Privacy Notice
Version: 30.06.2022
1. Name and contact details of relevant persons
IVC Independent Valuation & Consulting Aktiengesellschaft Wirtschaftsprüfungsgesellschaft
Girardetstr. 2
45131 Essen
Tel.: +49 (0)201 – 31 04 83 – 0
E-Mail: info@ivc-wpg.com
2. Contact details of the Data Protection Officer
The company data protection officer at IVC can be contacted at the above address for the attention of Dr. Alexander Brunner, or at datenschutzbeauftragter@ivc-wpg.com
3. Data processing when visiting our website
Every time you visit our website, our Web-hosting service provider temporarily processes data each time you access the content of this website and provides us with the so-called log files. However, this does not mean that we can immediately identify you. Log files contain the following data and information:
– the date and time of accessing the website
– IP address of the accessing computer
– host name of the accessing computer
– the operating system used by the accessing system and information about the browser type and version used (“user agent”)
– website from which and via which this website was accessed
– page(s)s visited on our website
– amount of data transferred and message as to whether the retrieval was successful (“status code”)
Temporary data processing is technically necessary for the course of a website visit in order to be able to deliver the website at all. Further, storage of the log files is necessary for control and verification purposes in order to be able to subsequently check the functionality of the website and the security of the information technology systems, we have legitimate interest in this data processing in accordance with Article 6(1) of the GDPR.
The server log files are stored for 7 days, unless concrete indications point to an abusive / illegal use and require a subsequent review.
4. Cookies
Cookies are text files placed on your computer (laptop, smartphone or any similar device) to collect standard Internet log information and visitor behaviour information. When you visit our website, we may collect information from you automatically through cookies or similar technology.
When you first access our website, you can set your privacy preferences in the Cookie Consent Manager or make the selection you wish. If you click on “Accept all or Save”, this information will be stored in a cookie in your terminal equipment. Otherwise, you would have to make your preferred selection again each time you reload our website, change pages, etc., which would affect the user experience. The legal basis for this is Article 6(1) (f) of the GDPR. The cookie remembers your selection. However, this does not mean that we immediately gain knowledge of your identity or intend to do so.
Other technical cookies save your language selection or test on the software side whether cookies are accepted at all.
Most browsers accept cookies automatically. However, you can set your browser so that no cookie is stored. Complete deactivation may mean that you cannot use all the functions of our website.
5. Contact us
If you contact us (e.g. by contact form, e-mail or telephone), we will process your details insofar as this is necessary to answer your contact enquiry and any measures requested.
We process the data you provide in accordance with Article 6(1) (b) of the GDPR if your contact request is made with the aim of arranging a non-binding consultation with us, bringing about the conclusion of a contract, or winding up or cancelling an existing contractual relationship.
We process general messages in accordance with Article 6 (1) (f) of the GDPR. Our legitimate interest lies in conclusively processing the received message and contacting you externally.
In the case of contact based on your consent, Article 6(1) (a) of the GDPR is the legal basis.
We store your message until the processing is completed. Longer storage only takes place insofar as we are entitled or obliged to do so in individual cases.
6. Application documents
If you apply for a job with us, we process the application documents you send us. The data we process depends on the data you provide us with. Furthermore, we process data that is collected during the job interview.
The legal basis is Article 6(1) (b) in conjunction with Article 88 GDPR, and Section 26 of the Federal Data Protection Act (BDSG).
The sole purpose of processing is to process your application and to contact you.
In the event of a rejection, we store your data for six months from the moment you receive the rejection decision. In the event of the conclusion of an employment contract, we delete your application data as soon as the purpose ceases to apply.
We require your consent to include you in our applicant pool (Article 6(1) (a) of the DGPR. Your consent is voluntary and can be revoked at any time.
7. Google Maps
We have integrated the interactive online map service “Google Maps” of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA into our website. Responsible for the data processing of persons located in the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 DUBLIN, D04 E5W5 Ireland: “The data controller responsible for processing your information depends on your place of residence, unless otherwise stated in the privacy notices of a particular service: Google Ireland Limited for users of Google services, who have their habitual residence in the European Economic Area or Switzerland’,
https://policies.google.com/privacy?hl=de
https://www.gstatic.com/policies/privacy/pdf/20210701/7yn50xee/google_privacy_policy_de_eu.pdf
With your active and voluntary consent (Article 6(1)(a) GDPR), a connection to Google’s servers is established. When using Google Maps, information about you, including your IP address, user agent and the start and destination address (location data) entered as part of the route planner function, will be transmitted to Google. Since Google offers numerous services, but only provides a uniform data protection regulation for all services, it cannot be ruled out with certainty that Google processes data for its own purposes across services, merges the newly collected data with data that has been or is collected through the use of other services, for example to create user profiles in order to display personalized ads. Google itself informs as follows: “Under certain circumstances, the personal data from the various Google services may be linked together”.
Since Google Maps is the property of Google LLC and Google and its partners have distributed their servers all over the world and provide their services globally, it is not excluded that personal or personal data may be stored and processed worldwide, including on servers in the USA. There is no adequacy decision of the EU Commission within the meaning of Article 45 GDPR for the USA. Due to the possibly lower level of data protection in third countries, you may not be able to assert your data subject rights with the recipients listed below or only partially. Furthermore, your data could be exposed to access by third-party authorities and appeals to courts and authorities abroad could be unsuccessful. Suitable guarantees within the meaning of Article 46 GDPR for data transfer are EU standard contractual clauses used here. A copy of the Standard Contractual Clauses approved by the EU Commission and relied on by Google can be found at:
https://policies.google.com/privacy/frameworks?hl=de
8. Facebook fanpage / Instagram company account
We maintain a Facebook fan page and an Instagram account. We are jointly responsible for data processing with Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland. Details of the delineation of responsibility can be found in the following agreement:
https://www.facebook.com/legal/terms/page_controller_addendum
The following link will take you to the privacy policies of Facebook and Instagram:
https://facebook.com/policy.php
https://help.instagram.com/519522125107875
Facebook and Instagram are the world’s best-known social media providers. We have a legitimate interest (Article 6(1) sentence 1 letter f DSGVO) in using the services of Facebook for the purposes of our public relations, product marketing, reach optimisation and company presentation. Our legitimate interests lie in these purposes. We would like to point out that you use the Facebook fan page, the Instagram account and their functions on your own responsibility and moderately. This applies in particular to the use of the interactive functions (e.g. commenting, sharing, rating). We as fan page operator may process data from your use, insofar as you contact us via our Facebook page(s) / Instagram account and information about your use of our Facebook fan page or Instagram account through so-called “Facebook Insights” / “Instagram Insights”, i.e. statistics that Facebook processes and graphically provides to us as operator of the Facebook fan page / Instagram account (http://de-de.facebook.com/help/pages/insights / https://www.facebook.com/help/instagram/788388387972460). Alternatively, all information and contact options are available on our website.
If you visit our pages on Facebook / Instagram, the data and information collected about you when using the service (including IP address, user agent, the application used, details of the terminal device you are using (including device ID and application ID), information on web pages called up, location and mobile phone provider) will be processed by the Facebook group, for which Facebook uses cookies and other web tracking technologies. This may allow Facebook to assign IP addresses to individual users or to identify them. The recipient of the data (in particular IP address, time and date of access, operating system used, etc.) is first Facebook, where it may be passed on to third parties for Facebook’s own purposes and under Facebook’s responsibility (group-wide), as Facebook and its partners work together globally and use cookies, e.g. for statistics, personalisation, advertisements/offers/content tailored to you and profiling. If you are currently logged into Facebook, a cookie with your Facebook identifier will be placed on your device. This enables Facebook to track that you have visited this account and how you have used it. This also applies to all other Facebook services such as WhatsApp. Via Facebook / Instagram background services embedded in websites, it is possible for Facebook to record your visits to these website pages and assign them to your Instagram profile. Based on this data, content or advertising can be offered tailored to you.
The recipient of publications is also the public, i.e. potentially every person who has access to Facebook. However, the data you enter on Facebook, in particular your username and the content published under your account, are processed by us insofar as we respond to messages and comments.
https://de-de.facebook.com/full_data_use_policy
http://de-de.facebook.com/about/privacy
If some of our sub-pages offer the “share function” so that you can share content from our website via your account on Facebook, server connections to Facebook are not automatically established because of this provision of the share function. This only happens if you actively use the “Share” function and have a Facebook account.
You yourself can significantly influence and reduce the type, manner and scope of data processing by Facebook and its global partners by configuring your terminal device or browser in a data protection-friendly manner, by not being permanently logged in, by deleting cookies from Facebook and its partners after the end of your session, by changing your meta-information, by not allowing Facebook and its partners permanent access to your personal data and by not publishing any private information. You have options to restrict the processing of your data in the general settings of your Facebook account. In addition, you can restrict Facebook’s access to contact and calendar data, photos, location data, etc. on mobile devices (smartphones, tablet computers) in the settings options there. Further information on Facebook and other social networks and how you can protect your data can also be found at www.youngdata.de, an internet service of the Rhineland-Palatinate State Commissioner for Data Protection and Freedom of Information (LfDI Rheinland-Pfalz).
Facebook provides information on Instagram, among other places, about how Facebook companies work together (“IV. How do Facebook companies work together?”):
“Facebook and Instagram share infrastructure, systems and technology with other Facebook companies (including WhatsApp and Oculus) to provide an innovative, relevant, consistent and secure experience across all Facebook company products you use. For these purposes, we also process information about you across Facebook companies as permitted by applicable law and in accordance with their terms of use and policies. For example, we process information from WhatsApp regarding accounts that send spam on the service so that we can take appropriate action against such accounts on Facebook, on Instagram or in Messenger. We also try to find out how people use and interact with Facebook companies’ products, for example, to gain insight into the number of individual users on different Facebook companies’ products”, (https://help.instagram.com/519522125107875).
Since Meta Platforms, Inc. (formerly Facebook, Inc.) and its global affiliates have servers located all over the world and provide services globally, it is not impossible that personal or personally identifiable information may be stored and processed globally, including on servers in the United States. These could be countries where the level of data protection is not as high as within the European Union. Due to the possibly lower level of data protection in the third countries, you may not be able to assert your data subject rights with these recipients or only partially. Furthermore, your data may be exposed to access by foreign authorities and remedies before courts and authorities abroad may be unsuccessful. There is no adequacy decision of the EU Commission within the meaning of Art. 45 GDPR for the USA. Appropriate safeguards within the meaning of Article 46 of the GDPR for the data transfer are the EU standard contractual clauses used:
https://www.facebook.com/help/566994660333381?ref=dp
9. Chat
You can use the chat function on our website. The provider of the chat is Smartsupp.com, s.r.o., Sumavska 31, 602 00 Brno, Czech Republic. For the chat function, we require your voluntary consent (Article 6 (1) sentence 1 letter a DSGVO). If you consent, server connections will be established to Smartsupp’s web hosting provider so that the chat can be delivered to you: DataCamp, Inc, Empire State Building, 350 5th Ave, Floor 77, New York, NY 10118 USA. Your consent includes data transfers to Smartsupp and DataCamp, possibly to the USA, as DataCamp is a US-based company, as well as data processing through the storage of “Smartsupp” cookies required for the chat: More information on “How Smartsupp uses cookie files” can be found here: https://www.smartsupp.com/de/help/privacy/
Without your consent, no external server connections will be made and no data processing will take place through stored “Smartsupp” cookies in your terminal equipment.
Alternatively, you can always contact us by email, phone or post. As chat messages are stored on DataCamp web servers, we recommend that you do not use the chat function to transmit confidential data and information to us.
Smartsupp does use server locations in Germany. Since DataCamp is an international group and DataCamp and its partners provide their services globally, it could come to the transfer of personal or personal-related data to the USA. Due to the possibly lower level of data protection in the third countries, you may not be able to assert your data protection rights with these recipients or only partially. Furthermore, your data may be subject to access by foreign authorities and remedies before courts and authorities abroad may be unsuccessful. There is no adequacy decision of the EU Commission within the meaning of Article 45 GDPR for the USA. Appropriate safeguards within the meaning of Article 46 of the GDPR for the data transfer are the EU standard contractual clauses used here. A copy of the standard contractual clauses approved by the EU Commission on which DataCamp relies can be found at:
https://www.datacamp.com/privacy-policy#international-data-transfers
10. LinkedIn-Seite
We maintain a page on LinkedIn. LinkedIn, a service of LinkedIn Corp, 1000 West Maude Avenue, Sunnyvale, CA 94085 USA, is the best-known web-based and international social network for maintaining existing (permanent) contacts and making new business connections.
The data controller for individuals located in the EU is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland: “If you are located in the “Designated Countries”, LinkedIn Ireland Unlimited Company (“LinkedIn Ireland”) becomes the data controller for your personal data provided to, collected for or processed by or in connection with our Services”, https://de.linkedin.com/legal/privacy-policy
For the purposes of our public relations, presentation of our ideals, marketing activities and campaigns, reach optimisation, recruitment and networking, we have legitimate interests (Article 6(1) sentence 1(f) DSGVO) in maintaining and servicing our page on LinkedIn. In addition, we may provide interested persons with another communication channel, also to facilitate the application process.
Under this link you can reach LinkedIn’s data protection notice and learn more about the nature, manner and extent of the processing of your data by LinkedIn.
If you visit our site on LinkedIn, the data and information collected about you when using the service (including IP address, the application used, details of the end device you are using including user agent, device ID and application ID, information on web pages called up, location and mobile phone provider) are processed by LinkedIn, for which LinkedIn uses cookies and other web tracking technologies. The recipient of the data (in particular IP address, time and date of the call, operating system used, etc.) is initially LinkedIn, where it may be passed on to third parties for LinkedIn’s own purposes and under LinkedIn’s responsibility, as LinkedIn and its partners work together globally and use cookies, e.g. for statistics, personalisation, advertisements / offers / content tailored to you and profile building. You are free to visit our LinkedIn page and take further actions such as leaving comments or messages, contacting us or following our page. Alternatively, you can access all further information on our website, where our contact methods are also available to you.
Since LinkedIn is part of the Microsoft Group (Microsoft Corporation, One Microsoft Way Redmond, Washington 98052, USA) and LinkedIn, Microsoft and their partners have their servers all over the world and provide their services globally, it is not excluded that personal or personal-related data are stored and processed worldwide, including on servers in the USA. These could be countries where the level of data protection is not as high as within the European Union. Due to the possibly lower level of data protection in the third countries, you may not be able to assert your data subject rights with these recipients or only partially. Furthermore, your data may be exposed to access by foreign authorities and remedies before courts and authorities abroad may be unsuccessful. There is no adequacy decision of the EU Commission within the meaning of Article 45 GDPR for the USA. Appropriate safeguards within the meaning of Article 46 of the GDPR for the data transfer are the EU standard contractual clauses used here. A copy of the standard contractual clauses approved by the EU Commission on which LinkedIn relies can be found at:
https://www.linkedin.com/legal/l/eu-sccs
https://www.linkedin.com/help/linkedin/answer/62533?trk=microsites-frontend_legal_privacy-policy&lang=de
11. YouTube
We maintain a YouTube channel. YouTube is an online video portal of YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. The data controller for individuals located in the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 DUBLIN, D04 E5W5 Ireland: “The data controller responsible for processing your information depends on where you live, unless otherwise stated in the privacy notice of a particular service: Google Ireland Limited for users of Google services who are habitually resident in the European Economic Area or Switzerland”,
https://policies.google.com/privacy?hl=de
https://www.gstatic.com/policies/privacy/pdf/20210701/7yn50xee/google_privacy_policy_de_eu.pdf
YouTube is the most internationally known and popular video portal. We run our YouTube channel for the purposes of our public relations, the presentation of our ideals, marketing activities and campaigns, reach optimisation, networking. We may process data from your use of our YouTube channel if you contact us about it.
We would like to point out that you use this YouTube channel and its functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g. commenting, sharing, rating). You are free to access our YouTube channel and take further actions, such as leaving comments or messages, contacting us or following our page. Alternatively, you can access all information on our website, where you can also access our contact methods.
If you visit our YouTube channel, the data and information collected about you when using the service (including IP address, user agent, the application used, details of the terminal device you are using including device ID and application ID, information of web pages accessed, location and other information (“Data we collect when you use our services”, https://policies.google.com/privacy?hl=de#intro) will be processed by YouTube, for which purpose YouTube uses cookies and other web tracking technologies. The recipient of the data (in particular IP address, time and date of the call, operating system used, etc.) is initially YouTube LLC, where it may be passed on to third parties for YouTube’s own purposes and under YouTube’s responsibility, as YouTube and its partners work together globally and use cookies and other web tracking technologies (including “DoubleClick”), e.g. for statistics, personalisation, advertisements / offers / content tailored to you and profiling (“Data sharing by Google”, https://policies.google.com/privacy?hl=de#infosharing). These cookies could also remain stored on your end device after you leave YouTube again or even close your browser session completely. It is also not impossible that such a cookie was already stored on your end device before you accessed our YouTube channel. You can reduce the risk of (possible analysis) cookies on your end device by adjusting the privacy settings of your browser accordingly.
If we have integrated videos from our YouTube channel, videos from another YouTube channel not belonging to us and the YouTube player into dedicated subpages of our telemedia offer as a “youtube-nocookie” variant for the purpose of freely designing our website, also under efficiency and cost-saving considerations, no automatic connections to the servers of YouTube or Google will be established in a first step. Instead, you must first actively call up the video in question, i.e. you must make use of the service by clicking on it. Embedding the videos without outsourcing them to YouTube slows down the loading time of our website more than insignificantly due to the size of the video file. We have to embed videos from other YouTube channels that do not belong to us by referring to the YouTube channel of the originator.
Since YouTube LLC is part of the “Google” group and YouTube, Google and their partners have their servers distributed all over the world and provide their services globally, it cannot be ruled out that personal or personal-related data are stored and processed worldwide, including on servers in the USA. These could be countries where the level of data protection is not as high as within the European Union. Due to the possibly lower level of data protection in the third countries, you may not be able to assert your data subject rights with these recipients or only partially. Furthermore, your data may be exposed to access by foreign authorities and remedies before courts and authorities abroad may be unsuccessful. There is no adequacy decision of the EU Commission within the meaning of Article 45 GDPR for the USA. Suitable guarantees within the meaning of Article 46 of the GDPR for the data transfer are the EU standard contractual clauses used here. A copy of the standard contractual clauses approved by the EU Commission and invoked by YouTube / Google can be found at:
https://policies.google.com/privacy/frameworks?hl=de
12. XING
For the purposes of our reach optimisation, public relations, recruitment and networking, we maintain a XING profile. New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany, is responsible for processing personal data. We would like to point out that you use our XING page and its functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g. commenting, sharing, rating). When you visit our XING site, XING records in particular your IP address, the time and date of the call, the operating system used, the browser and whether the request was successful or not. In addition, it is not impossible that XING stores cookies on your end device. XING provides more detailed information on this at: https://www.xing.com/terms.
We would like to point out that XING stores the data of its users (e.g. personal information, IP address, etc.) and may also use this data for business purposes. You can find more information on XING’s data processing in XING’s privacy policy at:
https://privacy.xing.com/en/privacy-policy
According to XING’s privacy policy, data transfers to third countries take place. These are based on EU standard data protection clauses. You can find more information about this at:
https://privacy.xing.com/de/datenschutzerklaerung/wer-erhaelt-daten-zu-ihrer-person/drittlaender.
13. Your rights
In accordance with Article 15 GDPR, you have the right to receive information about the data stored about you, including any recipients and the planned storage period.
You have the right to withdraw your consent without affecting the lawfulness of the processing carried out on the basis of the consent until the withdrawal.
Should incorrect personal data be processed, you have the right to rectification in accordance with Article 16 GDPR.
If the legal requirements are met, you have the right to erasure or restriction of processing of the data concerned (Articles 17 and 18 GDPR).
You have a right to data portability (Article 20 GDPR).
You have the right under Article 21 GDPR to object at any time, on grounds relating to your particular situation, to the processing of your personal data carried out on the basis of Article 6(1)(f) GDPR. We will then no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the assertion, exercise or defence of legal claims. The collection of data for the provision of the website and the storage of log files are mandatory for the operation of the website.
In accordance with Article 77(1) GDPR, you have a right of appeal to a supervisory authority.
We refrain from automated decision-making including profiling.