Privay Policy
Status: Mai 2023
Thank you for your interest in our company and our website.
The protection and integrity of your personal data and the guarantee of your privacy are of particular concern to us.
In this privacy notice you will find information about data processing in the context of visiting our website and social media presences.
In addition, we inform you about the data processing in the context of a tenancy with us. We want to offer you the most comfortable living experience possible, tailored to your needs and characterised by a variety of social events and connection opportunities, so that you feel as comfortable as at home in your new city and always receive your offer tailored to your interests. Our privacy notice explains what personal data we collect from you, either directly or indirectly, for this purpose and how we use it.
This privacy notice also contains information about data processing when you contact us in general, in the application process and in the context of business relationships.
The Controller pursuant to Art. 4 para. 7 EU General Data Protection Regulation (GDPR) for data processing by us is the
International Campus GmbH
Blumenstrasse 28, 80331 Munich
Telephone: +49 89 212 6880 – 0
Fax: +49 89 212 6880 – 290
info@ic-campus.com
To exercise your rights, report data protection incidents, make suggestions and complaints regarding the processing of your personal data and withdraw your consent, we recommend that you contact our Data Protection Officer:
PROLIANCE GmbH
Leopoldstr. 21
80802 Munich
www.datenschutzexperte.de
datenschutzbeauftragter@datenschutzexperte.de
USE OF OUR WEBSITE
Provision of the website
When you use our website for information purposes only (without contacting us), we only collect the personal data that your browser transmits to our server. If you want to visit our website, we collect the data that is technically necessary for us to display our website to you. This may involve accessing information (e.g. IP address) or storing information (e.g. cookies) in your terminal equipment.
In this context, the IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page), access status/HTTP status code, amount of data transferred, website from which the request comes, browser, operating system and its interface, language and version of the browser software are recorded. We process your data on the basis of Sect. 25 para. 1 p. 1, para. 2 no. 2 Telecommunications-Telemedia Data Protection Act (TTDSG), Art. 6 para. 1 p. 1 (f) GDPR and base the data processing on our legitimate interest in the smooth provision of our website and in ensuring the stability and security of our website.
We use the web hosting service provider RAIDBOXES GmbH, to whom data of our website visitors is passed on within the scope of hosting. We have concluded a data processing agreement with the provider in accordance with the requirements of Art. 28 GDPR, in which we oblige the provider to protect our customers’ data and not to pass it on to third parties.
For reasons of technical security, in particular to defend against attempted attacks on our web server, this data is stored by us for a short time and deleted after XX days at the latest.
General information on the use of cookies
Our website uses so-called “cookies”. Cookies are small text files that are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your terminal device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your terminal device until you delete them yourself or until they are automatically deleted by your web browser.
Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or language settings). Other cookies are used to evaluate user behaviour or to display advertising.
The processing of data through the use of absolutely necessary cookies takes place on the basis of Sect. 25 para. 2 no. 2 TTDSG. The processing of the data collected in this way is based on a legitimate interest in accordance with Art. 6 para. 1 (f) GDPR in the technically error-free provision of our services. For details on the purposes of the processing and legitimate interests, please refer to the explanations on the specific data processing.
The processing of personal data through the use of other cookies is based on consent pursuant to Sect. 25 para. 1 TTDSG. and the further processing of the data thus collected is based on consent pursuant to Art. 6 para. 1 (a) GDPR. The consent can be revoked at any time for the future. Insofar as such cookies are used for analysis and optimization purposes, we will inform you separately about this within the scope of this privacy notice and obtain your consent.
You can set your browser so that you
- are informed about the setting of cookies,
- allow cookies only in individual cases,
- exclude the acceptance of cookies for certain cases or in general,
- activate the automatic deletion of cookies when closing the browser.
The cookie settings can be managed under the following links for the respective browsers:
You can also manage the cookies of many companies and functions used for advertising individually. To do this, use the corresponding user tools, available at https://www.aboutads.info/choices/
or http://www.youronlinechoices.com/uk/your-ad-choices.
Most browsers also offer a so-called “do-not-track” function. When this function is activated, the respective browser tells advertising networks, websites and applications that you do not want to be “tracked” for the purpose of behavioural advertising and the like.
For information and instructions on how to edit this function, depending on your browser provider, see the links below:
In addition, you can prevent the loading of so-called scripts by default. “NoScript” allows the execution of Java scripts, Java and other plug-ins only on trusted domains of your choice. Information and instructions on how to edit this function can be obtained from the provider of your browser (e.g. for Mozilla Firefox at: https://addons.mozilla.org/de/firefox/addon/noscript/).
Please note that if you disable cookies, the functionality of our website may be limited.
Use of Google Analytics
Our website uses Google Analytics, an internet analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses so-called “cookies”.
Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity. Google will also use this information to provide the website operator with other services related to the use of the website and the internet. The IP address sent by your browser as part of Google Analytics will not be combined with any other data held by Google. The processing is carried out in accordance with Art. 6 para. 1 (a) GDPR on the basis of your consent.
We only use Google Analytics with IP anonymisation activated. This means that your IP address is only processed by Google in abbreviated form.
We have concluded a contract with the service provider in which we oblige them to protect the data of our website visitors and not to pass it on to third parties.
As a transfer of personal data to the USA may occur, further protection mechanisms are required to ensure the level of data protection of the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 © GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even through this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the USA.
The Google Analytics terms of use and information on data protection can be accessed via the following links:
http://www.google.com/analytics/terms/de.html
https://www.google.de/intl/de/policies/
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Erasure of user-level and event-level data associated with cookies, user identifiers (e.g. User ID) and advertising IDs (e.g. DoubleClick cookies, Android advertising ID, IDFA [Apple advertiser identifier]) will occur no later than 14 month after collection .
Use of Google Ads
Our website uses the functions of Google Ads Remarketing. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
If you have given us your consent to do so, this function makes it possible to link the advertising target groups created with Google Ads Remarketing with the cross-device functions of Google Ads and Google Marketing Platform. The legal basis is your consent pursuant to Art. 6 para. 1 p. 1 (a) GDPR, Sect. 25 para. 1 TTDSG. In this way, interest-related, personalised advertising messages that have been adapted to you on one terminal device (e.g. mobile phone) depending on your previous usage and surfing behaviour can also be displayed on another terminal device (e.g. tablet or computer).
If you have given your consent, Google will link your web and app browsing history to your Google Account for this purpose. In this way, the same personalised advertising messages can be served on every terminal device on which you log in with your Google Account.
To support this feature, Google Analytics collects authenticated user IDs that are temporarily linked to our Google Analytics data to define and create audiences for cross-device ad targeting.
You can permanently opt out of cross-device remarketing/targeting by deactivating personalised advertising in your Google Account by following this link: https://adssettings.google.com/.
We have concluded a data processing agreement with the service provider in which we oblige them to protect the data of our website visitors and not to pass it on to third parties.
As a transfer of personal data to the USA may occur, further protection mechanisms are required to ensure the level of data protection of the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 © GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even through this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the USA.
Further information and the privacy notice can be found in Google’s privacy notice at: https://www.google.com/policies/technologies/ads/.
Use of Google Maps
Our homepage uses the online map service provider Google Maps via an interface. Provider of the map service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. This allows us to display interactive maps directly on the website and makes it easy for you to use the map function. To use the functionalities of Google Maps it is necessary to save your IP address.
Google uses Cookies, to collect information about user behaviour. The legal basis for the processing of your personal data is your given consent according to Art. 6 para. 1 (a) GDPR, Sect. 25 para. 1 TTDSG.
We have concluded a data processing agreement with the service provider in which we oblige them to protect the data of our website visitors and not to pass it on to third parties.
Since a transfer of personal data to the USA takes place, further appropriate safeguards are required to ensure the level of data protection under the GDPR. To guarantee this, Google uses standard contractual clauses in accordance with Art. 46 para. 2 © GDPR. These oblige the recipient of the data in the USA. to process the data according to the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the USA.
Further information on the handling of user data can be found in Google’s privacy policy:
https://www.google.de/intl/de/policies/privacy/
Opt-out: https://www.google.com/settings/ads/
Use of Instagram
Our website uses so-called social plugins (“plugins”) from Instagram, which is operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”). The plugins are marked with your Instagram logo, for example in the form of your “Instagram camera”.
When you call up a page of our website that contains such a plugin, your browser establishes a direct connection with the servers of Instagram. The content of the plugin is transmitted by Instagram directly to your browser, which then integrates it into the page. Through this integration, Instagram receives the information that your browser has called up the corresponding page of our website, even if you do not have an Instagram profile or are not currently logged in to Instagram. This information (including your IP address) is transmitted by your browser directly to the Instagram server in the USA and stored there.
If you are logged in to Instagram, Instagram can directly assign your visit to our website to your Instagram account. If you interact with the plugins, for example by clicking the “Instagram” button, this information is also transmitted directly to the Instagram server and stored there. The information is also published on your Instagram account and displayed there to your contacts.
For the purpose and scope of the data collection and the further processing and use of the data by Instagram, as well as your rights in this regard and setting options for protecting your privacy, please refer to Instagram’s privacy notice: https://help.instagram.com/155833707900388/.
If you do not want Instagram to directly assign the data collected through our website to your Instagram account, you must log out of Instagram before visiting our website. You can also completely prevent the loading of Instagram plugins with add-ons for your browser.
Use of Youtube
On our website we use components (videos) of the company YouTube LLC 901 Cherry Ave., 94066 San Bruno, CA, USA (“YouTube”), a company of Google LLC (“Google”), Amphitheatre Parkway, Mountain View, CA 94043, USA.
[Here we use the ” – privacy-enhanced mode — ” option provided by YouTube].
When you call up a page that has an integrated video, your connection to the YouTube servers is established and the content is displayed on the website by informing your browser.
[According to YouTube’s information, in ” — extended data protection mode -” only data is transmitted to the YouTube server, in particular which of our Internet pages you have visited when you watch the video].
If you are logged in to YouTube at the same time, this information will be assigned to your YouTube member account. You can prevent this by logging out of your member account before visiting our website.
Further information on YouTube’s data protection is provided by Google under the following link: https://www.google.de/intl/de/policies/privacy/.
Use of Hotjar
Our website uses the Hotjar web analytics service provided by Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe (“Hotjar”).
Using Hotjar’s technology, we get a better understanding of our users’ experiences (e.g. how much time users spend on which pages, which links they click on, etc.). This helps us to tailor our offering to our users’ feedback. Hotjar uses cookies and other technologies to collect information about our users’ behaviour and their terminal devices, in particular the IP address of the device (only collected and stored anonymously while you are using the website), screen size, device type (unique device identifiers), information about the browser used, location (country only), preferred language for viewing our website. Hotjar stores this information on our behalf in a pseudonymised user profile.
The use of Hotjar and the associated processing of personal data takes place on the basis of your consent pursuant to Art. 6 para. 1 (a) GDPR, Sect. 25 para. 1 TTDSG.
We have concluded a data processing agreement with the service provider in which we oblige him to protect the data of our website visitors and not to pass it on to third parties.
As a principle, Hotjar stores customer data in the European Union. However, there may be transfers of personal data to third countries outside the EU and the EEA. In these cases, the implementation of further protection mechanisms is necessary to ensure the level of data protection in accordance with the requirements of the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 © GDPR. These oblige the recipient in the third country to process the data in accordance with the level of protection in the EU.
Hotjar offers every user the option to prevent the use of the Hotjar tool via a “Do-Not-Track header” so that no data is collected about the visit to the respective website. This is a setting that is supported by all common browsers in the current versions. For this purpose, your browser sends a request to Hotjar with the information to deactivate the tracking of the respective user. If you use our websites with different browsers/computers, you must set up the “Do-Not-Track header” separately for each of these browsers/computers. You can prevent the use of Hotjar by clicking on the opt-out page https://www.hotjar.com/legal/compliance/opt-out and click on “Deactivate Hotjar”.
For more information about Hotjar Ltd. and the Hotjar tool, please visit: https://www.hotjar.com.
You can find the privacy notice of Hotjar Ltd. at: https://www.hotjar.com/privacy
Contacting us
If you contact us by e‑mail, the information you provide in the e‑mail, including the personal data you enter there, will be stored by us for the purpose of processing the enquiry and in case of follow-up questions. The specification of an e‑mail address is required for contacting us, the specification of e.g. first and last name and telephone number is freely given. The legal basis for the processing of the data is our legitimate interest in answering your request in accordance with Art. 6 para. 1 (f) GDPR and, if applicable, Art. 6 para. 1 (b) GDPR if your request is aimed at concluding a contract. Your data will be deleted once the enquiry has been processed, provided there are no legal obligations to retain data. For email communication, we use the email provider Outlook of Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P521.
We have concluded a data processing agreement with the service provider in which we oblige him to protect our customers’ data and not to pass it on to third parties.
As a transfer of personal data to the USA may take place, further protection mechanisms are required to ensure the data protection level of the GDPR. To ensure this, we have agreed on standard data protection clauses with the provider in accordance with Art. 46 para. 2 © of the GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even through this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the USA.
ENTERING INTO RENTAL AGREEMENTS WITH US/ MAKING USE OF THE RANGE OF SERVICES WE OFFER
Our business model consists of renting furnished student flats and, within the framework of this, providing a comprehensive media (e.g. internet use) and leisure offer, such as organising social events in our houses. Within the framework of the initiation, fulfilment and processing of the contractual relationships existing with us, data will be collected from you that is necessary for the respective contract processing or data that arises during the use of our services (e.g. use of the internet).
We want to offer every resident a flat that is as adapted and comfortable as possible, and diversity is important to us. Therefore, you can tell us your special wishes and needs at any time. You can tell us that your flat should be barrier-free or that you need special housing equipment because of your religious orientation. Such data are often so-called special categories of data within the meaning of Art. 9 GDPR (e.g. data concerning health, religious data). The use of our services is possible overall without such notification. We process special personal data on the basis of your express consent. Under no circumstances do we use this data for purposes that go beyond the performance of a contract and the needs-based design of your stay with us.
We also process your data on the consumption of heating and hot water for the purpose of billing operating costs. Information on rental behaviour and damage can be processed within the framework of our contractual relationship or when commissioning tradesmen, as can the content of correspondence between us by e‑mail, telephone or post.
If there is video surveillance in or around the building, you can find information on data processing on the notice boards on site.
For the purposes mentioned above, we collect name, address, telephone number, e‑mail address, nationality, date of birth (optional:) study data, payment information (bank details), IP address (when using the internet connection operated by us), consumption data, possibly other information from correspondence.
The processing of your data is based on the fulfilment of the existing rental contract between us or in the context of contract initiation in accordance with Art. 6 para. 1 p. 1 (b) GDPR. In the case of processing special categories of personal data, we base the processing on your consent in accordance with Art. 9 para. 1 (a) GDPR. Data may also be processed within the scope of our legitimate interest pursuant to Art. 6 para. 1 (f) GDPR in ensuring smooth correspondence, handling claims, organizing events or enforcing legal claims.
Data is processed in internally-used IT systems and passed on to the respective system providers in this context and, in the case of e‑mail communication between us, to the respective e‑mail provider. If you use the internet service as part of the rental agreement, your data required for this purpose will be processed by the respective internet provider. As part of the processing of the tenancy, service providers may process data on the consumption of heating/hot water for metering purposes, banks may receive data from you as part of the payment processing and, in the event of damage settlement, data may be passed on to tradesmen and insurance companies. In addition, in the context of legal disputes, your data may be passed on to a lawyer appointed by us.
Your payment information will only be stored by us insofar as you have concluded rental contracts or make use of other chargeable services. The personal data requested by us in this context will only be stored for as long as is necessary for the execution of the contract and subsequent contract-related correspondence or, in the case of documents relevant under commercial and/or tax law that contain personal data, for as long as the statutory retention periods of the German Commercial Code (HGB) and the Fiscal Code of Germany (AO) provide for your retention of these documents (up to 6 and 10 years respectively). Your traffic data, which is collected during the use of the Internet connection offered and operated by us, is stored by us for 7 days for the purpose of abuse control and troubleshooting and then deleted, insofar as this is legally permissible. Special data freely given by you, such as data concerning health, will only be stored by us for as long as is necessary for the purpose in question or as long as we are legally obliged to store it. Other data will only be stored by us for as long as is necessary for the respective purpose or until the expiry of any statutory retention periods.
Social Media
General information
We operate websites or “fan pages” on various social media platforms. For the processing of your personal data in connection with your visit to our website or our “fan page” on the Facebook and LinkedIn platforms, we are jointly responsible with the operators of the respective platform, insofar as they provide us with aggregated information on visitors to our fan page or our website (“insights”).
The operator of the Facebook platform is Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour Dublin 2. The operator of the LinkedIN platform is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
We have concluded an agreement with the operators in accordance with Art. 26 GDPR on joint controllership for the processing of your personal data (Controller Addendum). This agreement specifies the data processing operations for which we or the respective operator are responsible when you visit our fan page or our presence on the platform of the respective operator. You can view this agreement under the following link:
Facebook: https://www.facebook.com/legal/terms/page_controller_addendum
LinkedIn: https://legal.linkedin.com/pages-joint-controller-addendum
If you wish to exercise your rights (information, correction, deletion, restriction, data portability, complaint to the supervisory authority, objection or withdrawal), you can contact Facebook or LinkedIn as well as us. You can adjust your advertising settings yourself in your user account. To do so, click on the following link:
https://www.facebook.com/settings?tab=ads or http://www.youronlinechoices.com.
For further details, please refer to Facebook’s privacy notice: https://www.facebook.com/about/privacy/.
To contact Facebook’s Data Protection Officer, you can use the online contact form provided by Facebook at the following link https://www.facebook.com/help/contact/540977946302970.
For more information on data processing by LinkedIn, please refer to LinkedIn’s privacy notice: https://www.linkedin.com/legal/privacy-policy.
To contact the Data Protection Officer of Instagram, you can use the contact form under the link https://www.linkedin.com/help/linkedin/ask/TSO-DPO.
The range of services we offer includes setting up so-called Facebook communities for the respective locations. When you have concluded your tenancy agreement with us, you have the opportunity to exchange information with other residents of your location within the communities. Access to the respective Facebook communities is only permitted to the tenants of your respective location and our employees who manage the respective community.
We and the platform operator are each independently responsible for the processing of your personal data in connection with your visit to our website on the Twitter and Instagram platforms. For the assertion of your data subject rights, we would like to point out that these can most effectively be asserted with the respective providers. Only they have access to the data collected from you.
The operator of the Twitter platform is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland. The operator of the Instagram platform is Instagram, Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour Dublin 2, Ireland.
If we pass on personal data to the providers of social media platforms, the latter are the recipients of the data. Since personal data may be transferred to the USA when visiting and interacting with the social media platforms used by us, further protection mechanisms are required to ensure the level of data protection of the GDPR. To ensure this, we have agreed standard data protection clauses with the providers of all social media platforms used by us in accordance with Art. 46 para. 2 © GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even through this contractual extension, we take additional safeguards to protect the personal data of visitors to our social media sites.
In cases where Controllers process your personal data on their own responsibility, we have no influence on the processing of this data by the Controller and its handling of this data (at least after transmission of the data). For further information, please refer to the privacy notices of the respective provider. If applicable, you can use the opt-out/personalisation options with regard to the data processing by the provider:
- Twitter
- Privacy notice: https://twitter.com/de/privacy
- Opt-out: https://twitter.com/personalization
- According to its privacy notice, Twitter uses standard data protection clauses to ensure an adequate level of data protection in accordance with the requirements of the GDPR for data transfers to the USA or other third countries outside the EU: https://twitter.com/de/privacy
- Instagram
- Privacy notice /Opt-out: http://instagram.com/about/legal/privacy/
- Instagram (Facebook), according to its privacy notice, uses standard data protection clauses to ensure an adequate level of data protection in accordance with the requirements of the GDPR for data transfers to the US or other third countries outside the EU:
http://instagram.com/about/legal/privacy/
Cookies
When you visit our Facebook fan page or our other social media pages, one or more cookies are set on your terminal device by the platform provider. Cookies are small text files that are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your terminal device. Session cookies are automatically deleted after the end of your visit. Permanent cookies remain stored on your terminal device until you delete them yourself or until they are automatically deleted by your web browser.
Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or language settings). Other cookies are used to evaluate user behaviour or display advertising.
By interacting with our Facebook fan page or our other social media sites, information (e.g. your IP address) may be accessed or stored (e.g. cookies) on your terminal equipment. This access or storage may involve further processing of personal data within the meaning of the GDPR.
The activity or validity period of cookies can vary greatly, but you can delete them manually at any time using your web browser settings. If you have any technical questions, please contact the manufacturer of your web browser. Further information on the use of cookies and their legal basis can be found in the provider’s privacy notice (see above).
Market research and advertising purposes
As a rule, personal data on the company website is processed for market research and advertising purposes of the provider of the social media platform. For this purpose, a cookie is set in your browser, which enables the respective provider to recognise you when you visit a website. In addition, an evaluation of your interactions on the social media platform is carried out by the provider. By means of the collected data, usage profiles can be created. These are used to display advertisements within and outside the platform that presumably correspond to your interests. Furthermore, data can also be stored in the usage profiles regardless of the devices you use. This is regularly the case if you are a member of the respective platforms and logged in to them. Further information on this can be found in the privacy notice of the respective provider.
When you visit or interact with our social media site, we may receive personal data from you, which we process on our own responsibility in addition to the provider. This may be information that you actively provide (comments, likes and information that you provide publicly, such as your profile picture or name).
Depending on the provider and your settings on the provider’s platform, we may also be informed about who has accessed our website or page within the platform.
Our access to the aforementioned data results from the operation of our social media presence; no further processing of this data by us takes place except in the cases mentioned in this privacy notice. We have a legitimate interest in the operation of our social media presence and the associated processing of personal data that you actively publish or make available to us pursuant to Art. 6 para. 1 p. 1 (f) GDPR. Our legitimate interest is to address you in an advertising manner and to provide you with an effective means of communication and interaction with our company. The data will be deleted as soon as it is no longer required for addressing and communicating with you.
Data processing when contacting us
We ourselves collect personal data when you contact us, for example via a contact form or a messenger service of the respective platform. Which data is collected depends on the information you provide and the contact details you have given or released. This data is stored by us for the purpose of processing the enquiry and in the event of follow-up questions. The legal basis for the processing of the data is our legitimate interest in responding to your enquiry in accordance with Art. 6 para. 1 (f) GDPR and, if applicable, Art. 6 para. 1 (b) GDPR if your enquiry is aimed at concluding a contract. After the enquiry has been dealt with, your data will be deleted unless there is a legal obligation to retain it. We assume that the processing is completed when it can be inferred from the circumstances that the matter concerned has been conclusively clarified.
Data processing for the performance of the contract
If your contact via a social network is aimed at performing a contract with us, we process your data for the performance of a contract or for the implementation of pre-contractual measures or for the provision of the requested services. In this case, the legal basis for the processing of your data is Art. 6 para. 1 (b) GDPR. Your data will be deleted if it is no longer required for the performance of the contract or if it is determined that the pre-contractual measures do not lead to the conclusion of a contract in accordance with the purpose of the contact. It may also be necessary to store personal data of our contractual partners after the conclusion of the contract in order to comply with contractual or legal obligations.
Data processing on the basis of consent
If you are asked by the respective platform provider for consent to processing for a specific purpose, the legal basis of the processing is Art. 6 para. 1 (a), Art. 7 GDPR. Consent given can be withdrawn at any time with effect for the future.
Insights functionality
When you visit our social media site, personal data is processed by the platform operator and by us. Insofar as this data processing takes place in connection with the Insights functionality of Facebook (Meta Platforms Ireland Ltd. or Meta Platforms Inc.), we are jointly responsible for it with Facebook (Art. 26 para. 1 GDPR). Insofar as this data processing takes place in connection with the Insights functionality of LinkedIn (LinkedIn Ireland Unlimited Company. or LinkedIn Corporation.), we are jointly responsible for it with LinkedIn (Art. 26 para. 1 GDPR).
Page insights allow us to obtain aggregate data about visitor interaction.
Site insights may be based on personal data collected in connection with an individual’s visit to or interaction with our site and in connection with content provided. Your data may be processed for market research and promotional purposes. For example, user profiles can be created from the usage behaviour and resulting interests of the users. The user profiles can in turn be used, for example, to display advertisements within and outside the platforms that presumably correspond to the interests of the users. This data collection takes place via cookies that are stored on your terminal device. Furthermore, data that is independent of the devices used by the users may also be stored in the user profiles; in particular, if the users are members of the respective platforms and logged in to them.
We only receive summarised (aggregated) data from the platform operator, which does not allow any conclusions to be drawn about individual persons.
The processing of your personal data may be used by us to increase the reach and awareness of our social media presences through target group-specific design of posts and to evaluate the success of marketing campaigns.
The legal basis for the processing of your personal data in connection with your visit to or interaction with our Facebook fan page is Art. 6 para. 1 (f) GDPR. We have a legitimate interest in using aggregated information about interactions with our social media presence for promotional purposes.
Information on the purposes pursued by the platform operator with the processing of your personal data and the legal basis of this data processing can be found in the privacy notice of the respective platform operator.
Please note that we have no influence on the data collection and further processing under the responsibility of the platform operator. As a result, we cannot provide any information about the scope, location and duration for which the data is stored by the platform operator.
Storage period
The personal data collected by us will be deleted if it is no longer required for the purposes specified when it was collected or if you have exercised your right of withdrawal or objection. Legal retention periods remain unaffected. We have no influence on the storage period of your data, which is stored by the social media providers for their own purposes.
APPLICATIONS
You can apply for one of our advertised positions via our online application portal. We process your data insofar as this is necessary for the decision on the establishment of an employment relationship with us. The legal basis for this is Article 88 GDPR in conjunction with Sect. 26 of the German Federal Data Protection Act (BDSG).
Furthermore, we may process your personal data if this is necessary for the fulfilment of legal obligations (Art. 6 para. 1 © GDPR) or for the defence or assertion of legal claims. The legal basis for this is Art. 6 para. 1 lit. f GDPR. The legitimate interest is, for example, a duty of proof in proceedings under the General Act on Equal Treatment (AGG).
If you give us express consent to process personal data for specific purposes, the lawfulness of this processing is based on your consent in accordance with Art. 6 para. 1 (a) GDPR, Sect. 26 para. 2 BDSG. You can withdraw your consent at any time with future effect. This applies in particular to inclusion in our talent pool. If you give your consent, we will include your application information in our talent pool if no employment relationship is established in order to contact you again in the event of subsequent vacancies. In this case, we store your data for a period of 12 months and then delete the data, unless you give us your consent to keep the data longer.
If an employment relationship arises between you and us, we may, in accordance with Art. 88 GDPR in conjunction with Sect. 26 BDSG, further process the personal data already received from you for the purposes of the employment relationship, insofar as this is necessary for the implementation or termination of the employment relationship or for the exercise or fulfilment of the rights and obligations of the employee representative body resulting from a law or a collective agreement, a company or service agreement (collective agreement).
We only process data that is related to your application. This can be general personal data (name, address, contact details, etc.), information on your professional qualifications and school education, information on further professional training and, if applicable, other data that you provide to us in connection with your application. We collect your name and e‑mail address (mandatory fields) via our contact form for the purposes mentioned above. In addition, you can tell us your title, mobile number, earliest starting date and period of notice, tell us how you became aware of us and attach comments and documents.
We may transfer your personal data to companies affiliated with us, provided you have given your consent in accordance with Art. 88 GDPR in conjunction with Sect. 26 para. 2 BDSG.
We use the HRworks GmbH personnel management system in which we manage and store applications. In this context, your data is passed on to the system provider. We have concluded a data processing contract with the service provider in which we oblige them to protect our applicants’ data and not to pass it on to third parties.
Otherwise, data is only passed on to recipients outside the company if this is permitted or required by law, the transfer is necessary to fulfil legal obligations or we have your consent.
We store your personal data as long as this is necessary for the decision on your application. Your personal data or application documents will be deleted no later than six months after the end of the application process (e.g. notification of the rejection decision), unless longer storage is legally required or permitted. We store your personal data beyond this only insofar as this is required by law or in the specific case for the assertion, exercise or defence of legal claims for the duration of a legal dispute.
In the event that you have agreed to a longer storage of your personal data, we will store it in accordance with your declaration of consent.
If an employment, training or internship relationship is established following the application process, your data will initially continue to be stored to the extent necessary and permissible and then transferred to the personnel file.
BUSINESS RELATIONS WITH THIRD PARTIES / DELIVERY AND PERFORMANCE TO US
We process and store the personal data provided by business partners (or potential business partners) in the context of enquiries, the transmission of offers, the transmission of master data, orders/contracts or other business correspondence, and for the performance of pre-contractual measures (business initiation) or the performance of a contract.
We only store personal data for as long as is necessary for the supply and service relationship or the administration of the business relationship. The legal basis for this is Art. 6 para. 1 p. 1 (b) GDPR, insofar as the data processing is carried out for the performance of a contract or the implementation of pre-contractual measures. We base the data processing on our legitimate interest in accordance with Art. 6 para. 1 (f) GDPR in the smooth processing of enquiries and business correspondence, insofar as the data processing is necessary for these purposes.
For the above purposes, we collect name, business telephone number, business e‑mail address, business address, payment data of the company/business partner (bank details) and, if applicable, data provided by you within the scope of correspondence and contract processing.
Data is processed in internally used IT systems and passed on in this context to the respective system providers and, in the case of e‑mail communication between us, to the respective e‑mail provider. Banks may receive data from you in the course of payment processing. In addition, in the context of legal disputes, your data may be passed on to a lawyer appointed by us.
The data will be deleted as soon as it is no longer required for contractual purposes or business correspondence. In addition, we are required by applicable law to retain certain personal data for legally defined periods of time (such as in connection with business transactions).
OTHER DATA TRANSFER
We will never offer your data for sale to third parties.
In addition to the disclosure of your data already mentioned in this privacy notice, we may share data with affiliated companies if this is necessary for internal administrative purposes. We base this data sharing on our legitimate interest in the efficient and smooth internal administration of the association in accordance with Article 6 para. 1 (f) of the GDPR.
In addition, we may be legally obliged to pass on data (Art. 6 para. 1 ©) GDPR). This is the case, for example, vis-à-vis the national registration authorities (e.g. Sections 19, 30 of the Federal Registration Act (BMG)) or in the case of disclosure obligations vis-à-vis law enforcement agencies and investigating authorities.
If your data is also transferred to non-European countries in this context, we ensure special protection of your data by either only transferring it to third countries for which the European Commission has issued an adequacy decision or by using so-called standard contractual clauses of the European Commission.
Sale or merger
We may share your personal data in the event of a merger, acquisition or sale of all or part of our assets. We will of course notify you by email and/or your prominent notice on our website and inform you of your rights.
HOW WE ENSURE THE SECURITY OF THE DATA WE COLLECT
Protecting your personal data is very important to us. Although we take reasonable precautions to protect the personal data we collect, please note that your security system is infallible.
We use several appropriate technical and organizational measures and industry standards to protect your personal data from loss, theft, misuse, unauthorized access and unauthorized disclosure, alteration and destruction. The personal data we store about you resides on computer systems with restricted access. In addition, we require third parties contracted by us to maintain appropriate security measures for the information we transmit. When you visit our website or send us information via the website, your data is protected by encryption technologies, such as transport layer security (https encryption).
YOUR RIGHTS
You have the following rights in relation to our use of your personal data:
Right to object according to Art. 21 GDPR
If your personal data is processed by us on the basis of legitimate interests pursuant to Article 6 para. 1 (f) GDPR, you have the right under Article 21 GDPR to object to the processing of your personal data on grounds relating to your particular situation. If the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right of objection without the requirement of specific grounds.
Right of access according to Art. 15 GDPR
You can ask us to provide you with information about the processing of your personal data and a copy of the personal data we hold about you.
Right to rectification or erasure pursuant to Art. 16, 17 GDPR
You can let us know if your personal data has changed or if you want us to change the personal data we collect about you.
In certain cases, you can ask us to delete the personal data we have collected about you.
Right to restriction of processing Art. 18 GDPR
In certain cases you have the right to ask us to restrict the processing of your data.
Right to withdraw consent given and objection to processing pursuant to Art. 7 para. 3 GDPR
If you have given your consent to the processing of your data, you can withdraw this consent at any time with effect for the future. Such a withdrawal does not affect the lawfulness of processing of your personal data that has already taken place before the withdrawal.
Of course, you can object to the processing of your personal data for purposes of advertising and data analysis at any time. You can find more information on this under Use of Cookies and other (Marketing-)Tools.
Right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR
We will always endeavour to find a solution with you if you experience problems with our use of your data. However, if you feel that we have not been able to help you resolve the problem, you also have the right to complain to your data protection supervisory authority about our processing of your personal data.
We rely on you to ensure that your personal data is complete, accurate and up to date. Please notify us immediately of any changes or inaccuracies in your personal data by sending your email to [datenschutz@ic-campus.com].
