Want to excel yourself?… more

Combining practice and doctorate as a doctoral student (m/f/d) in the Valuation Services … more

more News

 

Privacy Notice

Stand: August 2023

1.    Scope

·       www.ivc-wpg.com

·       Contacting

·       Application platform and procedure

·       Page Insights on Facebook


2.    Controller

Unless otherwise stated, the:

IVC Independent Valuation & Consulting Aktiengesellschaft Wirtschaftsprüfungsgesellschaft
Girardetstraße 2
45131 Essen

Phone: +49 (201) 31 04 83-0
E-Mail: info@ivc-wpg.com

– hereinafter referred to as ‘IVC’, ‘we’ – 

is responsible for the processing of personal data within the scope of this privacy policy.


3.    Contact details of the data protection officer of IVC

IVC Independent Valuation & Consulting Aktiengesellschaft Wirtschaftsprüfungsgesellschaft
DPO
Girardetstr. 2
45131 Essen

datenschutzbeauftragter@ivc-wpg.com

 
4.    Data processing on www.ivc-wpg.com

4.1     Content delivery & Log Files

In order to deliver these web pages, temporary processing of IP address and additional information (date and time of access, request method & requested files, data volume, status code, user-agent [information about operating system, browser type, and version]) is required. Accesses are stored in the log files of web servers for monitoring purposes.

The legal basis for the processing of personal data for the technical delivery of www.ivc-wpg.com & storage in the log files is Art. 6(1)(f) of the GDPR.

The log files are automatically deleted after 7 days.

Web hosting:

Mittwald CM Service GmbH und Co. KG
Königsberger Straße 4-6
32339 Espelkamp

4.2     Strictly necessary cookies & Cookie-Consent-Manager (‘CCM’)

Cookies are small files that are automatically created and stored in the web browser of the visitor’s end device for each visited website. Cookies can, for example, store information about preferred settings.

Once you make a selection in the CCM (‘Accept All’, ‘Save’, ‘Accept only essential cookies’), this information is stored in a cookie (named ‘borlabs-cookie’) so that the CCM does not appear again with every page change or refresh.

Insofar as personal data is processed through this necessary technical cookie in the context of providing the CCM, the legal basis is Article 6(1)(f) of the GDPR.

Insofar as personal data is processed through cookies not strictly necessary in the context of providing the telemedia services offered by IVC, the legal basis is Article 6(1)(a) of the GDPR.

4.3     Google Analytics / Google Tag Manager

For statistical web analysis, we use the tracking tool ‘Google Analytics’ provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

If you give your consent (Art. 6(1)(a) of the GDPR), server connections to the hosts at www.googletagmanager.com, www.google-analytics.com, and region1.google-analytics.com will be established, and the corresponding cookies will be stored on your end device: _ga; _ga_MTKZLL2LNM.

You can learn more about the storage duration here: support.google.com/analytics/answer/7667196.

The cookies store information about your usage of these websites, campaign tracking – analysis of visitor origin, screen resolution, frequency and timing of visits, device and browser information (User-Agent), click paths, visited pages, and duration of stay (session duration) on individual pages until page change, bounce rate.

If you are redirected to an IVC website through a Google advertisement and provide your consent in the CCM, Google Analytics can track this redirection.

For more information about Google’s processing of personal data, please consult the following pages:

policies.google.com/privacy

tools.google.com/dlpage/gaoptout

Furthermore, we use Google Tag Manager on www.ivc-wpg.com. This tool optimizes the automated management of tags (e.g., third-party scripts) through a web interface: developers.google.com/tag-platform/tag-manager.

Your consent for the processing of personal data by Google Analytics and Tag Manager is voluntary, meaning it is not required for the use of www.ivc-wpg.com and can be revoked at any time with effect for the future.

4.4     Google Maps

If you give your consent (Art. 6(1)(a) of the GDPR), Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, will process your personal data (IP address, User-Agent, and possibly other identifying features) to provide you with the interactive map service ‘Google Maps’ on www.ivc-wpg.com/ueber-uns/standort/. It cannot be ruled out that Google Ireland Limited will further process this data globally and within the group for its own business purposes and transmit them to the USA.

For more information about Google’s processing of personal data, please click here:

policies.google.com/privacy

Your consent for the processing of personal data for the provision of Google Maps is voluntary, meaning it is not required for the use of www.ivc-wpg.com and can be revoked at any time with effect for the future.

4.5     IVC-Tools & Microsoft Power BI 

For the provision of the ‘IVC Basiszins-Tool’ on www.ivc-wpg.com/tools/basiszins, we use the online service ‘Microsoft Power BI’ provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Responsible for data processing in the European Economic Area, the United Kingdom, and Switzerland is Microsoft Ireland Operations Limited, One Microsoft Court, South County Business Park, Leopardstown, Dublin 18, D18 DH6k, Ireland.

If you consent, requests will be sent to the servers at the following domains: 

–        app.powerbi.com

–        appsource.powerbi.com

–        content.powerapps.com

–        dc.services.visualstudio.com     

–        pbivisuals.powerbi.com 

–        wabi-west-europe-d-primary-api.analysis.windows.net   

so that Microsoft can deliver the tool to you. During this process, Microsoft obtains IP address, user agent, and potentially other identifying characteristics. Furthermore, to maintain the current session, Microsoft will store values and cookies in your browser’s local storage (ARRAffinitySameSite, WFESessionId, ai_session, ai_user).

Your consent for data processing for the provisioning of IVC tools using Microsoft Power BI is voluntary, meaning it is not required for the use of www.ivc-wpg.com and can be revoked at any time with effect for the future.

4.6     Smartsupp.com-Chat

If you consent (Article 6 (1)(a) GDRP), we process your data (IP address, user agent, date, and time of access, requested files) on www.ivc-wpg.com to provide the chat application by Smartsupp.com, s.r.o., Sumavska 31, 602 00 Brno, Czech Republic.

Furthermore, to maintain the current session and store the provided consent, a value is written to the Local Storage (ssupp_c9329721ebe1acd491fd4a0595288962ff2b89ab), and a cookie is stored on your end device (Name: smartsupp).

Web hosting: 

DataCamp Limited, 207 Regent Street, London W1B 3HH, UK

Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, USA

Your consent for the processing of personal data for the provision of the Smartsupp.com chat is voluntary, meaning it is not required for the use of www.ivc-wpg.com and can be revoked at any time with effect for the future.

4.7     Transfers of personal data to third countries 

Google Analytics / Google Tag Manager / Google Maps, Microsoft Power BI, and the Smartsupp.com chat are provided by servers of their respective platform operators. If you give your consent (Art. 6(1)(a) of the GDPR), a request is made to the respective platform operator to deliver the requested files to you. During this technical delivery process, the provider temporarily receives the IP address, User-Agent, and possibly other identifying features, which the platform operator stores independently in the log files of web servers and uses for its own business purposes, such as improving its advertising algorithms and profiling. Responsible for the processing of this data from individuals who have their habitual residence in the European Economic Area is:

–        Google Ireland Limited, Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland,

–        Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland,

–        Microsoft Ireland Operations Limited, One Microsoft Court, South County Business Park, Leopardstown, Dublin 18, D18 DH6k, Ireland. 

In this context, the processing of personal data in the USA cannot be ruled out, as Google LLC, Microsoft Corp., and Amazon Web Services, Inc. have their headquarters in the USA. Any potential transfer of personal data to the USA is conducted under Article 45 of the GDPR based on the Data Privacy Framework:

Google: www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active

Microsoft: www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000KzNaAAK&status=Active

AWS: www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000TOWQAA4&status=Active

 
5.    Contacting

If you contact IVC directly (e.g., via email, phone, web form), we will process your information to the extent necessary to respond to your contact inquiry and perform any requested actions. The legal basis is Article 6(1)(b) of the GDPR.

If your inquiry pertains to the application process or your application (questions related to ‘Working at IVC’), the legal basis for processing your data is Article 6(1)(b) of the GDPR in conjunction with Article 88 of the GDPR and § 26 of the BDSG.

If your contact inquiry is neither necessary for the fulfillment of a contract with IVC nor for contract initiation, the legal basis for processing your data is Article 6(1)(f) of the GDPR. The legitimate interest lies in processing the received message conclusively.

Your message will be stored until the processing is completed. Longer storage will only occur if we are entitled or obligated to do so on a case-by-case basis.

If you contact IVC via Smartsupp chat, www.xing.com, www.linkedin.com, www.instagram.com, www.facebook.com or www.youtube.com, the communication will necessarily take place via servers of the respective platform operator:

–        Smartsupp.com, s.r.o., Simicska 31, 602 00 Brno, Czech Republic

www.smartsupp.com/de/help/privacy/

–        New Work SE, Am Strandkai 1, 20457 Hamburg, Germany
www.linkedin.com/legal/privacy-policy

–        LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland

www.linkedin.com/legal/privacy-policy

–        Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland
www.facebook.com/privacy/policy

–        Google Ireland Limited, Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland

policies.google.com/privacy,

who is responsible for the processing of personal data of data subjects, as a recipient necessarily obtains knowledge of the content and processes data (including IP address, user agent, device information, browsing history, location, search queries, preferred times of use, last login, likes) under its own responsibility and for its own purposes. Confidential communication is not possible when using these services.

 
6.    Application to IVC

6.1 Online recruitement app

IVC operates an online recruitment app under the domain: karriere.ivc-wpg.com/*, where interested applicants can learn about current job openings and apply via email, web form, or upload.

When you visit and use IVC’s career pages, we need to temporarily process your IP address and additional information (date and time of access, request method & requested files, data volume, status code, user-agent [information about operating system, browser type, and version]) to deliver the requested web content. Requests are stored in the log files of web servers for monitoring purposes.

The legal basis for processing personal data for the technical provisioning of the recruitment app and storage in the log files is Article 6(1)(f) of the GDPR.

The log files are stored no longer than necessary.

To maintain the current session, when accessing karriere.ivc-wpg.com/*, a session cookie (‘HrwMeJobApplicationManagementSession’) and two cookies (‘AWSALBCORS’, ‘AWSALB’) for load balancing are stored in your end device.

The legal basis for processing personal data through the necessary technical cookies is Article 6(1)(f) of the GDPR.

Based on your consent (Article 6(1)(a) of the GDPR), we process personal data through Google Analytics on karriere.ivc-wpg.com, as outlined in section ‘4.3 Google Analytics / Google Tag Manager’ of this privacy policy.

Data recipients:

Access to your application data is granted to the personnel responsible and administrators of IVC, the platform provider: HRworks GmbH, Waldkircher Str. 28, 79106 Freiburg, as well as Amazon Web Services EMEA SARL (‘AWS’), 38 Avenue John F. Kennedy, L-1855 Luxembourg, for the web hosting of the online platform as a subprocessor of HRworks GmbH.

The data is stored on AWS servers in Ireland. As AWS is headquartered in the USA, the processing of personal data in the USA cannot be ruled out in this context. Any potential transfer of personal data to the USA is conducted under Article 45 of the GDPR based on the Data Privacy Framework:

www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000TOWQAA4&status=Active

6.2       The application process

We process your application data to assess your suitability and qualifications for the position you are applying for. In the application process, we will use all the information you provide to advance your application and to determine whether we can offer you a position at IVC. The data we process depends on the information you provide to IVC. We will use your contact details solely to keep you informed about the progress of the application process. Other information contained in the application documents will be used exclusively to assess your suitability for the vacant position. The legal basis is Article 6(1)(b) in conjunction with Article 88 of the GDPR and § 26 of the BDSG.

If your application documents contain special categories of personal data, e.g., information on health or ethnic origin, we also base the processing on Article 9 (2)(b) GDPR, Section 26 (3)(1) BDSG.

Storage duration

Your application data will be deleted as soon as it is no longer necessary for achieving the purpose for which it was collected. If your application was successful and you join us as an employee, trainee or intern, your data will initially continue to be stored and transferred to the personnel file. Otherwise, your application process ends upon receiving a rejection. In the case of a rejection, we will store your data for six months from the time the rejection decision is communicated to you, unless longer storage is necessary to defend legal claims.

Application pool

If you wish, we can include you in subsequent selection processes after the rejection of your application. To be considered for inclusion in IVC’s applicant pool, we require your consent (Article 6(1)(a) of the GDPR). Your consent is voluntary and can be revoked at any time.

 
7.    Page Insights on Facebook / Instagram

We maintain a Facebook fan page and an Instagram account. We are jointly responsible for data processing for ‘Page Insights’ with Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland. You can find details on the delimitation of responsibility and information on ‘Page Insights’ or ‘Facebook Insights’ in the following agreement:

www.facebook.com/legal/terms/page_controller_addendum 

With Page Insights, page operators can try to get information about target audiences, demographics, and statistics about responses to posts, among other things, de‑de.facebook.com/help/268680253165747 / de-de.facebook.com/help/pages/insights (06.04.2023).

If you visit www.facebook.com or www.instagram.com, the Meta Platforms group will process the data collected about you when using the service (including IP address, user agent, device information, browsing history, location, search queries, preferred times of use, last login, likes). The recipient of the data is initially Meta Platforms, Inc. where it is processed for its own purposes and passed on to third parties under the responsibility of Meta Platforms, Inc. for interest-based advertising tracking, data analysis and automated profiling to display personalized advertisements tailored to the respective user.

If you are logged in to Facebook, a cookie with your Facebook ID is placed in your browser’s storage. This enables Meta Platforms, Inc. to track whether you have visited a certain page and how you have used it. This also applies to all other Meta Platforms, Inc. services such as WhatsApp and Facebook Connect. Via ‘Facebook services’ embedded in websites, such as ‘Meta Pixel’, it is possible for Meta Platforms, Inc. to record your visits to these external websites and assign them to your profile to learn more about you and your interests.

Furthermore, Meta Platforms, Inc. processes the data of its users globally and throughout the group. In this way, Meta Platforms, Inc. will automatically combine data from the use of the respective service: The more Meta Platforms, Inc. services you are using, the more extensive and complete the profiling. 

You can find the privacy policies of Facebook & Instagram here:

www.facebook.com/privacy/policy 

help.instagram.com/519522125107875

You yourself can significantly influence the type, manner and scope of data processing by the Meta Platforms Group, e.g. by using ad and web tracking blockers, by not being permanently logged in, by deleting cookies at the end of a session, by not using services such as Facebook Connect, by not publishing private information and by not allowing Meta Platforms, Inc. and its partners permanent access to your personal data (contact and calendar data, photos, location data, etc.). You can also find more information about ‘Facebook’ at www.youngdata.de.

‘Meta Platforms’ is an internationally operating software conglomerate. In this context, the processing of personal data in the USA cannot be ruled out, as Meta Platforms, Inc. is headquartered in the USA. Any potential transfer of personal data to Meta Platforms, Inc. in the USA is conducted under Article 45 of the GDPR based on the Data Privacy Framework:

www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000GnywAAC&status=Active

 
8.    Your rights under the GDPR

In accordance with Article 15 GDPR, you have the right to request information about your personal data that we process.

If we process inaccurate personal data, you have a right to rectification pursuant to Article 16 GDPR.

If the legal requirements are met, you have the right to erasure or restriction of processing of the data concerned (Article 17 and Article 18 GDPR).

Under the conditions of Article 20 GDPR, you have the right to data portability.

If we process your data because of your consent, you have the right to withdraw your consent at any time without affecting the lawfulness of the processing we already conducted based on the consent up to the moment of withdrawal.

In accordance with Article 21 GDPR, you have the right to object to the processing of data relating to you at any time for reasons arising from your particular situation.

According to Article 77(1) of the GDPR, you have the right to lodge a complaint. You can exercise this right by contacting the competent supervisory authority: www.ldi.nrw