Data Privacy Statement

Name and contact information of the controller pursuant to Article 4 (7) GDPR

INP Deutschland GmbH
Werkstraße 5
67354 Römerberg
Germany
+49 6232 6869-0
+49 6232 6869-99
Email: info@inp-e.com

Data Protection Contact at INP

datenschutz@inp-e.com

We consider it our primary responsibility to guard the confidentiality of the personal data you provide and to protect it from unauthorized access. Therefore, we use the utmost care and up-to-date security standards to guarantee maximum protection of your personal data.

As a company governed by private law, we are subject to the provisions of the European General Data Protection Regulation (GDPR) and the regulations of the German Federal Data Protection Act (BDSG). We have taken technical and organizational measures that ensure that both we and our external service providers comply with data protection provisions.

Definitions

The legislature demands that personal data be processed legally, in good faith, and in a way that the person concerned can trace and comprehend (“legality, processing in good faith, transparency”). To guarantee this, we wish to inform you about the individual statutory definitions that are also used in this data privacy statement:

1.    Personal data
“Personal data” means any information related to an identified or identifiable natural person (“person concerned”). A natural person is deemed identifiable if that person can be directly or indirectly identified using an allocation to an identifier such as a name, an ID number, location data, an online identifier, or one or more particular features that express this person’s physical, psychological, genetic, mental, economic, cultural or social identity.


2.    Processing
“Processing” means any procedure or series of procedures, executed with or without the help of automated processes, performed in connection with personal data. These include collecting, recording, organizing, arranging, storing, adjusting, altering, reading, retrieving, using, disclosing (through transmission, dissemination or other means of provision), comparing, linking, restricting, deleting or destroying that data.

3.    Restriction of processing
“Restriction of processing” means marking stored personal data to restrict its processing in the future.

4.    Profiling
“Profiling” means automatically processing personal data to assess particular aspects related to a natural person, especially to analyze or predict that natural person’s work productivity, economic situation, health, personal preferences, interests, reliability, behavior, abode or change of abode.

5.    Pseudonymization
“Pseudonymization” means processing personal data so it can no longer be attributed to a specific person concerned without relying on additional information, insofar as that additional information is stored separately and is subject to technical and organizational measures which ensure that the personal data cannot be attributed to an identified or identifiable natural person.

6.    File system
“File system” means any structured collection of personal data which is accessible according to certain criteria, regardless of whether that collection is kept in an orderly fashion centrally, locally, or according to functional or geographical factors.

7.    Controller
“Controller” means a natural person or legal entity, authority, institution or other agency, which decides, alone or with others, on the purposes and means of processing personal data. If the purpose and means of that processing are prescribed by the laws of the European Union or the member states, those laws can also prescribe the controller or the criteria by which the controller is named.

8.    Processor
“Processor” means a natural person or legal entity, authority, institution or other agency that processes personal data on behalf of the controller.

9.    Recipient
“Recipient” means a natural person or legal entity, authority, institution or other agency to whom personal data are disclosed, regardless of whether this involves a third party. However, authorities who might receive personal data as part of a certain investigation mandate under the legislation of the European Union or the laws of the member states are not deemed recipients. The authorities named will process that data pursuant to the applicable data protection regulations according to the purposes of the processing.

10.    Third parties
“Third party” means a natural person or legal entity, authority, institution or other agency besides the person concerned, the controller, the processor and the people who are authorized to process personal data under the direct authority of the controller or the processor.

11.    Consent
The “consent” of the person concerned means any declaration of will voluntarily given for a particular case, unmistakably and in an informed manner, in the form of a declaration or other unambiguous confirming action with which the person concerned makes understood that they agree with the processing of the personal data which concerns them.

 

Legality of processing

The processing of personal data is legal only if that processing has a legal basis. Under Article 6 (1) lit. a–f GDPR, legal bases for processing can particularly include:

a.    the person concerned has consented to have the personal data concerning them processed for one or more specific purposes;
b.    the processing is necessary to fulfil a contract whose contracting party is the person concerned, or to implement pre-contractual measures requested by the person concerned;
c.    the processing is necessary to fulfil a legal obligation to which the controller is subject;
d.    the processing is necessary to protect the vital interests of the person concerned or another natural person;
e.    the processing is necessary to execute a task which is (1) in the public interest or (2) performed in the exercise of official authority which has been transferred to the controller;
f.    the processing is necessary to safeguard the legitimate interests of the controller or a third party, unless the interests or basic rights and freedoms of the person concerned which require the protection of personal data take precedence, especially if the person concerned is a child.

 

Information about collecting personal data

(1) In the following, we wish to inform you about the collection of personal data when you use our website. Personal data include name, address, email addresses, and user behavior.
 
(2) When you contact us through email, we will store the data you disclose (your email address, possibly your name and telephone number) so we can answer your questions. We will delete the data accumulated in this context as soon as we no longer need to store it, unless we are required to store it by law, in which case we will restrict its processing.

Collection of personal data during a visit to our website
If you use our website only for informational purposes, and therefore choose not to register or otherwise transmit information to us, we will collect only the personal data that your browser transmits to our server. If you wish to view our website, we will collect the following data that is technically necessary for us to show you our website and ensure its stability and security (legally based on Art. 6 (1) sentence 1 lit. f GDPR):
 
–    IP address
–    Date and time of the inquiry
–    Time difference with Greenwich Mean Time (GMT)
–    Content of the request (specific page)
–    Access status / HTTP status code
–    Quantity of transferred data
–    Website from which the request comes
–    Browser
–    Operating system and its interface
–    Language and version of the browser software
 

Use of cookies

(1) Besides the aforementioned data, cookies will be stored on your computer while you use our website. Cookies are small text files which are stored on your hard drive by the browser you use, and which send certain information to the location that set the cookie. Cookies cannot execute programs or transfer viruses to your computer. They serve only to make our internet offerings more effective and user-friendly.

(2) This website uses the following types of cookies, whose scope and functionality will be explained in the following:

–    Transient cookies (see a.)
–    Persistent cookies (see b.)

a.    Transient cookies are deleted automatically when you close your browser. They especially include session cookies. These store a “session ID,” with which various inquires from your browser can be allocated to the same session. This allows your computer to be recognized again if you return to our website. The session cookies will be deleted when you log out or close your browser.

b.    Persistent cookies will be deleted automatically after a preset duration, which can vary from cookie to cookie. You can delete the cookies in your browser’s security settings at any time.

c.    You can adjust your browser settings as you wish, and, for example, deny the acceptance of third-party cookies, or all cookies. “Third-party cookies” are set by a third party (i.e., not by the website you are currently visiting). We point out that if you deactivate cookies you may not be able to use all of this website’s functions.

d.    We set cookies so we can identify you during subsequent visits, in case you have set up an applicant profile with us. Otherwise, you would have to log in each time you visit.

 

Other functions and offerings of our website

(1) Besides the purely informative use of our website, we offer various services you can use if you wish. To do so, you must normally provide additional personal data that we will use to render the service in question and to which the aforementioned principles for data processing apply.

(2) We might sometimes use external service providers to process your data. We choose and commission these service providers carefully. They are bound by our instructions and are supervised periodically.

(3) If our service provider or partner is headquartered in a country outside the European Economic Area (EEA), we will inform you about the consequences of this circumstance in the offer description.

Using our applicant portal
(1) If you would like to apply for our company through our applicant portal, you will need to provide personal data which we need for the application process. The mandatory information is marked separately; further information is voluntary.

(2) We will store and use your application data exclusively for the job search and for job applications with our customers. As a first step, your data will be forwarded in a pseudonymized profile if possible.

(3) It will be stored as long as necessary for us to render our service (successful job placement). Moreover, we will store your data in our applicant pool for future job searches.

(4) When you set up a user account under “My Account,” the data you provide will be stored subject to withdrawal. You can always delete any further data, including your user account, in the customer area.

 

Children

Our offers are made exclusively to adults. Persons under 18 should never transmit personal data to us without permission from their parents or legal guardians.
 

Rights of the person concerned

(1) Right to withdraw consent
If the processing of your personal data is based on consent you have granted, you may withdraw that consent at any time. Withdrawing that consent will not affect the legality of any processing that has already taken place.

You can turn to us at any time to exercise your right of withdrawal.

(2) Right to confirmation
    You have the right to demand from the controller a confirmation of whether we are processing personal data which concerns you. You may demand that confirmation at any time, using the contact data specified above.

(3) Right to information
    If your personal data are being processed, you may demand information at any time about that data and about the following information:

a.    the purpose of processing;
b.    the categories of the personal data being processed;
c.    the recipients or categories of recipients to whom the personal data have been or will be disclosed, especially if those recipients are in third countries or international organizations;
d.    if possible, the storage period planned for the personal data, or if this is impossible, the criteria for determining that period;
e.    the existence of a right to correction or deletion of the personal data concerning you, or to restrict its processing by the controller, or a right to object to that processing;
f.    the existence of a right to complain to a supervisory authority;
g.    if the personal data were not collected from the person concerned, all available information about the origin of the data;
h.    the existence of an automatic decision-making process, including profiling under Article 22 (1 and 4) GDPR and—at least in these cases—meaningful information about the involved logic and implications, and the envisaged effects that such processing would have for the person concerned.

If personal data is transmitted to a third country or international organization, you have the right to be informed about appropriate guarantees under Article 46 GDPR in connection with the transmission. We will provide one copy of the personal data which is the object of the processing. For all additional copies you request, we may charge an appropriate fee based on the administrative costs. If you make the request electronically, the information will be provided in a current electronic format unless the request states otherwise. The right to obtain a copy under paragraph 3 must not impair the rights and freedoms of other people.

(4) Right to correction   
    You may demand that we correct without undue delay any incorrect personal data concerning you. Considering the purpose of the processing, you may demand the completion of incomplete personal data, including by using a supplemental statement.

(5) Right to deletion (“right to be forgotten”)
    You may demand from the controller that personal data concerning you be deleted without undue delay, and we are obligated to delete personal data without undue delay if one of the following grounds has been constituted:

a.    The personal data is no longer needed for the purposes for which it was collected or otherwise processed.
b.    The person concerned withdraws that party’s consent on which the processing is based under Article 6 (1) a or Art. 9 (2) a GDPR, and no other legal basis for the processing exists.
c.    The person concerned lodges an objection against the processing under Art. 21 (1) GDPR, and no overriding legitimate grounds for the processing exist, or the person concerned lodges an objection against the processing under Art. 21 (2) GDPR.
d.    The personal data was illegally processed.
e.    The personal data must be deleted to fulfil a legal obligation under the legislation of the European Union or the laws of the member states to which the controller is subject.
f.    The personal data was collected in connection with offered services of the information society under Art. 8 (1) GDPR.

If the controller has publicized the personal data and that party is obligated to delete that data under paragraph 1, the controller shall take suitable measures, including technical ones, taking into consideration available technology and implementation costs, to inform the party responsible for data processing, who processes the personal data, that a person concerned has demanded that the processor delete all links to this personal data as well as copies or replications thereof.

No right to deletion (“right to be forgotten”) exists if the processing is necessary:

–    to exercise the rights to free information and expression of opinion;
–    to fulfil the legal obligation which the processing requires under the legislation of the European Union or the laws of the member states to which the controller is subject, or to execute a task which is (1) in the public interest or (2) performed in the exercise of official authority which has been transferred to the controller;
–    for reasons of public interest in the area of public health under Art. 9 (2) h and i, as well as Art. 9 (3) GDPR;
–    for purposes of archiving, or scientific or historical research, which benefit the public, or for statistical purposes under Art. 89 (1) GDPR, if the right provided for in paragraph 1 is anticipated to prevent or seriously impair the realization of this processing’s objectives, or
–    to assert, exercise or defend against legal claims.

(6) Right to restriction of processing
    You may demand that we restrict the processing of your personal data if one of the following conditions has been met:

a.    the person concerned disputes the correctness of the personal data for a duration that enables the controller to check that data’s correctness,
b.    the processing is illegal, but the person concerned rejects the deletion of the personal data and instead demands that its use be restricted;
c.    the controller no longer needs the personal data for processing purposes, but the person concerned needs that data to assert, exercise or defend against legal claims, or
d.    the person concerned has lodged an objection against the processing under Art. 21 (1) GDPR, provided it has not yet been established whether the legitimate grounds of the controller outweigh those of the person concerned.

If processing has been restricted under the aforementioned conditions, these personal data – regardless of their storage – will be processed only (1) with the consent of the person concerned, (2) to assert, exercise or defend against legal claims, (3) to protect the rights of another natural or legal person, or (4) for reasons of a vital public interest of the European Union or a member state.

To assert their right to restrict processing, the person concerned can contact us at any time using the contact information given above.


(7) Right to data portability
You may obtain in a structured, current and machine-readable format the personal data concerning you which you have provided to us, and you may transfer that data to another controller, without being hindered in so doing by the controller to whom the personal data was provided, as long as:

a.    the processing is based on consent under Art. 6 (1) a or Art. 9 (2) a, or on a contract under Art. 6 (1) b GDPR and

b.    the processing takes place using an automated operation.

When exercising your right to data portability under paragraph 1, you may have your personal data transmitted directly from one controller to another if this is technically feasible. Exercising your right to data portability will not effect the right to deletion (the “right to be forgotten”). This right does not apply to data processing that (1) is necessary to perform a task, (2) lies in the public interest, or (3) occurs in the exercising of public authority that has been transferred to the controller.

(8) Right to object
You may file an objection against the personal data concerning you being processed under Art. 6 (1) e or f GDPR, for reasons resulting from your particular situation. This also applies to any profiling based on these provisions. The controller will no longer process the personal data unless that party can prove that compulsory reasons for doing so (which are worth protecting) override the interests, rights and freedoms of the person concerned, or that the processing helps to assert, exercise or defend against legal claims.

If personal data are processed to instigate direct marketing, you may object to the personal data concerning you being processed for that purpose. This also applies to any profiling associated with such direct marketing. If you object to your personal data being processed for the purpose of direct marketing, such processing will cease.

In connection with the use of services of the information society, you may exercise your right to object using an automated process during which technical specifications will be used, regardless of Directive 2002/58/EC.

You may file an objection against the personal data concerning you being processed for purposes of science, historical research, or statistics, under Art. 89 (1), for reasons resulting from your particular situation, unless that processing is necessary to fulfil a task benefitting the public.

You may consult the respective controller at any time to exercise your right to object.

(9) Automated decisions in individual cases including profiling
You have the right to not be subjected to a decision that affects you legally, or similarly impairs you, if that decision is based exclusively on automated processing, including profiling. This does not apply if the decision:

a.    is necessary to conclude or fulfill a contract between the person concerned and the controller,

b.    is permitted under the legal regulations of the European Union, or the member states to which the controller is subject, and those legal regulations contain appropriate measures for safeguarding the rights, freedoms and legitimate interests of the person concerned or

c.    is made with the express consent of the person concerned.

The controller takes appropriate measures to safeguard the rights, freedoms, and legitimate interests of the person concerned, including at least the following rights: the right to effect the intervention of a person from the side of the controller, the right to present one’s own position, and the right to contest the decision.

The person concerned may exercise this right at any time by consulting the respective controller.

(10) Right to complain to a supervisory authority
You may also complain to a supervisory authority, especially in the member state of your abode, your workplace, or the location of the alleged breach, without prejudice to other legal remedies under administrative or judicial law, if the person concerned believes that the processing of the personal data concerning them breaches this directive.

(11) Right to effective judicial remedy
Regardless of any available legal remedy that is extrajudicial or governed by administrative law, including the right to complain to a supervisory authority under Art. 77 GDPR, you have the right to effective judicial remedy if you believe that the rights to which you are entitled under this directive have been breached because your personal data have been processed in a manner not consistent with this directive.
 

Use of Google Analytics

(1) This website uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses cookies: text files that are stored on your computer and allow us to analyze how you use our website. The information the cookie generates about how you use this website is normally transmitted to a Google server in the USA and stored there. If IP anonymization is activated on this website, however, Google will truncate your IP address in advance within member states of the European Union or other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. On behalf of this website’s operator, Google will use this information to evaluate your use of the website, to assemble reports about website activities, and to render further services for the website’s operator connected to website and internet use.

(2) The IP address that your browser has transmitted as part of Google Analytics will not be combined with other Google data.

(3) You can prevent cookies from being stored by adjusting the settings of your browser software appropriately, but we must point out that if you do, you may not be able to use all of this website’s functions to their full extent. You can prevent Google from recording or processing the data the cookie generates which relates to your use of the website (including your IP address) by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en.

(4) This website uses Google Analytics with the extension “_anonymizeIp().” This will allow IP addresses to be further processed in a truncated form, ruling out any personal connection. If the data collected about you somehow begins to refer to you, this reference will be excluded, and the personal data deleted, without undue delay.

(5) We use Google Analytics to analyze the use of our website so we can improve it periodically. We can improve our offer via the statistics we have gained, and design it in a more interesting way for you as its user. For the exceptional cases in which personal data has been transmitted to the USA, Google has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework  The use of Google Analytics is legally based on Art. 6(1) sentence 1 lit. f GDPR.

(6) Information of the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User conditions: https://policies.google.com/terms?hl=en&fg=1  overview of data privacy: https://policies.google.com/?hl=en&fg=1 as well as the data privacy statement: https://policies.google.com/privacy?hl=en&fg=1 

(7) This website also uses Google Analytics to perform a cross-device analysis of visitor influx via a user ID. You can deactivate the cross-device analysis of your use in your customer account, under “My Data,” “Personal Data.”

Use of Facebook Pixel

We use the remarketing function "Custom Audiences" of Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland "Facebook") on our website.
Meta Platforms Ireland and we are jointly responsible for the collection of your data when the service is integrated and the transmission of this data to Facebook.
The basis for this is an agreement between us and Meta Platforms Ireland on the joint processing of personal data, in which the respective responsibilities are defined. The agreement is available at https://www.facebook.com/legal/controller_addendum.

Accordingly, we are responsible in particular for fulfilling the information obligations pursuant to Art. 13, 14 GDPR, for compliance with the security requirements of Art. 32 GDPR with regard to the correct technical implementation and configuration of the service and for compliance with the obligations pursuant to Art. 33, 34 GDPR, insofar as a breach of the protection of personal data affects our obligations under the joint processing agreement. Meta Platforms Ireland is responsible for enabling the rights of data subjects pursuant to Art. 15 - 20 GDPR, for complying with the security requirements of Art. 32 GDPR with regard to the security of the Service and for complying with the obligations under Art. 33, 34 GDPR to the extent that a personal data breach affects our obligations under the Joint Processing Agreement.

The purpose of the application is to target visitors to the website with interest-based advertising on the Facebook social network. The Facebook remarketing tag has been implemented on the website for this purpose. This tag is used to establish a direct connection to the Facebook servers when the website is visited. This tells the Facebook server which of our pages you have visited. Facebook assigns this information to your personal Facebook user account. When you visit the Facebook social network, you will then be shown personalized, interest-based Facebook ads. Your data may be transferred to the USA.
Data is transferred on the basis of standard contractual clauses as suitable guarantees for the protection of personal data, which can be viewed at https://www.facebook.com/legal/EU_data_transfer_addendum.

The use of cookies or comparable technologies takes place with your consent on the basis of § 25 para. 1 sentence 1 TTDSG i.V.m. Art. 6 para. 1 lit. a GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. You can find more information on the collection and use of data by Facebook, your rights in this regard and options for protecting your privacy in Facebook's privacy policy at https://www.facebook.com/about/privacy/.

Use of social media plug-ins

(1) We currently use the following social media plug-ins: Xing, LinkedIn. We use the “two click” solution. This means that whenever you visit our site, no personal data is forwarded to the providers of the plug-ins at first. You will recognize the provider of the plug-in by the markings on the box surrounding its initial letter, or by the logo. We give you the opportunity to use the button to communicate directly with the plug-in’s provider. Only if you click on the marked field to activate it will the plug-in’s provider be informed that you have accessed the corresponding website of our online offerings. In addition, the data mentioned under § 3 of this statement will be transmitted. For Xing, the IP address will be anonymized in Germany immediately after it has been collected, according to the provider. By activating the plug-in, personal data will be transmitted from you to the respective personal data provider and stored there (for US providers, in the USA). Since the plug-in provider collects data through cookies in particular, we recommend that you delete all cookies through your browser’s security settings before clicking on the grayed-out box.

(2) We have no influence on the collected data or data processing operations, and are unaware of the full extent of the data collection, the purposes of processing, or the storage periods. Neither do we have any information about the collected data’s deletion through the plug-in provider.

(3) The plug-in provider stores the data collected about you as a user profile and uses that profile for advertising, market research, and designing its website as needed. Such an evaluation is made in particular (including for users who haven’t logged in) to present advertising as needed, and to inform other users of the social network about your activities on our website. You have the right to object to the forming of this user profile. To exercise this right, you must consult the plug-in provider in question. By using plug-ins, we are giving you the chance to interact with the social networks and other users so that we can improve our offer and design it in a more interesting way for you as its user. The use of plug-ins is legally based on Art. 6(1) sentence 1 lit. f GDPR.

(4) The data will be forwarded regardless of whether you possess an account, or are logged in with the plug-in provider. If you are logged in with the plug-in provider, the data we collect about you will be assigned directly to your account with the plug-in provider. If you click on the activated button and link the site, for example, the plug-in provider will also store this information in your user account and will share your contacts publicly. We recommend that you log out regularly after using a social network—especially before activating the button—since this will allow you to avoid such an assignment to your profile with the plug-in provider.

(5) You can obtain additional information about the purpose and extent of the data collection and its data processing by the plug-in provider in the data privacy statements from this provider communicated hereinafter. There you will also obtain further information about your rights in this matter, and options for changing your settings to protect your privacy.

(6) Addresses, URLs, and data protection notices of the respective plug-in providers:

a.    Xing AG, Gänsemarkt 43, 20354 Hamburg, DE; privacy.xing.com/en/privacy-policy.

b.    LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; www.linkedin.com/legal/privacy-policy. LinkedIn has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework 

c.    Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland; https://www.facebook.com/about/privacy/.

Processor

We use external service providers (processors) to program our website, operate our applicant portal, etc. Separate data processing contracts are concluded with these service providers to guarantee the protection of your personal data.
 

We cooperate with the following service providers:

Website

format, Software-Entwicklung und EDV-Systeme GmbH, Tulpenstr. 19c, D-76337 Waldbronn, Germany, Fax: +49 7243 5263-13, email: info @ formatsoft.de, www.formatsoft.de

Email communication

Hornetsecurity GmbH, Am Listholze 78, 30177 Hannover, Germany, Tel.: +49 511 515 464-0, email: info@hornetsecurity.com

Continuum AG, Bismarckallee 7b-d, 79098 Freiburg, Germany, Tel.: +49 (0)761 217 111-0, email: info@continum.net, www.continuum.net

Application portal

eRecruiter GmbH, Am Winterhafen 4, A-4020 Linz, Universitätsring 8/Stg. II/1A, A-1010 Vienna, Austria, Tel.: +43 732 286125, email: office@eRecruiter.net, https://www.erecruiter.net/en

Should there be any doubts or questions regarding the above mentioned data privacy statement, please feel free to contact us at any time.