Data Privacy

Data protection information

Personal data (hereinafter mostly referred to as “data”) will only be processed by us to the extent necessary and for the purpose of providing a functional and user-friendly website, including its content and the services offered there.

According to Article 4(1) of Regulation (EU) 2016/679, i.e. the General Data Protection Regulation (hereinafter referred to as “GDPR”), “processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

With the following data protection information, we inform you in particular about the type, scope, purpose, duration and legal basis of the processing of personal data, insofar as we decide either alone or together with others on the purposes and means of processing. We also inform you below about the third-party components we use for optimisation purposes and to increase the quality of use, insofar as third parties process data under their own responsibility.

Our data protection information is structured as follows:
1. information about us as the controller
II. rights of users and data subjects
III. Information on data processing
2. information about us as the controller

The responsible provider of this website in terms of data protection law is
i-potentials GmbH
Zimmerstraße 79/80
10117 Berlin
Telephone: 030 609 899 300
Fax: 030 609 899 29
E-mail:

The provider’s data protection officer is
LOROP GmbH
Dennis Schulz
Landgrafenstraße 16
10787 Berlin
Telephone: 030 330 96 26 27
Fax: 030 330 96 26 29
E-mail:

1. Rights of users and data subjects

With regard to the data processing described in more detail below, users and data subjects have the right
– to confirmation as to whether data concerning them is being processed, to information about the processed data, to further information about the data processing and to copies of the data (cf. also Art. 15 GDPR)
– to rectification or completion of incorrect or incomplete data (see also Art. 16 GDPR);
– the immediate erasure of the data concerning them (see also Art. 17 GDPR) or, alternatively, if further processing is required in accordance with Art. 17 para. 3 GDPR, the restriction of processing in accordance with Art. 18 GDPR;
– to receive the data concerning them and provided by them and to transfer this data to other providers/controllers (cf. also Art. 20 GDPR)
– to lodge a complaint with the supervisory authority if they are of the opinion that the data concerning them is being processed by the provider in breach of data protection regulations (cf. also Art. 77 GDPR).

In addition, the provider is obliged to inform all recipients to whom data has been disclosed by the provider of any rectification or erasure of data or restriction of processing carried out on the basis of Articles 16, 17 (1), 18 GDPR. However, this obligation does not apply if this notification is impossible or involves a disproportionate effort. Notwithstanding this, the user has a right to information about these recipients.

Users and data subjects also have the right to object to the future processing of data concerning them in accordance with Art. 21 GDPR, provided that the data is processed by the provider in accordance with Art. 6 para. 1 lit. f) GDPR. In particular, an objection to data processing for the purpose of direct advertising is admissible.

III. Information on data processing
Your data processed when using our website will be deleted or blocked as soon as the purpose of storage no longer applies, the deletion of the data does not conflict with any statutory retention obligations and no other information on individual processing procedures is provided below.

Server data
For technical reasons, in particular to ensure a secure and stable Internet presence, data is transmitted to us or to our web space provider by your Internet browser. These so-called server log files are used to collect data such as the type and version of your Internet browser, the operating system, the website from which you accessed our website (referrer URL), the website(s) of our website that you visit, the date and time of the respective access and the IP address of the Internet connection from which our website is used.

The data collected in this way is stored temporarily, but not together with other data about you.

This storage takes place on the legal basis of Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in the improvement, stability, functionality and security of our website.
The data will be deleted after seven days at the latest, unless further storage is required for evidence purposes. Otherwise, the data is excluded from deletion in whole or in part until an incident has been finally clarified.

Cookies
We use cookies on our website. These are the ones used:
– Cookies from the cookie manager (Borlabs)
– Cookies from our analytics tool (Google Analytics)
Details can be found in the following sections.

Cookie Manager
We use a cookie manager to obtain consent for the use of technically unnecessary cookies on the website. The WordPress plugin “Borlabs” is used for this purpose.
When the website is called up, a cookie with the setting information is stored on the user’s end device so that the request for consent does not have to be made on a subsequent visit.
The legal basis is our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR, which consists of obtaining consent for optional cookies in accordance with the law.
The user can prevent or stop the installation of cookies by changing the settings in their browser.

Removal option:
You can prevent or restrict the installation of cookies by changing the settings of your Internet browser. You can also delete cookies that have already been saved at any time. However, the steps and measures required for this depend on the specific Internet browser you are using. If you have any questions, please use the help function or documentation of your Internet browser or contact its manufacturer or support. In the case of so-called Flash cookies, however, processing cannot be prevented via the browser settings. Instead, you must change the settings of your Flash player. The steps and measures required for this also depend on the specific Flash player you are using. If you have any questions, please also use the help function or documentation of your Flash player or contact the manufacturer or user support.
However, if you prevent or restrict the installation of cookies, this may mean that not all functions of our website can be used to their full extent.

Google Analytics
We use Google Analytics on our website. This is a web analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as “Google”.

The Google Analytics service is used to analyse the usage behaviour of our website. The legal basis is your consent in accordance with Art. 6 para. 1 lit. a) GDPR, which we obtain via the cookie banner. You can revoke your consent at any time by calling up the cookie banner again.

Usage and user-related information, such as IP address, location, time or frequency of visits to our website, may be transmitted to a Google server in the USA and stored there. However, we use Google Analytics with the so-called anonymisation function. This function allows Google to truncate the IP address within the EU or EEA.

In addition, Google currently has an active Data Privacy Framework certification to legitimise the transfer to the USA. You can check this here: https://www.dataprivacyframework.gov/list

The data collected in this way is in turn used by Google to provide us with an analysis of the visit to our website and the usage activities there. This data can also be used to provide other services related to the use of our website and the use of the Internet.
Google states that it will not associate your IP address with any other data. In addition,

Google keeps under
https://www.google.com/intl/de/policies/privacy/partners
for further information on data protection law, including, for example, the options for preventing the use of data.

Google also offers at
https://tools.google.com/dlpage/gaoptout?hl=de
a so-called deactivation add-on along with further information on this. This add-on can be installed with the most common Internet browsers and offers you further control over the data that Google collects when you visit our website. The add-on informs the JavaScript (ga.js) of Google Analytics that information about your visit to our website should not be transmitted to Google Analytics. However, this does not prevent information from being transmitted to us or to other web analysis services.

Contract processing
The data transmitted by you to utilise our range of goods and/or services is processed by us for the purpose of contract processing and is necessary in this respect. Conclusion and fulfilment of the contract are not possible without the provision of your data.
The legal basis for the processing is Art. 6 para. 1 lit. b) GDPR.

We delete the data once the contract has been fully processed, but must observe the retention periods under tax and commercial law.

As part of the contract processing, we pass on your data to the transport company commissioned with the delivery of goods or to the financial service provider, insofar as the transfer is necessary for the delivery of goods or for payment purposes.

The legal basis for the transfer of data is then Art. 6 para. 1 lit. b) GDPR.

Contact enquiries / contact option
If you contact us via the contact form or email, the data you provide will be used to process your enquiry. The provision of the data is necessary for processing and answering your enquiry – without providing it, we cannot answer your enquiry or can only answer it to a limited extent.

The legal basis for this processing is Art. 6 para. 1 lit. b) GDPR.

Your data will be deleted if your enquiry has been conclusively answered and the deletion does not conflict with any statutory retention obligations, such as in the case of any subsequent contract processing.

Online job applications / publication of job advertisements
We offer you the opportunity to apply for a job with us via our website. We differentiate between internal applicants (for an open position at i-potentials) and candidates (for placement with other companies). Please take a look at the respective data protection notices:

i-potentials applicants

see Tab for candidates

Linking social media via graphic or text link
We also advertise our presence on the social networks listed below on our website. The integration takes place via a linked graphic of the respective network. The use of this linked graphic prevents the automatic establishment of a connection to the respective social network server when a website with a social media application is called up in order to display a graphic of the respective network itself. Only by clicking on the corresponding graphic is the user forwarded to the service of the respective social network.
Once the user has been forwarded, the respective network collects information about the user. It cannot be ruled out that the data collected in this way will be processed in the USA.

This is initially data such as IP address, date, time and page visited. If the user is logged into their user account on the respective network during this time, the network operator may be able to assign the information collected about the user’s specific visit to the user’s personal account. If the user interacts via a “Share” button of the respective network, this information can be stored in the user’s personal user account and published if necessary. If the user wants to prevent the collected information from being directly assigned to their user account, they must log out before clicking on the graphic. It is also possible to configure the respective user account accordingly.

The following social networks are integrated into our website through links:

LinkedIn
LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, a subsidiary of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085 USA.
Privacy policy: https://www.linkedin.com/legal/privacy-policy

Instagram
Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA.
Privacy policy: https://help.instagram.com/519522125107875

XING
New Work SE, Am Strandkai 1, 20457 Hamburg, Germany
Privacy policy: https://privacy.xing.com/de/datenschutzerklaerung

based on Muster-Datenschutzerklärung der Anwaltskanzlei Weiß & Partner

modified by LOROP GmbH

Stand 01.03.2024

 

Data protection information for candidates

We are pleased that you are interested in our executive search consulting services and are therefore happy to include you in our talent database so that we can place you with employers who are potentially attractive to you.

Who is responsible for data processing?

The controller in terms of data protection law is

i-potentials GmbH

Zimmerstrasse 79/80

10117 Berlin

You can find further information about our company, details of the persons authorized to represent us and also further contact options in our imprint on our website: https://i-potentials.de/en/impressum/

Which of your data do we process? And for what purposes?

We process the data that you have provided to us in connection with the creation of your personal candidate profile (https://ipotentials.avature.net/talentpoolE) in order to check your suitability for potential employers and, if necessary, to place you with them.

If applicable, this also involves “profiling” in the sense of data protection law, so that we obtain your consent for this (Art. 22 (2) lit. c DSGVO).

On what legal basis is this based?

The primary legal basis for the processing of your personal data in this candidate procedure is Section 26 BDSG. According to this, the processing of data required in connection with the decision on the establishment of an employment relationship is permissible.

In addition, Art. 6 (1) lit. a DSGVO is the legal basis, as we obtain your consent for this, which you can revoke at any time with effect for the future.

Should the data be required for legal prosecution after the candidate process has been completed, if applicable, data processing may be carried out on the basis of the requirements of Art. 6 DSGVO, in particular to safeguard legitimate interests pursuant to Art. 6 (1) lit. f DSGVO. Our interest then consists in the assertion or defense of claims.

How long is the data stored?

At the end of a calendar year, we check whether further processing of your data is necessary. In principle, data from candidates is deleted three years after the candidate profile has been created.

To which recipients is the data passed on?

We use a specialized software provider for the candidate process. This provider acts as a service provider for us and may also become aware of your personal data in connection with the maintenance and servicing of the systems.

The provider is: Avature GmbH, Reichenbachstraβe 26, 80469 Munich, Germany.

Avature uses sub-processors from third countries, so that a third-country transfer of your personal data is not excluded. Therefore, we have concluded so-called standard contractual clauses with the provider. In addition, the group of companies behind it is also listed on the official website of the Data Privacy Framework: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000TOQNAA4&status=Active.

After your candidate profile has been created, the data will be passed on to potential employers so that they can check your suitability for a position and contact you.

Your rights as a data subject

You have the right to obtain information about the personal data concerning you. You can contact us for information at any time.

In the case of a request for information that is not made in writing, we ask for your understanding that we may require proof from you that you are the person you claim to be.

Furthermore, you have a right to rectification or deletion or to restriction of processing, insofar as you are entitled to this by law.

Finally, you have a right to object to processing within the scope of the law.

A right to data portability also exists within the framework of the data protection legal requirements.

Our data protection officer

We have designated a data protection officer.

You can reach him as follows: LOROP GmbH, Dennis Schulz, Landgrafenstraße 16, 10787 Berlin, E-Mail:

Right of complaint to a supervisory authority

You have the right to complain about the processing of personal data by us to a supervisory authority for data protection.

Data protection information for applicants

We are pleased that you are interested in us and are applying or have applied for a position in our company. We would like to provide you below with information on the processing of your personal data in connection with your application.

Who is responsible for data processing?

The controller in terms of data protection law is

i-potentials GmbH

Zimmerstrasse 79/80

10117 Berlin

You can find further information about our company, details of the persons authorized to represent us and also further contact options in our imprint on our website: https://i-potentials.de/en/impressum/

 

Which of your data do we process? And for what purposes?

We process the data you have sent us in connection with your application in order to assess your suitability for the position (or other open positions in our companies, if applicable) and to carry out the application process.

What is the legal basis for this?

The primary legal basis for processing your personal data in this application procedure is Section 26 of the BDSG. According to this, the processing of data required in connection with the decision on the establishment of an employment relationship is permissible.

Should the data be required for legal prosecution after the conclusion of the application procedure, if applicable, data processing may be carried out on the basis of the requirements of Art. 6 DSGVO, in particular to safeguard legitimate interests pursuant to Art. 6 (1) lit. f) DSGVO. Our interest then consists in the assertion or defense of claims.

How long is the data stored?

Data of applicants will be deleted after 6 months in case of rejection.

In the event that you have agreed to further storage of your personal data, we will transfer your data to our applicant pool. There, the data will be deleted after two years.

If you are awarded a position during the application process, your data will be transferred from the applicant data system to our HR information system.

To which recipients is the data passed on?

We use a specialized software provider for the application process. This provider acts as a service provider for us and may also become aware of your personal data in connection with the maintenance and servicing of the systems.

The provider is: Avature GmbH, Reichenbachstraβe 26, 80469 Munich, Germany.

Avature uses sub-processors from third countries, so that a third-country transfer of your personal data is not excluded. Therefore, we have concluded so-called standard contractual clauses with the provider. In addition, the group of companies behind it is also listed on the official website of the Data Privacy Framework: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000TOQNAA4&status=Active.

Your applicant data will be sifted by the HR department after receipt of your application. Suitable applications are then forwarded internally to the department managers for the respective open position. The further procedure is then coordinated. In principle, only those persons in the company have access to your data who require this for the proper conduct of our application process.

Your rights as a data subject

You have the right to obtain information about the personal data concerning you. You can contact us for information at any time.

In the case of a request for information that is not made in writing, we ask for your understanding that we may require proof from you that you are the person you claim to be.

Furthermore, you have a right to rectification or deletion or to restriction of processing, insofar as you are entitled to this by law.

Finally, you have a right to object to processing within the scope of the law.

A right to data portability also exists within the framework of the data protection legal requirements.

Our data protection officer

We have designated a data protection officer.

You can reach him as follows: LOROP GmbH, Dennis Schulz, Landgrafenstraße 16, 10787 Berlin, E-Mail:

Right of complaint to a supervisory authority

You have the right to complain about the processing of personal data by us to a supervisory authority for data protection.

Data protection information for online meetings, telephone conferences and webinars via “Microsoft Teams” of i-potentials GmbH

We would like to inform you below about the processing of personal data in connection with the use of “Microsoft Teams”.

Purpose of processing

We use the tool “Microsoft Teams” to conduct telephone conferences, online meetings, video conferences and/or webinars (hereinafter: “online meetings”). “Microsoft Teams” is a service provided by Microsoft Corporation.

Controller

The controller for data processing directly related to the conduct of “Online Meetings” is i-potentials GmbH, Zimmerstraße 79/80, 10117 Berlin.

Note: Insofar as you call up the “Microsoft Teams” Internet site, the “Microsoft Teams” provider is responsible for data processing. However, calling up the Internet page is only necessary to use “Microsoft Teams” in order to download the software for using “Microsoft Teams”.

If you do not want to or cannot use the “Microsoft Teams” app, you can also use “Microsoft Teams” via your browser. The service will then also be provided via the “Microsoft Teams” website to that extent.

 

What data is processed?

When using “Microsoft Teams”, various types of data are processed. The scope of the data also depends on the data you provide before or during participation in an “online meeting”.

The following personal data are subject to processing:

  • User details: e.g. display name (“Display name”), e-mail address if applicable, profile picture (optional), preferred language
  • Meeting metadata: e.g. date, time, meeting ID, phone numbers, location
  • Text, audio and video data: you may have the option of using the chat function in an “online meeting”. To this extent, the text entries you make are processed in order to display them in the “online meeting”. In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device will be processed accordingly for the duration of the meeting. You can turn off or mute the camera or microphone yourself at any time via the “Microsoft Teams” applications.

Scope of processing

We use “Microsoft Teams” to conduct “online meetings.” If we want to record “online meetings”, we will transparently inform you in advance and – if necessary – ask for consent.

If it is necessary for the purposes of logging the results of an online meeting, we will log the chat content. However, this will usually not be the case.

Automated decision-making within the meaning of Art. 22 DSGVO is not used.

Legal basis of data processing

Insofar as personal data of employees of i-potentials GmbH is processed, § 26 BDSG is the legal basis for data processing. If, in connection with the use of “Microsoft Teams”, personal data is not required for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary component in the use of “Microsoft Teams”, Art. 6 (1) lit. f) DSGVO is the legal basis for data processing. In these cases, our interest is in the effective implementation of “online meetings”.

For the rest, the legal basis for data processing when conducting “online meetings” is Art. 6 (1) lit. b) DSGVO, insofar as the meetings are conducted in the context of contractual relationships.

Recipients / passing on of data

Personal data processed in connection with participation in “Online Meetings” will not be disclosed to third parties as a matter of principle, unless it is specifically intended for disclosure. Please note that the content of “online meetings”, as well as personal meetings, is often used to communicate information with customers, interested parties or third parties and is therefore intended to be passed on.

Other recipients: the provider of “Microsoft Teams” necessarily receives knowledge of the above-mentioned data, insofar as this is provided for in the context of our order processing agreement with “Microsoft Teams”.

Data processing outside the European Union

Data processing outside the European Union (EU) does not take place as a matter of principle, as we have restricted our storage location to data centers in the European Union. However, we cannot exclude the routing of data via Internet servers that are located outside the EU. This may be the case in particular if participants in “Online Meeting” are located in a third country.

However, the data is encrypted during transport over the Internet and thus protected against unauthorized access by third parties.

Data protection officer

We have designated a data protection officer.

You can reach him as follows: LOROP GmbH, Dennis Schulz, Landgrafenstraße 16, 10787 Berlin, E-Mail:

Your rights as a data subject

You have the right to obtain information about the personal data concerning you. You can contact us for information at any time.

In the case of a request for information that is not made in writing, we ask for your understanding that we may require proof from you that you are the person you claim to be.

Furthermore, you have a right to rectification or deletion or to restriction of processing, insofar as you are entitled to this by law.

Finally, you have a right to object to processing within the scope of the law.

A right to data portability also exists within the framework of the data protection legal requirements.

Deletion of data

We generally delete personal data when there is no need for further storage. A requirement may exist in particular if the data is still needed to fulfill contractual services, to check and grant or defend against warranty and, if applicable, guarantee claims. In the case of statutory retention obligations, deletion will only be considered after expiry of the respective retention obligation.

Right of complaint to a supervisory authority

You have the right to complain about the processing of personal data by us to a supervisory authority for data protection.