We care about your privacy.
1. INFORMATION ABOUT THE COLLECTION OF PERSONAL DATA AND CONTACT DETAILS FOR WHO IS RESPONSIBLE
1.1 We are pleased that you are visiting our website and thank you for your interest. In the following Notice, we inform you about the handling of your personal data when using our website. Personal data is all data with which you can be personally identified.
1.2 The person responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is
Immutable Insight Security Analytics GmbH
Tölzer Straße 5
Phone: +49 (0) 89 – 219098343
The person responsible for the processing of personal data is the natural or legal person who, alone or together with others, decides on the purposes and means of processing personal data.
1.3 This website uses, for security reasons and to protect the transmission of personal data and other confidential content, such as. B. Orders or inquiries that you send to us as the person responsible, an SSL or TLS encryption. You can recognise an encrypted connection by the character string “https: //” and the lock symbol in your browser line.
2. INFORMATION ABOUT THE COLLECTION OF PERSONAL DATA AND CONTACT DETAILS OF THE RESPONSIBLE
When using our website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so called “server log files”). When you visit our website, we collect the following data, which is necessary for us to display the website to you:
Our visited website
Date and time at the time of access
Amount of data sent in bytes
Source / reference from which you came to the page
Operating system used
IP address used (if applicable: in anonymous form)
Processing takes place in accordance with Art. 6 Para. 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to check the server log files retrospectively if there are concrete indications of illegal use.
External hosting by AWS
This website is hosted by an external service provider (hoster). The host is Amazon Web Services, Inc.,
410 Terry Avenue North, Seattle WA 98109, United States (hereinafter referred to as “AWS”). Personal data that is recorded on this website is stored on AWS servers in Europe. This can include IP addresses, contact requests, meta and communication data, contract data, contact data, names, website accesses and other data generated via a website.
AWS is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 Para. 1 lit.b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 Paragraph 1 lit.f GDPR).
AWS will only process your data insofar as this is necessary to fulfil its performance obligations, and follow our instructions with regard to this data. Further processing on servers other than those mentioned above by AWS will only take place within the framework specified below.
In order to ensure data protection-compliant processing, we have completed an order processing contract with AWS. You can find more information on handling user data in Host Europe’s data protection declaration: https://aws.amazon.com/de/compliance/data-privacy/
In order to make visiting our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your device. Some of the cookies we use are deleted after the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your device and enable us or our partner companies (third-party cookies) to recognise your browser on your next visit (persistent cookies). If cookies are set, they collect and process specific user information such as browser and location data as well as IP address values. Persistent cookies are automatically deleted after a specified period, which can differ depending on the cookie. If personal data is also processed by individual cookies implemented by us, processing is carried out in accordance with Art. 6 Para. 1 lit. b GDPR either for the execution of the contract or in accordance with to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the page visit. We may work together with advertising partners who help us to make our website more interesting for you. For this purpose, cookies from partner companies are also stored on your hard drive when you visit our website (third-party cookies). Suppose we work with the aforementioned advertising partners, you will be informed individually and separately about the use of such cookies and the scope of the information collected within the following paragraphs. Please note that you can set your browser so that you are informed about the settings of cookies and individually decide whether to accept them or to exclude the acceptance of cookies for certain cases or in general. Each browser differs in the way it manages cookie settings. This is described in the help menu of every browser, which explains how you can change your cookie settings. You can find these for the respective browser under the following links:
Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Please note that if you do not accept cookies, the functionality of our website may be restricted.
5. CONTACTING US
When you contact us (e.g. using the contact form or email), personal data is collected. Which data is collected in the case of a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of answering your request or for establishing contact and the associated technical administration. The legal basis for the data processing is our legitimate interest in answering your request in accordance with Art. 6 Para. 1 lit. f GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 Para. 1 lit. b GDPR. Your data will be deleted after your request has been processed; this is the case if it can be inferred from the circumstances that the matter in question has been finally clarified and provided there are no statutory retention requirements.
6. TOOLS & OTHER
Applications to job descriptions by e-mail
On our website, we advertise currently vacant positions in a separate section, for which interested parties can apply by e-mail to the contact address provided.
Applicants must provide us a full application with curriculum vitae and all personal data required for a well-founded, informed assessment and selection by e-mail.
The required information includes general personal information (name, address, telephone or electronic contact details) as well as performance-specific evidence of the qualifications required for a position. If necessary, health-related information may also be required, which must be given special consideration under employment and social law in the interest of social protection in the person of the applicant.
The components that an application must contain in order to be considered in each individual case and the form in which these components must be submitted by mail can be found in the respective job advertisement.
After receipt of the application sent using the specified e-mail contact address, the applicant data will be stored by us and evaluated exclusively for the purpose of processing the application. For queries arising in the course of processing, we use either the e-mail address provided by the applicant or a telephone number provided, at our discretion.
The legal basis for this processing, including contacting us for queries, is generally Art. 6 Para. 1 lit. b GDPR (for processing in Germany in conjunction with Section 26 Para. 1 BDSG), in the sense of which going through the application process is considered to be the initiation of an employment contract.
Insofar as special categories of personal data within the meaning of Art. 9 (1) GDPR (e.g. health data such as information on severely disabled status) are requested from applicants as part of the application process, the processing is carried out in accordance with Art. 9 para. 2 lit. b. GDPR so that we can exercise the rights arising from labor law, social security, social protection law and fulfill our obligations in this regard.
Cumulatively or alternatively, the processing of the special categories of data may also be based on Art. 9(1)(h) GDPR if it is carried out for the purposes of preventive health care or occupational medicine, for the assessment of the applicant’s ability to work, for medical diagnostics, care or treatment in the health or social sector or for the management of systems and services in the health or social sector.
If the applicant is not selected in the course of the evaluation described above, or if an applicant withdraws his or her application prematurely, his or her data transmitted by e-mail and all electronic correspondence, including the original application e-mail, will be deleted at the latest after 6 months following appropriate notification. This period is measured on the basis of our legitimate interest in being able to answer any follow-up questions about the application and, if necessary, to meet our obligations to provide evidence under the regulations on equal treatment of applicants.
In the event of a successful application, the data provided will be further processed on the basis of Art. 6 Para. 1 lit. b GDPR (for processing in Germany in conjunction with Section 26 Para. 1 BDSG) for the purposes of implementing the employment relationship.
We only send our newsletter with your express consent.
To subscribe to our newsletter, you must provide your e-mail address. The other voluntary information (name) is used to personalize the newsletter. By completing the registration, you give your consent to receive the newsletter, which can be revoked at any time.
To confirm your newsletter registration, it is necessary for you to explicitly confirm that you want us to activate the receipt of the newsletter for you within the framework of the so-called “double opt-in procedure”. For this purpose, you will receive a confirmation e-mail from us following your registration, in which we ask you to click on the link contained therein and thus confirm that you would like to receive our newsletter.
You can object to this use of your data at any time by sending a message to the above-mentioned contact options or via the unsubscribe link in the e-mail, without incurring any costs other than the transmission costs according to the prime rates.
We use the SendinBlue service for sending newsletters. The provider in Germany is SendinBlue GmbH, Köpenicker Straße 126, 10179 Berlin, a subsidiary of the French parent company SendinBlue SAS, 55 rue d’Amsterdam, 75008 Paris, France. SendinBlue is a service used to organize and analyze newsletter delivery. The data you enter for the purpose of receiving newsletters (e.g. e-mail address) is stored on SendinBlue’s servers.
Our newsletters sent with SendinBlue allow us to analyze the behaviour of newsletter recipients. Among other things, we can analyze how many recipients have opened the newsletter message and how often which link in the newsletter was clicked. All links in the email are so-called tracking links, with which your clicks can be counted.
If you do not want any analysis by SendinBlue, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. Furthermore, you can also revoke your consent at any time with effect for the future by sending an e-mail to the following address: firstname.lastname@example.org.
The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of SendinBlue. Data that has been stored by us for other purposes (e.g. e-mail addresses for competition entries) remains unaffected by this.
We have concluded a corresponding contract with SendinBlue, in which we oblige SendinBlue to protect our customers’ data and not to pass it on to third parties.
Right of cancellation at any time
You can cancel your subscription to the newsletter at any time. For this purpose, you will find a link at the end of each newsletter sent by us, without incurring any costs other than the transmission costs according to the prime rates.
Your e-mail address will be used exclusively by us or our service providers and will not be passed on to other third parties.
The legal basis of the processing for the newsletter dispatch is Art. 6 para. 1 lit. a) GDPR.
8. SOCIAL MEDIA PROFILES
Data processing through social networks
We maintain publicly accessible profiles on social networks. The individual social networks we use can be found below.
Social networks such as Facebook, Twitter etc. can generally analyse your user behaviour comprehensively if you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). Visiting our social media pages triggers numerous data protection-related processing operations. In detail:
If you are logged into your social media account and visit our social media page, the operator of the social media portal can assign this visit to your user account. Under certain circumstances, however, your personal data can also be recorded if you are not logged in or do not have an account with the respective social media portal. In this case, this data is recorded, for example, using cookies that are stored on your device or by recording your IP address.
With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you inside and outside the respective social media page. If you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you are or were logged in.
Our social media presence is intended to ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR. The analysis processes initiated by the social networks may be based on different legal bases that must be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 Para. 1 lit. a GDPR).
Responsible and assertion of rights
If you visit one of our social media presences (e.g. Facebook), we and the operator of the social media platform are responsible for the data processing operations triggered during this visit. You can fundamentally exercise your rights (information, correction, deletion, restriction of processing, data portability and complaint) against us as well as claim against the operator of the respective social media portal (e.g. against Facebook).
Please note that, despite the shared responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are largely based on the company policy of the respective provider.
The data collected directly by us via the social media presence will be deleted from our systems as soon as: the purpose for their storage no longer applies, you ask us to delete them, revoke your consent to storage or the purpose for data storage no longer applies. Saved cookies remain on your device until you delete them. Mandatory statutory provisions – especially retention periods – remain unaffected.
Social networks in detail
We use the short message service Twitter. The provider is Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. Twitter is certified according to the EU-US Privacy Shield. You can adjust your Twitter data protection settings yourself in your user account. To do this, click on the following link and log in: https: //twitter.com/personalisation.
Details can be found in Twitter’s data protection declaration: https://twitter.com/de/privacy.
We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn is certified according to the EU-US Privacy Shield. LinkedIn uses advertising cookies.
If you would like to deactivate LinkedIn advertising cookies, please use the following link: https:// www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
9. YOUR RIGHTS AS A DATA SUBJECT
9.1 The applicable data protection law grants you comprehensive rights of data subjects (information and intervention rights) to the person responsible with regard to the processing of your personal data, about which we inform you below:
Right to information in accordance with Art. 15 GDPR;
Right to rectification in accordance with Art. 16 GDPR;
Right to deletion in accordance with Art. 17 GDPR;
Right to restriction of processing in accordance with Art. 18 GDPR;
Right to information in accordance with Art. 19 GDPR;
Right to data portability in accordance with Art. 20 GDPR;
Right to revoke consent given in accordance with Art. 7 Para. 3 GDPR;
Right to complain in accordance with Art. 77 GDPR.
IF WE PROCESS YOUR PERSONAL DATA IN THE CONTEXT OF A COMPARISON OF INTERESTS DUE TO OUR PREVAILING LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME FOR REASONS ARISING FROM YOUR SPECIAL SITUATION, WITH EFFECT FOR THE FUTURE. IF YOU USE YOUR RIGHT TO OBJECT, WE WILL TERMINATE THE PROCESSING OF THE DATA IN QUESTION. HOWEVER, WE RESERVE THE RIGHT TO FURTHER PROCESSING IF WE CAN PROVE THAT THERE ARE BINDING REASONS FOR PROCESSING WHICH ARE WORTHY OF PROTECTION AND WHICH OVERWEIGH YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOM RIGHTS, OR IF THE PROCESSING SERVES THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS. IF YOUR PERSONAL DATA IS PROCESSED BY US FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME. YOU CAN OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AS DESCRIBED ABOVE. IF YOU USE YOUR RIGHT OF OBJECTION, WE WILL TERMINATE THE PROCESSING OF THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.
10. DURATION OF STORAGE OF PERSONAL DATA
The duration of the storage of personal data depends on the respective legal basis, the processing purpose and – if relevant – also on any tax and commercial retention periods. Your data will be processed with your express consent in accordance with Art. 6 Para. 1 lit. a GDPR stored by us until you revoke your consent. Should there are statutory retention periods for the storage of your data that is processed during legal or similar obligations, then these data will be routinely deleted after the retention periods have expired, provided they are no longer used for processing for the fulfillment of a contract or a contract initiation in accordance with Art. 6 Para . 1 lit. b GDPR are required and / or we have no legitimate interest in further storage. Your personal data that is processed on the legal basis to safeguard our legitimate interest in accordance with Art. 6 Para. 1 lit. f GDPR is stored until you exercise your right of objection in accordance with Art. 21 Para. 1 GDPR; unless we can prove compelling legitimate reasons for processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims. Your data, which on a legal basis for the purpose of direct advertising in accordance with Art. 6 Paragraph 1 lit. f GDPR will be stored until you exercise your right of objection in accordance with Art. 21 Paragraph 2 GDPR. Your stored personal data will be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed. This does not apply if the other information in this declaration about specific processing situations indicates otherwise.