Responsible
inopitas GmbH
Trompeterstr. 5
01069 Dresden
Germany
Phone: +49 351 811 97979
E-mail: info[at]inopitas.com
Data protection officer
Dresden Institute for Data Protection
Hospitalstr. 4
01097 Dresden
Germany
Phone: +49 351 655 7220
E-mail: datenschutz[at]inopitas.com
Web: www.dids.de
General
With the following data protection information, we, inopitas GmbH, Trompeterstr. 5, 01069 Dresden, as the responsible party within the meaning of the General Data Protection Regulation (DS-GVO), explain which personal data we process when you visit our website and use our online services. We would like to point out that by default, all data transmissions in connection with our website are made via an encrypted connection.
We reserve the right to amend our data protection information from time to time so that it always complies with current legal requirements or to reflect changes in our services. We therefore recommend that you read the data protection information regularly in order to keep up to date with the protection of personal data processed by us.
Recording and creation of log files
When our website is accessed, a number of technical data are logged. This general data and information is stored in the log files of the server. Your IP address, your browser ID and domain, the name of the retrieved file, the date and time of the retrieval, the amount of data transferred and the successful retrieval are recorded in a log file. The processing of personal data is carried out for the provision of the website as well as for troubleshooting and clarification of abuse or fraud on the basis of a legitimate interest pursuant to Art. 6 Para. 1 sentence 1 lit. f) DS-GVO. The deletion of the log files takes place after a maximum of 6 weeks.
Integrated services
We have integrated various services from third party providers on our website. By these services we can simplify the use of our website for the users. The following services are used on our website:
Cloudfront,
Amazon Web Services – Content Delivery Network (CDN)
Our website uses the CDN Amazon Cloudfront, a service of Amazon Web Services EMEA SARL ("AWS"). A CDN is a network of (globally) distributed servers capable of delivering optimized content to website users. Cloudfront uses a global network of edge locations (small data centers) and regional edge caches that cache copies of your content. Cloudfront ensures that user requirements are met from the closest edge location. As a result, viewer requests only have to pass a short distance, so performance is improved. For files that are not cached in edge locations and regional edge caches, CloudFront maintains a persistent connection with your origin servers so that these files can be retrieved as quickly as possible. This results in faster website load times, greater resilience, and increased protection against data loss. Some of the images and videos embedded on this website are retrieved by Cloudfront when you access the site. In this process, information about your use of our website is transmitted to servers of AWS outside the European Union or the European Economic Area and stored there. This takes place as soon as you enter our website. The recipient of your data is AWS, based in de USA. The USA is considered an insecure third party country in terms of data protection. For this purpose, a contract for commissioned processing has been concluded with AWS in accordance with Art. 28 DS-GVO. In addition, in the case of data transfer to third countries subject to data protection law, suitable safeguards for the protection of affected persons within the meaning of Art. 46 Para. 1 DS-GVO exist through the conclusion of standard data protection clauses in accordance with Art. 46 Para. 2 lit. c) DS-GVO. In this regard, we would like to expressly point out possible risks, such as the increased difficulty of enforcing the rights of data subjects under data protection law. The CDN is used in accordance with § 25 Para. 2 no. 2 TTDSG. The subsequent processing of your personal data in the server log files (in particular your IP address, your browser ID and domain, the name of the retrieved file, the date and time of the retrieval, the amount of data transferred and the successful retrieval in a log file) is carried out on the basis of our legitimate interest in accordance to Art. 6 Para. 1 sentence 1 lit. f) DS-GVO. Our legitimate interest here is to increase the security and speed of delivery of our website. Your personal data will be stored for as long as is necessary for the purposes described. The deletion of the log files takes place after a maximum of 6 weeks. For more information about the use of data by AWS, setting and objection options, please refer to the privacy policy of AWS.
Webflow,
Webflow, Inc. – Hosting-Dienst
To host our image and video material, we use Webflow, a service of Webflow, Inc ("Webflow"), on the basis of § 25 Para. 2 Nr. 2 TTDSG. Webflow is a tool for creating and hosting websites using European server locations. Much of the elements and source code when access this website are retrieved from Webflow. The recognition technologies used by Webflow may result in the processing of your personal data. Such processing is carried out on the basis of our predominant legitimate interest in accordance with Art. 6 Para. 1 sentence 1 lit. f) DS-GVO. Furthermore, a data processing agreement (DPA) pursuant to Art. 28 DS-GVO has been concluded with Webflow. The log files of the website are covered by the data processing. Here, your IP address, browser ID and domain, the name of the retrieved file, date and time of the retrieval, the amount of data transferred and the successful retrieval are processed in a log file. Our legitimate interest is to ensure the user-friendliness of the website. In particular, Webflow enables the implementation of a technically sophisticated individual design and results in significantly faster loading times of our website. Data processing by Webflow in the USA cannot be completely excluded. The USA is considered an insecure third party country in terms of data protection. In the case of a data transfer to third party countries subject to data protection law, suitable guarantees for the protection of data subjects within the meaning of Art. 46 Para. 1 DS-GVO exist through the conclusion of standard data protection clauses pursuant to Art. 46 Para. 2 lit. c) DS-GVO. In this regard, we would like to expressly point out possible risks, such as the increased difficulty of enforcing the rights of data subjects under data protection law. Webflow processes this data on our behalf to improve the presentation of the site, to provide certain website functions and to ensure security. For further information on the use of data by Webflow, setting and objection options, please refer to Webflow's privacy policy.
Contact
On our website, it is possible to contact us by e-mail or telephone using the contact details provided in the imprint. When you contact us, we will process the personal data you have provided, in particular your name, e-mail address and your expressed concern, in order to clarify your request. The processing of the listed personal data is based on the legitimate interest to satisfactorily respond to requests for contact and inquiries pursuant to Art. 6 Para. 1 sentence 1 lit. f) DS-GVO or, in the case of quotation requests and contractual matters, on the basis of the contract or pre-contractual measures pursuant to Art. 6 Para. 1 sentence 1 lit. b) DS-GVO.
The personal data you provide will be treated confidentially by us, will only be used to process your request and will not be passed on to third parties, unless this is necessary in individual cases due to the nature of your request. The deletion of personal data takes place after final clarification of your request or due to an objection by you. The deletion periods described here only apply to the extent that no legal retention periods conflict with a deletion.
Processing of contractor data
We process the personal data provided by you (e.g. existing, contact and content data, contract and billing data, bank account and payment data, customer history) for the initiation, maintenance and processing of existing contracts/orders between us, for the fulfillment of contractual and legal obligations. The provision of this data is mandatory for the execution of the contract. Data processing also includes contact via e-mail and communication via a video conferencing tool as well as the storage and provision of documents in a cloud. The legal basis for data processing is the implementation of pre-contractual measures and the fulfillment of a contract according to Art. 6 Para. 1 sentence 1 lit. b) DS-GVO as well as the fulfillment of legal obligations according to Art. 6 Para. 1 sentence 1 lit. c) DS-GVO. In case there is no contractual relationship, we process your data on the basis of Art. 6 Para. 1 sentence 1 lit. f) DS-GVO. Our legitimate interest consists in the professional exchange and network expansion (also via e-mail or video) as well as in the postal direct advertising for existing customers. Any processing of personal data beyond the aforementioned purposes will only take place if the data subject has provided a declaration of consent in accordance with Art. 6 Para. 1 sentence 1 lit. a) DS-GVO. In these cases, the provision of your data is voluntary and will be indicated separately by us.
If necessary, data may be transferred to third parties involved in the respective order, such as project sponsors or subcontractors, as well as to courts, legal counsel, tax advisors, tax authorities, etc., if this is necessary to achieve the processing purposes or to assert and pursue legal claims, or if we are required to transfer the data for legal reasons.
We process and store your data as long as it is necessary for the fulfillment of the above-mentioned purposes, in particular contractual and legal obligations. If the data are no longer required for the fulfillment of the purposes, they are regularly deleted, unless their temporary further handling is necessary (intervention of legal retention periods). In accordance with legal requirements, regular storage takes place for 6 years pursuant to § 257 Para. 1 of the German Commercial Code (e.g. for commercial and business letters) and for 10 years pursuant to § 147 Para. 1 of the German Fiscal Code (e.g. for commercial books and accounting vouchers). In addition, further regulations on storage may arise, for example, in accordance with §§ 195 et seq. German Civil Code. If the data processing is based on consent, we delete the personal data concerned if the consent is revoked by the person concerned and no other legal basis applies.
Social Media presences
In order to actively communicate with users and to provide information about our activities, we maintain a number of different social media presences, partly in joint responsibility with the social media operators listed below.
In the course of the user's use of our presence in the social networks mentioned below, we would like to point out that users' personal data may also be processed by the operators of the social networks outside the European Union and outside the European Economic Area. This may result in possible risks for users, for example in more difficult enforcement of data protection rights. At the same time, however, we would like to point out that if the operators of the social networks support this, we will work towards the conclusion of joint responsibility agreements pursuant to Art. 26 DS-GVO and standard data protection clauses pursuant to Art. 46 Para. 2 lit c) DS-GVO.
In addition, we would like to point out that the personal data of users is generally also processed by the operators of the social networks for their own market research and advertising purposes. Potential usage profiles generated from the usage behavior can also be used to display interest-based advertisements outside of the social networks. For this purpose, the operators of the social networks usually place cookies on the users' computers so that device information, usage behavior and interests of users can be processed even if the user does not have a profile in the respective network. For more information on this and possible objection options, please refer to the data protection information and further instructions of the respective operators of social networks, which we have linked for you below. Furthermore, the following applies to the processing of personal data:
Categories of data processed
The categories of data processed include inventory data (e.g. names), contact data (e.g. e-mail addresses), content data (e.g. text entries), usage data (e.g. interest in content) and meta and communication data (e.g. device information and IP addresses).
Purpose and legal basis of processing
Data processing is carried out, to the extent that this is subject to our responsibility, for the purposes of providing information, communication, marketing and range measurement. The operation of the social media presences is based on a legitimate interest pursuant to Art. 6 Para. 1 sentence 1 lit. f) DS-GVO, whereby the respective interests result from the aforementioned purposes.
Storage duration
Storage of the data categories processed by us takes place solely within the respective social network. In most cases, we have no influence on the specific storage period, as this is determined by the providers of the social networks. Information on this can be found in the data protection information of the respective provider. If the storage period can be influenced by us in individual cases, it will be deleted after the purpose has been fulfilled in compliance with the statutory retention obligations.
Services and service providers used by us as well as network-specific information
In the following, we inform you about the services and service providers we use as well as about network-specific information, naming the respective responsible bodies within the EU / EEA as well as those outside. We do not transfer any data beyond this.
LinkedIn,
LinkedIn Ireland Unlimited Company / LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085 USA
-
Privacy information
-
Possibility to contradict with regard to targeted advertisements
Xing / kununu,
New Work SE
-
Privacy information
-
Possibility to contradict with regard to targeted advertisements
Deployment and use of Microsoft Teams
We use the Microsoft Teams collaboration system to conduct telephone conferences, online meetings, and video conferences (hereinafter: "Online Meetings"). Microsoft Teams is a service of Microsoft Corporation, which is based in the USA. When using Microsoft Teams, various types of data are processed. The scope of the data also depends on the data you provide before or during participation in an "online meeting". Categories of data types involved may include user information (first name, last name, phone, email address, etc.), meeting metadata (e.g., topic, description, participant IP addresses, device/hardware information, access times), and content data (e.g., text, audio, and video). When necessary for the purposes of tracking the results of an online meeting, we will record the chat content. However, this will generally not be the case.
We process your data as part of the execution of the contract in accordance with Art. 6 Para. 1 sentence 1 lit. b) DS-GVO. If no contractual relationship exists, we process your data on the basis of Art. 6 Para. 1 sentence 1 lit. f) DS-GVO. Our legitimate interest is the effective implementation of our "online meetings". Personal data processed in connection with participation in "online meetings" will generally not be disclosed to third parties unless it is specifically intended for disclosure. The Microsoft Teams provider necessarily obtains knowledge of the above-mentioned data to the extent this is intended under the data processing agreement with Microsoft Corporation.
Microsoft Teams is a service provided by a provider from the USA. In principle, data is processed in data centers within the EU/EEA. However, processing of your personal data in a third country subject to data protection law cannot be ruled out. We have concluded an data processing agreement with the provider that complies with the Art. 28 DS-GVO requirements. In addition, in the case of data transfer to third countries subject to data protection law, suitable safe-guards for the protection of affected persons within the meaning of Art. 46 Para. 1 DS-GVO exist through the conclusion of standard data protection clauses in accordance with Art. 46 Para. 2 lit. c) DS-GVO. In addition, Microsoft has extended its standard contractual clauses with further protective provisions. Furthermore, Microsoft always uses state-of-the-art encryption. In this regard, we would like to expressly point out possible risks, such as the increased difficulty of en-forcing the rights of data subjects under data protection law.
Processing of applicant data
When you apply to us, we process the information that we receive from you as part of the application process, e.g. through your letter of application, resume, references, correspondence, telephone or verbal information, or you use our contact form provided on the website. In addition to your contact data, information about your education, qualifications, work experience and skills is particularly relevant to us.
Your data will initially be processed exclusively for the purpose of carrying out the application procedure. If your application is successful, it will become part of your personnel file and will be used to implement and terminate the employment relationship and deleted in accordance with the regulations applicable to personnel files. If you withdraw your application, we will of course delete your data. Please note that any false statement or omission may result in rejection or subsequent contestation of the employment contract.
The legal basis for data processing in the application procedure and as part of the personnel file is Art. 88 Para. 1 DS-GVO in conjunction with §26 Para. 1 sentence 1 BDSG and, if you have given your consent, for example by sending us information not required for the application procedure, your consent in accordance with Art. 88 Para. 1 DS-GVO in conjunction with § 26 Para. 2 BDSG, Art. 7 DS-GVO. Your consent can also be revoked by you at any time with effect for the future. The data affected will then be deleted immediately. In this case, please send your revocation to info[at]inopitas.com, stating your full name and e-mail address. The deletion may be replaced by a blocking of the data in the cases provided for by law.
Please note that, in particular, resumes, references or the other data you provide for application purposes may also contain special categories of personal data within the meaning of Art. 9 Para. 1 DS-GVO. As a rule, we do not require any special categories of personal data for the application process. We ask you not to provide us with any such information from the outset. If such information is exceptionally relevant for the application process, we will process it together with your other applicant data. This may, for example, concern information about a severe disability that you can provide to us voluntarily and which we then need to process in order to fulfill our special obligations with regard to severely disabled persons. In these cases, the processing serves the exercise of rights or the fulfillment of legal obligations arising from labor law, social security law and social protection. The legal basis for the data processing is Art. 9 para. 2 lit. b) DS-GVO in conjunction with. § 26 Para. 3 BDSG.
The deletion of the transmitted data will take place if you withdraw your application (revocation is to be sent to info[at]inopitas.com) or if we are unable to offer you a position to be filled, at the earliest three months after the end of the application process. This does not apply if legal provisions prevent deletion or if further storage is necessary for the purpose of providing evidence or if you have agreed to longer storage.
Links to other websites
Our website contains links to other websites, so-called external links. We have no influence on whether the operators of other websites comply with data protection regulations. Please note that if you click on a link to another website, you will be subject to different data protection regulations. We have no influence on the data processing there. External links are marked as such in accordance with § 19 Para. 3 TTDSG.
Use of service providers for the delivery of the website
In order to provide the website, we use service providers who process personal data on behalf of the responsible body or through whom access to personal data cannot be excluded. These are Strato AG (hosting) and the marketing and event management Alexander Richter (technical support).
Data subject rights and contact to the data protection officer
Persons concerned may at any time request information about the personal data concerning them and, if necessary, request correction, deletion or restriction of processed data. There is also a right to data portability in their favor. Furthermore, if the data processing is carried out on the basis of consent, this can be revoked at any time for the future.
You also have the right to object at any time, on the basis of your particular situation, to the processing of personal data relating to you that is carried out on the basis of Art. 6 para. 1 sentence 1 lit. e) or Art. 6 para. 1 sentence 1 lit. f) DS-GVO; this also applies to profiling based on these regulations.
To exercise your rights, our data protection officer, the Dresden Institute for Data Protection, is available to you at datenschutz[at]inopitas.com (further contact details at www.dids.de). In addition, pursuant to Art. 77 DS-GVO, you have the right to complain to a data protection supervisory authority if it is suspected that the processing of personal data is unlawful.
