i-potentials

Data Privacy

Data protection information

Personal data (hereinafter mostly referred to as “data”) will only be processed by us to the extent necessary and for the purpose of providing a functional and user-friendly website, including its content and the services offered there.

According to Article 4(1) of Regulation (EU) 2016/679, i.e. the General Data Protection Regulation (hereinafter referred to as “GDPR”), “processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

With the following data protection information, we inform you in particular about the type, scope, purpose, duration and legal basis of the processing of personal data, insofar as we decide either alone or together with others on the purposes and means of processing. We also inform you below about the third-party components we use for optimisation purposes and to increase the quality of use, insofar as third parties process data under their own responsibility.

Our data protection information is structured as follows:
1. information about us as the controller
II. rights of users and data subjects
III. Information on data processing
2. information about us as the controller

The responsible provider of this website in terms of data protection law is
i-potentials GmbH
Zimmerstraße 79/80
10117 Berlin
Telephone: 030 609 899 300
Fax: 030 609 899 29
E-mail:

The provider’s data protection officer is
LOROP GmbH
Dennis Schulz
Landgrafenstraße 16
10787 Berlin
Telephone: 030 330 96 26 27
Fax: 030 330 96 26 29
E-mail:

1. Rights of users and data subjects

With regard to the data processing described in more detail below, users and data subjects have the right
– to confirmation as to whether data concerning them is being processed, to information about the processed data, to further information about the data processing and to copies of the data (cf. also Art. 15 GDPR)
– to rectification or completion of incorrect or incomplete data (see also Art. 16 GDPR);
– the immediate erasure of the data concerning them (see also Art. 17 GDPR) or, alternatively, if further processing is required in accordance with Art. 17 para. 3 GDPR, the restriction of processing in accordance with Art. 18 GDPR;
– to receive the data concerning them and provided by them and to transfer this data to other providers/controllers (cf. also Art. 20 GDPR)
– to lodge a complaint with the supervisory authority if they are of the opinion that the data concerning them is being processed by the provider in breach of data protection regulations (cf. also Art. 77 GDPR).

In addition, the provider is obliged to inform all recipients to whom data has been disclosed by the provider of any rectification or erasure of data or restriction of processing carried out on the basis of Articles 16, 17 (1), 18 GDPR. However, this obligation does not apply if this notification is impossible or involves a disproportionate effort. Notwithstanding this, the user has a right to information about these recipients.

Users and data subjects also have the right to object to the future processing of data concerning them in accordance with Art. 21 GDPR, provided that the data is processed by the provider in accordance with Art. 6 para. 1 lit. f) GDPR. In particular, an objection to data processing for the purpose of direct advertising is admissible.

III. Information on data processing
Your data processed when using our website will be deleted or blocked as soon as the purpose of storage no longer applies, the deletion of the data does not conflict with any statutory retention obligations and no other information on individual processing procedures is provided below.

Server data
For technical reasons, in particular to ensure a secure and stable Internet presence, data is transmitted to us or to our web space provider by your Internet browser. These so-called server log files are used to collect data such as the type and version of your Internet browser, the operating system, the website from which you accessed our website (referrer URL), the website(s) of our website that you visit, the date and time of the respective access and the IP address of the Internet connection from which our website is used.

The data collected in this way is stored temporarily, but not together with other data about you.

This storage takes place on the legal basis of Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in the improvement, stability, functionality and security of our website.
The data will be deleted after seven days at the latest, unless further storage is required for evidence purposes. Otherwise, the data is excluded from deletion in whole or in part until an incident has been finally clarified.

Cookies
We use cookies on our website. These are the ones used:
– Cookies from the cookie manager (Borlabs)
– Cookies from our analytics tool (Google Analytics)
Details can be found in the following sections.

Cookie Manager
We use a cookie manager to obtain consent for the use of technically unnecessary cookies on the website. The WordPress plugin “Borlabs” is used for this purpose.
When the website is called up, a cookie with the setting information is stored on the user’s end device so that the request for consent does not have to be made on a subsequent visit.
The legal basis is our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR, which consists of obtaining consent for optional cookies in accordance with the law.
The user can prevent or stop the installation of cookies by changing the settings in their browser.

Removal option:
You can prevent or restrict the installation of cookies by changing the settings of your Internet browser. You can also delete cookies that have already been saved at any time. However, the steps and measures required for this depend on the specific Internet browser you are using. If you have any questions, please use the help function or documentation of your Internet browser or contact its manufacturer or support. In the case of so-called Flash cookies, however, processing cannot be prevented via the browser settings. Instead, you must change the settings of your Flash player. The steps and measures required for this also depend on the specific Flash player you are using. If you have any questions, please also use the help function or documentation of your Flash player or contact the manufacturer or user support.
However, if you prevent or restrict the installation of cookies, this may mean that not all functions of our website can be used to their full extent.

Google Analytics
We use Google Analytics on our website. This is a web analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as “Google”.

The Google Analytics service is used to analyse the usage behaviour of our website. The legal basis is your consent in accordance with Art. 6 para. 1 lit. a) GDPR, which we obtain via the cookie banner. You can revoke your consent at any time by calling up the cookie banner again.

Usage and user-related information, such as IP address, location, time or frequency of visits to our website, may be transmitted to a Google server in the USA and stored there. However, we use Google Analytics with the so-called anonymisation function. This function allows Google to truncate the IP address within the EU or EEA.

In addition, Google currently has an active Data Privacy Framework certification to legitimise the transfer to the USA. You can check this here: https://www.dataprivacyframework.gov/list

The data collected in this way is in turn used by Google to provide us with an analysis of the visit to our website and the usage activities there. This data can also be used to provide other services related to the use of our website and the use of the Internet.
Google states that it will not associate your IP address with any other data. In addition,

Google keeps under
https://www.google.com/intl/de/policies/privacy/partners
for further information on data protection law, including, for example, the options for preventing the use of data.

Google also offers at
https://tools.google.com/dlpage/gaoptout?hl=de
a so-called deactivation add-on along with further information on this. This add-on can be installed with the most common Internet browsers and offers you further control over the data that Google collects when you visit our website. The add-on informs the JavaScript (ga.js) of Google Analytics that information about your visit to our website should not be transmitted to Google Analytics. However, this does not prevent information from being transmitted to us or to other web analysis services.

Contract processing
The data transmitted by you to utilise our range of goods and/or services is processed by us for the purpose of contract processing and is necessary in this respect. Conclusion and fulfilment of the contract are not possible without the provision of your data.
The legal basis for the processing is Art. 6 para. 1 lit. b) GDPR.

We delete the data once the contract has been fully processed, but must observe the retention periods under tax and commercial law.

As part of the contract processing, we pass on your data to the transport company commissioned with the delivery of goods or to the financial service provider, insofar as the transfer is necessary for the delivery of goods or for payment purposes.

The legal basis for the transfer of data is then Art. 6 para. 1 lit. b) GDPR.

Contact enquiries / contact option
If you contact us via the contact form or email, the data you provide will be used to process your enquiry. The provision of the data is necessary for processing and answering your enquiry – without providing it, we cannot answer your enquiry or can only answer it to a limited extent.

The legal basis for this processing is Art. 6 para. 1 lit. b) GDPR.

Your data will be deleted if your enquiry has been conclusively answered and the deletion does not conflict with any statutory retention obligations, such as in the case of any subsequent contract processing.

Online job applications / publication of job advertisements
We offer you the opportunity to apply for a job with us via our website. We differentiate between internal applicants (for an open position at i-potentials) and candidates (for placement with other companies). Please take a look at the respective data protection notices:

i-potentials applicants

see Tab for candidates

Linking social media via graphic or text link
We also advertise our presence on the social networks listed below on our website. The integration takes place via a linked graphic of the respective network. The use of this linked graphic prevents the automatic establishment of a connection to the respective social network server when a website with a social media application is called up in order to display a graphic of the respective network itself. Only by clicking on the corresponding graphic is the user forwarded to the service of the respective social network.
Once the user has been forwarded, the respective network collects information about the user. It cannot be ruled out that the data collected in this way will be processed in the USA.

This is initially data such as IP address, date, time and page visited. If the user is logged into their user account on the respective network during this time, the network operator may be able to assign the information collected about the user’s specific visit to the user’s personal account. If the user interacts via a “Share” button of the respective network, this information can be stored in the user’s personal user account and published if necessary. If the user wants to prevent the collected information from being directly assigned to their user account, they must log out before clicking on the graphic. It is also possible to configure the respective user account accordingly.

The following social networks are integrated into our website through links:

LinkedIn
LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, a subsidiary of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085 USA.
Privacy policy: https://www.linkedin.com/legal/privacy-policy

Instagram
Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA.
Privacy policy: https://help.instagram.com/519522125107875

XING
New Work SE, Am Strandkai 1, 20457 Hamburg, Germany
Privacy policy: https://privacy.xing.com/de/datenschutzerklaerung

based on Muster-Datenschutzerklärung der Anwaltskanzlei Weiß & Partner

modified by LOROP GmbH

Stand 01.03.2024

 

Data protection information for candidates

We are pleased that you are interested in our executive search consulting services and are therefore happy to include you in our talent database so that we can place you with employers who are potentially attractive to you.

Who is responsible for data processing?

The controller in terms of data protection law is

i-potentials GmbH

Zimmerstrasse 79/80

10117 Berlin

You can find further information about our company, details of the persons authorized to represent us and also further contact options in our imprint on our website: https://i-potentials.de/en/impressum/

Which of your data do we process? And for what purposes?

We process the data that you have provided to us in connection with the creation of your personal candidate profile (https://ipotentials.avature.net/talentpoolE) in order to check your suitability for potential employers and, if necessary, to place you with them.

If applicable, this also involves “profiling” in the sense of data protection law, so that we obtain your consent for this (Art. 22 (2) lit. c DSGVO).

On what legal basis is this based?

The primary legal basis for the processing of your personal data in this candidate procedure is Section 26 BDSG. According to this, the processing of data required in connection with the decision on the establishment of an employment relationship is permissible.

In addition, Art. 6 (1) lit. a DSGVO is the legal basis, as we obtain your consent for this, which you can revoke at any time with effect for the future.

Should the data be required for legal prosecution after the candidate process has been completed, if applicable, data processing may be carried out on the basis of the requirements of Art. 6 DSGVO, in particular to safeguard legitimate interests pursuant to Art. 6 (1) lit. f DSGVO. Our interest then consists in the assertion or defense of claims.

How long is the data stored?

At the end of a calendar year, we check whether further processing of your data is necessary. In principle, data from candidates is deleted three years after the candidate profile has been created.

To which recipients is the data passed on?

We use a specialized software provider for the candidate process. This provider acts as a service provider for us and may also become aware of your personal data in connection with the maintenance and servicing of the systems.

The provider is: Avature GmbH, Reichenbachstraβe 26, 80469 Munich, Germany.

Avature uses sub-processors from third countries, so that a third-country transfer of your personal data is not excluded. Therefore, we have concluded so-called standard contractual clauses with the provider. In addition, the group of companies behind it is also listed on the official website of the Data Privacy Framework: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000TOQNAA4&status=Active.

After your candidate profile has been created, the data will be passed on to potential employers so that they can check your suitability for a position and contact you.

We also use the AI functionalities of the service provider Langdock to increase the efficiency of our business processes. This is Langdock GmbH, Fehrbelliner Straße 4, 10119 Berlin. We have concluded an order processing contract with this service provider.

We use Microsoft Teams for video conferencing. Your data is then passed on to Microsoft accordingly. We have compiled further information for you here:

We also use transcription software to conduct video conferences effectively and efficiently, taking notes on the content and progress of the conversation. In this context, your data will be passed on to the provider “Bliro” (bliro GmbH, Schellingstraße 112, 80798 Munich). We have concluded an order processing contract with Bliro. Bliro uses further sub-processors from the USA, but has assured us that the requirements of Art. 44 ff. DSGVO are met. In particular, European server locations have been configured wherever possible. Furthermore, data privacy framework certifications are available for these sub-processors.

Your rights as a data subject

You have the right to obtain information about the personal data concerning you. You can contact us for information at any time.

In the case of a request for information that is not made in writing, we ask for your understanding that we may require proof from you that you are the person you claim to be.

Furthermore, you have a right to rectification or deletion or to restriction of processing, insofar as you are entitled to this by law.

Finally, you have a right to object to processing within the scope of the law.

A right to data portability also exists within the framework of the data protection legal requirements.

Our data protection officer

We have designated a data protection officer.

You can reach him as follows: LOROP GmbH, Dennis Schulz, Landgrafenstraße 16, 10787 Berlin, E-Mail:

Right of complaint to a supervisory authority

You have the right to complain about the processing of personal data by us to a supervisory authority for data protection.

Data protection information for applicants

We are pleased that you are interested in us and are applying or have applied for a position in our company. We would like to provide you below with information on the processing of your personal data in connection with your application.

Who is responsible for data processing?

The controller in terms of data protection law is

i-potentials GmbH

Zimmerstrasse 79/80

10117 Berlin

You can find further information about our company, details of the persons authorized to represent us and also further contact options in our imprint on our website: https://i-potentials.de/en/impressum/

 

Which of your data do we process? And for what purposes?

We process the data you have sent us in connection with your application in order to assess your suitability for the position (or other open positions in our companies, if applicable) and to carry out the application process.

What is the legal basis for this?

The primary legal basis for processing your personal data in this application procedure is Section 26 of the BDSG. According to this, the processing of data required in connection with the decision on the establishment of an employment relationship is permissible.

Should the data be required for legal prosecution after the conclusion of the application procedure, if applicable, data processing may be carried out on the basis of the requirements of Art. 6 DSGVO, in particular to safeguard legitimate interests pursuant to Art. 6 (1) lit. f) DSGVO. Our interest then consists in the assertion or defense of claims.

How long is the data stored?

Data of applicants will be deleted after 6 months in case of rejection.

In the event that you have agreed to further storage of your personal data, we will transfer your data to our applicant pool. There, the data will be deleted after two years.

If you are awarded a position during the application process, your data will be transferred from the applicant data system to our HR information system.

To which recipients is the data passed on?

We use a specialized software provider for the application process. This provider acts as a service provider for us and may also become aware of your personal data in connection with the maintenance and servicing of the systems.

The provider is: Avature GmbH, Reichenbachstraβe 26, 80469 Munich, Germany.

Avature uses sub-processors from third countries, so that a third-country transfer of your personal data is not excluded. Therefore, we have concluded so-called standard contractual clauses with the provider. In addition, the group of companies behind it is also listed on the official website of the Data Privacy Framework: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000TOQNAA4&status=Active.

Your applicant data will be sifted by the HR department after receipt of your application. Suitable applications are then forwarded internally to the department managers for the respective open position. The further procedure is then coordinated. In principle, only those persons in the company have access to your data who require this for the proper conduct of our application process.

Your rights as a data subject

You have the right to obtain information about the personal data concerning you. You can contact us for information at any time.

In the case of a request for information that is not made in writing, we ask for your understanding that we may require proof from you that you are the person you claim to be.

Furthermore, you have a right to rectification or deletion or to restriction of processing, insofar as you are entitled to this by law.

Finally, you have a right to object to processing within the scope of the law.

A right to data portability also exists within the framework of the data protection legal requirements.

Our data protection officer

We have designated a data protection officer.

You can reach him as follows: LOROP GmbH, Dennis Schulz, Landgrafenstraße 16, 10787 Berlin, E-Mail:

Right of complaint to a supervisory authority

You have the right to complain about the processing of personal data by us to a supervisory authority for data protection.

Data protection information for online meetings, telephone conferences and webinars via “Microsoft Teams” from i-potentials GmbH

In the following, we would like to inform you about the processing of personal data in connection with the use of “Microsoft Teams”.

Purpose of the processing

We use the “Microsoft Teams” tool to conduct telephone conferences, online meetings, video conferences and/or webinars (hereinafter: “online meetings”). “Microsoft Teams” is a service of the Microsoft Corporation.

Responsible

The responsible party for the data processing directly related to conducting ‘online meetings’ is i-potentials GmbH, Zimmerstraße 79/80, 10117 Berlin.

Note: Insofar as you access the “Microsoft Teams” website, the “Microsoft Teams” provider is responsible for data processing. However, accessing the website is only necessary to use “Microsoft Teams” in order to download the software for using “Microsoft Teams”.

If you do not want to or cannot use the “Microsoft Teams” app, you can also use “Microsoft Teams” via your browser. The service is then also provided via the “Microsoft Teams” website.

What data is processed?

Various types of data are processed when using “Microsoft Teams”. The scope of the data also depends on the information you provide before or when participating in an “online meeting”.

The following personal data is processed:

User information: e.g. display name, email address if applicable, profile picture (optional), preferred language

Meeting metadata: e.g. date, time, meeting ID, phone numbers, location

Text, audio and video data: You may have the option of using the chat function in an “online meeting”. In this respect, the text entries you make will be processed in order to display them in the “online meeting”. To enable the display of video and the playback of audio, the data from the microphone of your end device and from any video camera on the end device will be processed for the duration of the meeting. You can turn off the camera or mute the microphone yourself at any time using the “Microsoft Teams” applications.

Scope of processing

We use “Microsoft Teams” to conduct “online meetings”. If we want to record “online meetings”, we will transparently notify you in advance and, if necessary, ask for your consent.

If it is necessary for the purposes of logging the results of an online meeting, we will log the chat content. However, this will not usually be the case.

Automated decision-making within the meaning of Art. 22 GDPR is not used.

Legal basis for data processing

Insofar as personal data of employees of i-potentials GmbH are processed, § 26 BDSG is the legal basis for data processing. If personal data is not required for the establishment, execution or termination of the employment relationship in connection with the use of “Microsoft Teams”, but is nevertheless an elementary component of the use of “Microsoft Teams”, Art. 6 para. 1 lit. f) DSGVO is the legal basis for data processing. In these cases, we are interested in the effective implementation of “online meetings”.

Otherwise, the legal basis for data processing when conducting “online meetings” is Art. 6 (1) point b GDPR, insofar as the meetings are conducted in the context of contractual relationships.

If no contractual relationship exists, the legal basis is Art. 6 (1) point f GDPR. Here, too, our interest lies in the effective conduct of “online meetings”.

Recipients / disclosure of data and data processing outside the European Union

Personal data processed in connection with participation in “online meetings” will not be passed on to third parties, unless they are specifically intended for disclosure. Please note that content from “online meetings”, as with in-person meetings, is often used to communicate information with customers, prospects or third parties and is therefore intended to be shared.

Other recipients: The provider of “Microsoft Teams” necessarily obtains knowledge of the above-mentioned data to the extent provided for in our contract processing agreement with “Microsoft Teams”.

In addition, we use transcription software to conduct video conferences effectively and efficiently, taking notes on the course of the conversation. In this context, your data will be passed on to the provider “Bliro” (bliro GmbH, Schellingstraße 112, 80798 Munich). We have concluded an order processing contract with Bliro. Bliro uses further sub-processors from the USA, but has assured us that the requirements of Art. 44 ff. DSGVO are met. In particular, European server locations have been configured wherever possible. Furthermore, Data Privacy Framework certifications are available for these sub-processors.

Data protection officer

We have appointed a data protection officer.

You can contact him as follows: LOROP GmbH, Dennis Schulz, Landgrafenstraße 16, 10787 Berlin, email:

Your rights as a data subject

You have the right to information about the personal data concerning you. You can contact us at any time for information.

If you request information that is not in writing, please understand that we may ask you to provide proof that you are the person you claim to be.

Furthermore, you have the right to rectification or erasure or to restriction of processing to the extent permitted by law.

Finally, you have a right to object to the processing within the scope of the legal requirements.

A right to data portability also exists within the framework of data protection regulations.

Deletion of data

We generally delete personal data when there is no longer any need for further storage. A requirement may exist in particular if the data is still needed to fulfill contractual services, to check and grant or defend against warranty and, if applicable, guarantee claims. In the case of statutory retention requirements, deletion will only be considered after the respective retention requirement has expired.

Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a data protection supervisory authority regarding our processing of personal data.