Data Privacy Policy

This Data Privacy Policy informs you about the types, scopes, purposes, and legal bases of the collection and processing of your personal data when using our website and the below mentioned third-party websites, and the rights to which you are entitled under the General Data Protection Regulation (GDPR).

1. Controller: Who we are and how to reach us

a) Responsibility for Data Processing on Our Website
The associated companies will hereinafter be collectively referred to as “io”.

io consultants GmbH & Co. KG is responsible for producing and editing the content on the website of io. The following companies belong to io:

  • io consultants GmbH & Co. KG (“io consultants”)
  • io DigitalSolutions GmbH (“„io DigitalSolutions”)
  • io BuildingServices GmbH (“io BuildingServices”)
  • io consultants L.P. (“io consultants USA”)
  • io group L.P. (“io group USA”)

The controller responsible for the processing of the data on the www.io group.com website is:
io-consultants GmbH & Co. KG
STADTTOR Speyerer Str. 14
69115 Heidelberg

If you have any questions, recommendations, or complaints regarding the protection of your data, please contact our data protection officer
Protadus GmbH
Kurfürsten-Anlage 59
69115 Heidelberg

b) Responsibility for Third-Party Online Presences Outside Our Website
All third-party service providers who offer services on our website transfer and process personal data. It is therefore necessary to establish and describe how the respective responsibilities are allocated between us, the website operator, and the third-party service providers. This concerns all tools and services as well as analytic and social media services offered here.

Any such service will be operated in joint responsibility pursuant to Art. 26 GDPR, i.e., we are jointly responsible for the purposes of and means used for processing the data. Who is responsible for which processing activity must be contractually agreed with the respective service provider.

The service provider (joint controller) is, in general, responsible for the merging and analyses of personal usage data. We assume that any adaptations announced by the service providers will also be implemented by them.

Irrespective thereof, any data transfers that are currently carried out and that are based on your consent are covered on our part by the consent obtained via our cookie banner.

As the other joint controller, we are responsible for setting the respective cookies and transmitting the usage data from our website. You, as the data subject, may, however, claim your rights with either party, irrespective of who has been allocated which responsibility.

In many cases, service providers offer only outdated or insufficient agreements that do not yet meet the latest requirements of the data protection authorities. However, these agreements will be automatically and bindingly concluded on a regular basis when the services are used. We assume that any amendment announced here by the service providers will be implemented. Irrespective thereof, all data transfers are currently carried out on the basis of the consent given to us in the cookie banner.

This information applies to the following online presences of io and its associated companies. The controllers of the social media channels and third-party online services we use are:

2. Information on the Processing of Your Personal Data Pursuant to Art. 13, 14 GDPR – General Information

a) Shared Information
For each data processing operation (e.g., access to and use of our website or other individual online presences) with personal reference, we share the following information with you:

  • Responsibilities for the services used
  • Processed data categories with personal reference
  • Purposes of this data processing
  • Legal justification for this data processing
  • The controller’s or third party’s legitimate interest in the event of the processing being based on Article 6.1 (f) GDPR
  • If applicable, information about the recipients or categories of recipients of the personal data and,
  • if applicable, information about data transfers to processors in third-party countries
  • Storage period or the legal basis on which the storage period is determined
  • If applicable, information about the application of automated decision-making, including profiling, pursuant to Articles 22.1 and 22.4 GDPR, and, in such cases, meaningful information about the logic involved and the scope and intended effects of such processing on the data subject
  • If provision of the personal data is legally or contractually required or necessary for the conclusion of a contract, if the data subject is required to provide the personal data, and which consequences might follow if the data would not be provided (if applicable)

Information on your rights as a data subject, including but not limited to withdrawal of consent and objection to any data processing, is available in section 7.

As a company concerned with the protection of your personal data, we do not carry out any profiling or automated processing of your data for analyzing or predicting aspects relating e.g., to your health or personal preferences. Therefore, Art. 22 GDPR on automated individual decision-making, including profiling, does not apply.

b) General Information on Cookies
Cookies are small text files that are saved by your browser and thus stored on your end device. They contain various information such as the length of your website visit, your data input, or, possibly, identification codes for user recognition. They may originate from us as the website provider (so-called first-party cookies) or, in the event of a cooperation with any third party, from any such third party (so-called third-party cookies), and be intended for different storage periods (e.g., for the duration of your website visit, or up to several weeks and years).

You can restrict or deactivate the storage and reading of cookies. In this case, however, the full functionality of the website may not be available to you.

First-Party Cookies
Our website uses first-party cookies, so-called "session cookies". These cookies save data about your website visit or serve to recognize your computer upon your next visit (e.g., for easier password entry). They guarantee the full technical functionality of the website. This type of processing is based on Art. 6.1 (f) GDPR.

Third-Party Cookies
For links to third-party websites, information about the use of third-party cookies and the extent of the data collected by the respective third-party service providers is separately and individually provided in the following paragraphs about these third-party service providers. This processing is based on your consent pursuant to Art. 6.1 (a) GDPR.

You can adapt your cookie settings and withdraw your consent at any time by visiting this link.

The full list of cookies and third-party tools used on our website requiring your consent is available here.

c) Our Cookie Banner/Cookie Management
To fulfill the consent requirements of the GDPR for the use of cookies and comparable technologies, a banner is displayed when you access our website, giving you further information on the various cookies/analytic tools we use before we can offer you our content. We currently use the cookie tool of Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany. We regularly check the availability of other cookie banner providers. The cookie banner allows you to give or withhold your consent to the various categories before using the respective consent-requiring services.

In order to save and maintain your settings for further use of the website, Usercentrics also uses cookies and receives your anonymized IP address and browser information when using its tool. The selected settings will be stored on your computer for a maximum of 12 months unless you clean the cache of your browser before then. This type of data processing is subject to legitimate interest pursuant to Article 6.1 (f) GDPR. Saving your selected cookie and consent settings is subject to our legitimate interest to implement the consent requirements of the GDPR and to reapply your settings in the event of future visits to the website as per Art. 6.1 (f) GDPR.

For further information on the use of the data transmitted while using our website, please refer to https://usercentrics.com/privacy-policy  Individual withdrawal of specific consent previously given for data transfers from this site is possible via the relevant provider. The respective links are available from the individual providers. In addition to the consent and withdrawal options relating to our websites and offered through our cookie banner, a number of service providers offer their own links for cross-website data privacy related consent withdrawal. For the purpose of completeness, we refer to those in our Privacy Policy. Any consent or withdrawal given on our website through Usercentrics’ cookie tool https://usercentrics.com/privacy-policy does not automatically effect the rescission of any such past or future objections on the websites of other providers.

Usage data may be transmitted to countries outside the EU if providers of advertising or analytic services in connection with or integrated in this website have their headquarters outside the EU and part of the data within the scope of these services is processed on servers outside the EU. Pursuant to Art. 49.1 (a) GDPR, your data may only be transferred abroad if you have previously given your express consent to the respective service. The risks of any such transfer are described under “Data Transfer to Recipients Outside the EU”.

In your browser you may select to be informed before any cookies are set, so that you can decide for each individual cookie whether you want to accept it or not. You may also choose to accept or reject cookies for specific functions or in general. Each browser differs in the way it manages cookie settings. Please refer to your browser’s help menu to learn how to change your cookie settings. You may also find such information by searching for “cookie settings + browser” in your search engine or by clicking on the following links:

If you reject cookies, websites may offer a restricted functionality, so that login and shopping carts in online shops may not work correctly.

d) Data Transfer to Processors in Third Party Countries (outside the EU/EEA)
Personal data may be transmitted to countries outside the EU if providers of advertising or analytic services in connection with or integrated in this website either have their headquarters outside the EU and part of the data within the scope of these services is processed on servers outside the EU, or if they have their headquarters in the EU/EEA, but are part of a multinational group of companies. These services will be appropriately identified below.

According to applicable European legislation, for some third-party countries, including but not limited to the USA, an appropriate data protection level can no longer be guaranteed by agreements with the provider or by provider guarantees (formerly known as the EU-USA Privacy Shield). Pursuant to Art. 9.1 (a) GDPR, your data may only be transferred abroad if you have previously given your express consent to the respective service. You can withdraw your consent or adapt your cookie settings at any time by accessing your setting under this link.

A transfer of usage data into certain third-party countries may entail the risk that your data will be read and analyzed by local authorities, including but not limited to intelligence and security services of that particular country, without adequate legal protection or privacy guarantees under the rule of law. It is therefore possible that personal profiles are created without your knowledge and that the analysis of such profiles may lead to actual restrictions and further investigations by such government.

In order to give you additional legal guarantees, we conclude the usual contractual clauses with the providers for the services used. In some cases, the integrated service may be offered by a company established in Europe, but, for certain processing purposes, it is actually processed by a parent company outside the EU. In these cases, the European office of such company is responsible for ensuring compliance with all legal data protection requirements (e.g., by concluding standard contractual clauses and providing further guarantees).

e) Data Transfer Security
Our website uses TLS protocol (Transport Layer Security) in conjunction with at least 128-bit encryption for the transfer of personal data in order to protect the data against accidental or intentional manipulation, loss, destruction, or access by unauthorized parties. These security measures are continuously adapted in line with technological developments. You can recognize the encrypted data transfer by the closed key or lock symbol in the upper status bar of your browser.

3. Data Processing on our Website in Detail

If you use the following services on our website, the personal data you provide will be stored and processed for the respective purposes mentioned - e.g., for registration, surveys, or contract execution.

When visiting a website, a series of user data is collected, which can theoretically be referred back to a specific user via the visitor’s IP address, the specific user settings, cookies, or other identification options. This data is used for technical purposes to (i) display the site, (ii) optimize the site through statistical recording of user behavior, and (iii) reload previously displayed information or entries after the user has closed a page. Information about which usage data is collected and which other services are used on this site is provided below.

Collection of Usage Data on our Website - Log Files and Protocols

Data categories with personal reference

  • IP address
  • Date and time of request
  • Content of request (specific page)
  • Access status / https status code
  • Web page from which the request originates
  • Browser used
  • Operating system and its interface
  • Language and version of browser software
  • Referrer

Purpose of data processing

In the event of purely informational use of our website, i.e., if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. We create and store log files on our servers, including but not limited to general and log-in errors.

Legal basis for data processing

Data processing of this kind is based on Art. 6.1 (f) GDPR (legitimate interest).

In the event of data processing being based on Article 6.1 (f) GDPR, the controller’s or third party’s legitimate interest

Whenever you view our website, we collect the above-mentioned data, which is technically required in order for us to display the website and to ensure its stability and safety.

If applicable, the categories of recipients of the personal data, and

Website host (processor/headquarter Germany, server location Germany)

transfer to processors in third-party countries

Not relevant

Storage period or the legal basis on which the storage period is determined

The aforementioned data, including but not limited to the IP addresses, are stored for up to 14 days and will then be deleted.

Application of automated decision-making, including profiling, pursuant to Articles 22.1 and 22.4 GDPR, and, in such cases, meaningful information about the logic involved and the scope and intended effects of such processing on the data subject

Not relevant

If the provision of the personal data is legally or contractually required or necessary for the conclusion of a contract, if the data subject is required to provide the personal data, and which consequences might follow if the data would not be provided

Without this data, the website cannot be displayed.

Requesting White Papers

Data categories with personal reference

Contact form: Title (if any), last name, company, and e-mail address (mandatory fields are marked with *)

Purposes of data processing

After submitting the contact form, the white paper will be sent to the e-mail address you provide in the contact form. If you wish to receive further information about white papers in future, you will receive an automated e-mail for the purpose of double opt-in after having submitted the filled-out contact form. The personal data you provide will be used for any correspondence accompanying your white paper online delivery.

Legal basis for data processing

White papers are mailed on the basis of your consent as per Art. 6.1 (a) GDPR. Any consent given with regard to future e-mails may be informally withdrawn at any time using the contact details of the data protection officer.

In the event of data processing being based on Article 6.1 (f) GDPR, the controller’s or third party’s legitimate interest

Not relevant

If applicable, the categories of recipients of the personal data, and

Not relevant

transfer to processors in third-party countries

Not relevant

Storage period or the legal basis on which the storage period is determined

If you request a white paper only once, we will store your contact data for up to three (3) months after shipment. If you give your consent to receiving our white papers on a regular basis, we will use your contact information until you withdraw your consent. Your contact data will then be blocked for active use, but stored for verification purposes (proof of consent/accountability principle pursuant to GDPR).

Application of automated decision-making, including profiling, pursuant to Articles 22.1 and 22.4 GDPR, and, in such cases, meaningful information about the logic involved and the scope and intended effects of such processing on the data subject

Not relevant

If the provision of the personal data is legally or contractually required or necessary for the conclusion of a contract, if the data subject is required to provide the personal data, and which consequences might follow if the data would not be provided

Contact details are given on a voluntary basis. White papers cannot be shipped without the respective contact information.

Registering for io Events

Data categories with personal reference

Purposes of data processing

Website users may register for events on our website. After submitting the contact form, you will receive a confirmation of your registration. If you wish to receive information about other events in the future, you will receive an automated e-mail for the purpose of double opt-in after having submitted the contact form. The personal data you provide will be used to register your participation in the event, to mail your registration receipt to you and, if applicable, your participation certificate and any further information regarding the event.

Legal basis for data processing

E-mailing the various options for event participation will be based on your consent pursuant to Art. 6.1 (a) GDPR. Any consent given with regard to future e-mails may be informally withdrawn at any time using the contact details of the data protection officer.

In the event of the processing being based on Article 6.1 (f) GDPR, the controller’s or third party’s legitimate interest

Not relevant

If applicable, the categories of recipients of the personal data

Not relevant

Transfer to processors in third-party countries

Not relevant

Storage period or the legal basis on which the storage period is determined

We will store your contact details for the participation in the event for up to three (3) months thereafter. If you give your consent to receiving our information on a regular basis, we will use your contact information until you withdraw your consent. Your contact data will then be blocked for active use, but stored for verification purposes (proof of consent/accountability principle pursuant to GDPR).

Application of automated decision-making, including profiling, pursuant to Articles 22.1 and 22.4 GDPR, and, in such cases, meaningful information about the logic involved and the scope and intended effects of such processing on the data subject

Not relevant

If the provision of the personal data is legally or contractually required or necessary for the conclusion of a contract, if the data subject is required to provide the personal data, and which consequences might follow if the data would not be provided

Contact details are given on a voluntary basis. Without your contact information, we will not be able to send you any booking confirmation or event-related information.

Sign-Up for Regular Information about io group (E-Mail Campaigns)

Data categories with personal reference

Contact form: Title (if any), first name, last name, e mail address, position, company, and address (mandatory fields are marked with *) For paid events: payment data, invoice recipient and address, booking options

Purposes of data processing

Website users may register for events on our website. After submitting the contact form, you will receive a confirmation of your registration. If you wish to receive information about other events in the future, you will receive an automated e-mail for the purpose of double opt-in after having submitted the contact form. The personal data you provide will be used to register your participation in the event, to mail your registration receipt to you and, if applicable, your participation certificate and any further information regarding the event.

Legal basis for data processing

E-mailing you the various event participation options is based on your consent pursuant to Art. 6.1 (a) GDPR. E-mails sent to you within the scope of any such campaign include a link at the end of the mail that allows you to change your personal data and/or unsubscribe from receiving any such e-mails in the future (withdrawal of consent).

In the event of data processing being based on Article 6.1 (f) GDPR, the controller’s or third party’s legitimate interest

Not relevant

If applicable, the recipients or categories of recipients of the personal data

-

Transfer to processors in third-party countries

-

Storage period or the legal basis on which the storage period is determined

If you agree to receiving information by e-mail on a regular basis, we will use your contact information until you withdraw your consent. Your contact data will then be blocked for active use and stored for verification purposes (proof of consent/accountability principle pursuant to GDPR). After that, the data will be deleted.

Application of automated decision-making, including profiling, pursuant to Articles 22.1 and 22.4 GDPR, and, in such cases, meaningful information about the logic involved and the scope and intended effects of such processing on the data subject

Not relevant

If the provision of the personal data is legally or contractually required or necessary for the conclusion of a contract, if the data subject is required to provide the personal data, and which consequences might follow if the data would not be provided

Contact details are given on a voluntary basis. Without your contact information, we will not be able to send you our newsletter or other information about our group by e-mail.

Analysis of our E-Mail Campaigns

Data categories with personal reference

Analysis data: -

Purposes of data processing

We use tracking functions in our e-mail campaigns to verify that e-mails reach their destinations, if and when the respective e-mail was opened, whether you clicked on any links included in the mail and whether you sent an answer back. The gathered data is used to better align our automated e-mail campaigns to the needs and interests of our customers and assess the respective campaign’s success. The data is processed for these purposes only.

Legal basis for data processing

Processing of this data is based on our legitimate interests in effective direct marketing (Art. 6.1 (f) GDPR).

In the event of the processing being based on Article 6.1 (f) GDPR, the controller’s or third party’s legitimate interest

Should the data reveal that you are interested in specific services, we will use such information to contact you specifically with regard to these services. This allows us to tailor our services to your specific needs and optimize our offers for you. This process is based on legitimate interest pursuant to Art. 6.1 (f) GDPR (our legitimate interest in direct marketing).

If applicable, the recipients or categories of recipients of the personal data

Your personal data will not be forwarded to any third parties. If the data is analyzed by a third-party processor, such services are subject to a data processing agreement with the respective service provider.

Transfer to processors in third-party countries

-

Storage period or the legal basis on which the storage period is determined

We store analytic data for four (4) weeks after collection.

Application of automated decision-making, including profiling, pursuant to Articles 22.1 and 22.4 GDPR, and, in such cases, meaningful information about the logic involved and the scope and intended effects of such processing on the data subject

Not relevant

If the provision of the personal data is legally or contractually required or necessary for the conclusion of a contract, if the data subject is required to provide the personal data, and which consequences might follow if the data would not be provided

Contact details are given on a voluntary basis. Without your contact information, we will not be able to send you our newsletter or other information about our group by e-mail.

Your Job Application (Job Application Processes)

Data categories with personal reference

Contact information: Title (if any), last name, company and e-mail address, other contact information for processing your application such as phone numbers. Application documents: including but not limited to Curriculum Vitae, transcripts and certificates, cover letter. Mandatory data for processing your application is marked with *.

Purposes of data processing

If you are interested in applying for a job at our company, you can do so via the concludis (processor) online job application tool on our website. concludis will record your application data on our behalf and make it available to selected employees of our human resource department only. All data you provide is transmitted via a secure TLS connection. If we have an interest in keeping your documents (e.g., for future consideration for other job offers), we will request your consent beforehand. If you agree, your data will be stored for a further three (3) months. The longer storage period will be based on your consent as per Art. 6.1 (a) GDPR.

Legal basis for data processing

Data processing for job applications is based on the initiation of an employment relationship ([Art. 6.1 (b) GDPR, § 26 German Federal Data Protection Act (BDSG)] Any extension of the storage period for more than three (3) months after completion of the job application process in order for your documents to be available for further application rounds will be based on Art. 6.1 (a) GDPR.

In the event of the processing being based on Article 6.1 (f) GDPR, the controller’s or third party’s legitimate interest

Not relevant

If applicable, the categories of recipients of the personal data

Not relevant

Transfer to processors in third-party countries

Not relevant

Storage period or the legal basis on which the storage period is determined

Any documents that you have submitted to us will be completely deleted no later than three (3) months after completion of the application process unless we have concluded an employment agreement with you or you have agreed to storing your data for other application rounds and have not withdrawn this consent.

Application of automated decision-making, including profiling, pursuant to Articles 22.1 and 22.4 GDPR, and, in such cases, meaningful information about the logic involved and the scope and intended effects of such processing on the data subject

Not relevant

If the provision of the personal data is legally or contractually required or necessary for the conclusion of a contract, if the data subject is required to provide the personal data, and which consequences might follow if the data would not be provided

Provision of application-related data is completely voluntary. If you refuse to share data with us that has been marked as mandatory for the application process, we will not be able to process your application and consider you for an employment contract.

4. Our Social Media Activities

a) General Information
Our website contains links and shortcuts to the social media services listed below. To non-members, social media services may present themselves like conventional marketing services, but if you are a member of any such platform, the data collected on this website/service may be linked to your social media account.

A distinction must be made between the various social media services and functionalities. Social media services can place advertising on their platforms specifically adapted to the users’ interests or show personalized advertisements on linked pages taking into consideration your user profiles. In addition, they offer social plug-ins such as “like” buttons that allow users to distribute and promote site content. In addition to this website, we have specific pages to present our company on such social media platforms (Facebook, LinkedIn, Xing, Twitter, YouTube, kununu, Instagram).

Data processing triggered on this website or on our social media pages is, pursuant to Art. 26 GDPR, a joint responsibility, i.e., we and the respective service providers are jointly responsible for the purposes and means of data processing. Unless otherwise specified, any obligation concerning the data subjects’ rights arising from the GDPR lies with the respective service provider. For example, the obligation to inform the data subject about the collection and processing of his or her personal data no longer lies with the website operator, but with the operator of the respective social media service.

Further information on the purpose and scope of data collection, processing, and use by social media networks, and your rights and settings options to protect your privacy is available in the privacy policies of the respective social media networks described below in detail.

Links to the corresponding pages are available on our website. Since these are links leading to other websites, they are not subject to the consent requirements pursuant to Art. 6.1 (a) GDPR.

b) LinkedIn
LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland) is a service that connects professionals and executives around the world. Registered users may interact with each other to increase business and career opportunities. On our website, we offer you the possibility to be redirected directly to our LinkedIn profile.

Our LinkedIn Profile
When you visit our LinkedIn profile, you will be browsing the LinkedIn platform. The usage data analyzed by the site operator will only be provided to us in anonymized form (statistics). As described above, we are jointly responsible for the respective data processing. This type of processing is based on our legitimate interest as per Art. 6.1 (f) GDPR to count the users on our LinkedIn profile, as this is connected to our interest to measure and analyze the effectiveness of such profile.

LinkedIn Marketing Services
LinkedIn collects data about the use of our site using Pixel and the link to our LinkedIn profile (browser and device settings, usage times and objects, existing identifiers) for the purpose of personalized advertising on the LinkedIn platform. This data transfer from our website is based on your consent given upon your first use of the site pursuant to Art. 6.1 (a) GDPR.

Further information on such data processing and the respective responsibilities and information duties are available at https://legal.linkedin.com/pages-joint-controller-addendum, at https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv, and at https://legal.linkedin.com/dpa/DE.

c) XING
XING (New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany) is a social network where you can create personal as well as company profiles and publish corporate information (e.g., description of services, contact details, photos). XING users have access to this information. In addition, users can write their own posts and share content. The functions are used at the sole responsibility of the user. As described above, we are jointly responsible for the respective data processing.

Our XING Profile
When you visit our XING profile, you will be browsing the XING platform. The usage data analyzed by the site operator will only be provided to us in anonymized form (statistics). As described above, we are jointly responsible for the respective data processing.

This type of processing is based on our legitimate interest to count the users of our XING profile, as this is connected to our interest to measure and analyze the effectiveness of such profile as per Art. 6.1 (a) GDPR.

Further information is available in XING’s privacy policy at https://privacy.xing.com/de/datenschutzerklaerung.

d) Twitter
Twitter (Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland) offers so called microblogging services where registered users can post short messages. The individual messages are called "tweets". We have a Twitter account for the purpose of publishing general corporate information, job advertisements, event invitations, etc. As described above, we are jointly responsible for the respective data processing.

On our website, we offer you the possibility to be redirected straight to our Twitter page. If you click on the link, you will leave our website. Further information on the purpose and scope of data collection, processing, and use by Twitter and your rights and settings options to protect your privacy is available in Twitter’s privacy policy: https://twitter.com/de/privacy.

e) YouTube
We have a YouTube account at https://www.youtube.com/user/ioconsultants?hl=de&gl=DE. As described above, we are jointly responsible for the respective data processing. On our website, we offer you the possibility to be redirected straight to our YouTube page. If you click on the link, you will leave our website. Further information on the purpose and scope of data collection, processing, and use by YouTube and your rights and settings options to protect your privacy is available in their privacy policy and terms of use at: https://policies.google.com/privacy?hl=de&gl=de and https://www.youtube.com/static?gl=DE&template=terms&hl=de

f) kununu
kununu (kununu GmbH, Neutorgasse 4-8, Top 3.02, 1010 Vienna, Austria) is an employer rating platform offering (i) its users various services as a so-called feedback platform (employer ratings by current and former employees), and (ii) employers the opportunity to present their company brand. As described above, we are jointly responsible for the respective data processing. The kununu website is operated by New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany. Further information is available in their privacy policy at: https://privacy.xing.com/de/datenschutzerklaerung.

g) Instagram
Facebook Ireland Ltd. processes your (personal) data when you use Facebook products – including Instagram sites. This includes data from people who are not registered in any of Facebook’s services. The type of (personal) data processed and the legal basis they rely on for such processing is described in more detail in its privacy policy at https://help.instagram.com/519522125107875?helpref=page_content, which applies to all Facebook products. These guidelines also include information about how to contact Facebook and about your options regarding advertising, cookies, etc. The data may be transferred to countries outside the European Union.

More details about the cookies set by Instagram if you have an Instagram account, use Facebook products (including the website and apps) or other websites or apps that use Facebook products (including the “like” button or other Facebook technologies) are available at Facebook’s cookie policy www.facebook.com/policies/cookies/. Information on how to manage the personal data available about you is also available at this link:

https://www.facebook.com/policies/cookies/

h) Facebook/Facebook Fan Page
io consultants GmbH & Co. KG, STADTTOR Speyerer Straße 14, 69115 Heidelberg, Germany, has published a so-called fan page on Facebook at https://de-de.facebook.com/ioconsultants/. When operating its Facebook fan page, io consultants GmbH & Co. KG uses the technical platform and services of Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland. Pursuant to Art. 26 GDPR (see CJEU case C 210/16), Facebook Ireland Ltd. and io consultants GmbH & Co. KG are therefore jointly responsible for the processing of personal data when using this fan page.

This section of the Data Privacy Policy informs you about io consultants GmbH & Co. KG’s use of your data and its responsibilities regarding your privacy rights when using our Facebook fan page.

The responsibility for the data processed when visiting our Facebook fan page is governed by an agreement with Facebook, which is available at: https://www.facebook.com/legal/terms/page_controller_addendum.

This agreement also stipulates that any processing of personal data that is not the responsibility of io consultants GmbH & Co. KG as listed below is the full responsibility of Facebook Ireland Ltd. Please note that you are using this Facebook page and its features based on your user agreement with Facebook. This applies in particular to the use of the available interactive functions (e.g., commenting, sharing, rating).

When you visit our Facebook fan page, Facebook collects, among other data, your IP address and other information available on your PC, such as cookies. This information is used to provide us, as the Facebook fan page operator, with statistical information about the use of our Facebook page.

More information is available here: https://www.facebook.com/help/pages/insights

The data collected about you in this context will be processed by Facebook Ireland Ltd., and may also be transferred to countries outside the European Union. The type of information received and how it is used by Facebook is generally described in Facebook’s data use policy. It also includes information on how to contact Facebook and how to change your settings for advertisements. Facebook’s privacy policy is available at: https://www.facebook.com/about/privacy.

Facebook’s complete privacy policy is available at: https://www.facebook.com/full_data_use_policy.

When accessing a Facebook page (from a German IP address), the IP address assigned to your computer and transmitted to Facebook is anonymized and deleted after 90 days. Facebook also stores information about its users' devices (e.g., as part of the “registration notification” function). This enables Facebook to assign IP addresses to individual users.

If you are logged in to your Facebook account at the time of accessing the site, Facebook stores a cookie with your Facebook identification on your device. This way, Facebook can see that you used this site and how you used it. The Facebook buttons integrated on the website allow Facebook to record your website visits and allocate them to your Facebook profile. This information can be used to tailor content and/or advertising to you. This type of data processing by io consultants GmbH & Co. KG is based on its legitimate interest to check and optimize the effectiveness and use of its fan page, and to use the fan page and Facebook services for advertising purposes (Article 6.1 (f) GDPR).

If you want to avoid the above-mentioned type of data processing, please log off from Facebook or deactivate the “stay logged in” function, delete the cookies on your device, close and restart your browser. This way, any Facebook information that could identify you directly will be deleted. It allows you to use our Facebook page without revealing your Facebook identification. If you access any interactive features of the page (such as the “like” button, comment, share or message functions), a Facebook login screen appears. Once you log in again, Facebook may recognize you as a specific user. More information about how to manage or delete existing information about you is available here: https://www.facebook.com/about/privacy

How io consultants GmbH & Co. KG Uses Your Data
As the provider of this information service, we also collect and process the following data from your use of our service:

Contacting us via our Facebook fan page

Our processing practice regarding data resulting from your inquiries and from you contacting us, is further described in the privacy policy on our website https://io-group.com/de/dataprotection.

The use of your data is subject to the same rules. The processing of your personal data is subject to Art. 6.1 (f) GDPR. Our interest in processing your data is based on responding to your inquiries, optimizing our website, and creating user-friendly service recommendations.

Your rights as the data subject are explained in more detail in section 7 below.

5. Use of Tools/Analytics Services on our Website, LinkedIn, and Instagram

a) Google Tag Manager and Google Fonts
Google Tag Manager is a tool to organize all third-party tags on our company’s website. It also controls at what time these tags are triggered. The so-called Tag Management System (TMS) integrates and updates tracking codes and connected code fragments (so called tags) on the website. The web-based Tag Manager interface allows its users to set up tracking tags and define triggers for such tags. It is also possible to create variables to simplify and automate tag configurations.

Although Tag Manager inserts cookies and code fragments, the tool itself does not collect or process any personal data. The cookies set in this context are therefore indispensable for operating the website and do not require any consent.

Further information regarding the use of the transmitted data is available at https://policies.google.com/privacy?gl=DE&hl=de.

We use Google Web Fonts to display different font types (Google Ireland Ltd., Gordon House, Barrow Street, Dublin, Ireland). For more information about Google Fonts and Google's privacy policy, please go to the following websites: https://fonts.google.com and https://policies.google.com/privacy?hl=en&gl=ZZ

Since we use Google Fonts on our website only locally, Google does not automatically learn from your browser and from loading the fonts that your IP address accessed our website.

The use of Google Fonts facilitates a uniform and attractive presentation of our website. If your browser does not support Google Fonts or Web Fonts, your device will use a default font.

b) Google Services
We use various services offered by Google (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland). Further information about Google is available in Google’s Privacy Policy: https://policies.google.com/privacy?hl=de&gl=de and in their Terms of Service: https://policies.google.com/terms?hl=de&gl=de.

By integrating the Google services listed below, Google receives your unambiguous device ID, type and setting of browser, device and network used, your IP address (anonymized as far as possible) and information about your operating system. Google also records the reference URL of the service request, which, in this case, means information about the use of our website itself and the times of use. If you are logged into your Google account when surfing on our website, this data will be linked to your account.

The purpose is to make sure that your preferred language and other settings remain the same on all web pages you visit and that display settings are optimized according to your preferences. Nevertheless, the data will also be used to optimize Google services.

In so far as cookies or any comparable technologies are used to collect data and identify you, these are subject to the consent settings you selected at your first access of the site. Therefore, this type of data processing is subject to your consent pursuant to Art. 6.1 (a) GDPR. If the data transfers merely arise from accessing services from Google servers these transfers are based on the legitimate interest as per Art. 6.1 (f) GDPR to optimize the use of our site.

These services are provided exclusively by Google Ireland Ltd. If any such data is transferred to servers in the USA or elsewhere outside of Europe, Google Ireland Ltd. is responsible for ensuring the lawfulness of such transfers, in particular for giving sufficient data privacy guarantees. By agreeing to the service mentioned above, you also consent to the transfer of your data outside the EU even if there are no further guarantees and no adequacy decision is provided to ensure the appropriate data protection level; see also Art. 49.1 (a) GDPR. For further information on security risks, please refer to “Data Transfer to Recipients Outside the EU”.

c) Google ReCAPTCHA
We use data security services such as CAPTCHA services (Completely Automated Public Turing Test To Tell Computers And Humans Apart) to prevent non-human and automated input. Captchas are relatively easy to read for humans, but not for computers. The numbers and letters used in a CAPTCHA are distorted so that IT systems cannot decipher them.

We use the reCAPTCHA service of Google Ireland Ltd., Gordon House, 4 Barrow St. Dublin, D04 E5W5, Ireland (“Google”). When using reCAPTCHA, your IP address and, if applicable, other data required for the reCAPTCHA service will be sent to Google. This is based on our legitimate interest to establish individual accountability for actions on the Internet and the prevention of abuse and spam pursuant to Art. 6.1 (f) GDPR.

When using Google reCAPTCHA, personal data may also be transferred to servers of Google LLC in the USA. For further information on Google reCAPTCHA and Google’s privacy policy, please refer to: https://www.google.com/intl/de/policies/privacy/

d) Google Maps
We use Google Maps (API) by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, to show website users our location.

If you open the subpage where Google Maps is integrated, our website sends various data, including your IP address, to Google in the USA where it is stored on its servers. If you have a Google user account and are logged in while you access our website, the data will be directly allocated to your account. But even without a user account, Google will create a user profile about you. This happens regardless of whether Google provides a user account with which you have logged in or whether no user account exists.
This type of processing is subject to Art. 6.1. (f) GDPR. Our transfer of data to Google is based on our legitimate interest to offer you the map function of Google Maps on our website. As per Art. 26 GDPR, Google and io consultants are jointly responsible for any data protection in connection with Google Maps. The parties determine the purposes and tools for processing your personal data individually, always complying, though, with the requirements established by the GDPR.

The allocation of the responsibilities related to the processing of your personal data is available in the Google Maps Controller-Controller Data Protection Terms at https://privacy.google.com/intl/de/businesses/mapscontrollerterms/.

If you want to prevent the data transferred by us from getting connected to your user account, you can log out of your Google account before visiting our site.

To completely stop the data transfer to Google, you need to switch off the JavaScript application in your browser. The map display can then no longer be used.

More information about Google and the use of Google Maps is available here:

6. Analysis/Tracking Services

a) Google Analytics
Google Analytics, a web analysis service offered by Google (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland) is used for the purposes of demand-oriented website design, reach measurement, analysis of general user behavior on the website, and optimization of website efficiency.

Google Analytics uses so-called "cookies" to enable the analysis of your use of the website. The information generated by the cookie about your use of the website is usually transmitted to and stored on servers operated by Google in the USA. We have activated IP anonymization on this website. This activates the truncation of your IP address by Google within member states of the European Union and all other countries party to the Agreement on the European Economic Area, prior to use and further transmission.

Under special circumstances only, the full IP address will be transmitted to a server in the U.S. and truncated there. IP anonymization does not, however, result in the anonymization of your usage data because allocation is, for example, still possible through the installed cookies.

The use of Google Analytics is the joint responsibility of Google and the website operator. Therefore, we have concluded a data processing agreement with Google which currently makes both parties responsible for the processing tasks assigned to them. Google combines your usage data with data collected elsewhere and uses the profiles created this way for personalized advertising and analyses. On behalf of the operator of this website, Google will use this information for the purpose of analyzing your use of the site, compiling reports on your website activity, and providing other services relating to website activity and Internet usage for the website operator. The data that Google processes includes the settings and technical data of your device, the exact times of your access of the site and individual parts thereof and, therefore, your user behavior.

Further information on Google’s data processing, your settings and objection options are available on the following Google websites:
https://policies.google.com/privacy/partners?hl=en ("How Google Uses Information From Sites Or Apps That Use Our Services"), https://policies.google.com/technologies/ads?hl=en

("Technologies and Principles/Advertising"), adssettings.google.com/authenticated ("Ad Settings").

Google will not link your IP address, which has been transmitted by your browser within the scope of Google Analytics, to any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser; however please note that if you do this, you may not be able to use the full functionality of this website.

You may also prevent the collection and transmission of the data, which is created by the cookies and reflects your use of the website (including your IP address), to Google as well as the processing of such data by Google, by downloading and installing the browser plug-in available from the following link: http://tools.google.com/dlpage/gaoptout?hl=en

The Google marketing services we use also include the online advertising program "Google Ads". When using Google Ads, every Google Ads customer (i.e., site operators like us) receives a different "conversion cookie". These cookies cannot be tracked by the websites of Google Ads customers. We are therefore unable to evaluate the conversion cookie ourselves. The information collected with the help of this cookie is used to create so-called conversion statistics for our website. Conversion statistics are evaluations of previously defined actions that a user has carried out on the website. Google tells us the total number of users who clicked on our ad and were redirected to a page with a conversion tracking tag. However, we do not receive any information that can identify the user. We also use Google Analytics to evaluate data from Google Ads and the double-click cookie for statistical purposes. If you do not wish to participate in the Google Ads evaluation, you can deactivate the function via the Google Ads Preferences Manager: https://adssettings.google.com/authenticated?hl=de

The legal basis for the use of Google Analytics on our website and for the resulting data transfer to the USA is your consent given upon your first access of this site pursuant to Art. 6.1 (a) and Art. 49.1 (a) GDPR. The risks of transmitting personal data to the USA are listed in the section “Data Transfer to Recipients Outside the EU”.

b) LinkedIn Insight Tag
We use the conversion tool LinkedIn Insight Tag by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, for marketing purposes such as optimizing campaigns, retargeting website visitors for the purpose of increasing the success rate of product placement and improving advertisement relevance by using member data, and reaching members across a variety of devices.

The use of this tool is subject to your consent given in the cookie settings as per Art. 6.1 (a) GDPR. Forwarding such data to countries outside the EU is the sole responsibility of LinkedIn Ireland Unlimited Company.

The LinkedIn Insight Tag creates a cookie in your web browser that collects, among others, the following data: IP address, device and browser features, and page-related events (e.g., page requests). This data will be encrypted and pseudonymized within seven (7) days, and the pseudonymized data will be deleted within 180 days after collection.

LinkedIn does not share any data with us that allows any personal identification (anonymized reports on website target group and ad performance).

In addition, LinkedIn offers a retargeting service via the Insight tag. This data allows us to show you personalized advertising outside the scope of our website without you being personally identified as a website user.

Further information about data protection at LinkedIn is available at the company’s privacy policy: https://www.linkedin.com/legal/privacy-policy?src=or-search&veh=www.google.de and https://www.linkedin.com/help/lms/answer/65521.

c) Instagram Pages Insight
When visiting our Instagram page, Facebook records, among other things, your IP address. In addition to other information that Facebook receives through cookies, Facebook provides us, as the operator of the Instagram page, with statistical data regarding the use of such Instagram page (so-called page insights). This aggregated data shows us how users interact with our page. These page insights may be based on personal data that Facebook collected in connection with a visit or a user interaction on or with our Instagram page and its content. Further information is available at: https://www.facebook.com/about/privacy.

We may use Page Insights to anonymously analyze reach, page views, time spent on video posts, actions (likes, comments, sharing) distinguished by age, gender, and location (as given by the user in their respective Instagram profiles). In order to analyze reach, for example, specific settings can be made or filters set for certain time periods, posts, or demographic criteria (e.g., gender or age). This data is anonymized, aggregated, and abstracted. This way, we are not able to draw any conclusions regarding user identity. This analysis has the sole purpose of optimizing our offerings on our Instagram page for public relation purposes.

Instagram does not share any data with us that allows any personal identification (anonymized reports on website target group and ad performance).

7. Your Rights as a Data Subject regarding Data Processing with Personal Reference

Pursuant to Art. 15 GDPR, every data subject may, at any time:

  • Request access to the personal data that we gather and process about them, and in particular
  • Obtain information about the reason and purpose of data processing, the categories of personal data being processed, the categories of recipients who have or will receive such data, the intended storage period, your right to rectification, erasure, objection, and restriction of processing, your right to lodge a complaint with the respective supervisory authorities, the origin of your data if it has not been gathered by us, the existence of automated decision-making including profiling and, if applicable, any other meaningful information relating thereto
  • Demand, pursuant to Art. 16 GDPR, the immediate correction or completion of incorrect or incomplete personal data stored with us
  • Demand, pursuant to Art. 17 GDPR, the erasure of your personal data, unless the processing of the data is required for exercising the right of freedom of expression and information, fulfilling a legal obligation, for reasons of public interests, or for establishing, exercising, or defending any legal claim
  • Request, pursuant to Art. 18 GDPR, that we restrict the processing of your personal data, insofar as (i) you dispute the correctness of the data or (ii) processing is unlawful, while, at the same time, we no longer need the data, but you do not want it to be deleted because you need it to establish, exercise or defend any legal claims or you have objected, pursuant to Art. 21 GDPR, to the processing
  • Request, pursuant to Art. 20 GDPR, a copy of all the personal data you have provided to us, in a structured, common, and machine-readable format, or request the transfer of your personal data to another controller
  • File a complaint, pursuant to Art. 77 GDPR, with a regulatory authority. To do so, you may contact the authority competent for your usual place of residence, your workplace, or our headquarters. An overview of the regulatory authorities is available here: https://www.baden-wuerttemberg.datenschutz.de/die-aufsichtsbehorden-der-lander/.

Right to Object
If your personal data is processed on the basis of legitimate interest pursuant to Art. 6.1 (f) GDPR, Art. 21 GDPR entitles you to object to such processing on grounds relating to your particular situation or if your objection relates to processing for direct marketing purposes. With the latter, you have a general right to object, which we will observe without you specifying a particular situation or reason.

Any objection may simply be sent by e-mail to: dataprotection@io-group.com. 

Right of Withdrawal of Consent
Pursuant to Art. 7.3 GDPR, you may withdraw your consent at any time. If you withdraw your consent, we may no longer process any data based on such consent (right of withdrawal). Any withdrawal note may simply be sent by e-mail to: dataprotection(at)io-group.com

Updated: January 2022