address

·         Contract and billing data

The purpose for which the personal data is processed is primarily the implementation of pre-contractual measures and the fulfillment of contractual obligations (such as invoicing and payment processing). The legal basis for this results from Art. 6 para. 1 lit. B DS-GVO.

Furthermore, we may process personal data from you on the basis of Art. 6 (1) lit. C DS-GVO, insofar as this is necessary for the fulfillment of legal obligations (e.g. compliance with statutory retention periods) or for the assertion or defense of legal claims.

We also have a legitimate interest in some areas within the meaning of Art. 6 (1) lit. F DS-GVO to process personal data (e.g. advertising measures to existing customers via letter to retain customers and increase sales).

If you give us express consent to process personal data for specific purposes (e.g. advertising purposes, marketing and analysis purposes, newsletters), the processing is based on your consent pursuant to Art. 6 (1) lit. A DS-GVO. You can revoke your consent at any time, with effect for the future, at the contact address given under A.

We only transfer your personal data to other recipients or grant other recipients access to your personal data if this is necessary for the respective purposes of processing this personal data or if we have entrusted other recipients with the fulfillment of individual tasks or services and access to this personal data is necessary or cannot be ruled out as a result.

·         Internal departments involved in the execution of the respective business processes (e.g. purchasing, bookkeeping, accounting, HR, marketing, IT)

·         External service providers for direct independent support of the respective business processes (e.g. courier or delivery service providers, tax consultants, auditors)

·         If applicable, order processors

·         If applicable, to companies within the scope of joint responsibility

The transfer of your personal data to the recipients named above takes place: on the basis of your consent in accordance with Art. 6 Para. 1 lit. A DS-GVO, insofar as this is necessary for the fulfillment of a contract or the implementation of pre-contractual measures with you in accordance with Art. 6 Para. 1 lit. B DS-GVO, on the basis of legitimate interest of the responsible party in accordance with Art. 6 Para. 1 lit. F DS-GVO or on the basis of order processing in accordance with Art. 28 Para. 1 DS-GVO.

In addition, your personal data will be transferred to state institutions or authorities if we are obliged to provide information within the scope of possible legal obligations to provide information or by official or judicial decision. Furthermore, your personal data will be transmitted to state institutions or authorities if this is necessary for the prosecution of criminal offences against us as the injured party or for the assertion, exercise or defense of claims under civil law (legal basis for the processing of your personal data: Legitimate interest of the controller pursuant to Art. 6 (1) lit. F DS-GVO).

As a rule, we do not transfer your data outside the European Union (EU) or the European Economic Area (EEA).

If, in exceptional cases, your personal data is transferred to countries/service providers outside the EU or EEA, we conclude the necessary contracts under data protection law, in particular EU standard contractual clauses, or we take the measures required under Art. 44 et seq. DS-GVO.

We use Zoho CRM as our customer database. The provider is Zoho Corporation B.V., Beneluxlaan 4B, 3527 HT Utrecht, Netherlands. The data is stored on the servers of Zoho Corporation B.V. (Zoho Netherlands) in the Netherlands.

Data transfer and processing in these cases are also carried out in accordance with the requirements of the data protection standards applicable in Germany / the EU. For the fulfillment of the service, we have concluded a contract for commissioned data processing with Zoho.

You have the right to information about your stored data in the customer database at any time and can request a change of the data or its deletion.

Further information on data protection under Zoho CRM can be found online at: https://www.zoho.com/de/crm/gdpr/. For information about the protections under Zoho CRM, please visit the following website online: https://www.zoho.com/security.html.

Data processing by external payment service provider

To process payments, we use the following payment service providers, through whose platform users and we can make payment transactions:

Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland.

GoCardless Ltd Sutton Yard, 65 Goswell Road London, EC1V 7EN United Kingdom.

We use the payment service providers on the basis of Art. 6 (1) lit. B DS-GVO to fulfill our obligations under the contracts. Furthermore, we use the external payment service providers on the basis of our legitimate interests pursuant to Art. 6 (1) lit. F DS-GVO, in particular to offer effective and secure payment options.

When selecting the payment method, you will be forwarded to one of the above-mentioned payment service providers and enter the data required for processing the payment (e.g. account/bank data, credit card data, name/first name). Please note that when using the payment service provider Stripe, data is transmitted to its servers in the USA. In the event that personal data is transferred to the USA, standard contractual clauses pursuant to Art. 46 (2) lit. C DS-GVO have been concluded or consent within the meaning of Art. 49 (1) p. 1 lit. A DS-GVO has been obtained.

We do not receive any account or credit card related information, but only information with confirmation or negative information of the payment. Partially, the data is transmitted on the part of the payment service provider to economic information. This transmission is for the purpose of checking identity and creditworthiness. In this regard, we refer to the terms and conditions and privacy policy of the above-mentioned payment service provider. For payment transactions, the terms and conditions and data protection information of the payment service provider apply, which can be accessed via the following link: https://stripe.com/de/privacy#translation and https://support.gocardless.com/hc/de/articles/360000281005-GoCardless-und-die-DSGVO. We also refer to these for the purpose of further information and assertion of revocation, information and other data subject rights.

D.   Processing of your personal data when visiting our website (incl. social media)

(1)   Data collection and processing when you visit our Internet pages.

As soon as you call up one of our Internet pages, the following data is processed:

·         website visited

·         Date and time at the time of access

·         Amount of data sent in bytes

·         Source/reference from which you reached the page

·         Browser used

·         Operating system used

·         IP address used (if applicable: in anonymized form)

In accordance with Art. 6 Para. 1 lit. f DS-GVO (legitimate interest), we use this information to continuously improve the www.idgard.com website.

This data is stored for a maximum of 7 days in order to clarify possible acts of misuse or fraud and then deleted, unless further storage is necessary for the purposes of preserving evidence until final clarification.

(2)   External Hosting of the website

This website is hosted by an external service provider (hoster). Personal data collected on this website is stored on the hoster’s servers.

The hoster is used in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f DSGVO).

Our hoster will only process your data to the extent necessary to fulfill its service obligations and follow our instructions regarding this data.

To ensure data protection-compliant processing, we have concluded an order processing contract with our hoster.

Our website is located on the web server (hosting) of HostPress GmbH, Bahnhofstraße 34, 66571 Eppelborn, Germany (hereinafter: Hostpress).

If you would like to know more about their data protection, you can find the details in the privacy policy: https://www.hostpress.de/datenschutz/ .

(3)   Use of cookies when visiting our website

In order to make visiting our website more attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your terminal device. Technically necessary cookies are set based on legitimate interest according to Art. 6 para. 1 lit. f DS-GVO. Before using technically unnecessary cookies, we obtain your consent in accordance with Art. 6 Para. 1 lit. a DS-GVO.

Cookie Consent Tool from „One Trust“

We use the Cookie Consent Tool from “One Trust” of OneTrust Technology Limited, 82 St. John Street, London, England, EC 1M 4JN. With this data protection management software, we offer you the possibility to consent to the storage of cookies in a legally compliant manner and to ensure the revocation of consent. Furthermore, the consent is documented for legal proof and the setting of cookies is technically controlled. Cookies are used for this purpose, which saves your cookie settings on our websites. Thus, your cookie settings can be retained when you visit our platforms again, as long as you do not delete the cookies beforehand. You can adjust your settings at any time. The legal basis for processing your personal data is Art. 6 (1) lit. c DS-GVO. When using OneTrust LLC, personal data may be transferred to the USA. In the event that personal data is transferred to the USA, standard contractual clauses pursuant to Art. 46 para. 2 lit. c DS-GVO have been concluded or consent within the meaning of Art. 49 para. 1 sentence 1 lit. a DS-GVO has been obtained. OneTrust stores your cookie preferences for a maximum of 12 months or until you delete the Internet browsing history. For more information about OneTrust’s use of data, please see OneTrust’s privacy policy at https://www.onetrust.de/datenschutzerklaerung/.

Statistical analysis with Google Analytics

On this website we use Google Analytics which is used to analyze the usage behavior of our website. This is a service provided by Google Ireland Limited (“Google”), a company incorporated and operated under the laws of Ireland (registration number: 368047) with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.

We also use the technical extension “Google Signals”, which enables cross-device tracking. This makes it possible to associate an individual website visitor with different end devices. However, this only happens if the visitor has logged into a Google service when visiting the website and has also activated the “personalized advertising” option in their Google account settings. Even then, however, no personal data or user profiles become accessible to us; they remain anonymous to us.

If you do not wish to use “Google Signals”, you can deactivate the “personalized advertising” option in your Google account settings.

However, in the event that IP anonymization is activated on this website, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

This website uses Google Analytics with the extension “_anonymizeIp()”. This means that IP addresses are processed in a shortened form, making it impossible to relate them to a specific person. Insofar as the data collected about you is related to a person, this is therefore immediately excluded and the personal data is thus immediately deleted.

On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

Opt-out cookies prevent the future collection of your data when visiting this website. We do not use the User ID feature, which enables cross-device tracking. Regardless, we recommend that you opt-out on all systems used, as we believe that this is the only way to prevent collection by Universal Analytics across devices. If you click here, the opt-out cookie will be set: Disable Google Analytics

We use Google Analytics to analyze and regularly improve the use of our website. Through the statistics obtained, we can improve our offer and make it more interesting for you as a user. The legal basis for the processing of your data is your consent within the meaning of Art. 6 (1) a DS-GVO or § 25 (1) TTDSG. You have the option to revoke this consent at any time by adjusting your preferences in our cookie settings. In the course of use, data may be transmitted to a server of the company Google LLC in the USA and stored there. In the event that personal data is transmitted to Google LLC. based in the USA, standard contractual clauses have been agreed with Google LLC. Standard Contractual Clauses pursuant to Art. 46 para. 2 lit. c DS-GVO have been concluded or consent within the meaning of Art. 49 para. 1 p. 1 lit. a DS-GVO has been obtained.

You can find more information about the tool, the purpose of processing and the provider’s data protection under the following links:

https://policies.google.com/privacy?hl=de

http://www.google.com/policies/

http://www.google.com/intl/de/analytics/learn/privacy.html

https://support.google.com/analytics/answer/6004245?hl=de

http://www.google.com/analytics/terms/de.html

Google Adwords

We use the offer of Google Adwords to draw attention to our offers with the help of advertising media (so-called Google Adwords) on external websites. We can determine how successful the individual advertising measures are in relation to the data of the advertising campaigns. In this way, we pursue the interest of displaying advertising that is of interest to you, making our website more interesting for you and achieving a fair calculation of advertising costs.

These advertisements are delivered by Google via so-called “ad servers”. For this purpose, we use ad server cookies, through which certain parameters for measuring success, such as display of the ads or clicks by users, can be measured. If you access our website via a Google ad, Google Adwords will store a cookie on your PC. These cookies usually lose their validity after 90 days and, according to Google, are not intended to identify you personally. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be addressed) are usually stored as analysis values for this cookie.

These cookies enable Google to recognize your internet browser. If a user visits certain pages of the website of an Adwords customer and the cookie stored on his computer has not yet expired, Google and we can recognize that the user clicked on the ad and was redirected to this page. A different cookie is assigned to each Adwords customer. Cookies can therefore not be tracked via the websites of Adwords customers. We ourselves do not collect and process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. Based on these evaluations, we can see which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising tools; in particular, we cannot identify users on the basis of this information.

Due to the marketing tools used, your browser automatically establishes a direct connection with Google’s server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our state of knowledge: Through the integration of AdWords Conversion, Google receives the information that you have called up the corresponding part of our website or clicked on an ad from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is the possibility that the provider learns your IP address and stores it.

You can prevent participation in this tracking process in various ways:

·         by adjusting your browser software settings accordingly; in particular, suppressing third-party cookies will result in you not receiving third-party ads

·         by disabling conversion tracking cookies by setting your browser to block cookies from the domain “www.googleadservices.com”, https://www.google.de/settings/ads, which setting will be deleted when you delete your cookies.

·         by disabling the interest-based ads of the providers that are part of the self-regulatory campaign “About Ads”, through the link http://www.aboutads.info/choices, this setting being deleted when you delete your cookies.

·         by permanently disabling them in your Firefox, Internetexplorer or Google Chrome browsers at the link http://www.google.com/settings/ads/plugin. We would like to point out that in this case you may not be able to use all functions of this offer in full.

The legal basis for the processing of your data is your consent within the meaning of Art. 6 Para. 1 lit. a DS-GVO or § 25 Para. 1 TTDSG. You have the option to revoke this consent at any time by adjusting your preferences in our cookie settings. Further information provided by Google on data protection can be found here: http://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html. Alternatively, you can visit the Network Advertising Initiative (NAI) website at http://www.networkadvertising.org. In the course of use, data may be transmitted to a server of the company Google LLC in the USA and stored there. In the event that personal data is transmitted to Google LLC. based in the USA, standard contractual clauses have been agreed with Google LLC. Standard Contractual Clauses according to Art. 46 para. 2 lit. c DS-GVO have been concluded or consents according to Art. 49 para. 1 p. 1lit. a DS-GVO have been obtained.

Remarketing

In addition to Adwords Conversion, we use the Google Remarketing application. This is a procedure with which we would like to address you again. Through this application, our advertisements can be displayed to you during your further internet use after visiting our website. This is done by means of cookies stored in your browser, which Google uses to record and evaluate your usage behavior when you visit various websites. In this way, Google can determine your previous visit to our website. According to its own statements, Google does not combine the data collected in the course of remarketing with your personal data, which may be stored by Google. In particular, according to Google, pseudonymization is used in remarketing.

With the use of Google Remarketing, we pursue the interest of showing you advertising that is of interest to you, to make our website more interesting for you and to achieve a fair calculation of advertising costs. The legal basis for the processing of your data is your consent within the meaning of Art. 6 para. 1 lit. a DS-GVO or § 25 para. 1 TTDSG. You have the option to revoke this consent at any time by adjusting your preferences in our cookie settings. In the course of use, data may be transmitted to a server of the company Google LLC in the USA and stored there. In the event that personal data is transmitted to Google LLC. based in the USA, standard contractual clauses have been agreed with Google LLC. Standard Contractual Clauses pursuant to Art. 46 para. 2 lit. c DS-GVO have been concluded or consent within the meaning of Art. 49 para. 1 p. 1 lit. a DS-GVO has been obtained.

Google reCAPTCHA

We integrate the “reCAPTCHA” function to be able to recognize whether entries (e.g. in online forms) are made by humans and not by automatically acting machines (so-called “bots”). The processed data may include IP addresses, information on operating systems, devices or browsers used, language settings, location, mouse movements, keyboard strokes, time spent on websites, previously visited websites, interactions with ReCaptcha on other websites, possibly cookies as well as results of manual recognition processes (e.g. answering questions asked or selecting objects in images). The data processing is carried out on the basis of our legitimate interest in protecting our online offering from abusive automated crawling and spam; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO); Website: https://www.google.com/recaptcha/; Datenschutzerklärung: https://policies.google.com/privacy;  Opt-Out: Opt-Out- Plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Settings for the display of advertisements: https://adssettings.google.com/authenticated.

Bing Ads

In the context of the use of Bing Ads, a service of Microsoft Corp., One Microsoft Way, Redmond, WA 98052, United States, we use the Bing Conversion Tracking. In this process, a cookie is set on your computer if you have reached our site via a Bing Ads ad. Bing Ads customers (in this case: Uniscon GmbH) learn the total number of users who clicked on their ad and were redirected to a page marked with a conversion tracking tag (e.g. registration via a contact form). You can also disable conversion tracking cookies by setting your browser to block cookies from the domain “flex.msn.com”.

Bing Ads are used to measure the efficiency of our website, to design it according to your needs and to advertise it. The legal basis for the processing of your data is your consent within the meaning of Art. 6 para. 1 lit. a DS-GVO or § 25 para. 1 TTDSG. You have the option to revoke this consent at any time by adjusting your preferences in our cookie settings. In the course of use, data may be transmitted to a server of Microsoft Corp. in the USA and stored there.

In the event that personal data is transmitted to Microsoft Corp., which is based in the USA, standard contractual clauses have been concluded with Microsoft pursuant to Art. 46 (2) lit. c DS-GVO or consent has been obtained within the meaning of Art. 49 (1) sentence 1 lit. a DS-GVO.

LinkedIn Analytics und LinkedIn Ads

We use the conversion tracking technology and the retargeting function of the LinkedIn Corporation on our website.

With the help of this technology, visitors to this website can be served personalized ads on LinkedIn. Furthermore, the possibility arises to create anonymous reports on the performance of the advertisements as well as information on website interaction. For this purpose, the LinkedIn Insight tag is embedded on this website, which establishes a connection to the LinkedIn server if you visit this website and are logged into your LinkedIn account at the same time.

In the privacy policy of LinkedIn at https://www.linkedin.com/legal/privacy-policy you will find more information on data collection and data use, as well as the options and rights to protect your privacy. If you are logged in to LinkedIn, you can deactivate the data collection at any time at the following link: https://www.linkedin.com/psettings/enhanced-advertising

We use the LinkedIn Insight Tags to design our website according to your needs and to promote it. The legal basis for the processing of your data is your consent within the meaning of Art. 6 para. 1 lit. a DS-GVO or § 25 para. 1 TTDSG. You have the option to revoke this consent at any time. Within the scope of use, data may be transmitted to a LinkedIn server in the USA and stored there. In the event that personal data is transferred to LinkedIn, which is based in the USA, standard contractual clauses have been concluded with Facebook Inc. in accordance with Art. 46 (2) (c) of the German Data Protection Regulation (DS-GVO) or consent has been obtained in accordance with Art. 49 (1) sentence 1 (a) of the German Data Protection Regulation (DS-GVO).

Zoho SalesIQ

When visiting our website, anonymized usage data is collected by means of the ZOHO service SalesIQ (https://zoho.eu/salesiq). SalesIQ uses so-called “cookies”, which enable an analysis of our website. You can prevent this “tracking” by making the appropriate settings in your browser. For this purpose, we obtain your consent. The legal basis for the processing of your data is your consent within the meaning of Art. 6 para. 1 lit. a DS-GVO or § 25 para. 1 TTDSG. You have the option to revoke this consent at any time.

We store this data exclusively for statistical purposes. The IP addresses are shortened by the last digits within the scope of the legislation in order to ensure anonymity.

Zoho Page Sense

When visiting our website, anonymized usage data is collected by means of the ZOHO service PageSense (https://zoho.eu/pagesense). Page Sense only records the visit and clicks on our website completely anonymously. There is no conclusion on individual visitors. PageSense only enables us to check the general use of our website in the form of a heat map and consequently display important content at the right place on the individual web pages. No usage data or personal data is collected or stored.

Rocket CDN

We use the service “RocketCDN”. The provider is WP MEDIA, 47 Rue Duquesne, 69006 – Lyon, France (hereinafter “RocketCDN”).

RocketCDN offers a worldwide distributed content delivery network with DNS. This technically routes the transfer of information between your browser and our websites through RocketCDN’s network. This enables RocketCDN to analyze traffic between your browser and our website and serve as a filter between our servers and potentially malicious traffic from the Internet. In doing so. RocketCDN may also use cookies, but they are used solely for the purpose described herein. The use of RocketCDN helps to optimize the loading speeds of the website.

The processing is carried out in accordance with Art. 6 para. 1 lit. f DSGVO on the basis of my legitimate interest in a secure and efficient provision, as well as improvement of the stability and functionality of the website.

You can find more information about security and privacy at RocketCDN here: https://docs.wp-rocket.me/article/1307-rocketcdn

Dealfront

Our website uses the technologies of Dealfront (Liidio Oy as part of Dealfront Group GmbH)

(“Dealfront”) to analyze visitor behavior.

In this process, the IP address of a visitor is processed. This processing has the purpose of helping us understand which businesses (B2B) are visiting our site, by enriching IPs with associated information such as the company name or industry code.

To do this, at the beginning of the visitor’s session, their IP address and corresponding session data is matched against a large whitelist of known companies.

To increase data protection of our visitors we have turned on “IP address anonymization”, so that only shortened values instead of the actual IP addresses will be stored. If the feature is on, we will not store the actual IP address anywhere in our systems, including logs. This anonymization makes it impossible to connect outside IP address information later, preventing identification of an individual person.

As part of this processing, first party cookies are used in order to analyze visitor behavior.

Whenever we process website traffic data, this is based on our legitimate interest (Art. 6 (1) lit. f GDPR) in optimizing our products, services, sales and marketing.

To prevent this processing activity, you (website visitor) may install and configure appropriate ad-blockers or use no-script-plugins in your browser.

Google Double Click

This website uses the online marketing tool DoubleClick from Google Ireland Limited, Gordon House Barrow Street Dublin 4, Ireland (hereinafter: Google). DoubleClick uses cookies to serve ads that are relevant to users, to improve campaign performance reports, or to prevent a user from seeing the same ads more than once. Via a cookie ID, Google records which ads are displayed in which browser and can thus prevent them from being displayed more than once. In addition, DoubleClick can use cookie IDs to record so-called conversions that are related to ad requests. This is the case, for example, when a user sees a DoubleClick ad and later calls up the advertiser’s website with the same browser and buys something there. According to Google, DoubleClick cookies do not contain any personal information.

Due to the marketing tools used, your browser automatically establishes a direct connection with Google’s server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our state of knowledge: Through the integration of DoubleClick, Google receives the information that you have called up the relevant part of our website or clicked on the ad from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is a possibility that the provider learns your IP address and stores it.

You can prevent participation in this tracking process in various ways:

·         by setting your browser software accordingly – the suppression of third-party cookies will result in you not receiving third-party ads;

·         by disabling cookies for conversion tracking by setting your browser to block cookies from the domain www.googleadservices.com (https://www.google.de/settings/ads). This setting will be deleted when you delete your cookies;

·         by permanently disabling them in your Firefox, Internet Explorer or Google Chrome browsers (plug ins available at the link http://www.google.com/settings/ads/plugin). We would like to point out that in this case you may not be able to use all functions of this offer in full.

The legal basis for the processing of your data is the consent you have given via the cookie consent tool (Art. 6 para. 1 sentence 1 lit. a) DSGVO). For more information about DoubleClick by Google, please visit: https://www.google.de/doubleclick and http://support.google.com/adsense/answer/2839090, also: https://www.google.de/intl/de/policies/privacy .

(4)              Data processing when using our company presences in social media.

Our company operates the following company presences in the social networks:

Twitter
Facebook
LinkedIn
Youtube
XING

Joint responsibility and legal basis

As operators of these company presences, we jointly process personal data with the respective provider of the social network (joint responsibility pursuant to Art. 26 DS-GVO). With the creation and publication of our company presences, we have accepted the terms of use of the respective social network, which regulate the conditions for the use of the site and the resulting data processing.

Our purpose is to present our company in common communication media and to offer applicants, interested parties and other persons a form of communication with our company that they prefer and that is common in today’s world. The legal basis for the processing of your data is your consent within the meaning of Art. 6 Para. 1 lit. a DS-GVO or § 25 Para. 1 TTDSG. You have the option to revoke this consent at any time.

We would like to point out that the use of social media by you, in particular the interactions with the networks such as posting and sharing is at your own responsibility and you can alternatively contact us via the contact form on the website or by mail/letter/phone.

Data processing during a visit to one of our company presences in the social networks.

According to our state of knowledge, we inform you as follows about the data processing that occurs through the use of our appearances in social media.

When you visit one of our company presences in a social network, the provider of the social network receives information about your person, your surfing and usage behavior, your interactions and your respective location by collecting your IP address and using cookies, pixels and web beacons. From this information, the provider of the social network forms a user profile. We cannot exclude that data stored in the user profiles is stored across devices and/or that the user profile is linked to your data stored in the network.

The social network uses the information about you collected in this way to compile statistics about the use and user structure of the network and to place interest-based advertising within and outside the network. The advertising models of social networks also provide that the social networks transmit data about your usage behavior to third parties (advertising partners) outside the network or receive data from them about your browsing/usage behavior from outside the network.

The social networks Facebook and LinkedIn provide advertisers with their offers “Facebook Insights” and LinkedIn Website Demographics) with anonymized statistical data, e.g. information on page views, activities, proportion of men/women, professional position, company sector and much more (see https://www.facebook.com/iq/tools-resources/audience-insights and https://www.linkedin.com/help/lms/answer/82351). We have no influence on the data processing that takes place for this purpose, cannot prevent it, and do not have access to the underlying data.

We use these offers to better understand the structure of our users and their interests and to design our site accordingly. Furthermore, we and the providers of the social networks can better target advertising in this way, because we learn, for example, information about the demographic, geographic distribution or about the gender of the users. In this way, we can identify trends in our users from the statistics and show them more relevant content.

When using the services Facebook, Instagram, Twitter and Linkedin, data may be transmitted to a server of Facebook, Instagram, Twitter or Linkedin in the USA and stored there. In the event that personal data is transmitted to the providers based in the USA, standard contractual clauses pursuant to Art. 46 (2) lit. c DS-GVO have been concluded with the providers or consent within the meaning of Art. 49 (1) sentence 1 lit. a DS-GVO has been obtained.

Your rights as a data subject

From the terms of use, which we accepted when creating our company websites, it is regulated that you contact the respective provider of the social network regarding your rights as a data subject to information, objection, correction, restriction of processing, transferability and deletion, as only this provider has access to your data. You can obtain the information on the data protection of the providers here:

·         Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) – Privacy Policy: https://www.facebook.com/about/privacy/, Opt-Out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com,

·         Xing (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany) – privacy policy/opt-out: https://privacy.xing.com/de/datenschutzerklaerung.

·         LinkedIn (LinkedIn Ireland, Wilton Place, Dublin 2, Ireland) https://www.linkedin.com/legal/privacy-policy

(5)   Social Media – use of ocial plug-ins

We currently use the following social media plug-ins: Facebook, Twitter, Google+, Youtube, linkedin and Xing. We use the so-called “Shariff” solution for this. This means that when you visit our site, no personal data is initially passed on to the providers of the plug-ins. You can recognize the provider of the plug-in by the mark on the box above its initial letter or logo. We open up the possibility for you to communicate directly with the provider of the plug-in via the button. Only if you click on the marked box, the plug-in provider receives the information that you have called up the corresponding website of our online offer. In addition, the data mentioned under B (1) of this declaration is transmitted. In the case of Facebook and Xing, according to the respective providers in Germany, the IP address is anonymized immediately after collection. By clicking on the respective plug-in, personal data is therefore transmitted from you to the respective plug-in provider and stored there (in the case of US providers, in the USA). Since the plug-in provider collects the data in particular via cookies, we recommend that you delete all cookies via your browser’s security settings before clicking on the grayed-out box.

We have no influence on the collected data and data processing operations, nor are we aware of the full scope of data collection, the purposes of processing, the storage periods. We also have no information on the deletion of the collected data by the plug-in provider.

The plug-in provider stores the data collected about you as usage profiles and uses them for purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (also for users who are not logged in) for the display of needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact the respective plug-in provider to exercise this right. Via the plug-ins, we offer you the opportunity to interact with the social networks and other users, so that we can improve our offer and make it more interesting for you as a user. The legal basis for the use of the plug-ins is your consent within the meaning of Art. 6 para. 1 lit. a DS-GVO or § 25 para. 1 TTDSG.

The data transfer takes place regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in to the plug-in provider, your data collected from us will be directly assigned to your account with the plug-in provider. If you click the activated button and link to the page, for example, the plug-in provider also saves this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, but especially before activating the button, as this allows you to avoid an assignment to your profile with the plug-in provider.

For more information on the purpose and scope of data collection and its processing by the plug-in provider, please refer to the data protection declarations of these providers provided below. There you will also receive further information about your rights in this regard and setting options for protecting your privacy.

·      http://www.facebook.com/policy.php; weitere Informationen zur Datenerhebung: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications as http://www.facebook.com/about/privacy/your-info#everyoneinfo.

·      https://www.google.com/policies/privacy/partners/?hl=de.

·      https://twitter.com/privacy

·      http://www.linkedin.com/legal/privacy-policy.

·      http://www.xing.com/privacy.

(6)   Data processing when using our contact form, registering for webinars, free trial access, requesting information incl. press inquiries.

If you contact us to request information, use a free trial access, register for a webinar or other, we process the data you provide to process your request (within the scope of your consent, for contract fulfillment, due to legitimate interest – Art. 6 (1) lit. a, b and f DS-GVO). When registering for webinars, requesting documents / additional software or registering an idgard® account as an administrator, we use your data to send you our newsletter (see next paragraph).

A storage of the data entered by you takes place as long as this is necessary for the processing of your request (maximum: for the legal retention period).

(7)   Data processing when ordering our newsletter

You have the option of subscribing to our e-mail service via our website, e.g. by ticking the relevant box when registering for a webinar or a download, or by signing up for the newsletter (consent pursuant to Art. 6 (1) lit. a DSGVO). After registering via the website, you will receive an email asking you to confirm your registration (double opt-in procedure). Only after your confirmation will we send you e-mails.

We then use the information you provide to send you information about cloud computing and our offers (e.g. idgard®). (monthly newsletter, information tailored to my interests/questions and personalized emails).

You can revoke your consent at any time by using the unsubscribe link at the end of each email or email to contact@idgard.de. With your objection your data will be deleted immediately, unless you have deposited them with us in another context (e.g. for ordering/booking idgard®) and these are then subject to the legal storage obligations.

Please note that our offers are directed exclusively to business customers and users, but not to consumers according to Art. 2 Directive 93/13/EEC.

Transfer of your data to service providers

As part of our services, we commission service providers so that your data may be transferred to the data centers of these service providers and hosted there. There are order processing agreements with these service providers in accordance with Art. 28 DS-GVO.

We use tools from Zoho Corporation B.V. (Zoho One) to send the newsletter and personalized e-mailings. The legal basis for this is your consent according to Art. 6 para. 1 lit. a DS-GVO.

The web servers and storage used for the operation of idgard® are located exclusively in the Federal Republic of Germany and exclusively under the sovereignty of Uniscon GmbH.

Automated decision making

Automated decision-making including profiling according to Article 22 (1), (4) DSGVO does not take place within the scope of your visit to this website.

E.  Information for applicants

(1)   Verarbeitung bei Zusendung einer Bewerbung

If you would like to send us your application, please use the applicant portal on our website. Your application will then be sent directly to authorized employees in our human resources department and processed there. If we are interested in your application, your application will be forwarded internally to the respective head of department, and an invitation will then be sent via our HR department.

In the course of your application, the following data can be processed by us:

• Master data (name, academic title, address, date and place of birth, gender)

• If provided: marital status, children, religion and nationality

• Contact details (telephone number, email address)

• Certifications, information on school and professional training, completed training courses for further and advanced training and qualifications, language skills, other qualifications

• Data from application, cover letter, curriculum vitae, certificates, evidence of school and vocational training, diplomas

• Performance data (test results from programming tests)

 

Your personal data will be processed in particular for the following purposes:

• for the decision on the establishment of an employment relationship

• for carrying out the application process

• to communicate with you

• for the implementation of pre-contractual measures and

• for the inclusion of your applicant data in an applicant pool

Your data will only be processed for purposes other than those mentioned if this processing is compatible with the purposes. We will inform you before such further processing of your data about this processing and, if necessary, obtain your consent to this.

We process your data for the purpose of establishing the employment relationship in accordance with Article 88 (1) GDPR in conjunction with Section 26 (1) BDSG, Article 6 (1) sentence 1 lit. b GDPR.

For the inclusion of your application documents in our pool of applicants, we obtain your informed and express consent in accordance with Article 6 Paragraph 1 Clause 1 Letter a and Articles 5, 7 GDPR.

Furthermore, we can process your personal data if this is necessary to fulfill legal obligations (Art. 6 Para. 1 lit. c DS-GVO) or to defend against legal claims asserted against us (Art. 6 Para. 1 lit. f DS- GMO) is required. The legitimate interest is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).

Your personal data will only be transmitted or disclosed to external bodies to the extent that this is required by law or (in the case of concluding an employment contract) to fulfill the employment contract concluded with you (e.g. to tax and social security authorities, banks, auditor), or on the part of us or an external body a legitimate interest in the above makes sense and the transmission is permissible under the data protection regulations.

Your personal data and information may also be disclosed for legitimate purposes by our agents and our contractors who perform a service for us, including insurers and consultants, insofar as this is permitted in individual cases under data protection regulations. If your consent or separate information is required for this, we will obtain your consent beforehand or inform you of this in good time. Your personal data may also be transferred to service companies to carry out data processing tasks. We observe the data protection regulations.

As a rule, we do not transmit your data outside of the European Union (EU) or the European Economic Area (EEA).

If, in exceptional cases, your personal data is transferred to countries/service providers outside the EU or EEA, we will conclude the necessary data protection contracts, in particular EU standard contractual clauses, or we will take the measures required under Art. 44 et seq. GDPR .

Applicants from the technical field may be asked to take a test of their programming skills as part of the application process. For this purpose, we use the platform “coderbyte” (Coderbyte Enterprise Inc, 434 Washington Street, Carlstadt, NJ 07072, USA).

If there is no legal retention period, your personal data will be deleted as soon as storage is no longer necessary or the legitimate interest in storage has expired. If you are not hired, this is usually the case no later than six months after the end of the application process. If you have not been hired, but your application is still of interest to us, we will ask you whether we may keep your application for future vacancies. In the event that you have consented to longer storage of your personal data in accordance with Article 6 Paragraph 1 lit.

Your personal data is usually provided or transmitted to us directly by you by e-mail, post or the online application process. There is also the possibility that we receive your personal data, including application documents, from temporary employment agencies, online job portals, job agencies and headhunters.

Applicant software HRWorks

We use the personnel and applicant management software from HRworks GmbH (https://www.hrworks.de/unternehmen/impressum/). As part of your application, HRworks processes personal data on behalf of and for the purposes of the company to which you are applying. The data transmitted in connection with your application will be stored on a server within the European Union and encrypted during transmission.

The company that carries out this application process is solely responsible within the meaning of Art. 4 No. 7 GDPR. HRworks is only the operator of the applicant management software and the application form and acts in this relationship as a processor according to Art. 28 DSGVO.

The basis for processing by HRworks is a contract for order processing between the responsible body, unicon GmbH, and HRworks. In addition, HRworks processes additional data, some of which may also be personal data, to provide services such as this application form.

F.  Your rights as a data subject

(1)   Your right to information, correction, restriction of processing, objection, data portability

In accordance with Articles 15 et seq. GDPR, you have the right to:
• that we provide you with information about your data categories stored by us, processing purposes and, if possible, storage period
• that we correct or delete your data, whereby data deletion is only possible if there are no statutory retention periods
• to object to the data processing and/or to restrict the data processing under the conditions of Article 18 or 21 GDPR
• that we provide you with your data in a structured, common, machine-readable format (usually as a .doc or .xls file).
• that you revoke your consent at any time and without incurring any costs.

Please send an email to datenschutz@uniscon.com or to our data protection officer.

(2)   Right of appeal to a supervisory authority

You have the right to complain to the supervisory authority. The authority responsible for us is:

Bavarian State Office for Data Protection Supervision (BayLDA)

Promenade 27, 91522 Ansbach

Tel. (0981) 53 1300, email poststelle@lda.bayern.de

You can use the complaint form provided by the BayLDA for your complaint:

https://www.lda.bayern.de/de/beschwerde.html

Munich, January 2024

Contact

uniscon GmbH
Ridlerstraße 57
80339 München

Internet:  www.idgard.com
Email: contact@uniscon.com