Privacy Policy

Responsible Party

The company responsible for data processing on this website shall be

]init[ AG für digitale Kommunikation
(limited company for digital communication)
Köpenicker Str. 9
10997 Berlin

Phone: +49 30 97006 200
Fax: + 49 30 97006 135
www.init.de

We place great importance on the protection of your personal data and collect, process and use your personal data exclusively in accordance with the principles described below and in compliance with the statutory data protection regulations.

ISO 27001 Certificate for the highest levels of security

Your data is exclusively saved on our internal servers in Germany. Our data processing center is designed for portal and business applications with very high protection level. This is why we already received the German IT Security Certificate in 2008. With this certificate, the German Federal Office for Information Security (BSI) certifies that our data processing center complies with the security properties of ISO 27001 based on Baseline IT Protection.

Nature, scope and purpose of the processing of personal data

When visiting the website

With each visit to our website, our servers in Germany save exclusively the personal data that is transmitted to our server via your browser into a log file for information purposes and in accordance with Article 6 paragraph 1 lit. (f) of the GDPR.

The following data are collected during each visit to our website, and are saved by us until the time of automatic deletion:

• data and time of access;
• name and URL of the retrieved file;
• website from which access is made;
• operating system of your computer, and browser used by you;
• IP address;
• name of your Internet service provider.

The purpose of collecting and processing these data such as date, time, name and URL of the retrieved file, website from which access is made is to allow use of the website (connection setup), to ensure that the content of our web pages is correct, as well as to permanently guarantee the security and stability of the system. The processing of data relating to the operating system and browser used, as well as the name of Internet service provider serves to enable the technical administration of the network infrastructure, and the optimization of our Internet offer, as well as for internal statistical purposes. An IP address will only be analyzed in case of an attack on our Internet infrastructure, as well as for statistical purposes.  The processing of these data is based on the legitimate interest, to protect our website against unauthorized access. At the same time, we are striving to constantly improve our services to our customers, and therefore depend on statistical analyses.

In addition, we use Cookies and web statistics services for visits to our website. Please compare with the respective section below.

We do not transfer your data to a third country.

Storage duration and deletion

]init[ AG saves personal data of the data subject only for the time period necessary to achieve the purpose of the storage, or, as long as stipulated by the GDPR or other regulations as special mandatory retention periods. If you visit our website, your data will be stored for 7 days maximum to detect and ward off attacks.

If the storage purpose is not applicable, or if a storage period prescribed expires, the personal data are routinely blocked or erased in accordance with legal requirements.

Mailings and newsletters

Currently, we do not offer newsletters or mailings through our website. If you, as an interested party, receive newsletters/mailings from us outside the website offerings, and you have given us your express authorization to do so, we will use your email address and personal data submitted on a strictly voluntary basis only to deliver our newsletters and/or mailings to you on a regular basis, in accordance with Article 6 paragraph 1 lit. (a) of the GDPR. To receive our newsletters/mailings, entering your email address will be sufficient. Additional personal information submitted on a strictly voluntary basis exclusively serve to customize the newsletter.

We use the so-called double opt-in process to guarantee a mutually agreed mailing of the newsletter.  As a result, the potential recipient is added to a mailing list. After entering your email address, you will receive a confirmation email with the option to legally confirm your subscription. The address you provide will only be included in the active mailing list after you have completed this confirmation.  We use your data exclusively to send out the requested information and offers, and on the basis of your consent in accordance with Article 6 paragraph 1 lit. (a) of the GDPR.

By clicking on the "Unsubscribe” link at the bottom of the actual newsletter, you can revoke (unsubscribe) your consent to save your personal data and email address as well as its use for sending out the newsletters and mailings at any time. You have also the option to unsubscribe by email to newsletter@init.de at any time. If you unsubscribe from the newsletter and mailings, your personal data will be deleted without delay. This means, that your data is only stored for the time period you wish to receive the newsletters. You are entitled to request disclosure of any personal data stored about you.

Sendinblue by the German Sendinblue GmbH is used as newsletter and mailing software. In the process, your personal data is transferred to the Sendinblue GmbH acting as our service provider on our behalf. According to our mutual contract, Sendinblue GmbH is prohibited to sell or use your personal data for purposes other than sending our mailings and newsletters.  Sendinblue is a certified German service provider who we selected in compliance with the requirements of the General Data Protection Regulations and the Federal Data Protection Act. For further information, please click here.

Of course, we have concluded a current order processing agreement with Sendinblue accordingly.

Use of contact forms

You can contact us directly by using our contact forms provided on our website. We will collect, process and use your personal data entered into the form exclusively for the processing of your concrete request, and with your consent only.

By submitting your request and giving your consent, you acknowledge and agree that we can use your personal information for the response to your request and/or establishment of contact in accordance with Article 6 paragraph 1 lit. (a) of the GDPR. Your personal data will principally not be disclosed to third parties, unless such disclosure is justified by applicable data protection regulations, or we are required by law to do so.  For processing your request, entering your email address will be sufficient. Additional personal information submitted on a strictly voluntary basis exclusively serve to customize the request.

You may, at any time, revoke your consent given with future effect by sending an email to newsletter@init.de. If you revoke your consent, your personal data will be deleted without delay. Otherwise, your personal data will be deleted after the processing of your request has been completed, or if the purpose for the retention no longer applies.  You are entitled to request disclosure of any personal data stored about you.

As applicant

Usually, your application documents are processed electronically by sending your documents via our career portal by email to our HR department. Your personal data are exclusively used for the ongoing application process.

If we conclude an employment contract with you as applicant, we will store the submitted data for the purpose of processing the employment relationship under consideration of statutory regulations.

If no contract is concluded between the controller and the applicant, your data will be stored for 6 months after completion of the application process, and will be deleted after these 6 months, provided that the deletion is not opposed by justified interests within the meaning of Article 6 paragraph 1 lit. (a) of the GDPR. For example, a justified interest within this meaning is the burden of proof in proceedings according to the General Equal Treatment Act.

You will be given the option to have your information stored over the following 24 months after completion of the application process in accordance with Article 6 paragraph 1 lit. (a) of the GDPR, if you are interested to be considered for future job offers. Following the completion of the application process, you will receive a notification from us by email providing you the option to such an agreement.  You are entitled to revoke your consent to the storage of your personal data for 24 months at any time. For this purpose please contact us at career@init.de.

For questions regarding the application process, please do not hesitate to contact us anytime at career@init.de.

Data disclosure to third parties

No data is disclosed to third parties without your prior consent. Exceptions apply only, if and insofar as it is required for the purpose of enforcing our rights, or if there is a legal obligation for us.

Cookies

No cookies are stored when you visit our website. For information on cookies when using YouTube, please see the explanations on YouTube below

eTracker web statistics

This website uses technologies by etracker GmbH (www.etracker.com) to collect and store data exclusively for statistical purposes. No user profiles are created from this data, nor do we use the data for retargeting purposes.

We use the technologies provided by etracker, which do not store cookies.

This data created thereby is processed and stored by etracker in Germany only, and are therefore subject to strict German and European data protection laws and directives. etracker has been audited and then certified in this regard, and was awarded with the European ePrivacyseal.

The data processing is carried out based on statutory provisions of Article 6 paragraph 1 lit. (f) of the GDPR (justified interests). Our aim within the meaning of Article 6 paragraph 1 lit. (f) of the GDPR (justified interests) is the optimization of our online offers and our website. In order to respect your privacy, we have activated the shortened IP-address for the etracker technology. In doing so, the address cannot be directly linked to a particular individual.

No data will be merged or used with other data of etracker, and no data will be passed on to third parties.

Links

This privacy policy does not apply to external websites linked with our website that are not operated by us. We have no influence on whether their operators comply with our privacy policy and general safety standards on these pages. The respective provider or operator of the websites is always responsible for the content of these linked pages. While applying a reasonable standard of review, unlawful contents were not recognizable at the time the link was set up. Should any violation of the law come to our knowledge, we will remove these links immediately.

Social Media

Data processing through social networks

We maintain publicly available profiles in social networks. The individual social networks we use can be found below.

Social networks such as Facebook, Google+ etc. can generally analyze your user behavior comprehensively if you visit their website or a website with integrated social media content (e.g. like buttons or banner ads). When you visit our social media pages, numerous data protection-relevant processing operations are triggered. In detail:

If you are logged in to your social media account and visit our social media page, the operator of the social media portal can assign this visit to your user account. Under certain circumstances, your personal data may also be recorded if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies stored on your device or by recording your IP address.

Using the data collected in this way, the operators of the social media portals can create user profiles in which their preferences and interests are stored. This way you can see interest-based advertising inside and outside of your social media presence. If you have an account with the social network, interest-based advertising can be displayed on any device you are logged in to or have logged in to.
Please also note that we cannot retrace all processing operations on the social media portals. Depending on the provider, additional processing operations may therefore be carried out by the operators of the social media portals. Details can be found in the terms of use and privacy policy of the respective social media portals.

Legal basis

Our social media appearances should ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. The analysis processes initiated by the social networks may be based on divergent legal bases to be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 (1) (a) GDPR).

Responsibility and assertion of rights

If you visit one of our social media sites (e.g., Facebook), we, together with the operator of the social media platform, are responsible for the data processing operations triggered during this visit. You can in principle protect your rights (information, correction, deletion, limitation of processing, data portability and complaint) vis-à-vis us as well as vis-à-vis the operator of the respective social media portal (e.g. Facebook).
Please note that despite the shared responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are determined by the company policy of the respective provider.

Storage time

The data collected directly from us via the social media presence will be deleted from our systems as soon as the purpose for their storage lapses, you ask us to delete it, you revoke your consent to the storage or the purpose for the data storage lapses. Stored cookies remain on your device until you delete them. Mandatory statutory provisions - in particular, retention periods - remain unaffected.

We have no control over the storage duration of your data that are stored by the social network operators for their own purposes. For details, please contact the social network operators directly (e.g. in their privacy policy, see below).

We do not use links to social networks which already contain the code of the respective external network on our web pages, so-called “social plug ins”. On our website you only find simple links which are created by us, so that during the stay on our site no data transfer to external site operators is possible.

Individual social networks

Facebook

We have a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited , 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. According to Facebook’s statement the collected data will also be transferred to the USA and to other third-party countries.

We have signed an agreement with Facebook on shared responsibility for the processing of data (Controller Addendum). This agreement determines which data processing operations we or Facebook are responsible for when you visit our Facebook Fanpage. This agreement can be viewed at the following link: Link.

You can customize your advertising settings independently in your user account. Click on the following link and log in: Link.

Details can be found in the Facebook privacy policy.

Twitter

We use the short message service Twitter. The provider is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.

You can customize your Twitter privacy settings in your user account. Click on the following link and log in: Link.

For details, see the Twitter Privacy Policy.

Instagram

We have a profile on Instagram. The provider is Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA.

For details on how they handle your personal information, see the Instagram Privacy Policy.

XING

We have a profile on XING. The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany.

Details on their handling of your personal data can be found in the XING Privacy Policy.

LinkedIn

We have a LinkedIn profile. The provider is the LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

LinkedIn uses advertising cookies. If you want to disable LinkedIn advertising cookies, please use the following link: Link.

For details on how they handle your personal information, please refer to LinkedIn's privacy policy.

YouTube (Google)

We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Details on how they handle your personal data can be found in the YouTube privacy policy.

We use YouTube in advanced privacy mode. According to YouTube, this mode has the effect that YouTube does not store any information about visitors to this website before they watch the video. If you visit one of our websites with embedded videos, the internet browser will not automatically establish a link to the server on the appropriate network. By clicking on the embedded video you give your consent to communication with the aforementioned website and the placing of cookies by this website. By clicking on the embedded video the information that you visited our website will be automatically be forwarded to the aforementioned website operator and cookies will be placed by the aforementioned website.

If you are logged into the aforementioned website visiting our website, the data transmitted will be associated with your user account. If you wish to prevent a network from linking information with your user account in this manner, please log out from the respective network before clicking on the respective video.

Even if you are not registered as a member of the aforementioned website, or you are currently not logged in your data may be stored by the operator of the aforementioned website after you click on the respective video. We have no influence on the placement of third-party cookies and over the scope and content of the data collected by the aforementioned website or on how that data is used.

A connection to YouTube servers is only established if you give us your consent in the consent window. With consent, a local cookie is stored that enables immediate loading of the YouTube preview. This transmits data to Google as described in the previous section. You can revoke your consent at any time via the following opt-out:

YouTube-Cookie löschen

YouTube is used in the interest of an attractive presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time. You can find out more about cookie usage by YouTube in Google's Cookie-Policy. You can change your settings at any time under Privacy Controls.

Vimeo

When you play a video on our website whose image quality is controlled by Vimeo, your browser connects to Vimeo's servers.

This is a service of Vimeo Inc, 555 West 18th Street, New York, New York 10011, USA. This results in a data transmission.

This data is processed on the Vimeo servers. Regardless of whether you have a Vimeo account or not, Vimeo collects data about you. This includes your IP address, technical info about your browser type, operating system or very basic device information. In addition, Vimeo stores information about which website you use the Vimeo service from and what actions (web activities) you perform on our website. These web activities include, for example, session duration, bounce rate or which button you clicked on our website with a built-in Vimeo function.

If you are logged into Vimeo as a registered member, more data may be collected in most cases, as more cookies may have already been set in your browser. In addition, your actions on our website are directly linked to your Vimeo account. To prevent this, you can, while "surfing" on our website, log out of Vimeo.

We would like to point out that the USA is not a safe third country in the sense of EU data protection law. US companies are obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence agencies) process your data located on US servers for surveillance purposes. We have no influence on these processing activities. Before playing the video with Vimeo support, you will therefore be informed about the use of Vimeo and asked for your consent to the data transfer. A connection to the Vimeo server is only established if you give us your consent in the upstream consent window. With consent, a local cookie is stored that enables immediate loading of the Vimeo preview. This transmits data to Vimeo as described in the previous section.

The use of Vimeo is in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO. If a corresponding consent has been requested (e.g. consent to the storage of cookies, third country transfer), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time. You can find more details about the use of cookies by Vimeo in the Privacy Policy on Vimeo by Vimeo. You can change your settings at any time under Vimeo Cookie Policy.  

Web Fonts

The fonts we use are stored on our own servers. This means that data is not transferred to third parties.

Data security

We apply appropriate technical and organizational security measures in order to protect your personal data against accidental or deliberate manipulations, partial or full loss, destruction and against unauthorized access by third parties. Our security measures are continually enhanced as new technology becomes available.  Also compare with the section above relating to ISO 27001 Certificate for the highest levels of security.

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as for inquiries that you send to us as site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. 

Events

By registering for one of our events, you are consenting to the processing of your data (first name, surname, email address, employer (if applicable), and postal address). Data is processed on the basis of Art. 6 para. 1 lit. (b) of GDPR and only to the extent required for your attendance at the event.  

Please note that photos or video recordings are often taken at our events and these are sometimes published online (e.g. on our homepage, via our social media channels) and printed (e.g. in an event program or print media). If you do not want to be included in these, please tell our photographer at the event.

Your rights as data subject

You are entitled to demand information at any time about whether and how your personal data is processed. The right to demand information includes information about the nature of the data, period and purpose of retention, potential recipients and transmissions as well as what is the legal basis that justifies such processing, and whether automated decision-making is intended. You are entitled to request a copy of this information. You are entitled to request rectification, deletion or restriction of the processing of your personal data, if its use is prohibited in terms of data protection law, in particular, as (i) the data are incomplete or incorrect, (ii) the data are no longer necessary for the purposes for which they were initially collected, (iii) the consent on which the processing was based has been revoked, or (iv) you have successfully made use of your right to object to the processing of your personal data; in case your data are processed by a third party, we will forward your request for rectification, deletion or restriction of the processing of your personal data to these third parties, unless this proves impossible or involves a disproportionate effort. Furthermore, we will - upon request - provide you your personal data for further use. Upon your request, we will also transfer your personal data to a third party recipient designated by you. You are entitled to revoke your authorization for the collection, processing and use of your personal data at any time with effect for the future. Such a legal request must be carried out in writing and with proof of identity.

In addition, you may contact the competent local data protection authority at any time.

Right to object to data collection in special cases and to direct advertising (Art. 21 GDPR)

If the data processing is carried out on the basis of Article 6 paragraph 1 letter e or f GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this data protection declaration. If you lodge an objection, we will no longer process your personal data concerned, unless we can prove compelling reasons for processing which are worthy of protection and which outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims (objection in accordance with Art. 21 Para. 1 GDPR). If your personal data are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing, including profiling, insofar as it is linked to such direct marketing. If you object, your personal data will no longer be used for the purpose of direct advertising (objection according to Art. 21 para. 2 GDPR).

In summary, as a data subject you have the following rights vis-à-vis us:

• Right to information according to Art. 15 GDPR
• Right of rectification under Art. 16 GDPR
• Right of deletion according to Art. 17 GDPR
• Right to restrict processing under Art. 18 GDPR
• Data transferability according to Art. 20 GDPR
• Right of objection according to Art. 21 GDPR.

Data Protection Officer

]init[ AG für digitale Kommunikation
z. Hd. Datenschutzbeauftragter
Köpenicker Str. 9
10997 Berlin
datenschutz@init.de

Adjustments

We reserve the right to update this privacy policy from time to time. Updated versions of our privacy policy are published on our website. Modifications apply upon publication on our website.