Data protection policy
You and the protection of your data are important to us! IN AUDITO Media GmbH (hereinafter referred to as IN AUDITO) appreciates your visit on our website and your interest in our company and our products. We respect your privacy and take the protection of your personal data seriously. Therefore we rely on a trustworthy cooperation when visiting our websites. It is a matter of course for us to comply with the statutory provisions on data protection and data security. Our employees and representatives are obliged to comply with data protection regulations in accordance with the legal requirements. The updates in this version of the data protection guideline reflect changes in data protection law. The legal basis of European data protection can be found in the General Data Protection Regulation (EU GDPR). In the next sections we will inform you in detail and transparently about the type, scope and purpose of the processing of your personal data within our online appearance and the websites associated with it. In addition, we would like to inform you about your rights by means of this data protection declaration.
The responsible entity
The responsible entity for the collection, processing and use of personal data in line with the General Data Protection Regulation (GDPR), other data protection laws applicable in the member states of the European Union and other relevant provisions of a data protection is:
IN AUDITO GmbH
CEO: Marco Erbe
T: +49 (0) 341 – 25 66 98 20
F: +49 (0) 341 – 25 66 98 30
Data Protection Officer (external):
Attorney Carsten Laumann
Phone: +49 341 2 12 71 11
Fax: +49 341 2 12 71 12
Data processing in our company
Processing of general access data and information
Each time you access our web pages, the browser used on your terminal device automatically sends a series of general access data and information to the server of our website/application and temporarily saves it in a so-called log file. IN AUDITO has no influence on this. The following information can be recorded and stored until automated deletion, even without your active involvement:
- an IP address of your requesting Internet-enabled device;
- the date and time of your access to the website;
- the website/application from which you accessed the site (referrer URL);
- the type and version of browser you are using;
- the operating system of your Internet-enabled computer;
- the name of your Internet service provider;
- the sub-sites which are accessed via your accessing system on our website;
- the files downloaded from our website (e.g. PDF or Word documents)
Your user data is stored by us in a database in the Amazon cloud. The Amazon cloud is a part of Amazon Web Services and is hosted by Amazon Web Services, Inc., P.O. Box 81226, Seattle, WA 98108-1226. Amazon Web Services, Inc. has joined the “Safe Harbor” program to achieve a higher level of privacy protection for non-EU companies. For more information about Amazon Web Services and Amazon’s privacy practices, please visit http://aws.amazon.com/de/ as well as https://aws.amazon.com/de/privacy/. Without your explicit consent, your user data will be used solely for the processing of contracts and your enquiries. After ultimate completion of the contract, your data will be blocked with the regard to tax and commercial retention periods and deleted after these periods have expired.
The legal basis for the processing of the IP address is Art. 6 para. 1 letter f GDPR. Our justified interest follows from the purposes of data collection listed above. When using the general access data and information IN AUDITO does not draw any direct conclusions about the identity of your person. The IP address of your terminal device as well as the other data listed above are required in order to:
- to get to know the user behaviour and to evaluate it statistically;
- to deliver the contents of our website correctly;
- to optimise the content of our website and the advertising for it;
- to ensure the long-term viability of our information technology systems and the technology of our website;
- to provide law enforcement authorities with information necessary for law enforcement in the event of a cyber attack.
Dealing with personal data
A use of the online offer of IN AUDITO & all its brands is generally possible without any indication of personal data. However, if you wish to make use of the services of our company via our websites, the processing of your personal data may become necessary. Data is personal if it can be clearly assigned to a specific natural person. The processing of your personal data always takes place in accordance with the GDPR and in accordance with the country-specific data protection regulations applicable to IN AUDITO. This means that user data will only be processed if legally permitted to do so, i.e. if the data processing is required by law, if user consent has been obtained or on the basis of our legitimate interests within the meaning of Art. 6 Para. 1 Letter f of GDPR. Personal data is all information that is explicitly used to determine your identity. This includes information such as your name, your postal or email address, your telephone number, your location, your (online) identification or other special features that are an expression of your physical, physiological, genetic, psychological, economic, cultural or social identity. In addition to the access data, we will only collect your personal data if you voluntarily provide it to us, e.g. as part of a survey, a contact request, a registration for a newsletter or to carry out an online order. In addition, personal data will only be used to the necessary extent and only for the purpose agreed to by you or legally permissible. For the use of personal data for other purposes - in particular for advertising purposes - IN AUDITO will always obtain your explicit approval before collecting the data.
IN AUDITO Newsletter
Our newsletter gives you the opportunity to stay informed about the news and current offers from our company and the industry. If you enter your e-mail address in the e-mail input field, your first name and surname (optional), click on the “Subscribe to newsletter” button and then confirm your registration via the link sent to you at the e-mail address entered (double opt-in procedure), we then process and use your e-mail address to send our newsletter on a regular basis. Subscribing to the newsletter is voluntary and your personal data will be treated confidentially. Data processing takes place on the basis of your explicit approval within the meaning of Art. 6 Para. 1 Letter of GDPR and is used exclusively for sending of the newsletter. We use the internet-based services of the newsletter provider rapidmail GmbH and the tool “MailChimp” of a newsletter dispatch platform of the US provider Rocket Sciene Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA, for the automatic dispatch of personalised e-mails. For this purpose, we have concluded a contract with both providers pursuant to Art. 28 GDPR in which they undertake to process the user data only in accordance with our instructions and to comply with the EU data protection level. Further information can be found in the data protection regulations of the provider “Rapidmail” https://www.rapidmail.de/datensicherheit as well as in the General Terms and Conditions https://www.rapidmail.de/agb and at: https://mailchimp.com/legal/privacy/. In addition, “MailChimp” is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with the European data protection level (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active). If you no longer wish to receive our newsletter, you have the right to unsubscribe at any time. All you have to do is send an e-mail to: firstname.lastname@example.org. Furthermore, we offer you the possibility to unsubscribe from the newsletter yourself via the unsubscribe link.
When you contact our company - via contact inquiry, telephone or e-mail - your details, including the personal contact data provided by you there, will be processed for the purpose of processing the contact enquiry and processing it in accordance with Art. 6 Para. 1 Letter b GDPR (for the implementation of a pre-contractual measure). We use the salesforce tool - a service of salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich - for the purpose of generating leads and for long-term and successful dialogue marketing with our target groups. To this end, we have concluded a contract with the provider pursuant to Art. 28 GDPR in which the latter undertakes to process the user data only in accordance with our instructions and to comply with the EU data protection level. Further information on the provider’s data protection regulations can be found at: https://www.salesforce.com/de/company/impressum/
The company name online presence and website optimization
Google Chrome: https://support.google.com/chrome/answer/95647?hl Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences Internet Explorer: http://windows.microsoft.com/en-GB/windows-vista/Block-or-allow-cookies Safari: http://help.apple.com/safari/mac/8.0/#/sfri11471
In order to ensure the need-based design and continuous optimisation of our websites, we use Google Analytics - a web analysis service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, hereinafter referred to as Google - on the basis of Art. 6 Para. 1 Letter f GDPR (justified interest). This involves the creation of pseudonymised user profiles and the use of a specific form of cookies. The information generated by the cookie about your use of the website will generally be transmitted to and stored by Google on servers in the United States. Google is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with the EU data protection level. Please note that on our websites Google Analytics is only used with activated IP anonymisation “_anonymizeIp()“. This means that the IP address of the user is shortened by Google within the territory of the European Union or in other contracting states of the Agreement on the European Economic Area in order to exclude a direct personal reference. Only in exceptional cases the full IP address is transmitted to a Google server in the USA and shortened there. Google will use this information on our behalf to evaluate the use of our online services by users, to compile reports on activities within this online service and to provide us with other services related to the use of this online service and the Internet. From the processed data Pseudonymous user profiles can be created. The IP address transmitted by your browser as part of Google Analytics is not conflated with other data from Google. If you as a user would like to prevent Google from collecting the data generated by the cookie and related to the use of the website (including your IP address) as well as Google from processing this data, you can deactivate Google Analytics by downloading and installing the add-on. The browser add-on is available for Internet Explorer, Google Chrome, Mozilla Firefox Apple Safari and Opera at: https://tools.google.com/dlpage/gaoptout?hl
To improve the user experience in our applications, we use the Intercom service of Intercom Inc. for live chats. We provide inventory data (e-mail, name, company name) as well as usage data on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer in the sense of Art. 6 Para. 1 let. f GDPR). Intercom is certified under the Privacy-Shield-Agreement and thus offers a guarantee to comply with European data protection law: https://www.privacyshield.gov/participant?id=a2zt0000000TNQvAAO&status=Active
We use the communication tool Slack for internal communication. For this reason, personal data of customers, users, employees or contractual partners may be transferred to Slack Technologies Limited. The processing of personal data via Slack takes place on the basis of legitimate interests within the meaning of Art. 6 Para. 1 lit. f. of GDPR. We have concluded a data processing agreement with Slack Technologies Limited in which Slack undertakes to comply with the EU data protection level. Slack Technologies Limited is also certified under the Privacy Shield Agreement and thus offers an additional guarantee to comply with European data protection law: https://www.privacyshield.gov/participant?id=a2zt0000000GnMBAA0&status=Active
We use Sentry to collect error messages from our online platform. We collect and process usage data (accessed URL, condition of the online platform) and technical data (browser information, IP). We collect these data on the basis of legitimate interests within the meaning of Art. 6 para. 1 lit. f. GDPR in order to constantly improve our systems and to prevent security gaps. We have entered into an agreement with Functional Software Inc. (Sentry), in which Sentry undertakes to comply with the EU data protection level. Sentry is also certified under the Privacy Shield Agreement, providing an additional guarantee of compliance with European data protection law: https://www.privacyshield.gov/participant?id=a2zt0000000TNDzAAO&status=Active
Integration of third-party services and content
As an agile company, it is extremely important for us to be present and reachable wherever our customers are. Therefore, social plug-ins and links from social networks (Facebook, LinkedIn, XING, Google+, YouTube) are integrated on our websites on the basis of Art. 6 para. 1 letter f GDPR (legitimate interest). The underlying commercial use is to be regarded as a legitimate interest within the meaning of the GDPR. The responsibility for the data protection-compliant operation is to be guaranteed by their respective providers of the social network. In addition, we use content or service offers from third parties within our online offer on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 Para. 1 Letter f GDPR) or on the basis of your consent within the meaning of Art. 6 Para. 1 Letter a GDPR in order to integrate their content and services. Before a connection to the provider is established, you must explicitly agree to the process described below and the data transfer: Links to social media service websites are identified by their corporate logos. If you follow a social link, you will reach IN AUDITO’s corporate website at the respective social media service. Please note that the activation of a link results in a connection being established to the servers of the social media service and as a result certain data can be transferred to the provider of the social media service. These are, for example:
- Your name and e-mail address during your authentication as part of the registration or login process;
- Address of the website where the activated link is located;
- Date and time when the website was accessed or the link was activated;
- Information about the browser and operating system used;
- IP address of the requesting Internet-enabled terminal device.
If you are logged in as a member of the respective social media service, the social media service can assign this information to your personal user account at the social media service. You can exclude this possibility of assignment to your personal user account if you log out of your user account beforehand. The social media service servers are located in the United States and other countries outside the European Union. We draw your attention to the fact that companies in these countries are subject to a data protection law that does not generally protect personal data to the same extent as is the case of member states of the European Union. IN AUDITO has no influence on the extent, type and purpose of data processing by the provider of the social media service. Below we inform you in detail about the social media channels we use:
We - IN AUDITO - use on the basis of our legitimate interests for the purpose of the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 Para. 1 Letter f. GDPR the Social Plug-Ins of the social network Twitter. The provider is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland, hereinafter referred to as “Twitter”. The plug-ins can visualize interaction elements or content such as videos, graphics or text contributions and can be recognized by one of the Twitter logos (blue “bird” on white background, or with the terms “Twitter”, “Tweet”, “Re-Tweet” ) or are marked with the addition “Twitter Social Plug-In”. You can see the list and the appearance of the Twitter Social Plug-Ins here: https://dev.twitter.com/web/overview
The social platform Facebook is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law.
We - IN AUDITO - use on the basis of our legitimate interests for the purpose of the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 Para. 1 Letter f. GDPR the social plug-ins of the social network Facebook. The provider is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, hereinafter referred to as “Facebook”. The plug-ins can visualize interaction elements or content such as videos, graphics or text contributions and can be recognized by one of the Facebook logos (white “f” on a blue tile, the terms “like”, “like” or a “thumb up” sign) or are marked with the addition “Facebook Social Plug-In”. You can view the list and appearance of the Facebook Social Plug-Ins here: https://developers.facebook.com/docs/plugins/
The social platform Facebook is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law. As soon as a user calls a function of this online service that contains such a plug-in, his terminal device establishes a direct connection with Facebook’s servers. The content of the plug-in is transmitted directly from Facebook to the user’s terminal device and integrated into the online service by the user. User profiles can be created from the processed data. We would like to point out that we have no influence whatsoever on the extent of the data that Facebook collects with the help of this plug-in. Furthermore, by integrating the plug-ins, Facebook receives the information that a user has called up the corresponding page of the online offer. If the user is logged in to Facebook, Facebook can assign the visit to his Facebook account. When users interact with the plug-ins (e.g. by pressing the Like button or by submitting a comment), the corresponding information is transmitted directly from your terminal to Facebook and stored there. If a user is not a member of Facebook, it is still possible for Facebook to recognize and store his/her IP address. According to Facebook’s information, only an anonymous IP address is stored in Germany. If a user is already a Facebook member and does not want Facebook to collect data about him via this online service and link it to his Facebook member data, he must log out of Facebook and delete his cookies before using our online service. Further settings for the use of data for advertising purposes can be found in the Facebook profile settings: https://www.facebook.com/settings?tab=ads.
Detailed information on the purpose and scope of the data collection, the further processing and use of the data by Facebook as well as your related rights and settings to protect your privacy can be found in the Facebook data protection information under: https://www.facebook.com/about/privacy/
For the purpose of applicant marketing and the optimization of the offered services, we use services of the social network Facebook, in particular ‘Custom Audiences’ and ‘Value Based Lookalike Audiences’. This enables target group-based advertising, re-targeting and conversion tracking for online advertising. Facebook enables the selection of target groups based on general criteria such as demographics, regions or interests. IN AUDITO advertisements can then be played out to these target groups. In addition, Facebook also enables targeted ads based on your previous page views. For example, ads from us or our cooperation partners may be displayed if you are interested in our service or certain vacancies (referred to as re-targeting).
Further information on the opt-out procedure can be found here: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
We - IN AUDITO - use so-called plug-ins of the social network Google+, which is offered by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, on the basis of our justified interests for the purpose of the analysis, optimization and economic enterprise of our on-line offer in the sense of the art. 6 exp. 1 letter f GDPR. The plug-ins can be recognized, for example, by buttons with the sign “+1” on a white or colored background. As soon as you activate the plug-in with the first click, your browser establishes a direct connection to Google’s servers. The content of the plug-in is transmitted by Google directly to your browser and integrated into the page. Through the integration, Google receives the information that your browser has called the corresponding page of our website, even if you do not have a profile on Google+ or are not currently logged in to Google+. This information, including your IP address, is transmitted directly from your browser to a Google server in the USA and stored there. If you are logged in to Google Plus, Google can assign your visit to our website directly to your Google+ profile. If you interact with the plug-ins, for example by pressing the “+1” button, the corresponding information is also transmitted directly to a Google server and stored there. In addition, this information is published on Google+ and displayed there in your contacts. The purpose and scope of the data collection and the further processing and use of the data by Google as well as your rights and configuration options in this regard for the protection of your privacy can be found here: https://www.google.com/intl/de_de/policies/privacy/
Google Tag Manager
The websites of IN AUDITO use the Google Tag Manager on the basis of our legitimate interest (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 para. 1 letter f GDPR). Through this service, website tags can be managed via an interface. The Google Tag Manager only implements tags. No cookies are set and no personal data is collected. The Google Tag Manager triggers other tags that may collect data. The Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, it remains valid for all tracking tags if they are implemented with the Google Tag Manager. Detailed information about the Google Tag Manager can be found under the following link: http://www.google.de/tagmanager/use-policy.html
In-depth details on transparency and choices as well as data protection regulations can be found in the data protection center of google.de: https://www.google.de/intl/de/policies/privacy/?fg=1
Use of other active content
Forwarding of data to third parties
IN AUDITO also provides its services together with selected partners. They are subject to the same strict data protection regulations and are also integrated into the data protection concept of IN AUDITO Media GmbH. Data will only be passed on to third parties within the framework of legal requirements (for order data processing such as online orders) and only to the extent described in the data protection declaration. We only pass on user data to third parties if this is necessary, for example, on the basis of Art. 6 Para. 1 Letter b GDPR for contractual purposes or on the basis of justified interests pursuant to Art. 6 Para. 1 Letter f GDPR for the economic and effective operation of our business. IN AUDITO will not pass on further information, e.g. voluntarily provided information regarding the areas of interest, to third parties. Personal data will only be transferred to state institutions and authorities within the scope of legal or juridical obligations.
Recipients outside the EU
With the exception of the processing described in this data protection declaration, we do not pass on your data to recipients based outside the European Union or the European Economic Area.
Your rights as a person concerned
According to the GDPR, in addition to the right to revoke the consent you have given us, you are also entitled to the following rights if the respective legal requirements are met:
- Right to information (see Art. 15 GDPR)
- Right to rectification (see Art. 16 GDPR)
- Right to cancellation (see Art. 17 GDPR)
- Right to restrict processing (see Art. 18f GDPR)
- Right to data portability (see Art. 20 GDPR)
- Right to objection (see Art. 21 GDPR)
If the personal data have been made public by IN AUDITO and if our company as the responsible entity is obliged to delete the personal data in accordance with Art. 17 para. 1 GDPR, IN AUDITO shall take appropriate measures. These include technical measures, taking into account the available technology and the implementation costs, to inform other entities responsible for data processing who process the published personal data that the person concerned has requested the deletion of all links to this personal data or copies or replications of this personal data from these other entities responsible for data processing, as far as the processing is not required. The data protection officer of IN AUDITO will take the necessary steps in individual cases. If statutory regulations do not permit deletion, we will instead block your data so that it can only be accessed for the purpose of mandatory statutory regulations.
Right of appeal
If you no longer wish IN AUDITO to actively use your personal data for internal purposes, you as a user are entitled to object to this use and processing at any time pursuant to Art. 21 para. 2-4 EU-GDPR. For this purpose, it is sufficient to send an e-mail to: datenschutz@ inaudito.de. The special case of a legally prescribed data blocking instead of a data deletion according to art. 17-19 EUDSGVO remains unaffected.
IN AUDITO Media GmbH is responsible entity for the data processing carried out on the IN AUDITO Media GmbH websites. Our contact details are as follows: Hermann-Landmann-Straße 11B, 04416 Markkleeberg, 0341-25 66 98 20
IN AUDITO continuously takes appropriate technical and organizational security measures to protect your personal data as comprehensively as possible against manipulation, partial or complete loss and against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments. In addition to securing the operating environment, we use an encryption procedure throughout our website, for example. All data transmitted by you personally, including your payment data, is transmitted using the generally accepted and secure standard SSL protocol (Secure Socket Layer) in order to prevent misuse of the data by third parties. SSL is a secure and proven standard that is also used, for example, in online banking. You can recognize a secure SSL connection by the fact that the lock symbol in the status bar of your browser is closed and the address bar begins with “https”. Nevertheless, we would like to point out that Internet-based data transmissions can in principle have security gaps (e.g. when communicating by e-mail), so that absolute protection of the data against access by third parties cannot be guaranteed.
IN AUDITO reserves the right to change or amend these data protection guidelines at any time in accordance with data protection regulations. All changes will be published on our website. New data protection regulations thus become effective with their publication. We recommend that you visit this website regularly to view the latest version. Date last updated: May 2018