Data Privacy Statement

1. General Remarks

Protecting the individual's privacy on the Internet is crucial to the future of Internet-based business and the move toward a true Internet economy. ISO Software Systeme GmbH has created this privacy statement to demonstrate our firm commitment to secure and trustworthy Internet commerce and the individual's right to privacy.
 

2. Data collection at our website

2.1 How can I reach you if I have questions regarding data privacy? Is there perhaps a concrete person to contact?


2.1.1 Responsible for data processing is:

Data processing at this website is undertaken by the website operator for itself and as an agent for the other companies of the ISO-Gruppe, namely ISO Travel Solutions GmbH, ISO Professional Services GmbH, ISO Recruiting Consultants GmbH and ISO Public Services GmbH. For the operator’s contact data please refer to the legal notice of this website.

2.1.2 You can reach our data protection officer at:

If you have any questions regarding the processing of your personal data you can call on our group data protection officer who will, together with his team, be available to you also in cases of request for information, suggestions, or complaints.

Contact address: datenschutz@iso-gruppe.com

2.2 Are any of my personal data processed, and if so, how?

ISO is distinctly aware of the importance of your personal data. We take this responsibility seriously and consider it one of our most important tasks to ensure the confidentiality of your data.

With this document we would like to meet our duties to inform in accordance with the General Data Protection Regulation and inform you about what kind of information we are collecting, how we are processing it, and how we are treating it.

Your data are collected at the one hand by you disclosing the same to us. This for example can be data that you enter into a contact form.

Other date are collected by our IT systems automatically during your visit at our website. These are first of all technical data (e.g. Internet browser, operating system, or time of the day of your page view). Collection of such data happens automatically as soon as you enter our website.
 

2.3 Why are you processing my data?

ISO utilizes your data for the following purposes:

Some data are gathered to guarantee a correct provision of the website. Other data may be used to analyze your user behavior.
 

2.4 Do I have rights, and if so, what are they?

You are basically entitled to the rights to information by ISO about the personal data relating to you as well as to correction and deletion of data, or limitation of their processing and to revocation against processing as well as to data transferability. For details, please refer to our data privacy statement under the headings “3.3 Data subject rights” and “3.4 Right of objection”.

Is the processing of your data based upon article 6 I, lit. a) of the GDPR, we would like to point out to the fundamental existence of your right to revoke your consent at any time without affecting the rightfulness of processing performed until revocation based on such consent.

Regarding this as well as any other questions on the subject of data protection you may at any time refer to datenschutz@iso-gruppe.com.

When you believe that processing of your data is violating data protection law, or your claims under data protection law have been infringed in any other way, you can appeal to supervisory authority.
 

2.5 Analytics tools and tools of third-party suppliers

During visiting our website your surf behavior can be evaluated. This happens primarily by cookies and so-called analytics programs. Analyzing of your surf behavior normally takes place in anonymized form; the surf behavior cannot be traced back to your person. You can prevent that. For details, please refer to our data privacy statement under the headings "5. Analytics tools and advertisement" and "7. Plugins and tools”.

 

3. General and mandatory information

3.1 Data protection

ISO as the operator of this website is attaching great importance to the protection of your personal data. We treat your personal data as confidential and in accordance with the applicable data protection legislation and this data privacy statement.

When you use this website various personal data are collected. Personal data are data by which you can be personally identified. The present data privacy statement explains what data we are gathering, and for what we are using them. It also explains how and for what purpose this happens.

Please note that data transmission via the Internet (e.g. communication by e-mail) may exhibit security gaps. Therefore a gapless protection of data against access by third parties is not possible.
 

3.2 Reference to responsible entity

Contact data you can find under the legal notice to this website.

3.3 Data Subject Rights

You have the right:

  • in accordance with Art. 15 GDPR to request information about your personal data processed by us. In particular, you may request information about the purposes of the processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right of rectification, deletion, limitation of processing or opposition, the existence of a right of appeal, the origin of your data if it has not been collected from us, as well as the existence of an automated decision making process including profiling and, if applicable, meaningful information on its details;
  • in accordance with Art. 16 GDPR to immediately demand the correction of incorrect or incomplete personal data stored by us;
  • in accordance with Art. 17 GDPR to demand the deletion of your personal data stored by us, unless processing is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims;
  • in accordance with Art. 18 GDPR to demand the restriction of the processing of your personal data insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you refuse its deletion and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have lodged an objection against the processing in accordance with Art. 21 GDPR;
  • in accordance with Art. 20 GDPR, to receive your personal data which you have provided to us in a structured, common and machine-readable format or to request transmission to another responsible person;
  • in accordance with Art. 7 Para. 3 GDPR to revoke your consent to us at any time. The consequence of this is that we may not continue the data processing based on this consent for the future, and
  • in accordance with Art. 77 GDPR to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or of our registered office.

3.4 Right of objection

If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 Para. 1 lit. f) GDPR, you have the right, in accordance with Art. 21 GDPR, to object to the processing of your personal data if there are reasons for doing so which arise from your particular situation or which are directed against direct advertising. In the latter case, you have a general right of objection, which will be implemented by us without stating a particular situation. If you wish to make use of your right of revocation or objection, simply send an e-mail to datenschutz@iso-gruppe.com

3.5 Right to data transferability

You have the right to have data we are processing automated on the basis of your consent or in performance of a contract delivered to you or to a third party in an established machine-readable format. Insofar as you require direct transmission of data to another responsible entity it will happen only as far as it is technically feasible.

3.6 Information, correction, deletion, limitation, revocation

Within the scope of the applicable statutory regulations you have at any time the right to information free of charge about your stored personal data, their origin and recipient, and the purpose of data processing etc. and – as the case may be – a right to correction, deletion, limitation of such data as well as to revocation.

Regarding this as well as any other questions on the subject of data protection you may at any time refer to datenschutz@iso-gruppe.com.

3.7 Objection against advertisement e-mails

The utilization of contact data published within the scope of the general information requirements of the e-commerce regulations for sending of not expressly requested advertisement and information materials is herewith opted out. ISO expressly reserves the right to take legal action in case of advertisement information, perhaps by spam e-mails received.

4. Data collection at our website

4.1 Cookies

Our website uses cookies. Cookies are small text files placed by a web portal on the computer systems (computer, tablet or smartphone) of the users that visit it. Cookies may store personal data. You can prevent tracking via cookies (do not track, tracking protection list) and reject the storage of third-party cookies in your browser settings. If you delete all cookies, this will also delete any opt-out cookies placed, so you will have to actively opt-out again.

We want you to be in a position to make an informed decision for or against the use of cookies which are not absolutely necessary for the website’s technical features. Please note that you will be shown advertising that is less targeted to your interests if you reject cookies used for advertising. However, you will still be able to use all of the functionality of the website.

We differentiate between cookies that are absolutely necessary for the website’s technical features and optional cookies.

To enable you to select the data protection settings for your visits to our website that best suit your requirements, we give you the option below of adjusting your preferences with respect to the categories of operational necessity and statistics.

1. Category ‘Operational Necessity‘
These cookies are necessary for the operation of the website.
The following cookies are used here on our website:

  • cacheversion: This cookie, which we employ and which is valid for 10 years, is used to maintain the status of the user for all page requests
  • cookieBanner: This cookie, which we employ and which valid for 3 months, is used to store the user’s consent status for cookies on the current domain.

2. Statistics category
We collect anonymized data for statistics and analysis so that we can continue to improve our offering and website. These cookies (please see 5.1) allow us to determine visitor numbers and the effect of certain pages of our website, for example, and optimize our content.

3. Category ‘Marketing‘
Under this category, technologies (see from 5.3) from advertisers are used to display ads that are relevant to your interests.

4.2 Server log files

The provider of the pages collects and stores information automatically in so-called server log files, which your browser transmits to us automatically. These are:

  • Browser type and browser version
  • Applied operating system
  • Referrer URL
  • Hostname of the accessing computer
  • Time of the server request
  • IP address

Any merging of these data with other data does not take place.

Legal basis for data processing is article 6, section 1, lit. b, GDPR that allows the processing of data for the performance of a contract or pre-contractual measures.

4.3 Contact form

When you send us inquiries per contact form your information provided via the contact form including your contact data you stated there are stored by us for the purpose of processing your inquiry and for the event of follow-up questions. We will not disclose such date without your consent.

Therefore processing of data entered into the contact form takes place exclusively on the basis of your consent (article 6, section 1, lit. a, GDPR). You can revoke such consent at any time. For this purpose an informal note per e-mail to us will be sufficient. The rightfulness of data processing operations performed until revocation remains unaffected by the revocation.

The data you entered into the contact form remain with us until you request us to delete the same, revoke your consent to the storage, or the purpose of data storage is no longer required (e.g. after completion of processing your inquiry). Statutory legal requirements – particularly retention periods – remain unaffected.

4.4 Registration at this website

You can register yourself at our website in order to use additional functions at the page. We will use the data so entered only for the purpose of utilizing the respective offer or service, for which you have registered. The mandatory information prompted during registration must be entered completely. Otherwise we will reject the registration.

In case of important changes, perhaps concerning the scope of offer, or in case of technically necessary changes we will use the e-mail address you stated during registration to inform you in this way.

Processing of data entered at registration takes place based on your consent (article. 6, section 1, lit. a, GDPR). At any time you can revoke a consent you have given. For this purpose an informal note per e-mail to us will be sufficient. The rightfulness of processing performed until revocation remains unaffected by the revocation.

The data collected at registration remain stored by us as long as you are registered at our website, and will be deleted thereafter. Legal retention periods remain unaffected.

4.5 Processing of customer and contract data

We collect, process, and use personal data only insofar as they are required for the creation, arrangement of contents, or change of the legal relationship (inventory data). This happens on the basis of article 6, section 1, lit. b, GDPR, that allows the processing of data for the performance of a contract or pre-contractual measures. We collect, process, and use personal data about the utilization of our Internet pages (usage data) only as far as it is necessary to enable the user to utilize the service and to invoice the user.

Collected customer data will be deleted after completion of the order, or upon termination of the business relationship. Legal retention periods remain unaffected.
 

5. Analytics tools and advertisement

5.1 Google Analytics

This website uses Google Analytics, a web analysis service of Google Ireland Limited, (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland). It includes the use of “Universal Analytics” technology, which makes it possible to assign data, web sessions and interactions on several devices to an anonymised user ID, thus enabling an analysis of a user’s activities across multiple devices (so-called Third-Party-Cookies).

Google Analytics uses so-called “cookies”, text files which are saved on your computer and which enable an analysis of your usage of the website. Information generated by the cookie about your usage of this website is generally transferred to a Google server in the USA and stored there. In the event that IP anonymization is activated on this website, your IP address will be shortened by Google within the member states of the European Union or in other states which are party to the Agreement on the European Economic Area before the transfer takes place. Only in exceptional circumstances will the complete IP address be transferred to a Google server in the USA and shortened there. The IP address of your browser conveyed in the context of Google Analytics will not be joined with other Google data. Google will use this information on behalf of the operator of this website to evaluate your usage of the website in order to compile reports about the website activities and to provide the website operator with additional services in connection with the usage of the website and the internet. The legal basis for the use of Google Analytics is Art. 6(1), Subparagraph 1(a), GDPR. Sessions and campaigns are terminated on expiry of a fixed period. The fixed period for the termination of sessions is generally 30 minutes without activity, and for campaigns the limit is six months. The maximum permissible time limit for campaigns is two years. More information about conditions of use and data protection can be found at https://www.google.com/analytics/terms/en.html bzw. unter https://policies.google.com/?hl=en .

If you allow us to use tracking cookies with your prior consent, the following cookies may be used on our websites:

  • _ga: This 2-year valid cookie used for Google Analytics is used to collect analysis data on our users.
  • _gat: This 10 minute cookie used for Google Analytics is used to limit the request rate.
  • _gid: This one-day cookie used for Google Analytics is used to distinguish between users.

You can prevent cookies from being installed by activating a corresponding setting in your browser software; however, we must inform you that, in this case, it is possible that you will not be able to use all the functions of this website in full. Furthermore, you can prevent the capture of data by Google relating to your use of the website generated by the cookie (including your IP address), as well as the processing by Google of this data, by downloading and installing the browser add-on. Opt-out cookies prevent the future collection of your data when visiting this website. To prevent the capture of your data across multiple devices by Universal Analytics, you must complete the opt-out process on all systems you use. Click here to install an opt-out cookie: disable Google Analytics 

Dieser Service kann die erfassten Daten an ein anderes Land weiterleiten. Bitte beachten Sie, dass dieser Service Daten außerhalb der Europäischen Union und des europäischen Wirtschaftsraums und in ein Land, welches kein angemessenes Datenschutzniveau bietet, übertragen kann. Falls die Daten in die USA übertragen werden, besteht das Risiko, dass Ihre Daten von US Behörden zu Kontroll- und Überwachungszwecken verarbeitet werden können, ohne dass Ihnen möglicherweise Rechtsbehelfsmöglichkeiten zustehen. Nachfolgend finden Sie eine Liste der Länder, in die die Daten übertragen werden. Dies kann für verschiedene Zwecke der Fall sein, z. B. zum Speichern oder Verarbeiten:
Vereinigte Staaten von Amerika

5.2 HubSpot

When contacting us (per contact form or per e-mail) information provided by the user will be processed to deal with the contact inquiry and the execution of such inquiry in accordance with article 6, section 1, lit. a or b, GDPR.

Information provided by users can be stored in our customer relationship management system and marketing automation platform (“CRM & marketing system”) or in another comparable inquiry organizing system.

We utilize among others the CRM, registration and marketing automation system “HubSpot” by the provider HubSpot Inc. (25 First Street, 2nd Floor, Cambridge, MA 02141, USA) with subsidiaries in Ireland (One Dockland Central, Dublin 1, Ireland) and in Germany (Unter den Linden 26, 10117 Berlin) on the basis of a consent by the recipient according to article 6, section 1, lit. a, GDPR, or in the course of performance of pre-contractual measures upon request by the data subject according to article 6, section 1, lit. b, GDPR, respectively. For that purpose, we have entered into a contract with HubSpot that includes so-called standard contract clauses under which HubSpot commit themselves to the processing of user data only in compliance with our instructions and the adherence to the EU data protection level. HubSpot is furthermore certified under the privacy shield agreement and thereby is providing an additional guarantee to adhere to the European data protection law (https://www.privacyshield.gov/list). Further information on the HubSpot privacy policy you will find at: https://legal.hubspot.com/de/privacy-policy

This service can forward the collected data to another country. Please note that this service may transfer data outside the European Union and the European Economic Area and to a country that does not offer an adequate level of data protection. If the data is transferred to the USA, there is a risk that your data may be processed by US authorities for control and monitoring purposes, without you possibly being entitled to legal remedies. Below you will find a list of countries to which the data will be transferred. This may be for various purposes, such as storage or processing:

United States of America

Our registration service enables users of our website to learn more about our company, to download contents, and to provide their contact information as well as other demographic information. Such information is stored on the servers of our software partner HubSpot. These data can be used by us to get in contact with visitors of our website and to determine what services of our company are of interest to them. All information gathered by us is subject to the data protection regulations. We use all gathered information exclusively for the optimization of our marketing.

We delete inquiries if they are no longer necessary or in case of revocation. Inquiries by customers having a customer account with us are stored permanently and for deletion we refer to the particulars on the processing of customer and contract data under 4.4. In the case of compulsory archiving deletion takes place upon its expiry (legal retention period under commercial law ending after 6 years, and under fiscal law after 10 years).

HubSpot uses so-called “cookies”. These are text files that are stored on your computer and are used on the one hand to enable analyzing your behaviour on our website, on the other hand to provide extended functionality and personalization such as for videos for example and therefore allows the collection of the following data, among others: Browser type and browser version, operating system used, referrer URL, host name of the accessing computer, time of the server request, IP address, browser data, usage behavior

This data is made anonymous. HupSpot does not share any personal data with ISO, but offers anonymous reports about the website target group and ad performance. The ISO can use this data to contact your company in a targeted manner without identifying you as a website visitor.

This data is made anonymous. HupSpot does not share any personal data with ISO, but offers anonymous reports about the website target group and ad performance. The ISO can use this data to contact your company in a targeted manner without identifying you as a website visitor.

Such information generated by cookies is transferred to a server at HubSpot in the USA and is stored there (so-called third party cookie).

The storage of HubSpot cookies takes place on the basis of article 6, section 1, lit. a, GDPR. and Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the analysis of user behaviour and the provision of extended functionality and personalisation in order to optimise both his website and his advertising.

  • _hs_opt_out: This cookie is used by the Privacy Consent Policy to prevent visitors from being asked repeatedly if they wish to accept cookies. This cookie is set when you give visitors the choice to disable cookies. (Valid: 13 months)
  • _hs_do_not_track: This cookie can be set to prevent any data being sent to HubSpot by the tracking code. Setting this cookie is different from disabling cookies, as this still allows you to send anonymous data to HubSpot. (Valid: 13 months)
  • _hs_ab_test: This cookie is used to show visitors the same version of an A/B test page that was previously displayed. (Valid: session cookie)
  • _key: When you visit a password-protected site, this cookie is set so that you will not need to log in on future visits to the site using the same browser. The cookie name is unique to each password-protected site.
  • _hs-messages-is-open: This cookie is used to determine and store whether the chat widget will be open on future visits. After 30 minutes of inactivity, it is reset to the setting that the widget will close again. (Valid: 30 minutes)
  • _hs-messages-hide-welcome-message: This cookie ensures that the welcome message is not displayed again for one day after closing. (Valid: 1 day)
  • _hsmem: This cookie is set when visitors log in to a site hosted by HubSpot. (Valid: 1 year)

If you allow us to use tracking cookies with your prior consent, the following cookies are used on our websites:

  • _hstc: The main cookie for visitor tracking. It contains the domain, the user token (utk), the first timestamp (of the first visit), the last timestamp (of the last visit), the current timestamp (for this visit) and the session number (increases with each subsequent session). (Valid: 13 years)
  • _hubspotutk: This cookie is used to capture a visitor's identity This cookie is transferred to the HubSpot software when a form is submitted and is used when contacts are de-duplicated. (Valid: 13 months)
  • _hssc: This cookie tracks sessions. It is used to determine if the HubSpot software needs to increase the number of sessions and timestamps in the __hstc cookie. It contains the domain, the number of page views (viewCount, increases with every page view [pageView] in a session) and the session start timestamp (Valid: 30 minutes)
  • _hssrc: Whenever the HubSpot software changes the session cookie, this cookie is also set. This determines whether the visitor has restarted the browser. If this cookie is not present at the time the HubSpot software manages the cookie, this is considered a new session. (Valid: session end)
  • _messagesUtk: This cookie is used to recognize visitors who chat with you through the Messages tool. If visitors leave your site before they are added as a contact, this cookie remains associated with their browser. If there is already a chat history with the visitor and the visitor later returns to your site with the same browser (with the same cookies set), their chat history will be loaded into the Messages tool. (Valid: 13 months)

If you are logged into the hub spot software, the hub spot software sets additional authentication cookies. Learn more about cookies in the HubSpot product.

  • Ads Tracking
    If you have installed the Facebook pixel code on your website, Facebook may place a cookie in your visitors' browser. When you select and install your Facebook pixel code with the HubSpot tool for ads on pages with the HubSpot tracking code, HubSpot associates the placement of that pixel code with the cookie hint banner. If a unique affirmative action must be taken through this banner, the Facebook pixel cannot set cookies for a visitor until that visitor has taken that action.
    If you manually placed the pixel code on pages (for example, by editing the HTML code of your site header), HubSpot cannot control which visitors Facebook can set cookies for.

You can prevent the storage of cookies by corresponding settings of your browser software. However, we have to point out that in such case you may not be able to use all functions of this website to the full extent. To disable ("opt-out") the service on our website, click here.

5.3 LinkedIn Insight Tag

Our website uses the LinkedIn Insight Tag conversion tracking and retargeting service from LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

This tool creates a cookie (so-called third party cookie) in your web browser, which allows the collection of data such as: IP address, device and browser characteristics and page events (e.g. page views). This data is encrypted, anonymized within seven days and the anonymized data is deleted within 90 days. LinkedIn does not share any personal information with ISO, but provides anonymized reports on website audience and display performance. In addition, LinkedIn offers retargeting via the Insight Tag. The ISO can use this data to display targeted advertising outside its website without identifying you as a website visitor. For more information about LinkedIn's privacy policy, please refer to the LinkedIn privacy policy: https://www.linkedin.com/legal/privacy-policy

This service can forward the collected data to another country. Please note that this service may transfer data outside the European Union and the European Economic Area and to a country that does not offer an adequate level of data protection. If the data is transferred to the USA, there is a risk that your data may be processed by US authorities for control and monitoring purposes, without you possibly being entitled to legal remedies. Below you will find a list of countries to which the data will be transferred. This may be for various purposes, such as storage or processing:

United States of America, Singapore

The data processing takes place with your consent on the basis of art. 6 para. 1 lit. a GDPR.

If you allow us to use tracking cookies with your prior consent, the following cookies may be used on our websites:

  • _ga, _gat; _lipt, bcookie, lang, lidc
    LinkedIn members can control the use of their personal information for promotional purposes in their account settings. To disable ("opt-out") the Insight tag on our website, click here.

6. Newsletter

If you wish to subscribe to the newsletter offered at the website, we will need an e-mail address as well as some information from you that allows us to verify you as the owner of the specified e-mail address, and that you agree to receiving the newsletters. Other data will not be collected, respectively on voluntary basis only. We use such data solely for the transmission of the requested information and will not disclose the same to any third parties.

Processing of the data entered into the newsletter application form happens exclusively on the basis of your consent (article 6, section 1, lit. a, GDPR). You can revoke your consent to the storage of data and e-mail address as well as their usage for sending the newsletter at any time, perhaps via the “Sign-out” link on the newsletter. The rightfulness of data processing operations already performed remains unaffected by the revocation.

The data stored by us for the purpose of obtaining the newsletter are stored by us until you sign out from the newsletter and will be deleted after your cancellation of the newsletter. Data that have been stored by us for other purposes (e.g. e-mail addresses for the member area) remain thereof unaffected.

7. Plugins and tools

7.1 Google Fonts

Our website uses Google Fonts from Google Ireland Limited, (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) for the uniform display of fonts. We have integrated these Google fonts locally, i.e. on our web server and thus not on Google servers. Consequently, there is no connection to Google servers at any time and therefore no data transfer or storage to/in the USA takes place.

7.2 Google Maps

This page uses the map service Google Maps via an AIP. Provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

For using the functions of Google Maps it is necessary to store your IP address. That information is normally transmitted to a server of Google in the USA and stored there. The provider of this page has no influence on that data transmission.

The usage of Google Maps takes place for the benefit of an appealing presentation of our online offers and for facilitated findability of places mentioned by us at the website. This represents a rightful interest in terms of article 6, section. 1, lit. f, GDPR.

Further information on the handling of user data you will find in data privacy statement of Google at: https://www.google.de/intl/de/policies/privacy/.

This service can forward the collected data to another country. Please note that this service may transfer data outside the European Union and the European Economic Area and to a country that does not offer an adequate level of data protection. If the data is transferred to the USA, there is a risk that your data may be processed by US authorities for control and monitoring purposes, without you possibly being entitled to legal remedies. Below you will find a list of countries to which the data will be transferred. This may be for various purposes, such as storage or processing:
United States of America

7.3 YouTube

Our website uses the function for embedding YouTube videos by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "YouTube"). YouTube is a company affiliated with Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google").

This feature shows YouTube videos in an iFrame on the website. The option "advanced privacy mode" is enabled here. This prevents YouTube from storing information on visitors to the website. It is only if you watch a video that information (your IP address, notification that video is being watched by you) is transmitted to and stored by YouTube. Your data may be transmitted to the USA.

The data processing is carried out with your consent on the basis of Article 6(1)(a) GDPR.

You can revoke your consent at any time without affecting the legality of the processing carried out with your consent up to the revocation. Further information on the data collected and used by YouTube and Google and your associated rights and options for protecting your privacy can be found in YouTube’s privacy policy (https://www.youtube.com/t/privacy).

This service can forward the collected data to another country. Please note that this service may transfer data outside the European Union and the European Economic Area and to a country that does not offer an adequate level of data protection. If the data is transferred to the USA, there is a risk that your data may be processed by US authorities for control and monitoring purposes, without you possibly being entitled to legal remedies. Below you will find a list of countries to which the data will be transferred. This may be for various purposes, such as storage or processing:
United States of America

 

7.4 Google reCAPTCHA

Our website uses the reCAPTCHA service by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google") in order to protect our website against automated spying, misuse and SPAM. In the background, Google collects and analyses usage data which is also used by reCaptcha to distinguish between human users and bots and other SPAM software. For this purpose your input will be transmitted to Google and further used there. In addition, the IP address and, where applicable, other data required by Google for the reCAPTCHA service will be transmitted to Google. It´s an undisputed fact that Google uses and analyses this data right before you click the button “I´m not a robot”. This data will be processed by Google within the European Union and, where necessary, also in the USA. The processing is carried out on the basis of Article 6(1)(f) GDPR due to our legitimate interest in protecting our website against automated spying, misuse and SPAM. On grounds relating to your particular situation, you have the right to object at any time to this processing of personal data concerning you and carried out in accordance with Article 6(1)(f) GDPR. Further information on the data collected and used by Google and your associated rights and options for protecting your privacy can be found in Google’s privacy policy policy at: https://www.google.com/recaptcha/intro/android.html and https://www.google.com/privacy.

This service can forward the collected data to another country. Please note that this service may transfer data outside the European Union and the European Economic Area and to a country that does not offer an adequate level of data protection. If the data is transferred to the USA, there is a risk that your data may be processed by US authorities for control and monitoring purposes, without you possibly being entitled to legal remedies. Below you will find a list of countries to which the data will be transferred. This may be for various purposes, such as storage or processing:
United States of America

7.5 Google Tag Manager

This website uses Google Tag Manager. Google Tag Manager is a solution that allows marketers to manage website tags through one interface. The Tag Manager tool itself (which implements the tags) is a cookie-less domain and does not collect any personal data. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, this remains in place for all tracking tags implemented with Google Tag Manager.

8. Facebook-Fanpage

Our Facebook-Fanpage uses functions of “Facebook Insight”, that allows us to obtain anonymized statistical data regarding the visitors of our page. Provider is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.

ISO can request -in particular- demographic information from Facebook. Thereby reports can be generated that include statements on age, sex, lifestyle and interests and geographic information of the page visitors.

To collect this information Facebook uses so-called “cookies”. Cookies are small pieces of text used to store information on web browsers. Cookies are used to store and receive identifiers and other information on computers, phones, and other devices. So every cookie contains a specific user´s code. This code that can be connected with login credentials of Facebook users, is collected and processed that moment you visit our fanpage.

Facebook uses those cookies if you have a Facebook account, use the Facebook Products, including our website and apps, or visit other websites and apps that use the Facebook Products (including the Like button or other Facebook Technologies). Cookies enable Facebook to offer the Facebook Products to you and to understand the information they receive about you, including information about your use of other websites and apps, whether or not you are registered or logged in.

Storage of Facebook-Cookies takes place on the basis of article 6, section 1, lit. f, GDPR. The website operator has a rightful interest in analyzing the user behavior in order to optimize its web offer as well as its advertisement.

You can possibly prevent the storage of cookies by corresponding settings in your Facebook Account or other applications. However we would like to point out that in that case you will possibly not be able to use all functions of our website to the full extent. In addition you can possibly prevent the collection of data relating to your usage of the website (including your IP address) generated by the cookie and the processing of such data by Facebook.

This information about how you can control Facebook´s use of cookies to show you ads, you can find in the Data Policy of Facebook with the following link: https://www.facebook.com/policies/cookies/

This service can forward the collected data to another country. Please note that this service may transfer data outside the European Union and the European Economic Area and to a country that does not offer an adequate level of data protection. If the data is transferred to the USA, there is a risk that your data may be processed by US authorities for control and monitoring purposes, without you possibly being entitled to legal remedies. Below you will find a list of countries to which the data will be transferred. This may be for various purposes, such as storage or processing:
United States of America

9. LamaPoll online surveys

To conduct online surveys, we use the technology of Lamano GmbH & Co. KG, Prenzlauer Allee 36G, 10405 Berlin, hereinafter referred to as LamaPoll. LamaPoll provides technical infrastructures and software solutions that enable us to create, conduct and evaluate secure online surveys. It is expressly not part of LamaPoll's business to trade in data, to pass on data to third parties, to sell data or to use data in any other way.

The survey provider Lamapoll is used for the purpose of fulfilling contracts with our potential and existing customers (Art. 6 (1) lit. b of the GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 (1) lit. f of the GDPR).

Your personal data will be processed by the technical service provider for the online survey (and deleted there after the end of the survey):

LamaPoll is a German software-as-a-service offering for online surveys and questionnaires. The online survey tool LamaPoll is a product of the

Lamano GmbH & Co. KG
Prenzlauer Allee 36G
10405 Berlin

The ISO and Lamano GmbH & Co. KG conclude a contract for data processing on behalf according to Art. 28 of the GDPR for the duration of the use of LamaPoll and the associated data processing (collection and evaluation). The contract regulates the protection of personal data through strict binding of instructions and technical as well as organisational protective measures.

The responsibility for the data protection-compliant processing of personal data remains with the ISO. According to Art. 29 of the GDPR, Lamano may only process the data on the instructions of the ISO. If Lamano violates this, e.g. by determining the purposes of the processing itself, it becomes the controller vis-à-vis the data subjects in accordance with Art. 28 (10) of the GDPR. All personal data will be deleted on the instructions of the ISO. After deletion, the data remain on a backup server (encrypted and physically separated from the live system) of Lamano for another 7 days.

The personal data are processed for a period of 3 years after the end of the year in which the collection and evaluation took place. If there are legal retention obligations, data will be stored until the retention periods expire.

Further information can be found at:
www.lamapoll.de/cms/files/files/Datenschutzerklaerung - Participant.pdf

10. Is ISO at all allowed to do that, and what are the consequences?

Data processing takes place on the basis of the statutory regulations, primarily of article 6, section 1, lit. a) (= consent) and/or of article 6 I, lit. b) (= performance of a contract concluded with you, or performance of pre-contractual measures at request), article 6, section 1, lit. c) (= compliance with a legal obligation), or lit. f) (= prevailing rightful interest of ISO) of the GDPR. The legal basis for the respective processing of your data is mainly determined as follows:

  • Consent on your part to the processing of the relevant data for the purposes mentioned under 2.3 As far as no consent by you is on hand:
  • Necessity of processing for the performance of legal obligations (in particular legal minimum retention periods)
  • Necessity of data processing for the performance of contract conclusions described under item 4.5 and/or for the performance of pre-contractual measures taking place in consequence of your inquiry, as well as
  • After termination of the contractual relationships: Necessity of processing for the protection of the rightful interests of ISO
    • For the supervision of post-contractual rights and duties resulting from the terminated contractual relationship, and
    • For the maintenance of the contract history for possible future business relationships with the respective entities. In that case personal data will only be processed restricted to your official functions at the respective entity

10.1 What types of my personal data are you processing?

Affected groups of persons

Contractual partners, persons to contact, and other persons required for the initiation and processing of contracts, particularly at

  • Customers, typically contact persons
  • Interested parties
  • Suppliers
  • Partners
  • Subcontractors

Categories of personal data

Regarding user logon:

  • E-mail
  • Password

Regarding registering for ISO-News (newsletter), additionally:

  • Sex (salutation)
  • First name and surname
  • Phone number
  • Interests for product segments

Regarding contact, additionally:

  • Company name
  • Country
  • Rights and duties resulting from the existence and termination of contractual relationships (as far as contractual partner is a natural person)
  • Other personal data, which you are providing to us (e.g. via the window “messages”)

Other data categories processed in analytics tools and third-party modules are directly disclosed in the context of the respective headlines of this data privacy statement.

10.2 Do you pass on such data to others?

Your data will be passed on to the sales department (internal) for sales purposes and may be passed on to other companies in the ISO-Gruppe based inside or outside the EU for the purpose of central administration. In any case, these companies are subject to the same data protection regulations as our company or an adequacy decision by the Commission is in place that certifies an adequate level of protection.

These recipient groups are obliged to treat the data in accordance with the relevant data protection laws.

10.3 For how long will you be processing my data?

As far as legal minimum periods for the retention of certain data categories exist, deletion will not take place until the respective periods have elapsed at the earliest.

As far as the processing takes place within the scope of a contractual relationship, deletion will take place upon expiration of the limitation period regulated under § 199, German Civil Code (BGB), calculated from the day of termination of the respective contractual relationship. Notwithstanding the aforesaid deletion will take place upon expiration of the limitation period regulated under § 197, calculated from the day of termination of the respective contractual relationship as far as personal data are processed limited to official functions only at an entity mentioned under chapter 9.1.

As far as data processing takes place exclusively on the basis of your consent, data will be deleted insofar as you revoke your consent towards us.

Duty to Inform in Terms of Data Protection Law

Processing – External, ISO Software Systeme GmbH, ISO Travel Solutions GmbH, ISO Professional Services GmbH, ISO Recruiting Consultants GmbH, ISO Public Services GmbH, ISO Projects GmbH, ISO Travel, ISO Software Applications GmbH, ISO Software Systeme GmbH (Austria) ISO Software Systems Sp. z o.o.
 

1. Are any of my personal data processed, and if so, how?

ISO is distinctly aware of the importance of your personal data. We take this responsibility seriously and consider it one of our most important tasks to ensure the confidentiality of your data.

With this document we would like to meet our duties to inform in accordance with the General Data Protection Regulation and inform you about what kind of information we are collecting, how we are processing it, and how we are treating it.

2. Why are you processing my data?

ISO utilizes your data for the purposes of

  • Communication
  • Initiation and performance of contractual relationships with the entities mentioned in chapter 4 in conformity with the law

In each case only to the necessary extent.

3. Is ISO allowed to do that at all?

Data processing takes place on the basis of the statutory regulations, primarily of article 6, section 1, lit. a) (= consent) and/or of article 6 I, lit. b) (= performance of a contract concluded with you), article 6, section 1, lit. c) (= compliance with a legal obligation), or lit. f) (= prevailing rightful interest of ISO) of the GDPR. The legal basis for the respective processing of your data is mainly determined as follows:

  • Consent on your part to the processing of the relevant data for the purposes mentioned under 2. As far as no consent by you is on hand:
  • Necessity of processing for the performance of legal obligations (in particular legal minimum retention periods)
  • Necessity of data processing for the performance of contracts concluded with entities mentioned under item 4 respectively for the performance of pre-contractual measures taking place in consequence of your inquiry, as well as
  • After termination of the contractual relationships: Necessity of processing for the protection of the rightful interests of ISO
    • For the supervision of post-contractual rights and duties resulting from the terminated contractual relationship, and
    • For the maintenance of the contract history for possible future business relationships with the respective entities. In that case personal data will only be processed restricted to your official functions at the respective entity

4. What types of my personal data are you processing?

Affected groups of persons

Contractual partners, persons to contact, and other persons required for the initiation and processing of contracts, particularly at

  • Customers
  • Interested parties
  • Suppliers
  • Partners
  • Subcontractors

Categories of personal data

  • First name and surname (including signature)
  • Contact data (place of work as well as office phone number and office e-mail addresses)
  • Job designation
  • Rights and duties resulting from the existence and termination of contractual relationships (if contractual partner is a natural person)
  • Other personal data you have made available to us
  • Other personal data that are available about you in publically accessible social networks and from other public sources

5. Do you pass on such data to others?

Your data can be passed on to other member companies of the ISO-Gruppe for the purpose of centralized administration, as long as they have their registered office within the European Union and therefore, are subject to the same provisions under data protection law as our corporation.

Customers and interested parties receive data regarding your person as a potential subcontractor (or contact person, or other person required for the initiation and processing of contracts at the subcontractor), to which a contractual relationship is initiated that includes some previous communication, or which is concluded.

Partner companies will receive data regarding you as a subcontractor that are required for the performance of obligations to partners (e.g. time tracking data).

Such groups of recipients are bound to treat those data in accordance with the pertinent data protection laws.

6. For how long will you be processing my data?

As far as legal minimum periods for the retention of certain data categories exist, deletion of data will not take place until the respective periods have elapsed at the earliest.

As far as the processing takes place within the scope of a contractual relationship, deletion will take place upon expiration of the limitation period regulated under § 199, German Civil Code (BGB), calculated from the day of termination of the respective contractual relationship. Notwithstanding the aforesaid deletion will take place upon expiration of the limitation period regulated under § 197, calculated from the day of termination of the respective contractual relationship as far as personal data are processed limited to official functions only at an entity mentioned under chapter 4.

As far as data processing takes place exclusively on the basis of your consent, data will be deleted insofar as you revoke your consent towards us.

7. From where did you actually get my data?

As far as the data are not provided by yourself, we obtain these either from public sources (e.g. XING, Facebook, Linkedin, Twitter), or the data are provided to us by third parties.

As far as we obtain your data from public sources, or receive them from third parties, we will inform you about the concrete source in the course of the initial contact at the latest.

8. Do I have rights, and if so, what are they?

8.1 Data Subject Rights

You have the right:

  • in accordance with Art. 15 GDPR to request information about your personal data processed by us. In particular, you may request information about the purposes of the processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right of rectification, deletion, limitation of processing or opposition, the existence of a right of appeal, the origin of your data if it has not been collected from us, as well as the existence of an automated decision making process including profiling and, if applicable, meaningful information on its details;
  • in accordance with Art. 16 GDPR to immediately demand the correction of incorrect or incomplete personal data stored by us;
  • in accordance with Art. 17 GDPR to demand the deletion of your personal data stored by us, unless processing is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims;
  • in accordance with Art. 18 GDPR to demand the restriction of the processing of your personal data insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you refuse its deletion and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have lodged an objection against the processing in accordance with Art. 21 GDPR;
  • in accordance with Art. 20 GDPR, to receive your personal data which you have provided to us in a structured, common and machine-readable format or to request transmission to another responsible person;
  • in accordance with Art. 7 Para. 3 GDPR to revoke your consent to us at any time. The consequence of this is that we may not continue the data processing based on this consent for the future, and
  • in accordance with Art. 77 GDPR to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or of our registered office.

8.2 Right of objection

If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 Para. 1 lit. f) GDPR, you have the right, in accordance with Art. 21 GDPR, to object to the processing of your personal data if there are reasons for doing so which arise from your particular situation or which are directed against direct advertising. In the latter case, you have a general right of objection, which will be implemented by us without stating a particular situation. If you wish to make use of your right of revocation or objection, simply send an e-mail to datenschutz@iso-gruppe.com

9. How can I reach you if I have questions regarding data privacy? Is there perhaps a concrete person to contact?

If the ISO Software Systeme GmbH is responsible for:

ISO Software Systeme GmbH
Eichendorffstraße 33
90491 Nuremberg / Germany

Legal representative: Harald Goeb, Claus Bogner

Phone.: +49 911 - 99 594-0
Fax: +49 911 - 99 594-129

info@iso-gruppe.com

You can reach our data protection officer at:

If you have any questions regarding the processing of your personal data you can call on our group data protection officer who will, together with his team, be available to you also in cases of request for information, suggestions, or complaints.

Contact address: datenschutz@iso-gruppe.com
 

 

If the ISO Travel Solutions GmbH is responsible for:

ISO Travel Solutions GmbH

Eichendorffstraße 33
90491 Nuremberg / Germany

Legal representative: Harald Goeb, Moritz Goeb

Phone.: +49 911 - 99 594-0
Fax: +49 911 - 99 594-129

info@iso-gruppe.com

You can reach our data protection officer at:

If you have any questions regarding the processing of your personal data you can call on our group data protection officer who will, together with his team, be available to you also in cases of request for information, suggestions, or complaints.

Contact address: datenschutz@iso-gruppe.com

 

If the ISO Professional Services GmbH is responsible for:
ISO Professional Services GmbH

Eichendorffstraße 33
90491 Nuremberg / Germany

Legal representative: Harald Goeb, Johannes Reichel

Phone.: +49 911 - 99 594-0
Fax: +49 911 - 99 594-129

info@iso-gruppe.com

You can reach our data protection officer at:

If you have any questions regarding the processing of your personal data you can call on our group data protection officer who will, together with his team, be available to you also in cases of request for information, suggestions, or complaints.

Contact address: datenschutz@iso-gruppe.com

 

If the ISO Recruiting Consultants GmbH is responsible for:

ISO Recruiting Consultants GmbH

Eichendorffstraße 33
90491 Nuremberg / Germany

Legal representative: Harald Goeb, Johannes Reichel

Phone.: +49 911 - 99 594-0
Fax: +49 911 - 99 594-129

info@iso-gruppe.com

You can reach our data protection officer at:

If you have any questions regarding the processing of your personal data you can call on our group data protection officer who will, together with his team, be available to you also in cases of request for information, suggestions, or complaints.

Contact address: datenschutz@iso-gruppe.com

 

If the ISO Public Services GmbH is responsible for:

ISO Public Services GmbH

Eichendorffstraße 33
90491 Nuremberg / Germany

Legal representative: Harald Goeb, Moritz Goeb

Phone.: +49 911 - 99 594-0
Fax: +49 911 - 99 594-129

info@iso-gruppe.com

You can reach our data protection officer at:

If you have any questions regarding the processing of your personal data you can call on our group data protection officer who will, together with his team, be available to you also in cases of request for information, suggestions, or complaints.

Contact address: datenschutz@iso-gruppe.com

 

If the ISO Projects GmbH is responsible for:

ISO Projects GmbH
Eichendorffstraße 33
90491 Nuremberg / Germany

Legal representative: Harald Goeb, Claus Bogner

Phone.: +49 911 - 99 594-0
Fax: +49 911 - 99 594-129

info@iso-gruppe.com

You can reach our data protection officer at:

If you have any questions regarding the processing of your personal data you can call on our group data protection officer who will, together with his team, be available to you also in cases of request for information, suggestions, or complaints.

Contact address: datenschutz@iso-gruppe.com
 

If the ISO Travel is responsible for:

ISO Travel
Eichendorffstraße 33
90491 Nuremberg / Germany

Legal representative: Harald Goeb

Phone: +49 911 - 99 594-222
Fax: +49 911 - 99 594-223

info@isotravel.de

You can reach our data protection officer at:

If you have any questions regarding the processing of your personal data you can call on our group data protection officer who will, together with his team, be available to you also in cases of request for information, suggestions, or complaints.

Contact address: datenschutz@iso-gruppe.com

 

If the ISO Software Applications GmbH is responsible for:

ISO Software Applications GmbH
Heiligenstädter Straße 50-52
1190 Vienna / Austria

Legal representative: Harald Goeb, Moritz Goeb

Phone: +43 720 – 30 30 69 - 0
Fax: +43 720 – 30 30 69 - 99

info@isotravel.at

 

If the ISO Software Systeme GmbH (Austria) is responsible for:

ISO Software Systeme GmbH (Austria)
Heiligenstädter Straße 50-52
1190 Vienna / Austria

Legal representative: Harald Goeb

Phone: +43 720 – 30 30 69 - 0
Fax: +43 720 – 30 30 69 - 99

info@isotravel.at

 

If the ISO Software Systems Sp. z o.o. is responsible for:

ISO Software Systems Sp. z o.o.
Ul. Slaska 12/14
42-200 Czestochowa / Polska

General Manager: Zbigniew Gurdak

Phone: +48 34 – 32 58 177

info@iso-gruppe.com

Duty to Inform in Terms of Data Protection Law

Processing – Job Applicants, ISO Software Systeme GmbH, ISO Travel Solutions GmbH, ISO Professional Services GmbH, ISO Recruiting Consultants GmbH, ISO Public Services GmbH, ISO Projects GmbH, ISO Travel, ISO Software Applications GmbH, ISO Software Systeme GmbH (Austria), ISO Software Systems Sp. z o.o.
 

1. Are any of my personal data processed, and if so, how?

ISO is distinctly aware of the importance of your personal data. We take this responsibility seriously and consider it one of our most important tasks to ensure the confidentiality of your data.

With this document we would like to meet our duties to inform in accordance with the General Data Protection Regulation and inform you about what kind of information we are collecting, how we are processing it, and how we are treating it.

2. Why are you processing my data?

ISO utilizes your data for the purposes of

  • Communication
  • Initiation of employment relationships in conformity with the law

In each case only to the necessary extent.

3. Is ISO allowed to do that at all?

Data processing takes place on the basis of the statutory regulations, primarily of article 6, section 1, lit. a) (= consent) and/or of article 6 I, lit. b) (= performance of pre-contractual measures at request), The legal basis for the respective processing of your data is mainly determined as follows:

  • Consent on your part to the processing of the relevant data for the purposes mentioned under 2. As far as no consent by you is on hand:
  • Necessity of data processing for the performance of pre-contractual measures taking place in consequence of your inquiry
  • After termination of the respective application procedure by negative reply: Necessity of processing for the protection of the rightful interests of ISO (= Storage for the handling of possibly asserted claims of the affected persons based on the General Equal Treatment Act (AGG). or other regulations). In this case the interests of ISO are prevailing over the interests or fundamental rights and fundamental freedoms of the affected persons requiring the protection of personal data.

4. What types of my personal data are you processing?

Affected groups of persons

Job applicants / persons suitable for the job

Categories of personal data

  • First name and surname (including signature)
  • Passport photograph
  • Contact data (private and office address, private and office phone numbers, private and office e-mail addresses)
  • Job designation
  • Nationality and residence title
  • Data concerning severely disabled property
  • Date of birth, place of birth
  • School graduation, education, title
  • Family status
  • Confession
  • Driver’s license
  • Type and period of further education
  • Project-related activities
  • Other personal data, as for example consultant’s profiles, self-assessments, certificates, references, etc.
  • Other information from application papers, such as cover letter, CV, and application-relevant evidences as, for example certificates, etc.

5. Do you pass on such data to others?

  • Department in question where the respective vacancy is to be filled
  • When job activity is designated to be at one of our customers, the customer receives data concerning job applicants / persons suitable for the job in order to be able to assess the aptitude for the intended position.

Such groups of recipients are bound to treat those data in accordance with the pertinent data protection laws.

6. For how long will you be processing my data?

Deletion takes place after 6 months have elapsed, calculated from the time of termination of the respective application procedure / staffing procedure by negative reply.

As far as data processing takes place exclusively on the basis of your consent, data will be deleted insofar as you revoke your consent towards us.

7. From where did you actually get my data?

As far as the data are not provided by yourself, we obtain these either from public sources (e.g. XING, Facebook, Linkedin, Twitter), or the data are provided to us by third parties.

As far as we obtain your data from public sources, or receive them from third parties, we will inform you about the concrete source in the course of the initial contact at the latest.

8. Do I have rights, and if so, what are they?

8.1 Data Subject Rights

You have the right:

  • in accordance with Art. 15 GDPR to request information about your personal data processed by us. In particular, you may request information about the purposes of the processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right of rectification, deletion, limitation of processing or opposition, the existence of a right of appeal, the origin of your data if it has not been collected from us, as well as the existence of an automated decision making process including profiling and, if applicable, meaningful information on its details;
  • in accordance with Art. 16 GDPR to immediately demand the correction of incorrect or incomplete personal data stored by us;
  • in accordance with Art. 17 GDPR to demand the deletion of your personal data stored by us, unless processing is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims;
  • in accordance with Art. 18 GDPR to demand the restriction of the processing of your personal data insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you refuse its deletion and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have lodged an objection against the processing in accordance with Art. 21 GDPR;
  • in accordance with Art. 20 GDPR, to receive your personal data which you have provided to us in a structured, common and machine-readable format or to request transmission to another responsible person;
  • in accordance with Art. 7 Para. 3 GDPR to revoke your consent to us at any time. The consequence of this is that we may not continue the data processing based on this consent for the future, and
  • in accordance with Art. 77 GDPR to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or of our registered office.

8.2 Right of objection

If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 Para. 1 lit. f) GDPR, you have the right, in accordance with Art. 21 GDPR, to object to the processing of your personal data if there are reasons for doing so which arise from your particular situation or which are directed against direct advertising. In the latter case, you have a general right of objection, which will be implemented by us without stating a particular situation. If you wish to make use of your right of revocation or objection, simply send an e-mail to datenschutz@iso-gruppe.com

9. How can I reach you if I have questions regarding data privacy? Is there perhaps a concrete person to contact?

If the ISO Software Systeme GmbH is responsible for:

ISO Software Systeme GmbH
Eichendorffstraße 33
90491 Nuremberg / Germany

Legal representative: Harald Goeb, Claus Bogner

Phone: +49 911 – 99 594-0
Fax: +49 911 – 99 594-129

info@iso-gruppe.com

You can reach our data protection officer at:

If you have any questions regarding the processing of your personal data you can call on our group data protection officer who will, together with his team, be available to you also in cases of request for information, suggestions, or complaints.

Contact address: datenschutz@iso-gruppe.com

 

If the ISO Travel Solutions GmbH is responsible for:

ISO Travel Solutions GmbH

Eichendorffstraße 33
90491 Nuremberg / Germany

Legal representative: Harald Goeb, Moritz Goeb

Phone.: +49 911 - 99 594-0
Fax: +49 911 - 99 594-129

info@iso-gruppe.com

You can reach our data protection officer at:

If you have any questions regarding the processing of your personal data you can call on our group data protection officer who will, together with his team, be available to you also in cases of request for information, suggestions, or complaints.

Contact address: datenschutz@iso-gruppe.com

 

If the ISO Professional Services GmbH is responsible for:
ISO Professional Services GmbH

Eichendorffstraße 33
90491 Nuremberg / Germany

Legal representative: Harald Goeb, Johannes Reichel

Phone.: +49 911 - 99 594-0
Fax: +49 911 - 99 594-129

info@iso-gruppe.com

You can reach our data protection officer at:

If you have any questions regarding the processing of your personal data you can call on our group data protection officer who will, together with his team, be available to you also in cases of request for information, suggestions, or complaints.

Contact address: datenschutz@iso-gruppe.com

 

If the ISO Recruiting Consultants GmbH is responsible for:

ISO Recruiting Consultants GmbH

Eichendorffstraße 33
90491 Nuremberg / Germany

Legal representative: Harald Goeb, Johannes Reichel

Phone.: +49 911 - 99 594-0
Fax: +49 911 - 99 594-129

info@iso-gruppe.com

You can reach our data protection officer at:

If you have any questions regarding the processing of your personal data you can call on our group data protection officer who will, together with his team, be available to you also in cases of request for information, suggestions, or complaints.

Contact address: datenschutz@iso-gruppe.com

 

If the ISO Public Services GmbH is responsible for:

ISO Public Services GmbH

Eichendorffstraße 33
90491 Nuremberg / Germany

Legal representative: Harald Goeb, Moritz Goeb

Phone.: +49 911 - 99 594-0
Fax: +49 911 - 99 594-129

info@iso-gruppe.com

You can reach our data protection officer at:

If you have any questions regarding the processing of your personal data you can call on our group data protection officer who will, together with his team, be available to you also in cases of request for information, suggestions, or complaints.

Contact address: datenschutz@iso-gruppe.com

 

If the ISO Projects GmbH is responsible for:

ISO Projects GmbH
Eichendorffstraße 33
90491 Nuremberg / Germany

Legal representative: Harald Goeb, Claus Bogner

Phone.: +49 911 - 99 594-0
Fax: +49 911 - 99 594-129

info@iso-gruppe.com

You can reach our data protection officer at:

If you have any questions regarding the processing of your personal data you can call on our group data protection officer who will, together with his team, be available to you also in cases of request for information, suggestions, or complaints.

Contact address: datenschutz@iso-gruppe.com
 

If the ISO Travel is responsible for:

ISO Travel
Eichendorffstraße 33
90491 Nuremberg / Germany

Legal representative: Harald Goeb

Phone: +49 911 - 99 594-222
Fax: +49 911 - 99 594-223

info@isotravel.de

You can reach our data protection officer at:

If you have any questions regarding the processing of your personal data you can call on our group data protection officer who will, together with his team, be available to you also in cases of request for information, suggestions, or complaints.

Contact address: datenschutz@iso-gruppe.com

 

If the ISO Software Applications GmbH is responsible for:

ISO Software Applications GmbH
Heiligenstädter Straße 50-52
1190 Vienna / Austria

Legal representative: Harald Goeb, Moritz Goeb

Phone: +43 720 – 30 30 69 - 0
Fax: +43 720 – 30 30 69 - 99

info@isotravel.at

 

If the ISO Software Systeme GmbH (Austria) is responsible for:

ISO Software Systeme GmbH (Austria)
Heiligenstädter Straße 50-52
1190 Vienna / Austria

Legal representative: Harald Goeb

Phone: +43 720 – 30 30 69 - 0
Fax: +43 720 – 30 30 69 - 99

info@isotravel.at

 

If the ISO Software Systems Sp. z o.o. is responsible for:

ISO Software Systems Sp. z o.o.
Ul. Slaska 12/14
42-200 Czestochowa / Polska

General Manager: Zbigniew Gurdak

Phone: +48 34 – 32 58 177

info@iso-gruppe.com

Duty to Inform in Terms of Data Protection Law

Processing – External, ISO Software Applications GmbH, ISO Software Systeme GmbH (Austria), ISO Software Systems Sp. z o.o.

1. Are any of my personal data processed, and if so, how?

ISO is distinctly aware of the importance of your personal data. We take this responsibility seriously and consider it one of our most important tasks to ensure the confidentiality of your data.

With this document we would like to meet our duties to inform in accordance with the General Data Protection Regulation and inform you about what kind of information we are collecting, how we are processing it, and how we are treating it.

2. Why are you processing my data?

ISO utilizes your data for the purposes of

  • Communication
  • Initiation and performance of contractual relationships with the entities mentioned in chapter 4 in conformity with the law

In each case only to the necessary extent.

3. Is ISO allowed to do that at all?

Data processing takes place on the basis of the statutory regulations, primarily of article 6, section 1, lit. a) (= consent) and/or of article 6 I, lit. b) (= performance of a contract concluded with you), article 6, section 1, lit. c) (= compliance with a legal obligation), or lit. f) (= prevailing rightful interest of ISO) of the GDPR. The legal basis for the respective processing of your data is mainly determined as follows:

  • Consent on your part to the processing of the relevant data for the purposes mentioned under 2. As far as no consent by you is on hand:
  • Necessity of processing for the performance of legal obligations (in particular legal minimum retention periods)
  • Necessity of data processing for the performance of contracts concluded with entities mentioned under item 4 respectively for the performance of pre-contractual measures taking place in consequence of your inquiry, as well as
  • After termination of the contractual relationships: Necessity of processing for the protection of the rightful interests of ISO
    • For the supervision of post-contractual rights and duties resulting from the terminated contractual relationship, and
    • For the maintenance of the contract history for possible future business relationships with the respective entities. In that case personal data will only be processed restricted to your official functions at the respective entity.

4. What types of my personal data are you processing?

Affected groups of persons

Contractual partners, persons to contact, and other persons required for the initiation and processing of contracts, particularly at

  • Customers
  • Interested parties
  • Suppliers
  • Partners
  • Subcontractors

Categories of personal data

  • First name and surname (including signature)
  • Contact data (place of work as well as office phone number and office e-mail addresses)
  • Job designation
  • Rights and duties resulting from the existence and termination of contractual relationships (if contractual partner is a natural person)
  • Other personal data you have made available to us
  • Other personal data that are available about you in publically accessible social networks and from other public sources.

5. Do you pass on such data to others?

Your data can be passed on to other member companies of the ISO Group for the purpose of centralized administration, as long as they have their registered office within the European Union and therefore, are subject to the same provisions under data protection law as our corporation.

Customers and interested parties receive data regarding your person as a potential subcontractor (or contact person, or other person required for the initiation and processing of contracts at the subcontractor), to which a contractual relationship is initiated that includes some previous communication, or which is concluded.

Partner companies will receive data regarding you as a subcontractor that are required for the performance of obligations to partners (e.g. time tracking data).

Such groups of recipients are bound to treat those data in accordance with the pertinent data protection laws.

6. For how long will you be processing my data?

As far as legal minimum periods for the retention of certain data categories exist, deletion of data will not take place until the respective periods have elapsed at the earliest.

As far as the processing takes place within the scope of a contractual relationship, deletion will take place upon expiration of the limitation period regulated under § 199, German Civil Code (BGB), calculated from the day of termination of the respective contractual relationship. Notwithstanding the aforesaid deletion will take place upon expiration of the limitation period regulated under § 197, calculated from the day of termination of the respective contractual relationship as far as personal data are processed limited to official functions only at an entity mentioned under chapter 4.

As far as data processing takes place exclusively on the basis of your consent, data will be deleted insofar as you revoke your consent towards us.

7. From where did you actually get my data?

As far as the data are not provided by yourself, we obtain these either from public sources (e.g. XING, Facebook, Linkedin, Twitter), or the data are provided to us by third parties.

As far as we obtain your data from public sources, or receive them from third parties, we will inform you about the concrete source in the course of the initial contact at the latest.

8. Do I have rights, and if so, what are they?

8.1 Data Subject Rights

You have the right:

  • in accordance with Art. 15 GDPR to request information about your personal data processed by us. In particular, you may request information about the purposes of the processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right of rectification, deletion, limitation of processing or opposition, the existence of a right of appeal, the origin of your data if it has not been collected from us, as well as the existence of an automated decision making process including profiling and, if applicable, meaningful information on its details;
  • in accordance with Art. 16 GDPR to immediately demand the correction of incorrect or incomplete personal data stored by us;
  • in accordance with Art. 17 GDPR to demand the deletion of your personal data stored by us, unless processing is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims;
  • in accordance with Art. 18 GDPR to demand the restriction of the processing of your personal data insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you refuse its deletion and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have lodged an objection against the processing in accordance with Art. 21 GDPR;
  • in accordance with Art. 20 GDPR, to receive your personal data which you have provided to us in a structured, common and machine-readable format or to request transmission to another responsible person;
  • in accordance with Art. 7 Para. 3 GDPR to revoke your consent to us at any time. The consequence of this is that we may not continue the data processing based on this consent for the future, and
  • in accordance with Art. 77 GDPR to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or of our registered office.

8.2 Right of objection

If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 Para. 1 lit. f) GDPR, you have the right, in accordance with Art. 21 GDPR, to object to the processing of your personal data if there are reasons for doing so which arise from your particular situation or which are directed against direct advertising. In the latter case, you have a general right of objection, which will be implemented by us without stating a particular situation. If you wish to make use of your right of revocation or objection, simply send an e-mail to datenschutz@iso-gruppe.com

9. How can I reach you if I have questions regarding data privacy? Is there perhaps a concrete person to contact?

If the ISO Software Applications GmbH is responsible for:

ISO Software Applications GmbH
Heiligenstädter Straße 50-52
1190 Vienna / Austria

Legal representative: Harald Goeb, Moritz Goeb

Phone: +43 720 – 30 30 69 - 0
Fax: +43 720 – 30 30 69 - 99

info@isotravel.at

If the ISO Software Systeme GmbH (Austria) is responsible for:

ISO Software Systeme GmbH (Austria)
Heiligenstädter Straße 50-52
1190 Vienna / Austria

Legal representative: Harald Goeb

Phone: +43 720 – 30 30 69 - 0
Fax: +43 720 – 30 30 69 - 99

info@isotravel.at

If the ISO Software Systems Sp. z o.o. is responsible for:

ISO Software Systems Sp. z o.o.
Ul. Slaska 12/14
42-200 Czestochowa / Polska

General Manager: Zbigniew Gurdak

Phone: +48 34 – 32 58 177

info@iso-gruppe.com

Duty to Inform in Terms of Data Protection Law

Processing – Job Applicants, ISO Software Applications GmbH, ISO Software Systeme GmbH (Austria), ISO Software Systems Sp. z o.o.

1. Are any of my personal data processed, and if so, how?

ISO is distinctly aware of the importance of your personal data. We take this responsibility seriously and consider it one of our most important tasks to ensure the confidentiality of your data.

With this document we would like to meet our duties to inform in accordance with the General Data Protection Regulation and inform you about what kind of information we are collecting, how we are processing it, and how we are treating it.

2. Why are you processing my data?

ISO utilizes your data for the purposes of

 

  • Communication
  • Initiation of employment relationships in conformity with the law

In each case only to the necessary extent.

3. Is ISO allowed to do that at all?

Data processing takes place on the basis of the statutory regulations, primarily of article 6, section 1, lit. a) (= consent) and/or of article 6 I, lit. b) (= performance of pre-contractual measures at request), The legal basis for the respective processing of your data is mainly determined as follows:

  • Consent on your part to the processing of the relevant data for the purposes mentioned under 2. As far as no consent by you is on hand:
  • Necessity of data processing for the performance of pre-contractual measures taking place in consequence of your inquiry
  • After termination of the respective application procedure by negative reply: Necessity of processing for the protection of the rightful interests of ISO (= Storage for the handling of possibly asserted claims of the affected persons based on the General Equal Treatment Act (AGG). or other regulations). In this case the interests of ISO are prevailing over the interests or fundamental rights and fundamental freedoms of the affected persons requiring the protection of personal data.

4. What types of my personal data are you processing?

Affected groups of persons

Job applicants / persons suitable for the job

Categories of personal data

  • First name and surname (including signature)
  • Passport photograph
  • Contact data (private and office address, private and office phone numbers, private and office e-mail addresses)
  • Job designation
  • Nationality and residence title
  • Data concerning severely disabled property
  • Date of birth, place of birth
  • School graduation, education, title
  • Family status
  • Confession
  • Driver’s license
  • Type and period of further education
  • Project-related activities
  • Other personal data, as for example consultant’s profiles, self-assessments, certificates, references, etc.
  • Other information from application papers, such as cover letter, CV, and application-relevant evidences as, for example certificates, etc.

5. Do you pass on such data to others?

  • Department in question where the respective vacancy is to be filled
  • When job activity is designated to be at one of our customers, the customer receives data concerning job applicants / persons suitable for the job in order to be able to assess the aptitude for the intended position.

Such groups of recipients are bound to treat those data in accordance with the pertinent data protection laws.

6. For how long will you be processing my data?

Deletion takes place after 6 months have elapsed, calculated from the time of termination of the respective application procedure / staffing procedure by negative reply.

As far as data processing takes place exclusively on the basis of your consent, data will be deleted insofar as you revoke your consent towards us.

7. From where did you actually get my data?

As far as the data are not provided by yourself, we obtain these either from public sources (e.g. XING, Facebook, Linkedin, Twitter), or the data are provided to us by third parties.

As far as we obtain your data from public sources, or receive them from third parties, we will inform you about the concrete source in the course of the initial contact at the latest.

8. Do I have rights, and if so, what are they?

8.1 Data Subject Rights

You have the right:

  • in accordance with Art. 15 GDPR to request information about your personal data processed by us. In particular, you may request information about the purposes of the processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right of rectification, deletion, limitation of processing or opposition, the existence of a right of appeal, the origin of your data if it has not been collected from us, as well as the existence of an automated decision making process including profiling and, if applicable, meaningful information on its details;
  • in accordance with Art. 16 GDPR to immediately demand the correction of incorrect or incomplete personal data stored by us;
  • in accordance with Art. 17 GDPR to demand the deletion of your personal data stored by us, unless processing is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims;
  • in accordance with Art. 18 GDPR to demand the restriction of the processing of your personal data insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you refuse its deletion and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have lodged an objection against the processing in accordance with Art. 21 GDPR;
  • in accordance with Art. 20 GDPR, to receive your personal data which you have provided to us in a structured, common and machine-readable format or to request transmission to another responsible person;
  • in accordance with Art. 7 Para. 3 GDPR to revoke your consent to us at any time. The consequence of this is that we may not continue the data processing based on this consent for the future, and
  • in accordance with Art. 77 GDPR to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or of our registered office.

8.2 Right of objection

If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 Para. 1 lit. f) GDPR, you have the right, in accordance with Art. 21 GDPR, to object to the processing of your personal data if there are reasons for doing so which arise from your particular situation or which are directed against direct advertising. In the latter case, you have a general right of objection, which will be implemented by us without stating a particular situation. If you wish to make use of your right of revocation or objection, simply send an e-mail to datenschutz@iso-gruppe.com

9. How can I reach you if I have questions regarding data privacy? Is there perhaps a concrete person to contact?

If the ISO Software Systeme GmbH (Austria) is responsible for:

ISO Software Systeme GmbH (Austria)
Heiligenstädter Straße 50-52
1190 Vienna / Austria

Legal representative: Harald Goeb

Phone: +43 720 – 30 30 69 - 0
Fax: +43 720 – 30 30 69 - 99

info@isotravel.at

If the ISO Software Systems Sp. z o.o. is responsible for:

ISO Software Systems Sp. z o.o.
Ul. Slaska 12/14
42-200 Czestochowa / Polska

General Manager: Zbigniew Gurdak

Phone: +48 34 – 32 58 177

info@iso-gruppe.com

Contact