Privacy policy
1 Information on the collection of personal data
(1) In the following, we explain how we process your personal data when using our website. Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behavior. In this way, we would like to inform you about our processing operations and at the same time comply with the legal obligations, in particular from the EU General Data Protection Regulation (GDPR).
(2) Responsible person acc. Art. 4 par. 7 GDPR is
iocto GmbH
Lorsbacher Straße 31
65719 Hofheim am Taunus
Deutschland
Phone: +49 6192 9910-0
E-mail: info@iocto.com
(see our imprint). You can contact our data protection officer at datenschutz@iocto.com or our postal address and sending it to “the data protection officer”.
(3) If we use contracted service providers for individual functions of our offer or wish to use your data for advertising purposes, we will always carefully select and monitor these service providers and inform you in detail about the respective processes below.
2 Processing of personal data when visiting our website
When using the website for informational purposes, i.e. just viewing it without registering and without you otherwise providing us with any information, we process the personal data that your browser transmits to our server. The data described below is technically necessary for us to display our website to you and to ensure stability and security and must therefore be processed by us. The legal basis is Art. 6 para. 1 p. 1 lit. f GDPR:
– IP address
– Date and time of the request
– Time zone difference from Greenwich Mean Time (GMT)
– Content of the request (page visited)
– Access status/HTTP status code
– Amount of data transferred in each case
– Previously visited page
– Browser
– Operating system
– Language and version of the browser software.
3 Data processing for contract handling
If you are, or become, a customer of ours, we process your contact, contract, payment and communication data for the provision and billing of the contractual services, which you can find in our GTC. For the aforementioned purpose, your data may be passed on to service providers supporting us (service providers, operators of communication applications, etc.), which we have carefully selected and which are bound by our instructions. The legal basis is the existing contractual relationship (Art. 6 para. 1 p. 1 lit. b GDPR).
4 Data processing when contacting us
When you contact us by e-mail, telephone or via a contact form, the data you provide (e.g. e-mail address, name, telephone number or even the content of the inquiry) is processed by us in order to answer your questions and/or process your request. The legal basis is Art. 6 para. 1 lit. a) and b) GDPR and namely your consent or a pre-contractual measure.
5 Further functions and offers of our website
(1) In addition to the purely informational use of our website, we offer various services that you can use if you are interested and use other common functions to analyze or market our offers, which are presented in more detail below. For this purpose, you usually have to provide further personal data or we process such additional data so we can perform the respective services. For all data processing purposes described herein, the aforementioned data processing principles apply.
(2) In some cases, we use external service providers to process your data. These are carefully selected by us, are bound by our instructions and are regularly inspected.
(3) Furthermore, we may pass on your personal data to third parties if promotional participations, competitions, contract conclusions or similar services are offered by us together with partners. Depending on the service, your data may also be collected by the partners. For more information, please provide your details or see the description of each offer below.
(4) If our service providers or partners are located in a country outside the European Economic Area (EEA), we will inform you about the consequences of this circumstance in the description of the offer.
6 Objection or revocation against the processing of your data
(1) If you have given your consent to the processing of your data, you may revoke this consent at any time. Such revocation will affect the permissibility of processing your personal data after you have expressed it to us. The permissibility of processing your data until the time of your revocation remains unaffected.
(2) Insofar as we base the processing of your personal data on the balance of interests, you may object to the processing. This is the case if the processing is not necessary, in particular, for the performance of a contract with you, which is shown by us in each case in the following description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data in the way we have carried out. In the event of your objection, we will review the factual situation and either discontinue or adjust the data processing or show you our compelling legitimate grounds on the basis of which we will continue the processing.
(3) Of course, you can object to the processing of your personal data for purposes of advertising and data analysis at any time. The best way to exercise your advertising objection is to contact us using the contact information provided above.
7 Processing of data from your end devices (“Cookie Policy”)
(1) In addition to the above-mentioned data, we use technical aids for various functions when you use our website, in particular cookies, which may be stored on your computer or device. When you call up our website and at any time later, you have the choice of whether you generally allow cookies to be set or which individual additional functions you would like to select. You can make changes in your browser settings or via our Consent Manager. In the following, we first describe cookies from a technical point of view (2), before we go into more detail about your individual choices by describing cookies that are technically necessary (3) and cookies that you can voluntarily select or deselect (4).
(2) Cookies are text files or information in a database that are stored on your hard drive and associated with the browser you are using so that certain information can pass to the entity that sets the cookie. Cookies cannot execute programs or transfer viruses to your computer, but are primarily used to make the Internet faster and more user-friendly. This website uses the following types of cookies, whose functioning and legal basis we will explain below:
– Transient cookies: Such cookies, especially session cookies, are automatically deleted when the browser is closed or by logging out. They contain a session ID. In this way, various requests from your browser can be assigned to the joint session and your computer can be recognized when you return to our website.
– Persistent cookies: Such cookies are automatically deleted after a predefined duration, which varies depending on the cookie. You can view the cookies set and the runtimes at any time in the settings of your browser and delete the cookies manually.
(3) Mandatory functions that are technically necessary for displaying the website: The technical structure of the website requires us to use techniques, in particular cookies. Without these techniques, our website cannot be displayed (completely correctly) or the support functions could not be enabled. These are basically transient cookies that are deleted after the end of your website visit, at the latest when you close your browser. You cannot deselect these cookies if you wish to use our website. The individual cookies can be seen in the Consent Manager. The legal basis for this processing is Art. 6 para. 1 p. 1 lit. f GDPR.
(4) Optional cookies when you give your consent: We set various cookies only after your consent, which you can select during your first visit to our website via the cookie consent tool. The functions will only be activated in the event of your consent and may serve in particular to enable us to analyze and improve visits to our website, to make it easier for you to use it via different browsers or terminal devices, to recognize you when you visit, or to serve advertising (possibly also to tailor advertising to interests, to measure the effectiveness of ads, or to show interest-based advertising). The legal basis for this processing is Art. 6 para. 1 p. 1 lit. a GDPR. The revocation of your consent is possible at any time without affecting the permissibility of the processing until the revocation.
8 Newsletter
(1) You can subscribe to our newsletter, with which we inform you about our current interesting offers, by giving your consent. The advertised goods and services are named in the consent form.
(2) For the registration to our newsletter we use the double-opt-in procedure. This means that after your registration we will send you an e-mail to the e-mail address you have provided, in which we will ask you to confirm that you are the owner of the e-mail address you have provided and that you wish to receive the notifications. In addition, we store your IP addresses and times of registration and confirmation. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.
(3) The only mandatory information for sending the newsletter is your e-mail address. The provision of further, separately marked data is voluntary and will be used to address you personally. After your confirmation, we store your e-mail address for the purpose of sending you the newsletter. The legal basis is Art. 6 para. 1 p. 1 lit. a GDPR.
(4) You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can declare the revocation by clicking on the link provided in every newsletter e-mail, by e-mail to newsletter@iocto.com or by sending a message to the contact details given in the imprint.
(5) The newsletter is sent using “MailChimp”, a newsletter sending platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.
The e-mail addresses of our newsletter recipients, as well as their other data described in the context of these notes, are stored on the servers of MailChimp in the USA. MailChimp uses this information to send and evaluate the newsletters on our behalf. Furthermore, MailChimp may, according to its own information, use this data to optimise or improve its own services, e.g. for the technical optimisation of the dispatch and the presentation of the newsletters or for economic purposes to determine from which countries the recipients come. However, MailChimp does not use the data of our newsletter recipients to write to them itself or to pass them on to third parties.
For the use of Mailchimp, we have concluded an order processing contract including the EU standard contractual clauses. You can find the privacy policy of MailChimp here: https://mailchimp.com/legal/privacy
9 Application procedure
(1) We process the data you provide in connection with your application in order to assess your suitability for the position (or other open positions in our company, if applicable) and to carry out the application process. This includes general information about you (such as your name, address and contact details), information about your professional qualifications and schooling, information about professional training, knowledge and skills, and other information that you disclose to us in connection with your application. This is usually done by means of letters of application, curriculum vitae, references, correspondence, telephone or verbal information from you. We would like to evaluate all applicants only according to their qualifications and therefore ask you to refrain as far as possible from communicating “special categories of personal data” in accordance with Art. 9 of the General Data Protection Regulation in the application (e.g. a photo that reveals ethnic origin, information about severely disabled status, etc.). If your application contains such information, please send us a corresponding declaration of consent, otherwise your application cannot be considered. If your application is successful, we will transfer your data to your personnel file and use it to carry out and terminate your employment. If we are currently unable to offer you employment, we will continue to process your data after sending the rejection in order to defend ourselves against any legal claims, in particular due to alleged discrimination in the application process. If you are not selected for the vacant position, we will transfer your data to our applicant pool, provided we have your consent to do so.
(2) The processing is carried out to carry out the application procedure, to decide on the establishment of an employment relationship with us and to document compliance with statutory provisions in the application procedure.
(3) Data processing in connection with the application procedure has its legal basis in Section 26 para. 1 p. 1 BDSG and Art. 6 para. 1 para. 1 lit. b GDPR. If your application is successful, further data processing will be carried out in accordance with Art. 6 para. 1 Sentence 1 lit. b DSGVO in conjunction with Art. 88 para. 1 DSGVO in conjunction with § 26 para. 1 BDSG for the purpose of establishing, implementing and terminating the employment relationship. If you have given your consent, e.g. for the inclusion of your data in our applicant pool, the data processing is based on Art. 6 para. 1 para. 1 lit. a GDPR. The legal basis for data processing after a cancellation is, moreover, Art. 6 para. 1 para. 1 lit. f GDPR. Our legitimate interest is the defense against legal claims.
(4) If your application is successful, your data will be transferred to your personnel file and deleted in accordance with the regulations applicable to personnel files. If we are currently unable to offer you employment, we will continue to process your data for up to six months after sending the rejection letter. If we transfer your data to our applicant pool after completion of the application process, we will delete it from the applicant pool in the event of a subsequent establishment of an employment relationship or otherwise two years after inclusion.
(5) Your applicant data will be viewed by the Human Resources Department after receipt of your application. Suitable applications are then forwarded internally to the department managers for the respective open position. Then the next procedure is coordinated. In principle, only those persons in the company have access to your data who require it for the proper conduct of our application process. The Personio program of Personio GmbH, Rundfunkplatz 4 80335 Munich, Germany, is used for the processing of personnel administration within the framework of order processing. Data is not transferred to third countries.
10 Web Analytics
Web tracking by means of Google Analytics
(1) This website uses Google Analytics, a web tracking service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). The reason we use the tool is to enable the analysis of your user interactions on websites and in apps and to use the statistics and reports obtained to improve our offer and make it more interesting for you as a user.
(2) We collect the interactions between you as a user of the Website and our Website primarily using cookies, device/browser data, IP addresses, and Website or App activity. Google Analytics also collects your IP addresses to ensure the security of the service and to provide us, as the website operator, with information about the country, region or location from which the respective user originates (so-called “IP location determination”). For your protection, however, we naturally use the anonymization function (“IP masking”), i.e. that Google truncates the IP addresses by the last octet within the EU/EEA.
(3) Google acts as a processor and we have concluded a corresponding contract with Google. The information generated by the cookie and the (usually shortened) IP addresses about your use of this website are usually transmitted to a Google server in the USA and processed there. For these cases, Google says it has imposed a standard on itself that is equivalent to the former EU-US Privacy Shield and has pledged to comply with applicable data protection laws when transferring data internationally. We have also agreed standard contractual clauses with Google, the purpose of which is to ensure compliance with an appropriate level of data protection in the third country.
(4) The legal basis for the collection and further processing of the information (which takes place for a maximum of 14 months) is your given consent (Art. 6 para. 1 p. 1 lit. a GDPR). The revocation of your consent is possible at any time without affecting the permissibility of the processing until the revocation. In apps, you can reset the advertising ID under Android or iOS settings. The easiest way to revoke your consent is to use our Consent Manager or to install Google’s browser add-on, which is available via the following link: tools.google.com/dlpage/gaoptout?hl=en/.
(5) For more information on the scope of services provided by Google Analytics , please visit marketingplatform.google.com/about/analytics/terms/de. Google provides information on data processing when using Google Analytics at the following link: support.google.com/analytics/answer/6004245?hl=en/. General information on data processing, which Google claims should also apply to Google Analytics, can be found in Google’s privacy policy at www.google.de/intl/de/policies/privacy/.
11 Plugins / Tools
1. integration of Google Maps
(1) On this website we use the offer of Google Maps. This allows us to show you interactive maps directly in the website and enables you to use the map function comfortably. The legal basis for the use of the cards is Art. 6 para. 1 p. 1 lit. a GDPR, i.e. the integration only takes place after your consent.
(2) By visiting the website, Google receives the information that you have called up the corresponding sub-page of our website. In addition, the above-mentioned basic data such as IP address and timestamp are transmitted. This occurs regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data is directly assigned to your account. If you do not want the assignment with your profile at Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) for the provision of tailored advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right.
(3) The information collected is stored on Google servers, also in the USA. For these cases, the provider says it has imposed a standard on itself that is equivalent to the former EU-US Privacy Shield and has pledged to comply with applicable data protection laws when transferring data internationally. We have also agreed so-called standard data protection clauses with Google, the purpose of which is to ensure compliance with an appropriate level of data protection in the third country.
(4) For more information on the purpose and scope of data collection and its processing by the plug-in provider, please refer to the provider’s privacy policy. There you will also receive further information about your rights in this regard and setting options for protecting your privacy: www.google.de/intl/de/policies/privacy.
2. Google web fonts
(1) This site uses so-called web fonts provided by Google for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly.
(2) For this purpose, the browser you use must connect to Google’s servers. This gives Google knowledge that our website was accessed via your IP address. Google Web Fonts are used in the interest of a uniform and appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.
(3) If your browser does not support web fonts, a default font is used by your computer.
(4) The information collected is stored on Google servers, including in the USA. For these cases, the provider says it has imposed a standard on itself that is equivalent to the former EU-US Privacy Shield and has pledged to comply with applicable data protection laws when transferring data internationally. We have also agreed so-called standard data protection clauses with Google, the purpose of which is to ensure compliance with an appropriate level of data protection in the third country.
(5) For more information on the purpose and scope of data collection and its processing by the plug-in provider, please refer to the provider’s privacy policy. There you will also receive further information about your rights in this regard and setting options for protecting your privacy: www.google.de/intl/de/policies/privacy.
12 Social media
1. integration of YouTube videos
(1) We have integrated YouTube videos into our online offer, which are stored on YouTube.com and can be played directly from our website. These are all embedded in “enhanced privacy mode”, meaning that no data about you as a user is transmitted to YouTube if you do not play the videos. Only when you play the videos, is the data stored. 2 data mentioned above are transferred. We have no influence on this data transmission. The legal basis for the display of the videos is Art. 6 para. 1 p. 1 lit. a GDPR, i.e. the integration only takes place after your consent.
(2) By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the above-mentioned basic data such as IP address and timestamp are transmitted. This occurs regardless of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data is directly assigned to your account. If you do not want the assignment with your profile at YouTube, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) for the provision of tailored advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact YouTube to exercise this right.
(3) The information collected is stored on Google servers, also in the USA. For these cases, the provider says it has imposed a standard on itself that is equivalent to the former EU-US Privacy Shield and has pledged to comply with applicable data protection laws when transferring data internationally. We have also agreed so-called standard data protection clauses with Google, the purpose of which is to ensure compliance with an appropriate level of data protection in the third country.
(4) For more information on the purpose and scope of data collection and its processing by YouTube, please see the privacy policy. There you will also receive further information about your rights and setting options to protect your privacy: www.google.de/intl/de/policies/privacy.
2. our appearances in social networks
(1) We have various presences in so-called social media platforms. We operate the gigs with the following providers:
Provider | Address | Privacy policy of the provider |
LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland | https://www.linkedin.com/legal/privacy-policy |
(2) We use the technical platform and services of the providers for these information services. We would like to point out that you use our appearances on social media platforms and their functions on your own responsibility. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating). When you visit our websites, the providers of the social media platforms collect, among other things, your IP address and other information that is present on your terminal device in the form of cookies. This information is used to provide us, as operators of the accounts, with statistical information about interaction with us.
(3) The data collected about you in this context will be processed by the platforms and may be transferred to countries outside the European Union, in particular the USA. All of the aforementioned providers claim to maintain an adequate level of data protection equivalent to the former EU-US Privacy Shield, and we have concluded the standard data protection clauses with the companies (with the exception of Xing, as this provider is based within the EU). We are not aware of how the social media platforms use the data from your visit to our account and interaction with our posts for their own purposes, how long this data is stored and whether data is passed on to third parties. The data processing may differ depending on whether you are registered and logged in to the social network or visit the site as a non-registered and/or non-logged-in user. When you access a post or the account, the IP address assigned to your end device is transmitted to the provider of the social media platform. If you are currently logged in as a user, a cookie on your terminal device can be used to track how you have moved around the network. Via buttons embedded in websites, it is possible for the platforms to record your visits to these website pages and assign them to your respective profile. Based on this data, content or advertising can be offered tailored to you. If you want to avoid this, you should log out or disable the “stay logged in” feature, delete the cookies present on your device and restart your browser.
(4) In addition, we as the provider of the information service only process the data from your use of our service that you provide to us and require interaction. If you use e.g. ask a question that we can only answer by e-mail, we will store your information in accordance with the general principles of our data processing, which we describe in this Privacy Policy. The legal basis for the processing of your data on the social media platform is Art. 6 para. 1 p. 1 lit. f DSGVO.
(5) To exercise your data protection rights, you can contact us or the provider of the social media platform. To the extent that one party is not responsible for responding or must obtain the information from the other party, we or the provider will then forward your request to the applicable partner. Please contact the operator of the social media platform directly for questions about profiling, processing of your data when using the website. For questions regarding the processing of your interaction with us on our site, write to the contact information we provide above.
(6) The providers describe which information the social media platform receives and how it is used in their privacy statements (see link in the table above). There you will also find information about contact options as well as about the setting options for advertisements.
13 Your rights
(1) You have the following rights with respect to a data controller regarding personal data concerning you:
– Right to information,
– Right to rectification or deletion,
– Right to restriction of processing,
– Right to object to processing,
– Right to data portability.
(2) You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.
§ 14 Final provisions
(1) We use technical and organizational security measures to protect your data, in particular against accidental or intentional manipulation, loss, destruction or against attack by unauthorized persons. Our security measures are continuously improved in line with technological developments.
(2) We will update the privacy policy from time to time due to the technical progress of our offers. To the extent that the change to the privacy policy does not affect the use of existing data, the new privacy policy will apply from the date it is updated on our website. A change to the privacy policy that relates to the use of the data already collected will only be made if it is reasonable for you. In such an event, we will notify you in a timely manner by email, on our websites, in our application or otherwise. You have the right to object to the application of the new privacy policy within four weeks of receiving notification. In the event of an objection, we reserve the right to terminate the contractual relationship. If no objection is received within the aforementioned period, the amended data protection declaration shall be deemed to have been accepted by you. We will inform you of your right to object and the significance of the objection period in the notification.