Privacy Policy
Thank you for visiting our website. We take data protection very seriously and are committed to protecting your personal data within the scope of our website offering.
By personal data we mean all data concerning the personal and factual circumstances of a natural person. Personal data collected on our website is used exclusively for our own purposes.
1. Legal basis of data processing
The legal basis for data processing within the framework of the EU General Data Protection Regulation for our data processing results from Art. 6 DS-GVO. In detail, depending on the situation in which we process your data, different legal bases may arise.
Consent:
Insofar as your consent has been obtained for processing operations of personal data, Article 6 I a) DS-GVO is the legal basis for the data processing. Consent given can be revoked at any time with effect for the future.
Contract:
When processing personal data collected for the performance of a contract to which you are a party, Article 6 I b) DS-GVO is the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
Legal obligation:
Insofar as processing of personal data is necessary to comply with a legal obligation to which our company is subject, Article 6 I c) DS-GVO serves as the legal basis.
Vital interests:
In the event that vital interests of you or another natural person make processing of personal data necessary, Article 6 I d) DSGVO is the legal basis.
Legitimate interest:
If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest, Article 6 I f) DS-GVO serves as the legal basis for the processing. The legitimate interest of our company lies in the performance of our business activities.
Employment relationship
Pursuant to Article 88 of the General Data Protection Regulation (DS-GVO) in conjunction with Section 26 of the Federal Data Protection Act (BDSG), personal data of employees are processed for the purposes of the employment relationship if this is necessary for the decision on the establishment of an employment relationship or, after the establishment of the employment relationship, for its implementation or termination or for the exercise or fulfilment of the rights and obligations of the employees’ representation of interests resulting from a law or collective agreement, a company or service agreement (collective agreement).
2. Data subject rights
Within the scope of our data processing, personal data relating to you will be processed. You are entitled to the rights from the third chapter of the GDPR against our company.
We observe the rights to information, correction, restriction of processing, deletion or transferability of your personal data. You can assert these rights as follows:
Right of access
You have the right to request confirmation from us as to whether we are processing personal data relating to you. If this is the case, you have the right to access this personal data and to be informed of the following:
(a) the purposes of processing;
(b) the categories of personal data processed;
(c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organisations;
(d) if possible, the envisaged duration for which the personal data will be stored or, if this is not possible, the criteria for determining that duration;
(e) the existence of a right to obtain the rectification or erasure of personal data concerning you, or the restriction of processing by the controller, or a right to object to such processing;
(f) the existence of a right of appeal to a supervisory authority;
(g) if the personal data are not collected from the data subject, any available information on the origin of the data;
(h) the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) and, at least in such cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
If personal data are transferred to a third country or to an international organisation, you have the right to be informed about the appropriate safeguards pursuant to Article 46 of the GDPR in connection with the transfer.
We will provide you with a copy of the personal data that is the subject of the processing. For any further copies you request, we may charge a reasonable fee based on administrative costs. If you make the request for access electronically, we must provide the information in a commonly used electronic format unless you specify otherwise.
The right to receive a copy must not affect the rights and freedoms of other people.
Right to rectification
You also have the right to request that inaccurate personal data relating to you be rectified without undue delay. Considering the purposes of the processing, you have the right to request that incomplete personal data be completed, including by means of a supplementary declaration.
Right to erasure (“right to be forgotten”)
You also have the right to request that we erase personal data relating to you without undue delay and we are obliged to erase personal data without undue delay if one of the following reasons applies:
(a) the personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
b) You withdraw your consent on which the processing was based pursuant to Article 6 I lit. a DS-GVO or Article 9(2)(a) and there is no other legal basis for the processing.
c) You object to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2).
(d) The personal data have been processed unlawfully.
(e) erasure of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which we are subject.
(f) the personal data have been collected in relation to information society services offered in accordance with Article 8(1).
(Where we have made the personal data public and we are obliged to erase it pursuant to paragraph 1, we shall take reasonable steps, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers processing the personal data that you have requested the erasure of all links to, or copies or replications of, those personal data. This does not apply insofar as the processing is necessary a) for the exercise of the right to freedom of expression and information; b) for compliance with a legal obligation which requires processing under Union or Member State law to which we are subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us; (c) for reasons of public interest in the field of public health pursuant to Article 9(2)(h) and (i) and Article 9(3); (d) for archiving, scientific or historical research purposes in the public interest or for statistical purposes pursuant to Article 89(1), where the right referred to in paragraph 1 is likely to make impossible or seriously prejudice the achievement of the purposes of such processing; or (e) for the establishment, exercise or defence of legal claims.
Right to restriction of processing
(1) You have the right to request us to restrict processing if
a) the accuracy of the personal data is contested by you, for a period which allows us to verify the accuracy of the personal data;
b) the processing is unlawful and you object to the erasure of the personal data and request the restriction of the use of the personal data instead;
(c) we no longer need the personal data for the purposes of processing, but you need it for the establishment, exercise or defence of legal claims; or
(d) you have objected to the processing pursuant to Article 21(1) as long as it has not yet been determined whether our legitimate grounds override yours.
(2) Where processing has been restricted in accordance with paragraph 1, those personal data may be processed, apart from being stored, only with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of substantial public interest of the Union or of a Member State. 4.5.2016 L 119/44 Official Journal of the European Union EN
(3) A data subject who has obtained a restriction of processing pursuant to paragraph 1 shall be informed by the controller before the restriction is rescinded.
Notification obligation in connection with the rectification or erasure of personal data or the restriction of processing
We shall notify all recipients to whom personal data has been disclosed of any rectification or erasure of personal data or restriction of processing pursuant to Article 16, Article 17(1) and Article 18, unless this proves impossible or involves a disproportionate effort. We will inform you of these recipients if you request so.
Right to data portability
(1) You have the right to receive the personal data relating to you that you have provided to us in a structured, commonly used and machine-readable format and you have the right to transfer this data to another controller without hindrance from us to whom the personal data has been provided, provided that
(a) the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) or on a contract pursuant to Article 6(1)(b); and
(b) the processing is carried out by automated means.
(2) When exercising your right to data portability under paragraph 1, you have the right to obtain that the personal data be transferred directly from us to another controller, where technically feasible.
(3) The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to Article 17. This right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
(4) The right referred to in paragraph 2 shall not affect the rights and freedoms of other persons.
You also have the right to consult our Data Protection Officer about the above rights and about any matter relating to the processing of your personal data.
Right to complain
You also have the right to lodge a complaint with the relevant supervisory authorities.
Right to object
Pursuant to Article 21(1) GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Article 6(1), first sentence, point (e) GDPR (processing in the public interest) or on Article 6(1), first sentence, point (f) GDPR (processing for the purposes of legitimate interests).
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.
3. Web server logs
In the course of using our website, connection information is stored in server log files.
This information includes:
- IP address of the calling system
- Browser information such as operating system used and screen resolution
- Web page called up
- source website
- time of the call
- The web server logs are processed exclusively for security purposes.
We use the log data only for statistical evaluations for the purpose of operation, security and optimisation of the offer.
However, we reserve the right to check the log data retrospectively if there is a justified suspicion of unlawful use based on concrete indications.
4. Cookies
This website uses cookies. Cookies are text files that are stored on your terminal device. Cookies can be read, transferred and changed by the website when you call up the website. We only use cookies with random, pseudonymous identification numbers. These identification numbers are used to evaluate your usage behaviour on our website. At no time is the usage assigned to the name of a natural person. If you use special functions (such as the shopping cart or “stay logged in”) of our website, cookies are additionally used for these functions.
It is possible to object to the setting of cookies at any time by changing the setting in the internet browser accordingly. Cookies that have been set can be deleted. Please note that if you deactivate cookies, you may not be able to use all the functions of our website to their full extent.
The exact functions of the cookies can be found in the more detailed information in this data protection declaration.
Note: If you delete your cookies, the deactivation cookie of the respective service will also be deleted and may have to be reactivated by you on your next visit.
5. Contact form
Within the framework of the contact form, you have the possibility to send us any data. The data will be forwarded by our web server to our company’s e-mail box. Please note that communication via the contact form is not encrypted. Please use a secure communication channel for confidential communication out of your own interest.
6. Newsletter
If you have entered your email address to receive a newsletter, we will only use the data to send you information in accordance with the newsletter registration.
When you register for the newsletter, we store your IP address and the date of registration. This storage serves solely as evidence in the event that a third party misuses an email address and registers to receive the newsletter without the knowledge of the authorised person.
You can unsubscribe from the newsletter at any time here.
7. Applications
You may apply to our company by email. Please note that emails sent without encryption are not protected against unauthorized access during transmission.
Your personal data will be processed for the purpose of handling your application and deciding on the establishment of an employment relationship. The legal basis for this processing is Section 26(1) in conjunction with Section 26(8), sentence 2, of the German Federal Data Protection Act (BDSG). In addition, your personal data may be processed insofar as this is necessary to defend against legal claims asserted against us arising from the application process. The legal basis for this processing is Article 6(1)(f) GDPR. Our legitimate interest in processing also lies in the aforementioned purposes.
If an employment relationship is established between you and us, we may further process the personal data already received from you in accordance with Section 26(1) BDSG for purposes of the employment relationship, insofar as this is necessary for the performance or termination of the employment relationship or for the exercise or fulfillment of rights and obligations arising from a law, a collective agreement, or a works or service agreement (collective agreement) governing employee representation.
Any processing of your application data beyond the purposes described above will not take place.
Your personal data will be deleted after completion of the application process, at the latest after six months, unless deletion is prevented by other legitimate interests on our part or you have given your consent to longer storage. Such other legitimate interests include, for example, the obligation to provide evidence in proceedings under the German General Equal Treatment Act (AGG).
8. Login area
Insofar as data is collected in the context of a user login, it is only used for the provision of the respective service. An evaluation only takes place to ensure a comfortable and secure operation of the system.
9. Comment function
When using the comment function, your IP address is stored for the purpose of abuse control.
10. Deployment and Use of Our Measurement Method INFOnline Measurement (IOM)
Our website uses the multi-stage measurement method “INFOnline Measurement” (IOM) (https://www.infonline.de ) to determine statistical metrics (page impressions, visits, technical clients) relating to the use of our services. The purpose of usage measurement is to statistically determine the number of visits to our website, the number of website visitors, and their browsing behavior based on a uniform standard measurement method, thereby obtaining comparable values market-wide.
For all digital sites that are members of the Informationsgemeinschaft zur Feststellung der Verbreitung von Werbeträgern e.V. (IVW – https://www.ivw.de), the usage statistics are regularly further processed by IVW with the performance metrics “Page Impressions” and “Visits.” These reach figures and statistics can be viewed on the respective websites.
a) Legal basis for processing
Measurement using the INFOnline Measurement method (pseudonymous system: IOMp) by us, INFOnline GmbH, is carried out as part of usage measurement based on consent pursuant to Article 6(1)(a) GDPR.
The purpose of processing personal data is to generate digital performance metrics (page impressions, visits, and technical clients) for the creation of statistics and the formation of user categories. These statistics serve to make the usage of our services comprehensible and verifiable.
The website also serves as a promotional presence for INFOnline. Among other things, products, services, and job openings are advertised. To evaluate the success of these measures, measurement using INFOnline Measurement is required. INFOnline operates and develops the measurement system (IOM) used. The use of the measurement system on our own website is an important basis for quality assurance and further development of the measurement system. Our legitimate interest therefore arises from the economic usability of the insights gained from the statistics and user categories, as well as from the necessity of obtaining suitable foundations for maintaining and further developing the measurement system.
INFOnline is the provider of the measurement method (IOM). It can therefore be assumed that a website visitor may reasonably expect to be measured using IOM.
b) Type of data
Due to the nature and volume of the data collected by INFOnline Measurement, it is not possible to uniquely identify a user as a person.
A JavaScript code (the so-called “Measurement Manager”) is used, which–upon access via the user’s browser or device (client) – automatically integrates and executes the required measurement sensors for anonymous and/or pseudonymous data processing to determine the metrics, based on the consent information from the consent management platform (CMP) used by the provider for the digital site. INFOnline Measurement is designed both as an anonymous system (without a client identifier) and as a pseudonymous system (with a client identifier).
Anonymous census procedure (IOMb)
In the anonymous census procedure, no personal or personally identifiable information is processed at all. In particular, the IP address is completely excluded from communication and processing. A communication interface – the so-called service platform – acts as the measurement endpoint and prevents the user’s IP address from being exchanged with INFOnline systems as part of INFOnline Measurement.
The IP address, as personal data, is discarded on the service platform before the measurement request is forwarded to INFOnline. No geolocation based on the IP address takes place. The dataset generated in the census procedure is pure page-impression data collection.
Pseudonymous measurement procedure (IOMp)
In the pseudonymous measurement procedure, the following data are collected using the third-party cookie “i00” (ioam.de) and the first-party cookie “ioam2018”, which constitute personal data within the meaning of the GDPR:
IP address
Each device requires a unique address – the so-called IP address – to transmit data on the internet. The temporary storage of the IP address is technically necessary due to the way the internet functions. In the pseudonymous procedure, IP addresses are processed further without truncation.
Randomly generated client identifier
Reach measurement uses unique identifiers of the end device to recognize computer systems, such as a local storage object (LSO) or a signature generated from various automatically transmitted browser information. This identifier is unique for a browser as long as the cookie or local storage object is not deleted.
Measurement of data and subsequent assignment to the respective identifier may also be possible when you visit other websites that likewise use INFOnline GmbH’s pseudonymous measurement procedure. The following unique identifiers may be transmitted to INFOnline GmbH as hashes:
Client IP or X-Forwarded-For (XFF)
User agent (hashed)
Personal data within the meaning of the GDPR are only used for measurement insofar as a JavaScript is used for a user to whom an individual IP address and a randomly generated client identifier have been assigned for accessing web content.
c) Use of data
The INFOnline GmbH measurement method used on this website determines usage data to collect the performance metrics page impressions, visits, and clients and to derive further metrics from them (e.g., qualified clients). In addition, the measured data are used as follows:
Geolocation
In the pseudonymous measurement procedure (IOMp), the assignment of a website access to the location of access is based on the IP address and only up to the geographical level of federal states/regions. Under no circumstances can this geographical data be used to infer a user’s specific place of residence.
Cross-offer aggregation of usage data
The usage data of a (technical) client (e.g., a browser on a device) are aggregated across websites in the pseudonymous measurement procedure (IOMp) and stored in a database.
d) Storage duration
In the census procedure, the truncated IP address is discarded. In the pseudonymous procedure, the IP address is stored for a maximum of 60 days. In the pseudonymous procedure, usage data in connection with the unique identifier are stored for a maximum of 6 months.
The validity of the cookies “i00” and “ioam2018” used in the pseudonymous procedure on the user’s device is limited to a maximum of 1 year.
e) Disclosure of data
The IP address is not disclosed to third parties.
f) Rights of the data subject
The data subject has the following rights:
Right of access (Article 15 GDPR)
Right to rectification (Article 16 GDPR)
Right to object (Article 21 GDPR)
Right to erasure (Article 17 GDPR)
Right to restriction of processing (Article 18 GDPR)
Right to data portability (Article 20 GDPR)
Right to withdraw consent (Article 7(3) GDPR), where processing is based on consent
For requests of this nature, please contact: datenschutz@infonline.de
Please note that in such cases we must ensure that the request is made by the subject of data concerned.
You also have the right to lodge a complaint with a supervisory data protection authority.
11. Customer Center and IDAS / INFOnline Suite
In INFOnline’s customer-specific and password-protected tools, such as IDAS, the INFOnline Suite, or the Customer Center, the INFOnline Measurement Manager (measurement script for web) is automatically deployed. The data collected by these tools is used exclusively for the internal development and improvement of our products and is not shared with third parties.
12. Social Plugins
- This website uses social plugins from the following providers:
Operator: New Work SE, Am Strandkai 1, 20457 Hamburg, Germany
Responsible service provider in the EU:
LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
These plugins normally collect data about you by default and transmit it to the servers of the respective provider. To protect your privacy, we have implemented technical measures to ensure that your data cannot be collected by the plugin providers without your consent.
When you access a page on which these plugins are embedded, they are initially deactivated. Only when you click on the respective symbol are the plugins activated, thereby giving your consent for your data to be transmitted to the respective provider. The legal basis for the use of the plugins is your consent pursuant to Article 6(1)(a) GDPR.
Once activated, the social plugins also collect personal data such as your IP address and transmit it to the servers of the respective provider, where it is stored. In addition, activated social plugins set a cookie with a unique identifier when the relevant website is accessed. This enables the providers to create profiles of your usage behavior on websites you have visited. This also applies if you are not a member of the respective social network.
If you are a member of the provider’s social network and are logged in while visiting this website, your data and information about your visit may be linked to your profile on the social network. We have no influence over the scope of the data collected by the respective providers.
For more information on the scope, nature, and purpose of data processing, as well as your rights and settings options for protecting your privacy, please refer to the privacy policies of the respective social network providers, available at:
XING: https://privacy.xing.com/en
LinkedIn: https://www.linkedin.com/legal/privacy-policy?
Where data are processed outside the EU/EEA, LinkedIn and Meta are certified under the EU – US Data Privacy Framework (DPF) and are listed in the Data Privacy Framework list of the International Trade Administration (ITA). This means that LinkedIn and Meta have publicly committed to complying with the obligations of the DPF, and that any transfer of data to the United States is covered by the current adequacy decision of the European Commission dated 10 July 2023.
A list of currently certified U.S. companies is available here:
https://www.dataprivacyframework.gov/s/participant-search
Further information on the Data Privacy Framework program can be found on the official ITA website:
https://www.dataprivacyframework.gov/s/
13. Transparency & Consent Framework
INFOnline participates in the IAB Europe Transparency & Consent Framework and adheres to its specifications and guidelines. INFOnline’s identification number within the Framework is 730.
14. Data protection contact
Responsible for data processing
within the meaning of Art. 4 Nr. 7 DS-GVO is
INFOnline GmbH
Rathausgasse 1
D-12529 Schönefeld
Tel:+49 30 4669 9771
e-Mail: info@INFOnline.de
Legal representative
Timo Groeger
Rathausgasse 1
D-12529 Schönefeld
Tel: +49 30 4669 9771
e-Mail: info@INFOnline.de
Data Protection Officer
intersoft consulting services AG
Alina Weskamp-Nordmann
Beim Strohhause 17
20097 Hamburg
e-Mail: datenschutz@INFOnline.de