Data privacy Statement

In this privacy policy we (the company ISiCO Datenschutz GmbH) inform you about the processing of personal data when using our website.
Personal data means any information relating to an identified or identifiable person. In particular, this includes information that enables us to draw conclusions about your identity, such as your name, your telephone number, your address or email address. Statistical data collected by us – for example, when you visit our website – which cannot be linked to you personally is not covered by the term ‘personal data’.

Icon Person

1. Contact

The point of contact and so-called controller for the processing of your personal data when visiting this website within the meaning of the EU General Data Protection Regulation (GDPR) is
ISiCO Datenschutz GmbH,
Am Hamburger Bahnhof 4,
10557 Berlin.

T: +49 (0)30-213002850
F: +49 (0)30-213002899

info@isico-datenschutz.de
www.isico-datenschutz.de

If you have any questions about data protection in connection with our products and services or the use of our website, you can also contact our data protection officer at any time. The data protection officer can be contacted at the above postal address or by sending an email to the address provided (please mark all correspondence with: “F.A.O. data protection officer”).

Icon Person

2. Data processing on our website

2.1. Visiting our website, access data
Every time you use our website, we collect the access data automatically transmitted by your browser in order to make visiting the website possible. This access data includes in particular:

  • IP address of the requesting device;
  • date and time of the request;
  • addresses of the website visited and the requesting website;
  • information about the browser used and the operating system;
  • online identifiers (e.g. device IDs, session IDs).

It is necessary to process this access data to make it possible to visit the website and to guarantee the long-term functionality and security of our systems. The legal basis for this is Art. 6(1) Sentence 1(b) GDPR. For data protection reasons, we do not permanently store or analyse log files.

2.2. Making contact
There are a number of ways for you to contact us via the contact forms on this website. In this context we process data exclusively for the purpose of communicating with you. The legal basis for this is Art. 6(1)(b) GDPR. The data we collect when you use the contact form will be automatically erased once we have finished processing your enquiry, unless we still require your enquiry to fulfill contractual or legal obligations (see ‘Storage period’).

2.3. Newsletter
We use our newsletter primarily to keep you informed about current developments in the world of data protection and news concerning legislation and case law as well as economic and political aspects from our specialist fields. We use CleverReach, a service provided by CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany (“CleverReach”), for sending our newsletter.

For newsletter subscriptions we use the so-called double opt-in procedure, which means that we will only send you newsletters by email if you click on a link in our notification email to confirm that you are the owner of the email address provided. If you confirm your email address, we will store your email address, the time of registration and the IP address you used when registering until you unsubscribe from the newsletter. The sole purpose of storing this data is to be able to send you the newsletter and prove that you registered. You can unsubscribe from the newsletter at any time. A corresponding unsubscribe link can be found in every newsletter. It is of course also sufficient if you notify us using the contact details provided above or in the newsletter (e.g. by email or letter). The legal basis of this processing is your consent pursuant to Art. 6(1)(a) GDPR.

2.4. Google Maps
On the contact page we use the map service Google Maps, which is offered to users from the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and to all other users by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (“Google”). In order for the Google map information we use to be integrated and displayed in your web browser, when you visit our contact page your web browser must connect to a Google server, which may also be located in the USA. In the event that personal data is transferred to the USA, Google has subjected itself to the EU-US Privacy Shield. Google thus receives the information that the contact page of our website has been accessed from the IP address of your device.
The legal basis is your consent in accordance with Art. 6(1)(a) GDPR, which you may have given in the cookie banner. Without your consent there will be no connection to the servers of Google. You can withdraw your consent at any time or adjust your selection (see 2.7.).
If you retrieve a map service from Google on our website and are simultaneously logged in to your Google profile, Google can link this event to your Google profile. If you do not want this information to be associated with your Google profile, you must log out of Google before visiting our contact page. Google stores your data and uses it for purposes of advertising, market research and the personalised display of Google Maps. You may object to this data collection by Google.
For further information, please refer to Google’s Privacy Policy and the Additional Terms of Service for Google Maps.

2.5. Integration of Vimeo videos
We have embedded videos on our website that are stored on the Vimeo video platform and can be played directly on our website. Vimeo is a multimedia service provided by Vimeo, Inc., 555 West 18th Street, New York 10011, USA (“Vimeo”). In order for videos to be integrated and displayed in your web browser, your web browser must connect to a Vimeo server, which may also be located in the USA, when you access subpages of our website with Vimeo videos. In the event that personal data is transferred to the USA, Vimeo has subjected itself to the EU-US Privacy Shield.
The legal basis for the embedding is your consent according to Art. 6(1)(a) DSGVO, which you may have given in the cookie banner. Without your consent, there will be no connection to the servers of Vimeo. You can withdraw your consent at any time or adjust your selection (see 2.7).
When you visit our website, Vimeo receives the information that you have retrieved the corresponding subpage. This may happen regardless of whether you are logged in to Vimeo or not. Vimeo may use this data for purposes of advertising, market research and the demand-oriented design of its websites. If you view videos on our website and are simultaneously logged in to your Vimeo profile, Vimeo can also link this event to your Vimeo profile. If you do not want this information to be associated with your Vimeo profile, you must log out of Vimeo before visiting our website.
For further information, please refer to Vimeo’s Privacy Policy.

2.6. Applications
You can apply to us for advertised vacancies by email. The purpose of data collection here is the selection of applicants for potential employment. In order to process your application, we collect the data provided by you (usually your first and last name, email address, application such as curriculum vitae and cover letter, earliest possible date you could start work and salary expectations). We would like to point out that we cannot guarantee confidentiality if applications are sent unencrypted by email. As a rule, you can also apply for our positions by post or in person. The legal basis for the processing of your application documents is Art. 6(1) Sentence 1(b) and Art. 88(1) GDPR in conjunction with Section 26(1) Sentence 1 of the German Federal Data Protection Act (BDSG).

2.7. Use of cookies and similar technologies for usage analysis and marketing
In order to improve the presentation of the content on our website, we use cookies and similar technologies (e.g. web beacons) for statistical recording and analysis of general usage behavior based on access data. In addition, we use services from external service providers who process the access data generated when using our website in order to enable the display of interest-based advertising, for example in the context of search queries. We only use optional cookies and similar technologies for marketing and analysis purposes if you have given your consent in accordance with Art. 6(1)(a) GDPR via our cookie banner.
Our website uses the WordPress plugin “Borlabs Cookie” to record and manage your consent and any withdrawals. If you give your consent to the use of cookies, a cookie is set (“borlabs-cookie”) which records your consent. We set this technically required cookie on the basis of Art. 6(1)(f) GDPR to record your consent. If you delete your cookies, we will ask you for your consent again when you visit the site later.
You can withdraw your consent at any time or adjust the selection of cookies by clicking on the following link: Data Privacy Settings

2.7.1. Google Tag-Manager
Our website uses Google Tag Manager, a service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). The Tag Manager is used to manage the tools and external services we use on our website and allows the use of so-called tags. A tag is a code element that is stored in the source code of the website, for example to control which page or service elements and tools are activated and loaded in which order. The tool triggers other tags, which in turn may collect data and which are further explained in this privacy policy. Some of the data is processed on a Google server in the USA. In the event that personal data is transferred to the USA, Google has subjected itself to the EU-US Privacy Shield. You can find more information about this in Google’s information about Tag Manager.

2.7.2. Google Analytics
Our website uses the web analytics service Google Analytics, provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). According to Google, the contact for all data protection issues is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses cookies and similar technologies to analyse and improve our website based on your user behaviour. On our behalf, the access data is combined by Google into pseudonymous user profiles and transmitted to a Google server in the USA. Prior to this, your IP address will be anonymised. We are therefore unable to determine which usage profiles belong to a particular user. We can therefore neither identify you nor determine how you use our website on the basis of the data collected by Google. If, exceptionally, personal data is transferred to the USA, Google has also subjected itself to the EU-US Privacy Shield. Google has thus undertaken to guarantee the European data protection principles and the local level of data protection also in the context of data processing taking place in the USA. Google will use the information obtained from the cookies on our behalf to evaluate the use of our website, compile reports on website activities and to provide us with further services associated with website and Internet use.

Storage period: Google Analytics sets the following cookies for the specified purpose with the respective storage period: “_ga” for 2 years, “_gid” for 24 hours (both for recognizing and distinguishing website visitors by a user ID), “_gat” for 1 minute (to reduce queries to the Google servers) and possibly “IDE” for 13 months (third party cookie for recognizing and distinguishing website visitors by a user ID, for recording the interaction with advertising and in the context of playing out personalized advertising).

If you have not agreed to the use of the analysis cookies, your data will not be collected by Google Analytics. In addition to the option formulated above to withdraw your consent or to adjust the selection of cookies, you also have the following additional options to prevent web analysis by Google:

You can find more information about Google Analytics in Google’s privacy statement and in the Google Analytics privacy policy.

Icon Person

3. Facebook Fanpage

We jointly operate a fan page on the social network of Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Irland (“Facebook”), where we communicate with interested parties and followers and inform them about our products and services.

We may receive statistics from Facebook about how Facebook/Fanpage users use our Fanpage, such as information about interactions, likes, dislikes, comments, or aggregated information and statistics (such as the age or origin of our followers) that help us learn about interactions with our site. For more information about the nature and extent of these statistics, please see the Facebook info on using pages insights. Further information on the respective legal responsibilities can be found in the Facebook Page Insights Controller Addendum. The legal basis for this data processing is Art. 6 (1b) of the GDPR and 6 (1f) of the GDPR based on our aforementioned legitimate interest.

We have no control over the data that Facebook processes on its own responsibility in accordance with Facebook’s terms of use. However, we would like to point out that when you visit the fan page, data on your usage behaviour is transferred from Facebook and the fanpage to Facebook. Facebook itself processes the aforementioned information in order to compile more detailed statistics and for its own market research and advertising purposes over which we have no control. You can find more detailed information on this in Facebook’s privacy policy. In the event that personal data is transferred to the USA, Facebook has submitted to the EU-US Privacy Shield.

If we receive your personal data while operating the fanpage, you are entitled to the rights stated in this data protection declaration. If you also wish to assert your rights against Facebook, the easiest way to do this is to contact Facebook directly. Facebook knows the details of the technical operation of the platform and the associated data processing as well as the concrete purposes of data processing and can implement appropriate measures on request if you make use of your rights. We are happy to support you in asserting your rights to the extent possible and forward your requests to Facebook.

Icon Person

4. Disclosure of data

In principle, we will only pass on the data we collect if:

  • you have given your explicit consent pursuant to Art. 6(1) Sentence 1(a) GDPR;
  • disclosure is necessary pursuant to Art. 6(1) Sentence 1(f) GDPR in order to establish, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in your data not being disclosed;
  • we are legally obliged to do so under Art. 6(1) Sentence 1(c) GDPR; or
  • this is permitted by law and is required under Art. 6(1) Sentence 1(b) GDPR for the processing of contractual relationships with you or for taking steps at your request prior to entering into a contract.

Part of the data processing may be carried out by our service providers. In addition to the service providers mentioned in this privacy policy, this may in particular include data centres that store our website and databases, IT service providers that maintain our systems, and consulting firms. If we pass data on to our service providers, they may use the data exclusively for the fulfillment of their tasks. We have carefully selected and commissioned the service providers. They are contractually bound by our instructions, have appropriate technical and organisational measures in place to protect the rights of data subjects and are carefully monitored by us.
In addition, data may be disclosed in connection with official requests, court orders and legal proceedings if this is necessary to pursue or enforce rights.

Icon Person

5. Storage period

In principle, we only store personal data for as long as necessary to fulfill contractual or legal obligations for which we have collected the data. We then delete the data without delay, unless we still require the data until the end of the statutory limitation period for evidence purposes for claims under civil law or due to statutory retention obligations.
For evidence purposes, we must keep contract data for another three years after the end of the year in which the business relationship with you ends. After the standard statutory period of limitation, any claims become statute-barred at this point in time at the earliest.
Even after that, we are still required to store some of your data for accounting reasons. We are obliged to do so due to statutory documentation obligations, which may arise on the basis of the German Commercial Code, the Fiscal Code, the Banking Act and the Money Laundering Act. The periods specified there for retaining documents range from two to ten years.

Icon Person

6. Your rights

You have the right to information about how we process your personal data at any time. When providing this information, we will explain the data processing to you and provide you with an overview of the data stored about you. If data stored by us is incorrect or no longer up to date, you have the right to have this data corrected. You may also demand that your data be erased. Should the erasure not be possible in exceptional cases due to other legal regulations, the data will be blocked so that it is only available for that legal purpose. You are also entitled to have the processing of your data restricted, e.g. if you believe that the data we have stored is incorrect. You also have the right to data portability, which means that on request we will send you a digital copy of the personal data you have provided.
In order to assert your rights described here, you can contact us at any time using the contact details provided. This also applies if you wish to receive copies of safeguards in order to prove an adequate level of data protection.
Finally, you have the right to lodge a complaint with our competent data protection supervisory authority. You can assert this right by contacting a supervisory authority in the Member State of your habitual residence, your place of work or the place of the alleged infringement. In Berlin, where ISiCO Datenschutz GmbH is headquartered, the competent supervisory authority is: Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstr. 219, 10969 Berlin.

Icon Person

7. Right of withdrawal and objection

You have the right to withdraw the consent you gave us at any time. As a result of this, we will cease the data processing based on this consent with future effect. This withdrawal of your consent will not affect the lawfulness of the processing carried out on the basis of the consent prior to the withdrawal.
Insofar as we process your data on the basis of legitimate interests, you have the right to object to the processing of your data at any time for reasons arising from your particular situation. If your objection is to data processing for direct marketing purposes, you have a general right of objection, which we will implement without requiring you to give reasons.
If you would like to make use of your right of withdrawal or objection, it is sufficient to simply notify us using the contact details provided above.

Icon Person

8. Changes to this privacy policy

We will update this privacy policy from time to time, for example if we adapt our website or there is a change in the legal or regulatory requirements.

Last amended: June 2020