This privacy policy clarifies the nature, scope and purpose of the processing of personal data within our online offering and the associated websites, functions and content as well as external online presences, such as our social media profile and the chatbots operated by us under the brand "Dein Traumberuf" (hereinafter jointly referred to as "online offering"). With regard to the terms used here, such as "processing" or "controller", we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).
Inga GmbH
c/o WeWork
Taunusanlage 8
60329 Frankfurt am Main
Managing Director: Corinna Haas
Phone: +49 69 348 71 92-0
E-mail: info@inga.one
Martin Bastius
heyData GmbH
Gormannstr. 14F
10119 Berlin
Phone: +49 89 41325320
E-mail: datenschutz@heydata.eu
- Master data (e.g. names, addresses)
- Contact data (e.g. e-mail, telephone numbers)
- Content data (e.g. text entries, photographs, videos, contract data)
- Usage data (e.g. websites visited, content accessed, access times)
- Technical data on communication and the devices used for this purpose (e.g. device information, IP addresses)
- Applicant data (e.g. CV, photo, professional qualifications)
Data subjects include visitors and users of our website, in particular potential customers, parties interested in our offers, candidates, employees and third parties ("users"). Data subjects also include our customers who commission us to provide our services ("customers").
We process the personal data of our users for the following purposes, which are explained in more detail below:
- Provision of the online offering, its functions and content
- Finding candidates for our customers' job vacancies
- Responding to contact requests and communicating with users
- Security measures
- Reach measurement/marketing
Cookies are set in our online offering, which we explain here and in the further course of our privacy policy (in particular about cookies from third-party providers). "Cookies" are small files that are stored on users' computers. Temporary cookies (also known as "session cookies" or "transient cookies") are deleted when the user closes their browser. "Permanent" or "persistent" cookies remain stored even after the browser is closed. Such permanent cookies can be used, for example, to save the login status if the user visits the website after several days. If you do not want cookies to be stored on your computer, you can set your browser so that you are informed in advance about the setting of cookies and can decide in individual cases whether to prevent the acceptance of cookies for certain cases or the setting of cookies in general. You can delete cookies already on your computer at any time manually or using browser functions. However, the functionality of our website may be limited if cookies are not accepted or only accepted to a limited extent.
Unless otherwise stated for the individual cookies in this privacy policy, we only set cookies with your consent. The legal basis for this is therefore Art. 6 para. 1 lit. a GDPR. Of course, you can freely revoke your consent at any time with effect for the future.
We process the data of our customers and users as part of our contractual services, which include conceptual and strategic consulting, campaign planning, software and design development / consulting or maintenance, implementation of campaigns and processes / handling, server administration, data analysis / consulting services and training services.
We process master data (e.g. names and addresses), contact data (e.g. email, telephone numbers), content data (e.g. text entries, photographs, videos, insofar as these have been entered into our online offering), contract data (e.g. subject matter and term of contract, payment data), usage data (e.g. websites visited and content accessed, access times) and technical data relating to communication and the devices used for this purpose (e.g. as part of the evaluation and performance measurement of marketing measures). The data relating to our users that we process in this context is master data, contact data and content data, usage data and technical data relating to communication and the devices used for this purpose, as well as applicant data (e.g. CV, photo, professional qualifications).
The purpose of processing this data is to provide our contractual services, including the search for and pre-selection of suitable candidates for our clients' job vacancies. The data processing, which serves us to address the right potential candidates for our customers via advertisements (analysis and statistical evaluation of user data), is carried out to safeguard our legitimate interests in the provision of our online services. In addition, this data processing also serves to safeguard the legitimate interests of our customers who have commissioned us with corresponding services in order to fill an advertised vacancy with a suitable applicant. This data processing is therefore based on Art. 6 para. 1 lit. f GDPR. As soon as the user feels addressed by a job advertisement that is displayed to him as an advertisement, participates in our recruiting process by clicking on "Find out more" and answers the questions then displayed, the associated data processing takes place for the purpose of initiating an employment relationship between the user and our customer. If the user has previously clicked on "Find out more", these pre-contractual recruiting measures take place on the user's initiative. The processing of the candidate data provided by the user is necessary in order to make a pre-selection as to whether the user is suitable for the advertised position. The legal basis for this data processing is therefore Art. 88 para. 1 GDPR i.V.m. § Section 26 (1) sentence 1 of the Federal Data Protection Act ("BDSG").
In principle, we do not process special categories of personal data, unless these are exceptionally part of commissioned processing or the candidate voluntarily provides us with such data. In both cases, the user is informed that he/she does not have to provide us with this special personal data and, if he/she does so, the transmission is voluntary on the basis of his/her express consent (Art. 88 GDPR in conjunction with Section 26 (2), (3) sentence 2 BDSG).
Should the user be considered as a potential applicant for our customer based on the answers he/she provides in our recruiting process, the transfer of his/her personal data (master, contact and applicant data as well as selection of the communication channel via which he/she would prefer to be contacted) to our customer takes place exclusively on the basis of his/her consent in accordance with Art. 6 para. 1 lit. a GDPR, § 26 para. 2 BDSG, which we obtain and record separately before forwarding his/her data.
The provision of personal data by our customers and users is necessary to the extent that we provide our recruiting services. This is not possible without the processing of personal data, in particular the applicant data of our users. If a user does not wish to provide us with their personal data for this purpose, we cannot propose them as a potential applicant to our customers (Art. 13 para. 2 lit. e GDPR).
In order to continuously adapt our online offering to the wishes of our customers and users, we process data from inquiries to us, contracts and contractual services to compile general statistics, which we then evaluate. Where possible, the analyses and general trends are prepared anonymously or in aggregated form. This data processing is carried out on the basis of our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR. Our legitimate interest in this context is the optimization and expansion of our online offering in order to be able to provide offers that meet the needs of our customers and users.
If the customers and users concerned give their consent, we also process inventory data, communication data, contract data, payment data, usage data and metadata on the basis of Art. 6 para. 1 lit. a GDPR. In doing so, we can take into account the profiles of customers and registered users with information, e.g. on the services they have used. We use the analyses to increase user-friendliness, optimize our offer and ensure that our offer is economical and helpful for our customers and users. The data is not passed on to third parties unless it is anonymous or aggregated data without personal reference.
If a user applies for a vacancy or submits an unsolicited application to inga. as a potential employer, we process their data (master, contact and applicant data) only for the purpose and within the scope of the application process in accordance with the legal requirements, i.e. for the implementation and handling of the application process. Data will not be passed on to third parties without the separate consent of the applicant. Only the employees of the HR department and the management have access to the applicant's data. If there is a personal interview in which the applicant is to meet their future colleagues, they will receive the applicant's CV so that they can prepare for the interview. All of the above-mentioned persons have been bound to data secrecy and will treat your application with absolute confidentiality.
The application procedure requires applicants to provide us with their application data. If we offer an online form, the necessary applicant data is marked, otherwise it results from the job description and basically includes personal details, postal and contact addresses and the documents belonging to the application, such as cover letter, CV and certificates. Applicants can also voluntarily provide us with additional information. The collection and processing of this data as part of the application for an open position with us is carried out exclusively for the purpose of making a decision on the establishment of an employment relationship, in accordance with Art. 88 GDPR i.V.m. § Section 26 (1) and (3) BDSG.
Insofar as additional special categories of personal data within the meaning of Art. 9 para. 1 GDPR are voluntarily disclosed to us as part of the application process (e.g. health data such as severely disabled status or ethnic origin), their processing is based on consent in accordance with Art. 88 GDPR in conjunction with Section 26 para. 2, para. 3 sentence 2 BDSG. § Section 26 para. 2, para. 3 sentence 2 BDSG.
In the event of a successful application, the data provided by the applicants may be further processed by us for the purposes of the employment relationship (Art. 88 GDPR in conjunction with Section 26 (1) and (3) BDSG). If the application for a job offer is not successful, the applicant's data will be deleted. Applicants' data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time.
Subject to a justified revocation by the applicant, the data will be deleted after a period of six months so that we can answer any follow-up questions regarding the application and meet our obligations to provide evidence under the General Equal Treatment Act. Any further storage will only take place if there are legitimate reasons on our part for deletion, e.g. statutory retention obligations. For example, invoices for any reimbursement of travel expenses are archived in accordance with tax law requirements and only deleted after the statutory retention periods have expired.
When users write and publish comments or other posts on our website, we store the IP address of the computer used and any user name provided by the user on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f GDPR for 7 days. Our legitimate interest is the prevention of misuse of our online offering for the dissemination of illegal content (insults, prohibited political propaganda, etc.).
The comments and contributions and any personal data contained therein will be stored by us as part of the provision of the online offer, including the comments, as long as this is necessary for the provision of the online offer and the user has not objected to this.
When contacting us (e.g. by contact form, email, telephone or via social media), the information provided by the enquirer, including the contact data provided there, will be processed to process the contact inquiry and its handling as well as in the event of follow-up questions in accordance with Art. 6 para. 1 lit. b GDPR, insofar as the enquirer enters this personal data for the purpose of initiating a contractual relationship with us. Only in this case is it necessary to enter personal data. Otherwise, this storage and use is based on Art. 6 para. 1 lit. f GDPR, whereby our legitimate interest is the careful processing of the respective request. The enquirer's details may be stored in a customer relationship management system ("CRM system") or comparable software for organizing inquiries.
If we disclose data to other persons and companies (processors or third parties) as part of our processing, transfer it to them or otherwise grant them access to the data, this is only done on the basis of the user's consent, a legal permission (e.g. if a transfer of the data to third parties, such as to payment service providers, is required to fulfill the contract in accordance with Art. 6 para. 1 lit. b GDPR), a legal obligation or to protect our legitimate interests (e.g. when using technical service providers to provide our online offer, etc.).
If we commission third parties with the processing of data on the basis of a so-called order processing contract, this is done on the basis of Art. 28 GDPR. Anything else only applies to transfers to service providers that are expressly based on a different legal basis in this privacy policy.
If we pass on data to service providers as part of our processing, we and our service providers strictly observe the requirements of the GDPR. Of course, before passing on your personal data, we ensure that our service providers have taken the necessary technical and organizational measures to ensure an appropriate level of protection. The scope of the data transfer is limited to the minimum necessary for the processing purpose.
The transfer to state institutions and authorities entitled to receive information only takes place within the framework of the legal obligation to provide information or if we are obliged to provide information by a court or official decision. In this case, the transfer of your data is required by Art. 6 para. 1 lit. c GDPR to fulfill a legal obligation to which we are subject.
We use content or service offers from third-party providers within our online offer in order to integrate their content and services, such as videos or software (hereinafter uniformly referred to as "content"). This always requires that the third-party providers of this content receive the IP address of the user, as they would not be able to send the content to their browser without the IP address. The use of the IP address is therefore necessary for the presentation of this content. We endeavor to only use content whose respective providers only use the IP address to deliver the content.
Specifically, we use the services of the following third-party providers:
We use the CRM system Hubspot from the provider Hubspot, Inc, 25 First Street, 2nd Floor, Cambridge, MA 02141, USA ("Hubspot") to process customer and user data and their inquiries more quickly and efficiently. This is done for our legitimate interest in speeding up our customer service to ensure the greatest possible user satisfaction on the basis of Art. 6 para. 1 lit. f GDPR).
In this context, Hubspot also places cookies on the computer of the user or
customer. When using Hubspot's software, data is also transmitted to Hubspot's servers, which are also located outside the EU, such as in the USA. Hubspot uses the data received as part of the CRM system only for the technical processing of requests and does not pass it on to third parties.
The transfer to Hubspot is based on Art. 45 and 28 GDPR. Hubspot is one of the companies certified under the EU Commission's adequacy decision for data transfers to the USA (so-called EU-US Privacy Shield) and thus offers a guarantee of an adequate level of protection in accordance with European data protection law.
We use Google Analytics, a web analysis service from Google, on the basis of Art. 6 para. 1 lit. a GDPR, provided that the user consents to this. Google uses cookies that remain stored on the user's device for a maximum of 2 years. The information generated by the cookie about the use of the online offer by the user is usually transmitted to a Google server in the USA and stored there. This personal user data is deleted or anonymized after 14 months.
We only use Google Analytics with activated IP anonymization and have activated the "anonymizeIp()" extension for this purpose. As a result, the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and only shortened there. Google uses this information on our behalf to evaluate the use of our online offer by users, to compile reports on website activity and to provide other analyses related to website activity, such as evaluating the paths taken by visitors to our website.
The IP address transmitted by the user's browser will not be merged with other Google data. Users can prevent the storage of cookies by selecting the appropriate settings in their browser software. Users can also prevent the collection of personal data generated by the cookie and related to their use of the online offer (including the IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de. We would like to point out that the user must reinstall the browser add-on to deactivate Google Analytics again if the browser or the user's end device is later deleted, formatted or reinstalled.
The user can also prevent the future use of Google Analytics on our website, in particular when accessing our website via browsers on mobile devices, by clicking on the following link: Deactivate Google Analytics. We consider clicking on the link to be a revocation of the user's consent to the use of Google Analytics. By clicking on the link, a cookie is stored on the user's device. We ask the user not to delete this cookie as long as the user wants to signal to us that he or she does not want data processing by Google Analytics. If the user deletes this cookie, we ask that the cookie be set again by clicking on the link in order to make it easier for us to determine whether the user consents to or rejects data processing by Google Analytics.
Google provides further information on the use of data by Google at http://google.de/intl/de/policies/privacy and http://google.com/analytics/terms/de.html. Google Analytics is available at this link http://google.com/intl/de_en/analytics is explained in more detail.
The so-called "Facebook Custom Audience" service of the social network Facebook, which is operated by Facebook, Inc, 1 Hacker Way, Menlo Park, CA 94025, USA ("Facebook"), is used as part of our online offering.
This service is used to place a cookie (so-called "Facebook Pixel") on the user's computer when they visit our website. This Facebook pixel can be used to determine that the user has already visited our website. The Facebook pixel and the information it generates are transmitted to Facebook servers, which are also located in the USA, and stored there. With the help of the Facebook pixel, it is possible for us, on the one hand, to display targeted advertising for our online offers (so-called "Facebook ads") to the user on the websites of Facebook or its partners after a visit to our online offer, through which the user has shown an interest in our online offer. Accordingly, we use Facebook Custom Audiences to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our online offering. In this way, we also want to ensure that our Facebook ads correspond to the potential interest of users and are not annoying. With the help of the Facebook pixel, we can also track the effectiveness of Facebook ads and evaluate them to improve our advertising campaigns and our online offering. For these purposes, Facebook also creates reports for us on the reach and success of our Facebook ads, which include in particular whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion") and what actions users took after clicking (e.g. whether an order was placed).
If you access our website as a user while you are logged into your Facebook account, Facebook will also link the information collected via the Facebook Pixel to your Facebook account. Facebook may use the information collected for cross-device marketing. In particular, based on your use of our website on one device, our Facebook ads can also be displayed to you when you are browsing the internet on another device.
Further information on the processing of your personal data in connection with Facebook Custom Audiences and data protection by Facebook can be found in Facebook's data usage policy: facebook.com/policy.php. Specific information and details about the Facebook pixel and how it works can be found in Facebook's help section: facebook.com/business/help/651294705016616.
You can object to the collection by the Facebook pixel and the use of your data to display Facebook ads.
You can also set which types of ads are displayed to you within Facebook by visiting the page set up by Facebook and following the instructions on the settings for usage-based advertising: facebook.com/settings?tab=ads. The settings made on this website are adopted across all platforms, i.e. they are adopted for all devices on which you log into your Facebook account, such as desktop computers or mobile devices.
We also integrate the Google Fonts service, offered by Google, into our online offering. By integrating Google Fonts, information about your use of this website, such as your IP address, may be transmitted to Google, possibly also to servers outside the European Union such as the USA, and stored there. Details on data protection at Google, in particular the type, scope and purpose of data processing, can be found at: google.com/intl/en/policies/privacy
The transfer to Google is based on Art. 45 GDPR. You can find details on this in section 13.7 above. We use Google Fonts to improve the layout and thus the view of our website. The basis for the use of Google Fonts is Art. 6 para. 1 lit. f GDPR. Our legitimate interest is the optimization of our website and the provision of the best possible user-friendliness by optimizing fonts and the visual layout.
We maintain online presences within social networks and platforms, in particular Facebook, in order to communicate with the customers, interested parties and users active there and to inform them about our services (hereinafter "Facebook fan page"). With regard to the data processing that takes place when you visit our Facebook fan page, Facebook and we are joint controllers within the meaning of Art. 26 (1) GDPR. Our mutual obligations resulting from the joint responsibility are set out in an agreement between Facebook and us, the so-called "Page Insights Addendum regarding the controller". This agreement can be viewed here: https://www.facebook.com/legal/terms/page_controller_addendum
As part of the use of our Facebook fan page, we statistically evaluate how you have used our fan page. For this purpose, we receive extensive statistics on the use of our Facebook pages, the so-called "Facebook Insights", which, however, do not contain any personal data. As a fan page operator, we have no access to personal data and cannot view or retrieve such data from Facebook. It is not possible for us to establish a link to individual persons. We also do not create profiles for individual users.
We use the statistics to adapt our Facebook fan page according to user needs and thus to continuously optimize it, which can also be done for market research and advertising purposes by evaluating the resulting interests of the users in such a way that, for example, we place advertisements inside and outside our Facebook fan page that presumably correspond to the interests of the users. To make this statistical analysis possible, cookies are usually stored on the user's end devices, in which the user's usage behavior and interests are stored. For example, when you visit our Facebook fan page, a cookie is set to recognize you and make it easier for you to browse the fan page. According to Facebook, the cookies and the data collected about them are deleted or anonymized within 90 days. No other cookies are used. To the best of our knowledge, entries are also not created in local storage for non-members of Facebook.
The processing of your personal data when you visit our Facebook fan page is based on our legitimate interests in effectively informing users and communicating with users in accordance with Art. 6 para. 1 lit. f GDPR. We would like to point out that data processing may also take place outside the EU or the EEA, in particular on Facebook servers located in the USA. This may result in risks for users because, for example, it could make it more difficult to enforce users' rights. As explained above, the EU-US Privacy Shield is an adequacy decision by the EU Commission (No. 2016/1250) for data transfers to the USA, according to which companies that meet certain criteria guarantee an adequate level of protection. Facebook is one of the companies listed therein and accordingly undertakes to guarantee an adequate level of protection. Therefore, if data is transferred to Facebook based in the USA, this is based on Art. 45 GDPR.
The agreement concluded with Facebook stipulates that Facebook assumes primary responsibility for the processing of Insights data and fulfills all obligations under the GDPR with regard to the processing of Insights data. This means that Facebook is primarily responsible for the information obligations under Art. 13, 14 GDPR and for safeguarding your rights as a data subject. Particularly with regard to requests for information and the assertion of other data subject rights, we would like to point out that these can be asserted most effectively directly with Facebook. Only Facebook has access to user data and can take appropriate measures and provide information directly. Users of our Facebook fan page can exercise their rights under Art. 12 et seq. GDPR, rights to erasure under Art. 17 GDPR, to restriction of processing under Art. 18 GDPR, to object under Art. 21 GDPR and to information under Art. 15 GDPR at https://www.facebook.com/about/privacy. If you still need help or need assistance with this, please do not hesitate to contact us.
If you use our Facebook fan page, you will find further information on the processing and use of data by Facebook at https://www.facebook.com/about/privacy/ and specifically for the fan page insights: https://www.facebook.com/legal/terms/information_about_page_insights_data. There you will also find setting options to protect your privacy as well as objection options, see opt-out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com.
We have taken appropriate technical and organizational measures in accordance with Art. 32 GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, in order to ensure a level of security appropriate to the risk represented by the data processing.
The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical access to the data, as well as the access, input, transfer, safeguarding of availability and its separation.
Furthermore, we have established procedures that ensure the effective exercise of data subjects' rights, deletion of data and response to threats to the data we process. Furthermore, we already take the protection of personal data into account during the development of our online offer, in particular in our own software programming and in the selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and data protection-friendly default settings (Art. 25 GDPR).
Data processing by us takes place within the EU, unless expressly stated otherwise in the above sections of this privacy policy.
The data processed by us will be deleted or its processing restricted in accordance with Art. 17 and 18 GDPR. Unless expressly stated otherwise in this privacy policy, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations or other legitimate reasons within the meaning of Art. 17 para. 3 GDPR. If the data is not deleted because its storage is still required for other and legally permissible purposes, its processing will be restricted. This means that the data will be blocked and no longer processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.
According to legal requirements in Germany, data is stored for 10 years in accordance with §§ 147 para. 1 AO, 257 para. 1 no. 1 and 4, para. 4 HGB (books, records, management reports, accounting vouchers, trading books, documents relevant for taxation, etc.) and 6 years in accordance with § 257 para. 1 no. 2 and 3, para. 4 HGB (commercial letters). After expiry of these retention periods, the data will be deleted immediately, unless there are other reasons for deletion within the meaning of Art. 17 para. 3 GDPR.
You can object to the future processing of data concerning you at any time in accordance with Art. 21 GDPR. In particular, you may object to processing for direct marketing purposes.
You have the right to request confirmation as to whether data concerning you is being processed and to request information about this data as well as further information and a copy of the data in accordance with Art. 15 GDPR.
In accordance with Art. 16 GDPR, you have the right to request the completion of data concerning you or the rectification of inaccurate data concerning you.
In accordance with Art. 17 GDPR, you have the right to demand that the data in question be deleted immediately, provided that there are no legitimate reasons for not deleting it. If this is the case, you have the right to request that the processing of your data be restricted in accordance with Art. 18 GDPR.
You have the right to request to receive the data concerning you that you have provided to us in accordance with Art. 20 GDPR and to request that it be transferred to other data controllers.
You also have the right to lodge a complaint with the supervisory authority if you are of the opinion that data processing by us violates the statutory provisions (Art. 77 GDPR).
You have the right to freely revoke consent given to us at any time with effect for the future in accordance with Art. 7 para. 3 GDPR
We reserve the right to amend this data protection declaration within the framework of the existing legal regulations and to publish an updated version on our website, insofar as this is indicated, for example, due to new technical developments or changes in jurisdiction or in our business operations. You should therefore check this page from time to time to ensure that you are familiar with our current privacy policy.
Last updated on August 06, 2021
