Privacy policy

Thank you for visiting our website. We take data protection very seriously and are committed to protecting your personal data within the scope of our website offering.

By personal data we mean all data concerning the personal and factual circumstances of a natural person. Personal data collected on our website is used exclusively for our own purposes.

1 Legal basis of data processing

The legal basis for data processing within the framework of the EU General Data Protection Regulation for our data processing results from Art. 6 DS-GVO. In detail, depending on the situation in which we process your data, different legal bases may arise.

Consent

Insofar as your consent has been obtained for processing operations of personal data, Article 6 I a) DS-GVO is the legal basis for the data processing. Consent given can be revoked at any time with effect for the future.

Contract

When processing personal data collected for the performance of a contract to which you are a party, Article 6 I b) DS-GVO is the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

Legal obligation

Insofar as processing of personal data is necessary to comply with a legal obligation to which our company is subject, Article 6 I c) DS-GVO serves as the legal basis.

Vital interests

In the event that vital interests of you or another natural person make processing of personal data necessary, Article 6 I d) DSGVO is the legal basis.

Legitimate interest:

If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest, Article 6 I f) DS-GVO serves as the legal basis for the processing. The legitimate interest of our company lies in the performance of our business activities.

Employment relationship

Pursuant to Article 88 of the General Data Protection Regulation (DS-GVO) in conjunction with Section 26 of the Federal Data Protection Act (BDSG), personal data of employees are processed for the purposes of the employment relationship if this is necessary for the decision on the establishment of an employment relationship or, after the establishment of the employment relationship, for its implementation or termination or for the exercise or fulfilment of the rights and obligations of the employees’ representation of interests resulting from a law or collective agreement, a company or service agreement (collective agreement).

2 Data subject rights

Within the scope of our data processing, personal data relating to you will be processed. You are entitled to the rights from the third chapter of the GDPR against our company.

We observe the rights to information, correction, restriction of processing, deletion or transferability of your personal data. You can assert these rights as follows:

Right of access

You have the right to request confirmation from us as to whether we are processing personal data relating to you. If this is the case, you have the right to access this personal data and to be informed of the following:

(a) the purposes of processing;

b) the categories of personal data processed;

(c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organisations;

(d) if possible, the envisaged duration for which the personal data will be stored or, if this is not possible, the criteria for determining that duration;

(e) the existence of a right to obtain the rectification or erasure of personal data concerning you, or the restriction of processing by the controller, or a right to object to such processing;

(f) the existence of a right of appeal to a supervisory authority;

(g) if the personal data are not collected from the data subject, any available information on the origin of the data;

(h) the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) and, at least in such cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

If personal data are transferred to a third country or to an international organisation, you have the right to be informed about the appropriate safeguards pursuant to Article 46 of the GDPR in connection with the transfer.

We will provide you with a copy of the personal data that is the subject of the processing. For any further copies you request, we may charge a reasonable fee based on administrative costs. If you make the request for access electronically, we must provide the information in a commonly used electronic format unless you specify otherwise.

The right to receive a copy must not affect the rights and freedoms of other people.

Right to rectification

You also have the right to request that inaccurate personal data relating to you be rectified without undue delay. Taking into account the purposes of the processing, you have the right to request that incomplete personal data be completed, including by means of a supplementary declaration.

Right to erasure (“right to be forgotten”)

You also have the right to request that we erase personal data relating to you without undue delay and we are obliged to erase personal data without undue delay if one of the following reasons applies:

(a) the personal data is no longer necessary for the purposes for which it was collected or otherwise processed.

b) You withdraw your consent on which the processing was based pursuant to Article 6 I lit. a DS-GVO or Article 9(2)(a) and there is no other legal basis for the processing.

c) You object to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2).

(d) The personal data have been processed unlawfully.

(e) erasure of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which we are subject.

(f) the personal data have been collected in relation to information society services offered in accordance with Article 8(1).

(Where we have made the personal data public and we are obliged to erase it pursuant to paragraph 1, we shall take reasonable steps, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers processing the personal data that you have requested the erasure of all links to, or copies or replications of, those personal data. This does not apply insofar as the processing is necessary a) for the exercise of the right to freedom of expression and information; b) for compliance with a legal obligation which requires processing under Union or Member State law to which we are subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us; (c) for reasons of public interest in the field of public health pursuant to Article 9(2)(h) and (i) and Article 9(3); (d) for archiving, scientific or historical research purposes in the public interest or for statistical purposes pursuant to Article 89(1), where the right referred to in paragraph 1 is likely to make impossible or seriously prejudice the achievement of the purposes of such processing; or (e) for the establishment, exercise or defence of legal claims.

Right to restriction of processing

(1) You have the right to request us to restrict processing if

a) the accuracy of the personal data is contested by you, for a period of time which allows us to verify the accuracy of the personal data;

b) the processing is unlawful and you object to the erasure of the personal data and request the restriction of the use of the personal data instead;

(c) we no longer need the personal data for the purposes of processing, but you need it for the establishment, exercise or defence of legal claims; or

(d) you have objected to the processing pursuant to Article 21(1) as long as it has not yet been determined whether our legitimate grounds override yours.

(2) Where processing has been restricted in accordance with paragraph 1, those personal data may be processed, apart from being stored, only with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of substantial public interest of the Union or of a Member State. 4.5.2016 L 119/44 Official Journal of the European Union EN

(3) A data subject who has obtained a restriction of processing pursuant to paragraph 1 shall be informed by the controller before the restriction is rescinded.

Notification obligation in connection with the rectification or erasure of personal data or the restriction of processing

We shall notify all recipients to whom personal data have been disclosed of any rectification or erasure of personal data or restriction of processing pursuant to Article 16, Article 17(1) and Article 18, unless this proves impossible or involves a disproportionate effort. We will inform you of these recipients if you so request.

Right to data portability

(1) You have the right to receive the personal data relating to you that you have provided to us in a structured, commonly used and machine-readable format and you have the right to transfer this data to another controller without hindrance from us to whom the personal data has been provided, provided that

(a) the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) or on a contract pursuant to Article 6(1)(b); and

(b) the processing is carried out by automated means.

(2) When exercising your right to data portability under paragraph 1, you have the right to obtain that the personal data be transferred directly from us to another controller, where technically feasible.

(3) The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to Article 17. This right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

(4) The right referred to in paragraph 2 shall not affect the rights and freedoms of other persons.

You also have the right to consult our Data Protection Officer about the above rights and about any matter relating to the processing of your personal data.

Right to complain

You also have the right to lodge a complaint with the relevant supervisory authorities.

Right to object

In accordance with Article 21(1) of the GDPR, you have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data based on Article 6(1)(e) GDPR (data processing in the public interest) or Article 6(1)(f) GDPR (data processing for the purposes of legitimate interests).
In the event of your objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.

3 Web server logs

In the course of using our website, connection information is stored in server log files.

This information includes:

• IP address of the calling system
• Browser information such as operating system used and screen resolution
• Web page called up
• source website
• time of the call
• The web server logs are processed exclusively for security purposes.

We use the log data only for statistical evaluations for the purpose of operation, security and optimisation of the offer.

However, we reserve the right to check the log data retrospectively if there is a justified suspicion of unlawful use on the basis of concrete indications.

4 Cookies

This website uses cookies. Cookies are text files that are stored on your terminal device. Cookies can be read, transferred and changed by the website when you call up the website. We only use cookies with random, pseudonymous identification numbers. These identification numbers are used to evaluate your usage behaviour on our website. At no time is the usage assigned to the name of a natural person. If you use special functions (such as the shopping cart or “stay logged in”) of our website, cookies are additionally used for these functions.

It is possible to object to the setting of cookies at any time by changing the setting in the internet browser accordingly. Cookies that have been set can be deleted. Please note that if you deactivate cookies, you may not be able to use all the functions of our website to their full extent.

The exact functions of the cookies can be found in the more detailed information in this data protection declaration.

Note: If you delete your cookies, the deactivation cookie of the respective service will also be deleted and may have to be reactivated by you on your next visit.

5 Contact form

Within the framework of the contact form, you have the possibility to send us any data. The data will be forwarded by our web server to our company’s e-mail box. Please note that communication via the contact form is not encrypted. Please use a secure communication channel for confidential communication out of your own interest.

6 Newsletter

If you have entered your email address to receive a newsletter, we will only use the data to send you information in accordance with the newsletter registration.

When you register for the newsletter, we store your IP address and the date of registration. This storage serves solely as evidence in the event that a third party misuses an email address and registers to receive the newsletter without the knowledge of the authorised person.

You can unsubscribe from the newsletter at any time here.

7  Job applications

You can apply to our company via our application portal at https://www.infonline.de/jobs/ or by email. Please note that emails sent without encryption are not protected against unauthorized access during transmission.

The information you provide will be used to process your application and to make a decision on the establishment of an employment relationship. The legal basis for this is Section 26 (1) in conjunction with (8) sentence 2 of the German Federal Data Protection Act (BDSG).
Furthermore, your personal data may be processed to the extent that this is necessary for the defense of legal claims asserted against us from the application process. The legal basis for such processing is Article 6(1)(f) GDPR. The legitimate interest in this case arises from the purposes mentioned above.

If an employment relationship is established between you and us, we may, in accordance with Section 26 (1) BDSG, continue to process the personal data we have already received from you for purposes related to the employment relationship, if this is necessary for its execution or termination, or for the exercise or fulfillment of rights and obligations arising from legislation, a collective agreement, a works or service agreement (collective labor agreement), or to represent the interests of employees.

Your application data will not be processed for any purpose beyond the ones described above.

Unless you have given your consent for a longer storage period, your personal data will be deleted no later than six months after the end of the application process, provided that no other legitimate interests on our part conflict with deletion.
A legitimate interest in this sense may be, for example, a duty to provide evidence in proceedings under the German General Equal Treatment Act (AGG).

8 Login area

Insofar as data is collected in the context of a user login, it is only used for the provision of the respective service. An evaluation only takes place to ensure a comfortable and secure operation of the system.

9 Comment function

When using the comment function, your IP address is stored for the purpose of abuse control.

10 Deployment and Use of our measurement procedure INFOnline Measurement (IOM)

Our website uses our multi-level measurement procedure ‘INFOnline Measurement’ (IOM) (https://www.INFOnline.de) to determine statistical parameters (Page Impression, Visit, technical Client) about the use of our sites. The aim of the usage measurement is to statistically determine the number of visits to our website, the number of website visitors and their surfing behaviour – on the basis of a uniform standard procedure – and thus to obtain values that are comparable across the market.

For all digital sites that are members of the Informationsgemeinschaft zur Feststellung der Verbreitung von Werbeträgern e.V. (IVW – http://www.ivw.eu), the usage statistics are regularly published by IVW with the performance values “Page Impression” and “Visits”. These ranges and statistics can be viewed on the respective websites.

a) Legal basis for processing

The measurement using the INFOnline Measurement procedure (pseudonymous system: IOMp) is carried out by us, INFOnline GmbH, with a legitimate interest pursuant to Art. 6 para. 1 lit. f) DSGVO.

The purpose of the processing of personal data is the creation of statistics and the formation of user categories. The statistics are used to track and document the use of our offer.

The website also serves as an advertising presence for INFOnline. Among other things, products, services and vacancies are to be advertised. In order to verify the success of these measures, measurement by means of the INFOnline Measurement procedure is required. INFOnline operates and develops the measurement procedure used (IOM). The use of the measurement procedure on its own website is an important basis for INFOnline for quality assurance and further development of the measurement system. Our legitimate interest thus results from the economic usability of the findings resulting from the statistics and user categories and the need to obtain suitable bases for the maintenance and further development of the measurement system.

INFOnline is the provider of the measurement system (IOM). Therefore, it can be assumed that the reasonable expectation of a website visitor to be measured by the IOM is given.

b) Type of data

The data collected using INFOnline Measurement does not allow for the direct identification of a user as an individual due to the type and volume of data collected.

A JavaScript code (known as the “Measurement Manager”) is used, which is triggered upon access via the user’s browser or device (client). Based on consent information obtained from the Consent Management Platform (CMP) integrated by the provider within the digital offering, the required measurement sensors for anonymous and/or pseudonymous data processing are automatically integrated and executed in order to generate statistical metrics. INFOnline Measurement is implemented as both an anonymous system (without a client identifier) and a pseudonymous system (with a client identifier).

For the anonymous census-based procedure (IOMb)
No processing of personally identifiable information takes place whatsoever, especially including the IP address. This piece of data is completely excluded from both communication and processing. A communication interface, the so-called “service platform,” acts as a measurement endpoint and ensures that the user’s IP address is not exchanged with INFOnline’s systems during the measurement process. In this census-based procedure, the IP address is discarded at the service platform before the measurement request is forwarded to INFOnline. Additionally, no geolocation based on IP address takes place. The dataset generated through this method only includes pure Page Impression (PI) measurement data.

For the pseudonymous measurement procedure (IOMp)
Data that is considered personally identifiable under the EU GDPR is collected using the 3rd-party cookie ‘i00’ (from ioam.de) and the 1st-party cookie ‘ioam2018’. This includes:

IP Address:
Each device connected to the internet requires a unique address to transmit data — this is the IP address. The short-term storage of the IP address is technically necessary for how the internet works. In the pseudonymous procedure, the IP address is processed in its full (non-anonymized) form.

A randomly generated client identifier:
To enable recognition of returning systems, the reach measurement uses unique identifiers of the device, such as a Local Storage Object (LSO), or a signature generated from various automatically transmitted browser information. This identifier remains unique to a browser unless the cookie or LSO is deleted. Measurement data captured from this setup can potentially be associated with the corresponding identifier even when visiting other websites that also use INFOnline GmbH’s pseudonymous measurement system. The following unique identifiers may be transmitted in hashed form to INFOnline GmbH:

Client IP or X-Forwarded-For (XFF)

User Agent (as hashed value)

Personally identifiable data as defined under the EU GDPR is only used for measurement in cases where a user accesses web content via a JavaScript request that is tied to an individual IP address and a randomly generated client identifier.

c) Use of the data

The measurement procedure used on this website, provided by INFOnline GmbH, collects usage data. This is done in order to determine the performance metrics Page Impression, Visit, and Client, as well as to derive further key indicators (e.g. qualified clients). Additionally, the collected measurement data is used as follows:

Geolocation
In the pseudonymous measurement procedure (IOMp), a website visit is associated with the user’s location based on their IP address, but only to the geographical level of federal states (Bundesländer) or regions. It is not possible to draw any conclusions about the user’s exact place of residence from this information.

Cross-site aggregation of usage data
In the pseudonymous measurement system (IOMp), the usage data of a (technical) client (e.g. a browser on a device) is aggregated across different websites and stored in a database.

d) Storage period of the data

In the census-based procedure, the truncated IP address is discarded. In the pseudonymous procedure, the IP address is stored for a maximum of 60 days.
In the pseudonymous procedure, usage data in combination with the unique identifier is retained for a maximum of 6 months.
The validity of the cookies used in the pseudonymous procedure – ‘i00’ and ‘ioam2018’ – on the user’s device is limited to a maximum of 1 year.

e) Passing on of data

The IP address will not be passed on.

f) Rights of the data subject

The data subject has the following rights:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to object (Art. 21 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 et seq. GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to withdraw consent (Art. 7 para. 3 GDPR), if processing is based on consent

For inquiries of this nature, please contact: datenschutz@infonline.de
Please note that, in the case of such requests, we must ensure that the identity of the individual making the request corresponds to that of the data subject.
The data subject also has the right to lodge a complaint with a data protection supervisory authority.

11 Customer Center and IDAS / INFOnline Suite

In INFOnline’s customer-specific and password-protected tools – such as IDAS, the INFOnline Suite, or the Customer Center – the INFOnline Measurement Manager (i.e. the web measurement script) is automatically executed.

The data collected by these tools is used exclusively for the internal development and improvement of our products and is not shared with third parties.

12 HubSpot

We use the integrated hosting and marketing solution of HubSpot Ireland Limited, 2nd Floor 30, North Wall Quay, Dublin 1, Ireland within the framework of our legitimate interest in a technically flawless online offer and its economically efficient design and optimisation in accordance with Art. 6 Para. 1 lit. f DSGVO as well as – insofar as the storage of data for the initiation or conclusion of a contract with you is concerned – on the basis of permission to process contractual data in accordance with Art. 6 Para. 1 lit. b DSGVO.

HubSpot Ireland Limited is a subsidiary of a US company. However, the Irish company is a data processor in the EU.

For more information about HubSpot’s data processing, please see HubSpot’s privacy policy: https://legal.hubspot.com/de/privacy-policy.

You can find a transparent list of the cookies set by HubSpot here and here.

We have concluded an order processing agreement with HubSpot, according to which HubSpot only processes your data on our behalf: https://legal.hubspot.com/de/dpa

HubSpot offers the following functions:

• CMS (Content Management System)
• Contact forms
• Newsletter software
• Tracking and analysis
• CRM (Customer Relation Management)
• Chat software

We use the functions described below:

• HubSpot Hosting / CMS / CRM