Privacy Policy
Information on data protection
The protection of your personal data during the collection, processing and use on the occasion of your visit to our homepage is an important concern for us.
We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.
As a rule, it is possible to use our website without providing personal data. Insofar as personal data (e.g. name, address or e‑mail address) is collected on our website, this is always done on a voluntary basis. We would like to point out that data transmission on the Internet (e.g. when communicating by e‑mail) can have security gaps. Complete protection of data against access by third parties is not possible.
In the following, we would like to inform you that and how personal data is requested from you and electronically stored and processed by us
Who is responsible for processing?
i‑TYPE GmbH
Kleine Seilerstraße 1
D‑20359 Hamburg
Data Protection Officer
Mauß Datenschutz GmbH, Neuer Wall 10, 20354 Hamburg, Germany, is responsible for professional data protection. You can contact our data protection officer by post or by telephone: +49 (0) 40 999 99 52 — 0 or by e‑mail: datenschutz@datenschutzbeauftragter-hamburg.de.
Personal Data
Personal data is information about you. This includes information such as your name, address, telephone number or e‑mail address, but also data such as your location, IP address or bank details. You do not need to disclose personal data to use our website. In certain cases, however, we need your name and address as well as other information so that we can provide the requested information or services.
Collection and processing of personal data
We process personal data that you actively provide to us through your input. Furthermore, we automatically process personal data based on the use of our website. Your personal data may therefore be processed in the following cases in particular:
Visiting our website
Establishing contact with us
Analysis of why visitors come to our website and how they use it
Use of external tools (e.g. web fonts)
Defence against attacks against technical infrastructure
For details, please refer to the following statements.
Visiting our website
When you visit our website, the company commissioned by us to operate the website processes and stores not only technical information about the end device you are using (operating system, screen resolution and other, non-personal characteristics) and the browser (version, language settings), but in particular the public IP address of the computer you are using to visit our website, together with the date and time of access. The IP address is a unique numerical address under which your end device sends or retrieves data on the Internet. As a rule, we or our service provider do not know who is behind an IP address, unless you provide us with data during the use of our website that enables us to identify you.
Our service provider uses the processed data in a non-personal manner for statistical purposes so that we can understand which end devices are used with which settings for visiting our website in order to optimise it for them if necessary. These statistics do not contain any personal data. The legal basis for the creation of the statistics is Art. 6 para. 1 lit. f GDPR.
The IP address is also used so that you can technically access and use our website and to detect and defend against attacks against our service provider or our website. Such attacks would impair the intended functionality of the data centre of the company commissioned by us, the use of our website or its functionality as well as the safety of visitors to our website. The processing of the IP address including the time of access is carried out to defend against such attacks. Through our service provider, we pursue the legitimate interest with this processing to ensure the functionality of our website and to ward off illegal attacks against us and the visitors to our website. The legal basis for the processing is Art. 6 para. 1 lit. f GDPR.
The stored IP data is deleted after 7 days and kept for 14 days in encrypted form by a backup. After that, they are no longer needed for the detection or defence of an attack.
External hosting
This website is hosted externally. The personal data collected on this website is stored on the hosting servers. This may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data generated via a website.
External hosting is carried out for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR). If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.
Our hosting will only process your data to the extent necessary to fulfill its performance obligations and follow our instructions with regard to this data.
We use the following hosting:
IONOS SE
Elgendorfer Str. 57
56410 Montabauer
Order processing
We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract prescribed by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
WordPress
We use the platform and services of WordPress.org for the visual presentation of our website. General information on data protection at WordPress.org can be found at https://de.wordpress.org/about/privacy/
Our legitimate interest in using WordPress.org is to ensure a uniform appearance of the website and thus its functionality on all end devices. The legal basis for processing is therefore Art. 6 para. 1 lit. f GDPR.
SSL and TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties. Even if you call up the website without encryption, the response from our web server is already encrypted.
Encrypted transmission
The data we collect on our homepage is transmitted to us exclusively in encrypted form. The same applies to the delivery of our web pages. Even if you call up our website without encryption, the response from our web server is already encrypted.
Cookies
Some of our web pages use so-called cookies. Cookies do not cause any damage to your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser.
Most of the cookies we use are so-called "session cookies". They are automatically deleted at the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognise your browser on your next visit.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.
We regularly evaluate these server logs anonymously for statistical purposes so that we can determine how our websites are used. We then optimise our website on the basis of these findings. In addition, in the event of system abuse, we may use this information in cooperation with your Internet provider and/or local authorities to identify the perpetrator of such abuse.
Autoptimize
The Autoptimize plugin can cache and minimize scripts and styles, move CSS to the header area by default, defer complete CSS or move scripts to the footer. It reduces the HTML code and can therefore increase the performance of any website. According to the developer, the plugin does not process any personal data. Privacy policy: https://de.wordpress.org/plugins/autoptimize/
Comet Cache
The Comet Cache plugin can store website content in a cache so that the website content loads faster and is available when it is reopened. The plugin does not process any personal data and does not set any cookies. Privacy policy: https://de.wordpress.org/plugins/comet-cache/
CryptX
The CryptX plugin hides linked e‑mail addresses on the website from spiders using JavaScipt or Unicode. Privacy policy: https://weber-nrw.de/datenschutz/
Disable auto-update email notifications
This plugin suppresses email notifications when plugins or themes are updated. It does not process any personal data of website visitors.
Duplicate Post and Page Menu & Custom Post Type
We use this plugin to duplicate entries, posts, pages, etc.. No personal data is processed in the process.
Hide from Search
This plugin hides certain WordPress pages from search engines. No personal data is processed in the process.
Limit Login Attempts Reloaded
The Limit Login Attempts Reloaded plugin stops brute force attacks and optimizes website performance by reducing the number of login attempts. The plugin only sets technically necessary cookies and stores obfuscated IP addresses in the WordPress database using MD5 hashes. Data protection: https://de.wordpress.org/plugins/limit-login-attempts-reloaded/
Polylang
Polylang automatically translates the website into the preferred language. To do this, the plugin uses cookies to remember the selected language and display it accordingly when the website is called up again. This setting requires the active consent of the user.
Popups for Divi
With the help of this plugin we can create popups to make the page more appealing. The plugin does not use any data from the website for this.
Rank Math SEO
Rank Math SEO is a search engine optimization plugin. It does not process any personal data. Privacy policy: https://rankmath.com/usage-tracking/
Redirection
The Redirection plugin helps to eliminate loose ends and 404 errors on the website. The plugin does not set any cookies and does not process any personal data according to the settings. Privacy policy: https://de.wordpress.org/plugins/redirection/
Spam Protection Without Captcha
Our website uses the "Spam Protection Without Captcha (Captcha)" plugin to prevent spam messages. The IP address, browser information, referrer URL and timestamp of the request are processed. This data is used exclusively for spam prevention and is not passed on to third parties. The legal basis is Art. 6 para. 1 lit. f GDPR. The data will be deleted after 30 days at the latest.
Google Web Fonts
This site uses so-called web fonts provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google") for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. In order to comply with current data protection regulations, we have downloaded the fonts and stored them locally on our own servers. This means that the browser you are using does not connect to Google's servers.
Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
browser type/browser version
operating system used
referrer URL
host name of the accessing computer
time of the server request
This data cannot be assigned to specific persons. This data is not merged with other data sources. We reserve the right to check this data retrospectively if we become aware of concrete indications of illegal use.
Access to external sites
Our website contains links to other websites that are not operated by iTYPE GmbH. We do not monitor these websites and are not responsible for their content or their handling of personal data.
Use of YouTube
Our website uses social plugins ("plugins") from YouTube, which is operated by YouTube Videos, Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
is operated. The plugins are marked with a YouTube logo.
To use the video player functions, it is necessary to save your IP address. This information is usually transmitted to a server of the video platforms in the USA and stored there. We have no influence on this data transfer.
We have configured the integration of the videos in such a way that data is not transferred to the video platforms automatically, but only when you activate the videos by clicking on them.
The video platforms provide the video in various formats and qualities and ensure that the videos are displayed correctly on all end devices.
The use of YouTube is in the interest of an appealing, audiovisual presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.
Further information on the handling of user data can be found in Google's privacy policy: https://www.google.de/intl/de/policies/privacy/.
Other social media plugins
We do not use any social media plugins or widgets on our website, except for YouTube. As soon as users access the linked social media profiles in the respective network, the terms and conditions and data processing guidelines of the respective operators apply. You can view the privacy policy for our social media profiles here: https://my-type.de/datenschutzerklaerung-social-media/
How to contact us
Contact form
If you send us enquiries via the contact form, your details from the enquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We do not pass on this data without your consent, unless it is necessary to commission one of our trained personality consultants to process your enquiry.
Contact requests
If you send us a message via one of the contact options offered, we will use the data you provide us with to process your enquiry. The legal basis for this is our legitimate interest in responding to your request in accordance with Art. 6 Para. 1 lit. f DS-GVO. If your enquiry serves the conclusion of a contract with us to which you as a person are a party, the further legal basis for the processing is Art. 6 (1) lit. b GDPR. The data will be deleted after your request has been dealt with. If we are legally obliged to store the data for a longer period of time, it will be deleted after the expiry of the relevant period.
Implementation of the iTYPE test procedure
Data storage and transmission to third parties
By completing the iTYPE test procedure, the user agrees that his/her personal data (first name, surname, e‑mail address and IP address) will be stored in the iTYPE test database for 3 months in connection with the personality profile. i‑TYPE GmbH is entitled to pass on the user's personality profile and personal data to the personality consultant responsible for the evaluation. Consent to forwarding is given on the Internet immediately before the start of the test.
The iTYPE test database, in which access TANs are generated, the test is carried out and the result is evaluated, was specially programmed for our purposes on our behalf by enbiz engineering and business solutions GmbH. The program runs on an external server hosted by Innovation Campus Xtended Learning Solutions GmbH. In addition, all data is stored on a second external server from Hetzner Online GmbH. DPAs have been concluded with all external service providers to ensure GDPR-compliant data processing and transfer.
Application procedure at iTYPE
What personal data do we process and for what purpose?
We process the data that you have sent us in connection with your application in order to check your suitability for the advertised position, to coordinate it in-house, to carry out the pre-selection process, to conduct interviews with you and to make a decision on employment.
This data includes, in particular, title, surname and first name, the usual correspondence data such as postal address, e‑mail address and telephone numbers, as well as application documents such as letter of motivation, CV, professional, training and further education qualifications and references and all other information that you voluntarily provide to us.
What is the legal basis for data processing?
The legal basis for the processing of your personal data in this application process is in particular Section 26 BDSG in conjunction with Art. 6 para. 1 lit. b and, if applicable, a GDPR. Accordingly, the processing of all data required in connection with the decision on the establishment of an employment relationship is permitted.
Furthermore, we may process personal data about you insofar as this is necessary to defend against legal claims asserted against us in the application process. The legal basis for this is Art. 6 para. 1 lit. b and f of the GDPR. Our legitimate interest is the aforementioned defense against claims.
If we create evaluations or statistics, the processing is based on Art. 6 Para. 1 lit. f GDPR, our legitimate interest is the constant review and optimisation of our attractiveness as an employer, as well as the monitoring of success.
How long is your data stored?
In the event of a rejection, applicant data will be deleted 6 months after completion of the recruitment process, provided it is for an advertised position. If you have sent us a speculative application, we will delete the data 6 months after we have rejected you.
If an employment relationship is established, we will continue to process the data we have already received from you for the purposes of the employment relationship and all related processing (e.g. reporting and payment of social security contributions). We will inform you in good time about this further processing in accordance with the statutory provisions.
Who receives your data?
After receipt of your application, your application data will be viewed by the staff responsible for human resources. Candidate applications are then forwarded internally to the person responsible for the respective vacant position.
In principle, only those persons within the company have access to your data who are responsible for ensuring that the selection process is carried out properly. Within the framework of technical maintenance measures, those responsible for this may be able to view your data.
Are you obliged to provide us with data?
You are neither contractually nor legally obliged to provide us with data as part of the application process. However, failure to provide us with data may mean that we are unable to consider you in the further procedure.
Children and young people
It is not our intention to collect personal data from children and young people under the age of 18. If a parent or guardian of a child who has provided us with personal data wishes to have the relevant information deleted from our records, he/she may contact us at the e‑mail address or telephone number provided at the end of this statement. We will then delete the child's personal information from our records.
Your rights
Deletion of personal data
Personal data is stored for the duration of the respective statutory retention period (in particular as measured by commercial and tax law). If this data is no longer required for contract fulfillment or contract initiation after this statutory retention period has expired, or if we have no legitimate interest in the continued storage of the data, it will be deleted. At the time of deletion, we proceed according to our deletion concept.
Right to information
According to Art. 15 GDPR, you have the right to request confirmation from us as to whether personal data relating to you is being processed by us. If this is the case, you have the right to be informed about this personal data and to receive further information as specified in Art. 15 GDPR.
Right to rectification
Pursuant to Art. 16 GDPR, you have the right to request that we correct any inaccurate personal data relating to you without undue delay. Taking into account the purposes of the processing, you also have the right to request that incomplete personal data be completed, including by means of a supplementary declaration.
Right to erasure
You have the right to request that we delete personal data relating to you without undue delay. We are obliged to delete personal data without delay if the relevant requirements of Art. 17 GDPR are met. For details, please refer to Art. 17 GDPR.
Right to restriction of processing
In accordance with Art. 18 GDPR, you have the right under certain conditions to demand that we restrict the processing of your personal data.
Right of objection
Pursuant to Art. 21 GDPR, you have the right to object to the processing of personal data concerning you which is carried out on the basis of Article 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions.
If we process your personal data for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing.
If you wish to exercise any of these rights, please contact us as the data controller using the contact details above or use one of the other methods we offer to send you this notice. If you have any questions about this, please contact us.
Existence of a right of complaint to the supervisory authority
Pursuant to Article 77 of the GDPR, you have the right to complain to the supervisory authority, without prejudice to any other administrative or judicial remedy. This right exists in particular in the Member State of your place of residence, your place of work or the place of the alleged infringement if you consider that the processing of personal data concerning you infringes the GDPR.
Changes to the privacy policy
We reserve the right to change the security and data protection measures at any time, especially if this becomes necessary due to technical developments. In such cases, we may also adapt this data protection notice accordingly. Please therefore refer to the current version of this data protection statement.
Version IV, Status 12.09.2024