Privacy Policy

Infor­mation on data protection

The protection of your personal data during the collection, processing and use on the occasion of your visit to our homepage is an important concern for us.

We treat your personal data confi­den­tially and in accor­dance with the statutory data protection regula­tions and this data protection declaration.

As a rule, it is possible to use our website without providing personal data. Insofar as personal data (e.g. name, address or e‑mail address) is collected on our website, this is always done on a voluntary basis. We would like to point out that data trans­mission on the Internet (e.g. when commu­ni­cating by e‑mail) can have security gaps. Complete protection of data against access by third parties is not possible.

In the following, we would like to inform you that and how personal data is requested from you and electron­i­cally stored and processed by us

Who is respon­sible for processing?
i‑TYPE GmbH
Kleine Seiler­straße 1
D‑20359 Hamburg

repre­sented by the managing director Manuela Barth, who can be reached info@itype.eu or via telephone: +49 (0) 40 46 89 84 40

Data Protection Officer
Mauß Daten­schutz GmbH, Neuer Wall 10, 20354 Hamburg, Germany, is respon­sible for profes­sional data protection. You can contact our data protection officer by post or by telephone: +49 (0) 40 999 99 52 — 0 or by e‑mail: datenschutz@datenschutzbeauftragter-hamburg.de.

Personal Data
Personal data is infor­mation about you. This includes infor­mation such as your name, address, telephone number or e‑mail address, but also data such as your location, IP address or bank details. You do not need to disclose personal data to use our website. In certain cases, however, we need your name and address as well as other infor­mation so that we can provide the requested infor­mation or services.

Collection and processing of personal data
We process personal data that you actively provide to us through your input. Furthermore, we automat­i­cally process personal data based on the use of our website. Your personal data may therefore be processed in the following cases in particular:

  • Visiting our website

  • Estab­lishing contact with us

  • Analysis of why visitors come to our website and how they use it

  • Use of external tools (e.g. web fonts)

  • Defence against attacks against technical infrastructure

For details, please refer to the following statements.

Visiting our website

When you visit our website, the company commis­sioned by us to operate the website processes and stores not only technical infor­mation about the end device you are using (operating system, screen resolution and other, non-personal charac­ter­istics) and the browser (version, language settings), but in particular the public IP address of the computer you are using to visit our website, together with the date and time of access. The IP address is a unique numerical address under which your end device sends or retrieves data on the Internet. As a rule, we or our service provider do not know who is behind an IP address, unless you provide us with data during the use of our website that enables us to identify you.

Our service provider uses the processed data in a non-personal manner for statis­tical purposes so that we can under­stand which end devices are used with which settings for visiting our website in order to optimise it for them if necessary. These statistics do not contain any personal data. The legal basis for the creation of the statistics is Art. 6 para. 1 lit. f GDPR.

The IP address is also used so that you can techni­cally access and use our website and to detect and defend against attacks against our service provider or our website. Such attacks would impair the intended function­ality of the data centre of the company commis­sioned by us, the use of our website or its function­ality as well as the safety of visitors to our website. The processing of the IP address including the time of access is carried out to defend against such attacks. Through our service provider, we pursue the legit­imate interest with this processing to ensure the function­ality of our website and to ward off illegal attacks against us and the visitors to our website. The legal basis for the processing is Art. 6 para. 1 lit. f GDPR.

The stored IP data is deleted after 7 days and kept for 14 days in encrypted form by a backup. After that, they are no longer needed for the detection or defence of an attack.

External hosting

This website is hosted exter­nally. The personal data collected on this website is stored on the hosting servers. This may include IP addresses, contact requests, meta and commu­ni­cation data, contract data, contact details, names, website accesses and other data generated via a website.
External hosting is carried out for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a profes­sional provider (Art. 6 para. 1 lit. f GDPR). If a corre­sponding consent has been requested, the processing is carried out exclu­sively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to infor­mation in the user's terminal device (e.g. device finger­printing) within the meaning of the TDDDG. Consent can be revoked at any time.

Our hosting will only process your data to the extent necessary to fulfill its perfor­mance oblig­a­tions and follow our instruc­tions with regard to this data.
We use the following hosting:

IONOS SE
Elgen­dorfer Str. 57
56410 Montabauer

Order processing
We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract prescribed by data protection law, which ensures that the provider only processes the personal data of our website visitors in accor­dance with our instruc­tions and in compliance with the GDPR.

WordPress
We use the platform and services of WordPress.org for the visual presen­tation of our website. General infor­mation on data protection at WordPress.org can be found at https://de.wordpress.org/about/privacy/
Our legit­imate interest in using WordPress.org is to ensure a uniform appearance of the website and thus its function­ality on all end devices. The legal basis for processing is therefore Art. 6 para. 1 lit. f GDPR.

SSL and TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the trans­mission of confi­dential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties. Even if you call up the website without encryption, the response from our web server is already encrypted.

Encrypted trans­mission
The data we collect on our homepage is trans­mitted to us exclu­sively in encrypted form. The same applies to the delivery of our web pages. Even if you call up our website without encryption, the response from our web server is already encrypted.

Cookies
Some of our web pages use so-called cookies. Cookies do not cause any damage to your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called "session cookies". They are automat­i­cally deleted at the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognise your browser on your next visit.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the accep­tance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the function­ality of this website may be limited.

We regularly evaluate these server logs anony­mously for statis­tical purposes so that we can determine how our websites are used. We then optimise our website on the basis of these findings. In addition, in the event of system abuse, we may use this infor­mation in cooper­ation with your Internet provider and/​or local author­ities to identify the perpe­trator of such abuse.

Autop­timize
The Autop­timize plugin can cache and minimize scripts and styles, move CSS to the header area by default, defer complete CSS or move scripts to the footer. It reduces the HTML code and can therefore increase the perfor­mance of any website. According to the developer, the plugin does not process any personal data. Privacy policy: https://de.wordpress.org/plugins/autoptimize/

Comet Cache
The Comet Cache plugin can store website content in a cache so that the website content loads faster and is available when it is reopened. The plugin does not process any personal data and does not set any cookies. Privacy policy: https://de.wordpress.org/plugins/comet-cache/

CryptX
The CryptX plugin hides linked e‑mail addresses on the website from spiders using JavaScipt or Unicode. Privacy policy: https://weber-nrw.de/datenschutz/

Disable auto-update email notifi­ca­tions
This plugin suppresses email notifi­ca­tions when plugins or themes are updated. It does not process any personal data of website visitors.

Duplicate Post and Page Menu & Custom Post Type
We use this plugin to duplicate entries, posts, pages, etc.. No personal data is processed in the process.

Hide from Search
This plugin hides certain WordPress pages from search engines. No personal data is processed in the process.

Limit Login Attempts Reloaded
The Limit Login Attempts Reloaded plugin stops brute force attacks and optimizes website perfor­mance by reducing the number of login attempts. The plugin only sets techni­cally necessary cookies and stores obfus­cated IP addresses in the WordPress database using MD5 hashes. Data protection: https://de.wordpress.org/plugins/limit-login-attempts-reloaded/

Polylang
Polylang automat­i­cally trans­lates the website into the preferred language. To do this, the plugin uses cookies to remember the selected language and display it accord­ingly when the website is called up again. This setting requires the active consent of the user.

Popups for Divi
With the help of this plugin we can create popups to make the page more appealing. The plugin does not use any data from the website for this.

Rank Math SEO
Rank Math SEO is a search engine optimization plugin. It does not process any personal data. Privacy policy: https://rankmath.com/usage-tracking/

Redirection
The Redirection plugin helps to eliminate loose ends and 404 errors on the website. The plugin does not set any cookies and does not process any personal data according to the settings. Privacy policy: https://de.wordpress.org/plugins/redirection/

Spam Protection Without Captcha
Our website uses the "Spam Protection Without Captcha (Captcha)" plugin to prevent spam messages. The IP address, browser infor­mation, referrer URL and timestamp of the request are processed. This data is used exclu­sively for spam prevention and is not passed on to third parties. The legal basis is Art. 6 para. 1 lit. f GDPR. The data will be deleted after 30 days at the latest.

Google Web Fonts
This site uses so-called web fonts provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google") for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. In order to comply with current data protection regula­tions, we have downloaded the fonts and stored them locally on our own servers. This means that the browser you are using does not connect to Google's servers.

Server log files
The provider of the pages automat­i­cally collects and stores infor­mation in so-called server log files, which your browser automat­i­cally transmits to us. These are:

  • browser type/​browser version

  • operating system used

  • referrer URL

  • host name of the accessing computer

  • time of the server request

This data cannot be assigned to specific persons. This data is not merged with other data sources. We reserve the right to check this data retro­spec­tively if we become aware of concrete indica­tions of illegal use.

Access to external sites
Our website contains links to other websites that are not operated by iTYPE GmbH. We do not monitor these websites and are not respon­sible for their content or their handling of personal data.

Use of YouTube
Our website uses social plugins ("plugins") from YouTube, which is operated by YouTube Videos, Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
is operated. The plugins are marked with a YouTube logo.
To use the video player functions, it is necessary to save your IP address. This infor­mation is usually trans­mitted to a server of the video platforms in the USA and stored there. We have no influence on this data transfer.
We have configured the integration of the videos in such a way that data is not trans­ferred to the video platforms automat­i­cally, but only when you activate the videos by clicking on them.
The video platforms provide the video in various formats and qualities and ensure that the videos are displayed correctly on all end devices.
The use of YouTube is in the interest of an appealing, audio­visual presen­tation of our online offers. This consti­tutes a legit­imate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

Further infor­mation on the handling of user data can be found in Google's privacy policy: https://www.google.de/intl/de/policies/privacy/.

Other social media plugins
We do not use any social media plugins or widgets on our website, except for YouTube. As soon as users access the linked social media profiles in the respective network, the terms and condi­tions and data processing guide­lines of the respective operators apply. You can view the privacy policy for our social media profiles here: https://my-type.de/datenschutzerklaerung-social-media/

 

How to contact us

Contact form
If you send us enquiries via the contact form, your details from the enquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We do not pass on this data without your consent, unless it is necessary to commission one of our trained person­ality consul­tants to process your enquiry.

Contact requests
If you send us a message via one of the contact options offered, we will use the data you provide us with to process your enquiry. The legal basis for this is our legit­imate interest in responding to your request in accor­dance with Art. 6 Para. 1 lit. f DS-GVO. If your enquiry serves the conclusion of a contract with us to which you as a person are a party, the further legal basis for the processing is Art. 6 (1) lit. b GDPR. The data will be deleted after your request has been dealt with. If we are legally obliged to store the data for a longer period of time, it will be deleted after the expiry of the relevant period.

Imple­men­tation of the iTYPE test procedure

Data storage and trans­mission to third parties
By completing the iTYPE test procedure, the user agrees that his/​her personal data (first name, surname, e‑mail address and IP address) will be stored in the iTYPE test database for 3 months in connection with the person­ality profile. i‑TYPE GmbH is entitled to pass on the user's person­ality profile and personal data to the person­ality consultant respon­sible for the evalu­ation. Consent to forwarding is given on the Internet immedi­ately before the start of the test.

The iTYPE test database, in which access TANs are generated, the test is carried out and the result is evaluated, was specially programmed for our purposes on our behalf by enbiz engineering and business solutions GmbH. The program runs on an external server hosted by Innovation Campus Xtended Learning Solutions GmbH. In addition, all data is stored on a second external server from Hetzner Online GmbH. DPAs have been concluded with all external service providers to ensure GDPR-compliant data processing and transfer.

 

Appli­cation procedure at iTYPE

What personal data do we process and for what purpose?
We process the data that you have sent us in connection with your appli­cation in order to check your suitability for the adver­tised position, to coordinate it in-house, to carry out the pre-selection process, to conduct inter­views with you and to make a decision on employment.
This data includes, in particular, title, surname and first name, the usual corre­spon­dence data such as postal address, e‑mail address and telephone numbers, as well as appli­cation documents such as letter of motivation, CV, profes­sional, training and further education quali­fi­ca­tions and refer­ences and all other infor­mation that you volun­tarily provide to us.

What is the legal basis for data processing?
The legal basis for the processing of your personal data in this appli­cation process is in particular Section 26 BDSG in conjunction with Art. 6 para. 1 lit. b and, if applicable, a GDPR. Accord­ingly, the processing of all data required in connection with the decision on the estab­lishment of an employment relationship is permitted.
Furthermore, we may process personal data about you insofar as this is necessary to defend against legal claims asserted against us in the appli­cation process. The legal basis for this is Art. 6 para. 1 lit. b and f of the GDPR. Our legit­imate interest is the afore­men­tioned defense against claims.

If we create evalu­a­tions or statistics, the processing is based on Art. 6 Para. 1 lit. f GDPR, our legit­imate interest is the constant review and optimi­sation of our attrac­tiveness as an employer, as well as the monitoring of success.

How long is your data stored?
In the event of a rejection, applicant data will be deleted 6 months after completion of the recruitment process, provided it is for an adver­tised position. If you have sent us a specu­lative appli­cation, we will delete the data 6 months after we have rejected you.

If an employment relationship is estab­lished, we will continue to process the data we have already received from you for the purposes of the employment relationship and all related processing (e.g. reporting and payment of social security contri­bu­tions). We will inform you in good time about this further processing in accor­dance with the statutory provisions.

Who receives your data?
After receipt of your appli­cation, your appli­cation data will be viewed by the staff respon­sible for human resources. Candidate appli­ca­tions are then forwarded inter­nally to the person respon­sible for the respective vacant position.

In principle, only those persons within the company have access to your data who are respon­sible for ensuring that the selection process is carried out properly. Within the framework of technical mainte­nance measures, those respon­sible for this may be able to view your data.

Are you obliged to provide us with data?
You are neither contrac­tually nor legally obliged to provide us with data as part of the appli­cation process. However, failure to provide us with data may mean that we are unable to consider you in the further procedure.

Children and young people
It is not our intention to collect personal data from children and young people under the age of 18. If a parent or guardian of a child who has provided us with personal data wishes to have the relevant infor­mation deleted from our records, he/​she may contact us at the e‑mail address or telephone number provided at the end of this statement. We will then delete the child's personal infor­mation from our records.

Your rights

Deletion of personal data
Personal data is stored for the duration of the respective statutory retention period (in particular as measured by commercial and tax law). If this data is no longer required for contract fulfillment or contract initi­ation after this statutory retention period has expired, or if we have no legit­imate interest in the continued storage of the data, it will be deleted. At the time of deletion, we proceed according to our deletion concept.

Right to infor­mation
According to Art. 15 GDPR, you have the right to request confir­mation from us as to whether personal data relating to you is being processed by us. If this is the case, you have the right to be informed about this personal data and to receive further infor­mation as specified in Art. 15 GDPR.

Right to recti­fi­cation
Pursuant to Art. 16 GDPR, you have the right to request that we correct any inaccurate personal data relating to you without undue delay. Taking into account the purposes of the processing, you also have the right to request that incom­plete personal data be completed, including by means of a supple­mentary declaration.

Right to erasure
You have the right to request that we delete personal data relating to you without undue delay. We are obliged to delete personal data without delay if the relevant require­ments of Art. 17 GDPR are met. For details, please refer to Art. 17 GDPR. 

Right to restriction of processing
In accor­dance with Art. 18 GDPR, you have the right under certain condi­tions to demand that we restrict the processing of your personal data.

Right of objection
Pursuant to Art. 21 GDPR, you have the right to object to the processing of personal data concerning you which is carried out on the basis of Article 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions.

If we process your personal data for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing.

If you wish to exercise any of these rights, please contact us as the data controller using the contact details above or use one of the other methods we offer to send you this notice. If you have any questions about this, please contact us.

Existence of a right of complaint to the super­visory authority
Pursuant to Article 77 of the GDPR, you have the right to complain to the super­visory authority, without prejudice to any other admin­is­trative or judicial remedy. This right exists in particular in the Member State of your place of residence, your place of work or the place of the alleged infringement if you consider that the processing of personal data concerning you infringes the GDPR.

Changes to the privacy policy
We reserve the right to change the security and data protection measures at any time, especially if this becomes necessary due to technical devel­op­ments. In such cases, we may also adapt this data protection notice accord­ingly. Please therefore refer to the current version of this data protection statement.

Version IV, Status 12.09.2024