Privacy Notice
Stand: March 2024
1. Scope of Application
· www.ivc-wpg.com (hereinafter referred to as “websites”)
· Contacting, especially inquiries regarding offers and training; communication history
· Job application portal and application process
· Page insights on Facebook
For websites of other providers, to which reference is made, for example, via links, the respective data protection notices and declarations indicated there apply.
If this privacy policy contains external links to third-party providers, the last access was recorded on March 15, 2024.
2. Controller
Unless otherwise stated, the:
IVC Independent Valuation & Consulting Aktiengesellschaft Wirtschaftsprüfungsgesellschaft
Girardetstraße 2
45131 Essen
Phone: +49 (201) 31 04 83-0
E-Mail: info@ivc-wpg.com
– hereinafter referred to as ‘IVC’, ‘we’ –
is responsible for the processing of personal data within the scope of this privacy policy.
3. Contact details of the data protection officer of IVC
IVC Independent Valuation & Consulting Aktiengesellschaft Wirtschaftsprüfungsgesellschaft
DPO
Girardetstr. 2
45131 Essen
E-Mail: datenschutzbeauftragter@ivc-wpg.com
4. Data processing on these websites
4.1 Content delivery & Log Files
When using these websites, we process your IP address, user agent, timestamp, request method, requested files, data volume, status code and store these accesses for control purposes in the log files of web servers operated by Mittwald CM Service GmbH and Co. KG, Königsberger Straße 4-6, 32339 Espelkamp. The legal basis is Art. 6 (1)(f) GDPR. The log files are automatically deleted after 7 days.
4.2 Web statistics with Pirsch Analytics (pirsch.io)
As part of statistical web analysis, we use Pirsch Analytics (pirsch.io), an online service provided by Emvi Software GmbH, Nickelstraße 1b, 33378 Rheda-Wiedenbrück, to process data such as your IP address, user agent, timestamp, and page paths in pseudonymized form with a randomly generated unique string. This string varies from website to website to prevent cross-site tracking. Sessions are stored for a maximum of 24 hours, after which a new number is generated and assigned. The legal basis is Art. 6 (1)(f) GDPR. The legitimate interests lie in the evaluation of access to these websites and the creation of simple web statistics in pseudonymized form.
4.3 Strictly necessary cookies & Cookie-Consent-Manager (‘CCM’)
Cookies are small files that are automatically created and stored in the web browser of the visitor’s end device for each visited website. Cookies can, for example, store information about preferred settings.
Once you have made a selection in the Cookie Consent Manager (hereinafter “CCM”) (“Accept All”, “Reject”, “ Individuall data protection preferences”), your preferred settings will be saved in a cookie (under the name “borlabs-cookie”) of your browser used to store your privacy settings. The legal basis is Art. 6(1)( f) GDPR.
Insofar as personal data is processed through this technically necessary cookie in the context of providing the CCM, the legal basis is Art. 6(1)(f) GDPR.
Insofar as personal data is processed through technically non-essential cookies in the context of providing the telemedia services offered by IVC, the legal basis is Art. 6(1)(a) GDPR.
4.4 Google Ads Conversion
By your consent in accordance with Art. (6)(a) GDPR, your data is processed for web statistics on these websites using Google Ads Conversion by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The processed data typically includes your IP addresses, user agent, timestamps, interaction data, and possibly device information. Google Ads Conversion is used to analyze the effectiveness of advertising campaigns and track conversion rates. The goal is to track user behavior such as the time spent on the website and bounce rates, as well as conversions such as submitting a contact form, starting a chat, or clicking on a phone number, especially if you arrive at these websites via an advertisement. Cookies may also be stored and used on your device to process your data accordingly.
Your consent to the processing of your data by Google Ads Conversion is voluntary, meaning it is not required for the use of these websites and can be revoked at any time for the future.
4.5 Google Tag Manager
For the optimization and automated management of tags (such as third-party scripts), we use Google Tag Manager on these websites provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
If you consent in accordance with Art. 6 (1)(a) GDPR, Google Ireland Limited, Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland, is responsible for processing your data such as your IP address, user agent, and timestamp to deliver the script provided on servers under the domain www.googletagmanager.com.
For more information on how Google processes your data, you can refer to their privacy policy here: policies.google.com/privacy
Your consent to the processing of your data by Google Tag Manager is voluntary and not required for the use of these websites. You can revoke your consent at any time for the future.
4.6 Hotjar
To gain insights into the usage of these websites, we process your data to create so-called ‘heatmaps’ using the analytics platform ‘Hotjar’ provided by Hotjar Ltd, Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian’s STJ 3141, Malta. The legal basis for processing your data is your consent in accordance with Art. 6 (1)(a) GDPR. In the context of using Hotjar, the following data is processed:
- Hotjar Unique User ID;
- device screen resolution;
- device type (unique device identifiers), operating system, and browser type;
- console logs and errors;
- geographic location (country only);
- preferred language used to display the Hotjar-enabled site;
- mouse events (movements, location and clicks);
- keypresses (suppressed by default);
- referring URL and domain;
- pages visited;
- date and time when Your website was accessed and specific event on Your website occured;
Hotjar Ltd processes your data on IT systems of Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg, located in data centers within the EU.
Your consent to the processing of your data for the creation of heatmaps by Hotjar is voluntary, meaning it is not required for the use of these websites and can be revoked at any time with effect for the future. Additionally, data processing will be prevented if you use, for example, ad blockers or similar tools.
4.7 Google Maps
If you agree in accordance with Art. 6 (1)(a) GDPR, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, is responsible for processing your data such as IP address, user agent, and possibly other identifying features through requests and cookies to provide you with the interactive map service “Google Maps” on www.ivc-wpg.com/ueber-uns/standort/.
For more information on how Google processes your data, you can refer to their privacy policy here: policies.google.com/privacy
Your consent to the processing of your data for the provision of Google Maps on these websites is voluntary and not required for the use of these websites. You can revoke your consent at any time for the future.
4.8 IVC-Tools & Microsoft Power BI
For the provision of the IVC tools on www.ivc-wpg.com/tools/basiszins, we use the online service “Microsoft Power BI” provided by Microsoft Corporation, headquartered at One Microsoft Way, Redmond, WA 98052-6399, USA. The responsibility for data processing in the European Economic Area, the United Kingdom, and Switzerland lies with Microsoft Ireland Operations Limited, located at One Microsoft Court, South County Business Park, Leopardstown, Dublin 18, D18 DH6k, Ireland.
If you agree, requests will be made to servers under the following domains so that Microsoft can deliver the tool to you:
– app.powerbi.com
– appsource.powerbi.com
– content.powerapps.com
– dc.services.visualstudio.com
– pbivisuals.powerbi.com
– wabi-west-europe-d-primary-api.analysis.windows.net
As part of this technical process, Microsoft will receive your IP address, user agent, and potentially other identifying features. In addition, to maintain the current session, Microsoft will write values to Local Storage and store cookies (ARRAffinitySameSite, WFESessionId, ai_session, ai_user) on your device.
Your consent to data processing for the provision of the IVC tools with Microsoft Power BI is voluntary, meaning it is not required for the use of these websites and can be revoked at any time in the future.
4.9 Smartsupp.com-Chat
If you agree in accordance with Art. 6 (1)(a) GDPR, we process your data such as your IP address, user agent, timestamp to provide the chat app of Smartsupp.com, s.r.o., Sumavska 31, 602 00 Brno, Czech Republic.
In addition, to maintain the current chat session and store the given consent, a value will be written to Local Storage (ssupp_c9329721ebe1acd491fd4a0595288962ff2b89ab) and a cookie will be saved on your device (Name: smartsupp).
Web hosting:
DataCamp Limited, 207 Regent Street, London W1B 3HH, UK
Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, USA
Your consent to the processing of your data for the provision of the Smartsupp.com chat is voluntary, meaning it is not required for using these websites or for communication, and can be revoked at any time with effect for the future.
4.10 Transfers of personal data to third countries
When using IT systems and software products from Amazon Web Services, Microsoft, and Google, your data may be transferred to the USA, as these companies have their headquarters there. All of these companies are subject to the Data Privacy Framework, which constitutes an adequacy decision ensuring that certified companies provide an adequate level of data protection for transfers to the USA. For DataCamp Limited, there is currently an adequacy decision from the EU Commission for the United Kingdom.
5. Contacting, especially inquiries regarding offers and training; communication history
If you contact IVC directly (e.g., via email, phone, web form) and share personal data as part of your communication, we will process your information to the extent necessary to respond to your contact inquiry and any requested actions.
If your inquiry pertains to the application process or your application (questions related to ‘Working at IVC’), the legal basis for processing your data is Art. 6(1)(b) GDPR in conjunction with Art. 88 GDPR and § 26 BDSG.
If your contact inquiry is neither necessary for the fulfillment of a contract with IVC nor for the execution of pre-contractual measures, the legal basis for processing your data is Art. 6(1)(f) GDPR. The legitimate interest lies in processing the received message conclusively.
Your message will be stored until the processing is completed. Longer storage will only occur if we are entitled or obligated to do so on a case-by-case basis.
If you contact IVC via www.xing.com, www.linkedin.com, www.instagram.com, www.facebook.com or www.youtube.com, the respective platform operator is responsible for processing your data.
6. Application to IVC
6.1 Job application portal
IVC operates an online Job application portal under the domain: karriere.ivc-wpg.com/*, where interested applicants can learn about current job openings and apply via email, web form, or upload.
When you visit and use IVC’s career pages, we process your IP address, user agent, timestamp, request method, requested files, data volume, status code, and store these accesses for control purposes in the log files of web servers provided by Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg, which acts on behalf of HRworks for web hosting. The legal basis is Art. 6 (1)(f) GDPR. The log files are automatically deleted after 7 days.
To maintain the current session, a session cookie (“HrwMeJobApplicationManagementSession”) and two cookies (“AWSALBCORS”, “AWSALB”) for load balancing are stored in your end device when accessing karriere.ivc-wpg.com/*. The legal basis for processing your data through technically necessary cookies is Art. 6(1)(f) GDPR.
Based on your consent according to Art. 6 (1)(a) GDPR, we process personal data through Google Ads Conversion and Google Tag Manager on karriere.ivc-wpg.com, see sections 4.4 and 4.5 of
Access to your application data is granted to the HR managers and IT-administrators of IVC, HRworks GmbH, Waldkircher Str. 28, 79106 Freiburg, as well as Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg.
The order data stored in AWS is stored on servers in Dublin, Ireland. Since AWS is headquartered in the USA, in this context, the processing of personal data in the USA cannot be excluded. Any transfer of personal data to the USA is carried out in accordance with Art. 45 GDPR based on the Data Privacy Framework.
6.2 Application process
We process your application data to assess your suitability and qualifications for the position you are applying for. In the application process, we will use all the information you provide to advance your application and to determine whether we can offer you a position at IVC. The data we process depends on the information you provide to IVC. We will solely use your contact details to keep you informed about the progress of the application process. The legal basis is Art. 6(1)(b) in conjunction with Art. 88 GDPR and § 26 BDSG.
If your application documents contain special categories of personal data, e.g., information on health or ethnic origin, we also base the processing on Art. 9 (2)(b) GDPR, § 26 (3)(1) BDSG.
Storage duration
Your application data will be deleted as soon as it is no longer necessary for achieving the purpose for which it was collected. In the event that an employment relationship, training relationship, internship, or other service relationship is established after the application process, the data will initially continue to be stored and transferred to the personnel file. Otherwise, the application process for you ends upon receiving a rejection. In the case of a rejection, we will store your data for six months from the time the rejection decision is communicated to you, unless longer storage is necessary to defend legal claims.
Application pool
If you agree at any time and can revoke this agreement for the future in accordance with Art. 6 (1)(a) GDPR, we may include you in a subsequent selection process after rejection of your application and would transfer your application data to a talent pool for this purpose. Alternatively, you are free to reapply for a later selection process.
7. Page Insights on Facebook / Instagram
We operate fan pages on Facebook and Instagram, for which we are jointly responsible with Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, for the processing of data within the scope of “Page Insights”. You can find details on the delimitation of responsibility and information on ‘Page Insights’ or ‘Facebook Insights’ in the following agreement:
www.facebook.com/legal/terms/page_controller_addendum
With Page Insights, page operators can try to get information about target audiences, demographics, and statistics about responses to posts, among other things, de‑de.facebook.com/help/268680253165747 / de-de.facebook.com/help/pages/insights.
If you visit www.facebook.com or www.instagram.com, the Meta Platforms group will process the data collected about you when using the service (including IP address, user agent, device information, browsing history, location, search queries, preferred times of use, last login, likes). The recipient of the data is initially Meta Platforms, Inc., where it is processed for its own purposes and passed on to third parties under the responsibility of Meta Platforms, Inc., for interest-based advertising tracking, data analysis and automated profiling to display personalized advertisements tailored to the respective user.
If you are logged in to Facebook or Instagram, a cookie with your ID is placed in your browser’s storage. This enables Meta Platforms, Inc., to track that you have visited a certain page and how you have used it. This also applies to all other Meta Platforms, Inc., services such as WhatsApp and Facebook Connect. Via ‘Facebook services’ embedded in websites, such as ‘Meta Pixel’, it is possible for Meta Platforms, Inc., to record your visits to these external websites and assign them to your profile to learn more about you and your interests.
Furthermore, Meta Platforms, Inc., processes the data of its users globally and throughout the group. In this way, Meta Platforms, Inc., will automatically combine data from the use of the respective service: The more Meta Platforms, Inc., services you are using, the more extensive and complete the profiling.
You can find the privacy policies of Facebook & Instagram here:
www.facebook.com/privacy/policy
help.instagram.com/519522125107875
You yourself can significantly influence the type, manner and scope of data processing by the Meta Platforms Group, e.g. by using ad and web tracking blockers, by not being permanently logged in, by deleting cookies at the end of a session, by not using services such as Facebook Connect, by not publishing private information and by not allowing Meta Platforms, Inc. and its partners permanent access to your personal data (contact and calendar data, photos, location data, etc.).
The Meta Platforms group is an internationally operating software corporation. Taking into account the current assessment, the processing of personal data in the USA cannot be ruled out in this context, as Meta Platforms, Inc., is headquartered in the USA. A possible transfer of personal data to Meta Platforms, Inc., in the USA is carried out in accordance with Art. 45 GDPR on the basis of the Data Privacy Framework.
8. Your rights under the GDPR
In accordance with Art. 15 GDPR, you have the right to request information about your personal data that we process.
If we process inaccurate personal data, you have a right to rectification pursuant to Art. 16 GDPR.
If the legal requirements are met, you have the right to erasure or restriction of processing of the data concerned (Art. 17 and Art. 18 GDPR).
Under the conditions of Art. 20 GDPR, you have the right to data portability.
If we process your data because of your consent, you have the right to withdraw your consent at any time without affecting the lawfulness of the processing we already conducted based on the consent up to the moment of withdrawal.
In accordance with Art. 21 GDPR, you have the right to object to the processing of data relating to you at any time for reasons arising from your particular situation.
According to Art. 77(1) GDPR, you have the right to lodge a complaint. You can exercise this right by contacting the competent supervisory authority: www.ldi.nrw