The protection of your privacy when processing personal data is an important concern for us. Therefore, we comply with the applicable laws on data protection and data security and pay attention to security when handling your data. We have implemented far-reaching security regulations and measures to protect the personal data we store from unauthorised access, misuse, destruction and loss.
In the following, we would like to inform you about the type, scope and purpose of the processing of personal data when visiting our website in accordance with Article 13 EU-GDPR.
The contracting parties agree that in case of doubt the German language version shall always prevail with regard to this data protection declaration.
Officials Responsible for this Website
invenio GmbH Engineering Services (hereinafter referred to as 'invenio') is responsible for this website. Their details can be found in the imprint of this website. The website is also representative for the following subsidiaries and associated companies of invenio AG:
-
invenio AG
-
invenio Automation Solutions GmbH
- invenio Engineers Karlsruhe GmbH
-
invenio Healthcare Solutions GmbH
-
invenio Meiko Automation GmbH
-
invenio Systems Engineering GmbH
-
invenio Technical Simulations GmbH
-
invenio Virtual Technologies GmbH
In the context of applications via our website, personal data may be processed under joint responsibility.
Data Protection Officer
You can reach our data protection officer at the following e-mail address
datenschutzbeauftragter(at)invenio.net
Personal Data
Personal data is any data by which you can be personally identified. In the context of your website visit, this can be, for example: IP address, operating system, browser fingerprint, meta and communication data. This data is automatically processed by our IT systems or by the systems of our data processors when you visit the website. Other data is collected when you provide it to us. For example, this may be data, which you enter in a contact form.
Hosting
This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the servers of the hoster.
The hoster is used for the purpose of fulfilling contracts with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR).
Our hoster will only process your data insofar as this is necessary for the fulfilment of its service obligations and will follow our instructions with regard to this data.
Data Processing Agreement (DPA)
In order to ensure data protection-compliant processing, we have concluded a data processing agreement with our hoster.
Server-Log-Files
The hoster of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
- Browser type and browser version
-
Operating system used
-
Referrer URL
-
Host name of the accessing computer
-
Time of the server request
-
IP address
This data is not merged with other data sources.
The collection of this data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of its website, for which the server log files must be collected.
Contact Form
If you send us enquiries via the contact form, your details from the enquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We do not pass on this data without your consent.
The processing of this data is based on Art. 6 (1) lit. b GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 (1) (f) GDPR) or on your consent (Art. 6 (1) (a) GDPR) if this has been requested.
The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after we have completed processing your enquiry). Mandatory legal provisions – in particular retention periods – remain unaffected.
Request by E-Mail, Telephone or Fax
If you contact us by e-mail, telephone or fax, your enquiry including all resulting personal data (name, enquiry) will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent.
The processing of this data is based on Art. 6 (1) lit. b GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of the enquiries addressed to us (Art. 6 (1) (f) GDPR) or on your consent (Art. 6 (1) (a) GDPR), if this has been requested.
The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory legal provisions – in particular legal retention periods – remain unaffected.
The use of contact data published on this website – for the purpose of sending unsolicited advertising and information material – is hereby prohibited. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails.
We offer you the opportunity to apply within the framework of our temporary employment service as well as for our internal positions.
Please use our online application form for a secure and data protection compliant processing of your personal data.
Please refrain from applying by e-mail, as data transmission on the internet has security vulnerabilities when communicating by e-mail. We therefore recommend, that you do not send sensitive data such as references, CVs, etc. by e-mail.
If you send us an application, we process your associated personal data (e.g. contact and communication data, application documents, notes in the context of job interviews, etc.) insofar as this is necessary to decide on the establishment of an employment relationship. The legal basis for this is § 26 BDSG-neu under German law (initiation of an employment relationship), Art. 6 para. 1 lit. b GDPR (general contract initiation) and – if you have given your consent – Art. 6 para. 1 lit. a GDPR. The consent can be revoked at any time. Your personal data will only be passed on within our company to persons who are involved in processing your application.
If the application is successful, the data submitted by you will be processed in our data processing systems on the basis of section 26 BDSG-neu and Art. 6 (1) lit. b GDPR for the purpose of implementing the employment relationship.
Retention Period of Data
If we are unable to make you a job offer, if you reject a job offer or withdraw your application, we reserve the right to retain the data you have provided on the basis of our legitimate interests (Art. 6 para. 1 lit. f GDPR) for up to 6 months from the end of the application process (rejection or withdrawal of the application). The data will then be deleted and the physical application documents destroyed. This storage serves in particular as evidence in the event of a legal dispute. If it is evident that the data will be required after the 6-month period has expired (e.g. due to an impending or pending legal dispute), the data will only be deleted when the purpose for continued storage no longer applies.
Longer storage may also take place if you have given your consent (Art. 6 para. 1 lit. a GDPR) or if legal storage obligations prevent deletion.
Admission to the Applicant Pool
If we do not make you a job offer, it may be possible to include you in our applicant pool. In the event of inclusion, all documents and details from the application will be transferred to the applicant pool in order to contact you in the event of suitable vacancies.
Inclusion in the applicant pool is based exclusively on your explicit consent (Art. 6 para. 1 lit. a GDPR). Giving your consent is voluntary and is not related to the current application process. You can revoke your consent at any time for the future. In this case, the data will be irrevocably deleted from the applicant pool, unless there are legal reasons for retention.
Health data is only processed if you send it to us without being asked. In this case, we assume that you have given your voluntary consent in accordance with Article 6 (1) (a) in conjunction with Article 9 (1) (a). Art. 9 para. 1 lit. a, which you can revoke at any time for the future.
Recipients of your Data
For the online application form on our website, as well as for applications that reach us in writing or by e-mail, we use the services of a professional applicant management solution as SaaS (Software as a Service).
Our processor will only process your data to the extent necessary to fulfil its performance obligations and follow our instructions in relation to that data.
In order to ensure data protection-compliant processing, we have concluded a contract on commissioned processing with our commissioned processor.
Other recipients of your personal data may include: potential employers, tax advisors.
In the case of temporary employment, we forward your application to potential employers. In doing so, we process your associated personal data (e.g. contact and communication data, application documents, notes in the context of job interviews, etc.), insofar as this is necessary for the decision on the establishment of an employment relationship. The legal basis for this is Art. 88 GDPR, § 26 BDSG-neu under German law (initiation of an employment relationship), Art. 6 para. 1 lit. b GDPR (general contract initiation) and – if you have given your consent – Art. 6 para. 1 lit. a GDPR. The consent can be revoked at any time. Your personal data will only be passed on to persons who have been named to us as contact persons and to companies involved in processing your application.
Possible recipients in legal disputes may be lawyers, public prosecutors, courts or other authorities.
We maintain publicly accessible profiles on social networks.
We would like to point out that the USA is not a safe third country in the sense of EU data protection law. US companies, such as Facebook and Instagram, are obliged to hand over personal data to security authorities without you as the data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.
Please do not send us applications via social networks! Please use our online tool.
Social networks such as Facebook, Twitter, etc. can usually comprehensively analyse your user behaviour when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). By visiting our social media presences, numerous data protection-relevant processing operations are triggered. In detail:
If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected under certain circumstances if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection takes place, for example, via cookies that are stored on your end device or by recording your IP address.
With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you inside and outside the respective social media presence. If you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you are or were logged in.
Please also note that we cannot track all processing operations on the social media portals. Depending on the provider, further processing procedures may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and data protection provisions of the respective social media portals.
Legal Basis
Our social media presences are intended to ensure the most comprehensive presence possible on the internet. This is a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. The analysis processes initiated by the social networks may be based on different legal grounds, which are to be stated by the operators of the social networks (e.g. consent within the meaning of Art. 6 para. 1 lit. a GDPR).
Person Responsible and Assertion of Rights
If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. In principle, you can assert your rights (information, correction, deletion, restriction of processing, data portability and complaint) both vis-à-vis us and vis-à-vis the operator of the respective social media portal (e.g. vis-à-vis Facebook).
Please note that despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are largely determined by the corporate policy of the respective provider.
Duration of Storage
The data collected directly by us via the social media presence is deleted from our systems as soon as the purpose for storing it no longer applies, you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies. Stored cookies remain on your end device until you delete them. Mandatory legal provisions – in particular retention periods – remain unaffected.
We have no influence on the storage period of your data, which is stored by the operators of the social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policy, see below).
Social Networks in Detail
-
Facebook
We have a profile on Facebook. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, the data collected is also transferred to the USA and other third countries.
We have entered into a joint processing agreement (Controller Addendum) with Facebook. This agreement specifies which data processing operations we or Facebook are responsible for when you visit our Facebook page. You can view this agreement under the following link: https://www.facebook.com/legal/terms/page_controller_addendum
You can adjust your advertising settings independently in your user account. To do so, click on the following link and log in: https://www.facebook.com/settings?tab=ads.
For details, please refer to Facebook's privacy policy: https://www.facebook.com/about/privacy.
-
Instagram
We have a profile on Instagram. The provider is Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. For details on how they handle your personal data, please refer to Instagram's privacy policy: https://help.instagram.com/519522125107875.
-
kununu
We have a profile on kununu. The provider is kununu GmbH, Neutorgasse 4-8, Top 3.02, 1010 Vienna, Austria. Details on how they handle your personal data can be found in the kununu privacy policy: https://privacy.xing.com/en/privacy-policy.
-
LinkedIn
We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. For details on how they handle your personal data, please refer to LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.
-
Xing
We have a profile on Xing. The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg. For details on how they handle your personal data, please refer to Xing's privacy policy: https://privacy.xing.com/de/datenschutzerklaerung.
-
YouTube
We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. For details on how they handle your personal data, please refer to YouTube's privacy policy: https://policies.google.com/privacy?hl=en.
Data Security
We take appropriate measures to implement the protection of your data technically and organisationally. Our employees are obligated to comply with data protection, our service providers commissioned with data processing are carefully selected and also obligated to data protection. Some areas of the website where particularly sensitive data is transmitted, e.g. in forms, are also encrypted by us using SSL in order to protect your data from unauthorised access. You can usually recognise encrypted websites by the lock symbol on your browser. Please note that unencrypted data transmission (by e-mail or via other web forms) may be read by unauthorised persons outside our sphere of influence. If you wish to transmit sensitive data to us unencrypted, we therefore recommend that you use other transmission methods.
SSL Encryption
For security reasons and to protect the transmission of confidential content, such as enquiries that you send to us as the site operator, this site uses SSL encryption. You can recognise an encrypted connection by the fact that the address line of the browser changes from 'http://' to 'https://' and by the lock symbol in your browser line. If SSL encryption is activated, the data you transmit to us cannot be read by third parties.
We would like to point out that data transmission can have security gaps. Complete protection of data against access by third parties is not possible.
A technically required session cookie is used on our website in the online application area. This session cookie is temporarily stored on your end device for the duration of a session. Session cookies are automatically deleted at the end of your visit.
This cookie generates an identification number on the server side in order to assign user requests to a session
Within the scope of website analysis, cookies from the Matomo service used by us, see below, §6 Analysis of the website, are used, provided you have given us your consent to this in accordance with Art. 6 Para. 1 lit. a GDPR.
This website uses the open source web analytics service Matomo. Matomo uses technologies that enable the recognition of the user across pages for the analysis of user behaviour (e.g. cookies or device fingerprinting). The information collected by Matomo about the use of this website is stored on our server. The IP address is anonymised before storage.
With the help of Matomo, we are able to collect and analyse data about the use of our website by website visitors. This allows us to find out, among other things, when which page views were made and from which region they come. We also collect various log files (e.g. IP address, referrer, browsers and operating systems used) and can measure whether our website visitors perform certain actions (e.g. clicks, purchases, etc.).
The use of this analysis tool is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the anonymised analysis of user behaviour in order to optimise both its website and its advertising. If a corresponding consent has been requested (e.g. consent to store cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.
We host Matomo exclusively on servers of our contract processors, so that all analysis data remains with us and is not passed on.
The detailed list of cookies can be found in the consent tool on the website.
Social-Media-Plug-ins with Shariff
Plug-ins from social media are used on this website (Facebook, Twitter, Instagram, XING, LinkedIn).
You can usually recognise the plug-ins by the respective social media logos. To ensure data protection on this website, we only use these plug-ins together with the so-called 'Shariff' solution. This application prevents the plug-ins integrated on this website from transmitting data to the respective provider when you first enter the page.
Only when you activate the respective plug-in by clicking the corresponding button, a direct connection to the provider's server is established (consent). As soon as you activate the plug-in, the respective provider receives the information that you have visited this website with your IP address. If you are logged into your respective social media account (e.g. Facebook) at the same time, the respective provider can assign your visit to this website to your user account.
Activating the plug-in constitutes consent within the meaning of Art. 6 para. 1 lit. a GDPR. You can revoke this consent at any time with effect for the future.
Facebook Plug-ins (Like and Share-Button)
Plug-ins of the social network Facebook are integrated on this website. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries.
You can recognise the Facebook plug-ins by the Facebook logo or the 'Like' button on this website. You can find an overview of the Facebook plug-ins here: https://developers.facebook.com/docs/plugins/?locale=en_US.
When you visit this website, a direct connection is established between your browser and the Facebook server via the plug-in. Facebook thereby receives the information that you have visited this website with your IP address. If you click the Facebook 'Like' button while you are logged into your Facebook account, you can link the content of this website to your Facebook profile. This allows Facebook to associate your visit to this website with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Facebook. For more information, please consult Facebook's privacy policy: https://www.facebook.com/about/privacy.
If you do not want Facebook to be able to associate your visit to this website with your Facebook user account, please log out of your Facebook user account. The use of Facebook plug-ins is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in ensuring the greatest possible visibility in social media. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
Instagram Plug-in
Functions of the Instagram service are integrated on this website. These functions are offered by Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
If you are logged into your Instagram account, you can link the content of this website to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate your visit to this website with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Instagram.
The storage and analysis of the data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in ensuring the greatest possible visibility in social media. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/566994660333381.
For more information, please consult Instagram's privacy policy: https://help.instagram.com/519522125107875.
Kununu Plug-in
This website uses functions of the kununu network. The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany.
Each time one of our pages containing kununu functions is accessed, a connection to kununu servers is established. As far as we are aware, no personal data is stored. In particular, no IP addresses are stored or usage behaviour evaluated.
For more information, please consult kununu's privacy policy:
LinkedIn Plug-in
This website uses functions of the LinkedIn network. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
Each time a page of this website containing LinkedIn functions is accessed, a connection to LinkedIn servers is established. LinkedIn is informed that you have visited this website with your IP address. If you click the LinkedIn 'Recommend' button and are logged into your LinkedIn account, it is possible for LinkedIn to associate your visit to this website with you and your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by LinkedIn.
The use of the LinkedIn plug-in is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in ensuring the greatest possible visibility in social media. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.
For more information, please consult LinkedIn's privacy policy:
XING Plug-in
his website uses functions of the XING network. The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany.
Each time one of our pages containing XING functions is accessed, a connection to XING servers is established. As far as we are aware, no personal data is stored. In particular, no IP addresses are stored or usage behaviour evaluated.
The storage and analysis of the data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in ensuring the greatest possible visibility in social media. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.
For further information on data protection and the XING Share button, please refer to the XING privacy policy at: https://privacy.xing.com/en/privacy-policy.
Services from Google
Google services are used on this website. These are YouTube and Google Maps.
If you access our website from locations within the EU, the services are provided by Google Ireland Limited. However, personal data may be transmitted to the parent companies Google LLC and Alphabet Inc. These companies are based in the USA.
If you access our website from locations outside the EU, the services are provided by Google LLC, which is based in the USA.
The USA is a third country in terms of data protection law. According to Article 45 GDPR, the European Commission can issue an adequacy decision for third countries if it is determined in the review procedure that a level of protection for personal data comparable to that in the EU exists. Such a decision ensures that personal data can flow freely from the EU and the EEA to the third country in question without the need for further conditions or authorizations. This means that data can be transferred to the third country in question in the same way as within the EU.
On July 16, 2020, the ECJ ruled in its judgment C-311/18, "Schrems II", that the USA does not have an adequate level of data protection equivalent to that in the EU. The adequacy decision for data transfers to the USA was thus revoked and the USA was declared an unsafe third country. This was triggered by a complaint by lawyer and data protection activist Max Schrems, who accused the United States of conducting mass surveillance of global telecommunications and the internet without suspicion since 2007 at the latest. Personal data is not safe from access by the US authorities, such as secret services, and EU citizens have no legal recourse either to take action against this intrusion into their privacy or to obtain legal information.
Against the background of the CJEU ruling, a new adequacy decision was agreed between the EU Commission and the USA, which is intended to provide EU citizens with effective legal remedies with regard to the protection of personal data and access to dispute resolution mechanisms.
The new adequacy decision for the USA came into force on 10.07.2023. In addition, data transfer to the USA is only legally permissible if the data recipient is also certified in accordance with the
EU-US Data Privacy Framework is certified. US companies can certify their participation in the Data Privacy Framework by fulfilling detailed data protection obligations. The Data Privacy Framework is administered, processed and monitored by the US Department of Commerce. A transfer of data from the EU to the USA is therefore lawful processing if the company is certified.
Google is listed as a certified company on the corresponding website, which lists the certified companies: https://www.dataprivacyframework.gov/s/participant-search
Against the background of a possible new ruling against the current adequacy decision, we base a possible data transfer to the USA, e.g. data transfer to the parent company, on the standard contractual clauses of the EU Commission.
YouTube
This website embeds videos from the YouTube network. YouTube is a service of Google Ireland Limited or Google LLC.
We use YouTube in extended data protection mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video. However, the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode. For example, YouTube establishes a connection to the Google DoubleClick network regardless of whether you watch a video.
As soon as you start a YouTube video on this website, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.
Furthermore, YouTube can store various cookies on your end device after starting a video or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to record video statistics, improve user-friendliness and prevent attempted fraud.
If necessary, further data processing operations may be triggered after the start of a YouTube video, over which we have no influence.
The use of YouTube is in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission.
You can find details here:
https://business.safety.google/controllerterms/ and
https://business.safety.google/controllerterms/sccs/.
Further information about data protection at YouTube can be found in their privacy policy at: https://policies.google.com/privacy?hl=de.
Google Maps
This site uses the map service Google Maps. The provider is Google Ireland Limited or Google LLC.
When you use Google Maps, Google records every activity that you carry out via Google Maps. These can be places, businesses, institutions or routes. Google collects, stores and processes this data. It is not possible to clearly determine which data Google collects. Google's privacy policy only provides a brief insight into how it handles user data. They do not show specifically what data Google collects and processes via Google Maps.
To collect the data, Google places a cookie in your browser, which is stored locally on your device. Google Maps also stores your IP address. This information is usually transferred to a Google server in the USA and stored there.
We have no influence on this data transfer. If Google Maps is activated, Google may use Google Fonts for the purpose of uniform display of fonts. When you call up Google Maps, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.
The use of Google Maps is in the interest of an appealing presentation of our online
offers and to make it easy to find the places we have indicated on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission.
Details can be found here:
https://business.safety.google/controllerterms/ and
https://business.safety.google/controllerterms/sccs/.
You can find more information on the handling of user data in the privacy policy of
Google: https://policies.google.com/privacy?hl=de.
When you register to receive our information material (e.g. customer newsletter 'invenio insight' or applicant newsletter or information about new blog posts), your e-mail address will be used with your consent for our own information and advertising purposes. With your explicit consent/registration, we will send you customer newsletters or applicant newsletters as well as relevant information about our portfolio. You give your explicit consent in the course of the application process or in the context of cooperation. No further data will be collected. We use this data exclusively for sending the requested information. You can revoke your consent at any time with future effect, for example via the 'unsubscribe' link in the newsletter or by sending a message to contact(at)invenio.net.
For sending newsletters, we use the service of the provider CleverReach GmbH & Co. KG, Mühlenstraße 43, 26180 Rastede. CleverReach is a service with which the newsletter dispatch can be organised and analysed. The data you enter for the purpose of receiving newsletters (e.g. e-mail address) is stored on CleverReach's servers in Germany or Ireland.
Our newsletters sent with CleverReach allow us to analyse the behaviour of the newsletter recipients. Among other things, we can analyse how many recipients have opened the newsletter message and how often which link in the newsletter was clicked. With the help of so-called conversion tracking, it can also be analysed whether a predefined action (e.g. purchase of a product on this website) has taken place after clicking on the link in the newsletter. Further information on data analysis by CleverReach newsletters is available: https://www.cleverreach.com/de/funktionen/reporting-und-tracking.
The data processing is based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.
If you do not want any analysis by CleverReach, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. You can also unsubscribe directly on the website.
The data you provide us with for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data stored by us for other purposes remains unaffected by this.
After you have unsubscribed from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist in order to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.
For more details, please consult CleverReach's privacy policy: https://www.cleverreach.com/en/privacy-policy/
We have concluded a Data Processing Agreement (DPA) with the CleverReach provider and fully implement the strict requirements of the German data protection authorities when using CleverReach.
We run three blogs on the website.
If you want to actively participate in our blogs, you have the option to register for this. For this purpose, in addition to the above-mentioned personal data that is processed when you visit the website, we process further personal data that you enter during registration and when you leave comments.
The processing of this data is based on Art. 6 para. 1 lit. b GDPR. To protect your privacy, we ask you to enter an anonymised user name when registering. If you publish comments on our blog, only this user name will be published together with your comments.
The data you provide to us for the purpose of receiving the blog will be stored by us until you unsubscribe from the blog and will be deleted from the blog distribution list after you unsubscribe. You can unsubscribe by sending an informal e-mail to contact(at)invenio.net. Comments published by you will not be deleted and will remain visible on our blog page with your user name.
For surveys, we use the service LamaPoll of Lamano GmbH & Co. KG, Prenzlauer Allee 36G, 10405 Berlin. Lamano GmbH & Co. KG attaches great importance to data protection. We have concluded a Data Processing Agreement (DPA) with them. This is a contract required by data protection law, which ensures that the personal data collected in the survey is only processed according to our instructions and in compliance with the GDPR.
You will receive an invitation to participate in the survey via LamaPoll in our customer newsletter if you have actively agreed to receive it. We also make the survey available on our website and via the above-mentioned social media channels we use. You can participate in the survey according to the principle of data minimisation and decide for yourself whether you want to leave personalised information at the end of the survey. We use the results of the survey to sharpen our range of services.
The results of the survey will be evaluated and processed within the invenio Group and will not be forwarded to any other recipients. All data collected will be deleted by us after three months, unless you exercise your right to deletion in accordance with Art. 17 GDPR beforehand.
For more information on data protection in the context of surveys with LamaPoll, please consult: https://www.lamapoll.de/cms/files/files/Datenschutzerkl%C3%A4rung%20-%20Teilnehmer.pdf
As a data subject, you have the right to request confirmation from the controller as to whether personal data relating to you are being processed. If this is the case, you as the data subject have the right to obtain information about this personal data.
As a data subject, you have the right to have any incorrect data processed by us corrected. You also have the right to request the deletion or restriction of the processing of your data. If parts of the data are subject to a legal or official obligation to retain data, the data subject to the obligation to retain data will be blocked instead of deleted. You can assert your rights by post or by e-mail.
You have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another responsible party, this will only be done insofar as it is technically feasible.
As a data subject, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR. In individual cases, exercising your right to object may mean that you can no longer make use of the services we offer. You can exercise your right of objection by post or by e-mail.
As a data subject, you have the right to lodge a complaint with the competent supervisory authority if you do not agree with this request for information or the type of data processing.
The contact details of the competent supervisory authority for data protection are:
Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
Postfach 3163
65021 Wiesbaden
poststelle(at)datenschutz.hessen.de
Would You like to contact us?
Gladly we are at your disposal for any questions!
