Name and address of the controller

The controller within the meaning of the European General Data Protection Regulation (GDPR) and other national data protection laws of the Member States as well as other data protection regulations is:

INSITE-Interventions GmbH
Geschäftsführer: Dr. Matthias Conradt, Marcel Willems
Clemensstr. 10 - 12
60487 Frankfurt am Main
Tel: +49 69 90555 290
E-Mail: office@insite.de

Name and address of the data protection officer

The data protection officer of the controller is:

Ms Deborah Schütt
Clemensstr. 10-12
60487 Frankfurt am Main
Germany

For confidential matters, you can contact our data protection officer at:
Tel: +49 69 90555 29 -0
E-Mail: dsb@insite.de

For general questions about data protection, please contact our data protection team at: 

Tel: +49 69 90555 29-0
E-Mail: datenschutz@insite.de

Websites:
www.insite.de/en
www.eap.de/en

We take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

As a rule, it is possible to use our websites without providing personal data. Insofar as personal data (e.g. name, address or email addresses) is collected on our websites, this is always done on a voluntary basis as far as possible. This data will not be passed on to third parties without your express consent.

We would like to point out that data transmission over the Internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.

The following regulations inform you about the type, scope and purpose of the collection, use and processing of personal data by the provider.

We reserve the right to change the privacy policy in order to adapt it to changed legal situations or in the event of changes to the service or data processing. Users are therefore requested to inform themselves regularly about its content.

Frankfurt am Main, July 2025

The Management

We collect, process and use users' personal data only in compliance with the relevant data protection regulations. This means that users' data will only be used if there is legal permission or consent.

We take organisational, contractual and technical security measures in line with the state of the art to ensure that the provisions of data protection laws are complied with and to protect the data we manage against accidental or intentional manipulation, loss, destruction or access by unauthorised persons.

2.1. External hosting

This website is hosted by an external service provider (host). The personal data collected on this website is stored on the host's servers.

Our host will only process your data to the extent necessary to fulfil its service obligations and will follow our instructions regarding this data.

We use the following host:

blackpoint GmbH

Friedberger Straße 106b
61118 Bad Vilbel, Germany

T +49 6101 65 78 8-0
F +49 6101 65 78 8-99
M info(at)blackpoint.de
W www.blackpoint.de

Authorised representatives:
Dirk Estenfeld, Mario Di Rienzo 

2.2 Purpose of collecting, processing and using personal data on our websites

Users' personal data is used to provide our websites and the associated services and user benefits. We pass on the data to third parties if this is done on the basis of consent or is permitted by law in order to fulfil our contractual obligations towards users.

When you contact us, the information will be stored for the purpose of processing your enquiry and in case any follow-up questions arise. Personal data will be deleted if it is no longer required or if there are no legal retention obligations that prevent its deletion.

2.3 Collection of access data

We collect data about every server access to this website (so-called server log files). Access data includes the name of the website accessed, the file, the date and time of access, the amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider. This data cannot be assigned to specific individuals. This data is not merged with other data sources. After 7 days, server log files are pseudonymised. The legitimate interest lies in the error-free presentation of the website (Art. 6 para. 1 f GDPR).

In accordance with legal provisions, we use the log data without assigning it to the user's person or otherwise creating a profile, solely for statistical evaluations for the purpose of operating, securing and optimising our website. However, we reserve the right to subsequently review the log data if there are concrete indications that give rise to a justified suspicion of unlawful use.

2.4 Cookies

The websites use so-called cookies. Further information on this can be found in the cookie banner. Cookies do not harm your computer and do not contain viruses. Cookies are small text files that are stored on your computer and saved by your browser. The cookies we use are so-called ‘session cookies’, which are necessary for the smooth operation of the website. They are automatically deleted at the end of your visit. Other cookies remain stored on your device until you delete them. You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when you close your browser.

In addition, marketing cookies are used for analysis and statistical purposes. Here we use Google Tag Manager. Google Tag Manager is a tool that allows us to integrate tracking or statistics tools and other technologies into our website. Google Tag Manager itself does not create user profiles, store cookies or perform independent analyses. It is used solely for the management and display of the tools integrated via it.
We use the LinkedIn Insight Tag for retargeting using conversion tracking technology from LinkedIn Corporation. This technology allows visitors to this website to be shown personalised advertisements on LinkedIn. It also enables the creation of anonymous reports on the performance of the advertisements and information on website interaction. For this purpose, the LinkedIn Insight Tag is integrated into this website, which establishes a connection to the LinkedIn server when you visit this website and are logged into your LinkedIn account at the same time.

The use of cookies is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the quick and uncomplicated integration and administration of various tools on its website. If consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 TDDDG; consent can be revoked at any time.

2.5 Contact details

On our website, we offer you the opportunity to contact us by email and/or via a contact form. In this case, the information provided by the user will be stored for the purpose of processing their enquiry. It will not be passed on to third parties. The data collected in this way will also not be compared with data that may be collected by other components of our website. The contact request can be deleted at any time (see ‘Rights of data subjects’). The legal basis for the collection and processing of data is, depending on the circumstances of the contact request, Art. 6 (1) (a), (b) or (f) GDPR.

2.6 Newsletter

2.6.1 Subscribing to our newsletter

On our website, you have the option of subscribing to our company newsletter. This allows us to inform our customers and interested parties about our company's offers at regular intervals. We use Maileon to send newsletters. The provider is XQueue GmbH, Christian-Pleß-Straße 11-13, 63069 Offenbach am Main. Maileon is a service that can be used to organise and analyse newsletter distribution. The data you enter for the purpose of receiving the newsletter (e.g. email address) is stored on XQueue's servers in Germany. A review and order processing agreement between INSITE and XQueue GmbH is in place.

In order to send the newsletter, we require a valid email address from you as well as information that allows us to verify that you are the owner of the email address provided and that you agree to receive the newsletter. Further data is not collected or is only collected on a voluntary basis. For legal reasons, a confirmation email is sent to the email address entered by a data subject for the first time for the newsletter dispatch using the double opt-in procedure. We use this data exclusively for sending the newsletter and do not pass it on to third parties. The legal basis for the collection and processing of data is Art. 6 para. 1 a GDPR.

When you subscribe to the newsletter, we also store the IP address assigned by the Internet service provider (ISP) to the computer system used by the data subject at the time of registration, as well as the date and time of registration. The collection of this data is necessary in order to be able to trace any (possible) misuse of a data subject's email address at a later date and therefore serves to protect us.

You can revoke your consent to the storage of data, your email address and its use for sending the newsletter at any time, for example via the ‘unsubscribe’ link in each newsletter. Alternatively, you can also send your unsubscribe request at any time by email to datenschutz@insite.de. The legality of the data processing operations already carried out remains unaffected by the revocation.

The data you provide us with for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted after you unsubscribe.

2.6.2 Newsletter tracking

The newsletters contain so-called tracking pixels. A tracking pixel is a miniature graphic that is embedded in emails sent in HTML format to enable log file recording and analysis. This allows a statistical evaluation of the success or failure of online marketing campaigns. The embedded tracking pixel allows us to see whether and when an email has been opened by a data subject and which links in the email have been clicked on by the data subject.

We store and evaluate personal data collected via the tracking pixels contained in the newsletters on the basis of legitimate interests in order to optimise the newsletter dispatch and to better tailor the content of future newsletters to the interests of the data subject. The legal basis is Art. 6 (1) a GDPR. This personal data is not passed on to third parties. Data subjects are entitled to revoke their separate declaration of consent given via the double opt-in procedure at any time. After revocation, this personal data will be deleted by the controller. Unsubscribing from the newsletter is interpreted as automatic revocation.

2.7 Use of Google AdWords

We also use the Google advertising tool ‘Google AdWords’ to promote our websites. As part of this, we use the ‘Conversion Tracking’ analysis service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter referred to as ‘Google’, on our websites. If you have reached our website via a Google ad, a cookie will be stored on your computer. Cookies are small text files that your internet browser stores on your computer. These so-called ‘conversion cookies’ expire after 30 days and are not used to identify you personally. If you visit certain pages on our website and the cookie has not yet expired, we and Google can recognise that you, as a user, have clicked on one of our ads placed on Google and have been redirected to our site.

Google uses the information collected with the help of ‘conversion cookies’ to compile visit statistics for our website. These statistics tell us the total number of users who clicked on our ad and which pages of our website were subsequently visited by the respective user. However, we and other advertisers using ‘Google AdWords’ do not receive any information that can be used to personally identify users.

The legal basis for data processing is consent (Art. 6(1)(a) GDPR), which can be revoked at any time. The legal basis for data transfer to the USA is the EU-US Privacy Framework.

You can prevent the installation of ‘conversion cookies’ by adjusting your browser settings, for example by disabling the automatic setting of cookies in general or specifically blocking cookies from the domain ‘googleadservices.com’.

Google's privacy policy in this regard can be found at the following link: https://policies.google.com/privacy?gl=de.  

2.8 Google Analytics with anonymisation function

We use Google Analytics, a web analytics service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter referred to as ‘Google’, on our website. Google Analytics uses ‘cookies’, which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States.

We use Google Analytics with an IP anonymisation function on our website. In this case, your IP address will be truncated by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area and thus anonymised. Google will use this information to evaluate your use of our site, to compile reports on website activity for us and to provide other services related to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf.

The legal basis for data processing is consent (Art. 6(1)(a) GDPR), which can be revoked at any time. The legal basis for data transfer to the USA is the EU-US Privacy Framework.

You can prevent the storage of cookies by adjusting your browser software settings accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.

Furthermore, Google offers a deactivation option for the most common browsers, which gives you more control over which data is collected and processed by Google. If you activate this option, no information about your website visit will be transmitted to Google Analytics. However, activation does not prevent information from being transmitted to us or to other web analytics services we may use. For more information about the deactivation option provided by Google and how to activate this option, please visit the following link: https://tools.google.com/dlpage/gaoptout?hl=de

2.9 Usercentrics consent management service

We use the Usercentrics consent management service provided by Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany (Usercentrics). This enables us to obtain and manage website users' consent to data processing. The processing is necessary to fulfil a legal obligation (Art. 7(1) GDPR). The legal basis is Art. 6(1)(c) GDPR. The following data is processed for this purpose:

Date and time of access

Browser information

Device information

Geographical location

Cookie preferences

URL of the page visited

The functionality of the website cannot be guaranteed without processing.

Usercentrics is the recipient of your personal data and acts as a processor for us.

Processing takes place in the European Union. Further information on options for objection and removal vis-à-vis Usercentrics can be found at: https://usercentrics.com/de/datenschutzerklaerung/ 

The data will be deleted after 3 years.

Please note our general comments on the deletion and deactivation of cookies above.

We are delighted that you would like to apply for a position at INSITE. Below, we would like to inform you about how we handle your personal data collected during the application process. By submitting your application, you agree to these data protection provisions.

For what purposes and on what legal basis do we process personal data?

We process personal data about you for the purpose of your application for employment, insofar as this is necessary for the decision on establishing an employment relationship with us. The legal basis for this is Art. 6 (1) lit. b, Art. 9 (2) lit. b GDPR in conjunction with § 26 (1) BDSG – 2018.

Furthermore, we may process personal data about you to the extent necessary to defend against legal claims asserted against us arising from the application process. The legal basis for this is Art. 6 (1) (f) GDPR; the legitimate interest is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG). 

If an employment relationship is established between you and us, we may, in accordance with Art. 6(1)(b); Art. 9 (2) (b) GDPR in conjunction with § 26 (1) BDSG, process the personal data already received from you for the purposes of the employment relationship if this is necessary for the implementation or termination of the employment relationship or for the exercise or fulfilment of the rights and obligations of employee representation arising from a law or a collective agreement, a works or service agreement (collective agreement).

What categories of personal data do we process?

We process data related to your application. This may include general information about you (such as your name, address and contact details), information about your professional qualifications and education, information about your professional development, or other information that you provide to us in connection with your application. In addition, we may process professionally related information that you have made publicly available, such as a profile on professional social media networks.

If you apply to us electronically, i.e. by e-mail or via our web form, we will collect and process your personal data for the purpose of handling the application process and implementing pre-contractual measures. By submitting an application on our recruitment page, you are expressing your interest in working for us. In this context, you provide us with personal data, which we use and store exclusively for the purpose of your job search/application.

In particular, the following data is collected:

• Name (first and last name)
• Email address
• Telephone number
• Location for which the application is valid
• Whether full-time or part-time employment is desired (if applicable, specify the number of hours)
• CV as an attachment

You also have the option of uploading further information on your availability and salary expectations, as well as other relevant documents such as a cover letter or references. These may contain additional personal data such as your date of birth, address, etc.
Only authorised employees from the HR department or employees involved in the application process have access to your data. 

If you send your application directly by e-mail to team@insite.de or apply via our web form, the message will be transmitted unencrypted. Encrypted electronic communication with our company is currently not possible. Your application by e-mail will therefore be transmitted in unencrypted form.

You are welcome to send us your attachments in encrypted or password-protected form (e.g. using the ‘7-Zip’ programme). Please then send us the password by telephone.

Is transmission to a third country intended?

Transmission to a third country is not intended.

How long will your data be stored?

We will store your personal data for as long as is necessary to make a decision about your application. If an employment relationship between you and us does not come about, the application documents will be deleted six months after notification of the rejection decision, unless longer storage is required for legal reasons.

Necessity of providing personal data

The provision of personal data is neither required by law nor contractually stipulated, nor are you obliged to provide personal data. However, the provision of personal data is necessary for the conclusion of an employment contract with us. This means that if you do not provide us with personal data when applying for a job, we will not enter into an employment relationship with you.

No automated decision-making

No automated decision-making takes place in individual cases within the meaning of Art. 22 GDPR, i.e. the decision on your application is not based solely on automated processing.

Transfer of data to third parties

The data transmitted as part of your application is transferred using TLS encryption and stored in a database. This database is operated by Personio SE & Co. KG, which offers personnel administration and applicant management software (https://www.personio.de/impressum/). In this context, Personio is our processor in accordance with Art. 28 GDPR. The basis for processing is a contract for order processing between us as the responsible body and Personio.

The Tresorit software is also used as a database within the application process. In this context, Tresorit is our processor in accordance with Art. 28 GDPR. The basis for processing is a contract for order processing between us as the responsible body and Tresorit.

In certain cases, we offer users the option of making appointments directly via our website. In doing so, we process the personal data you provide, such as your name and contact details (email address, telephone number if applicable) and your preferred appointment time. The service is provided by TerminApp GmbH, Munich, as part of order processing. The personal data transmitted is processed there for INSITE-Interventions GmbH as the client exclusively for the purpose of online appointment scheduling. The legal basis for the processing of your personal data for appointment scheduling is Art. 6, para. 1, lit. a GDPR; Art. 9 para. 2 lit. h GDPR. The personal data collected in the context of the appointment booking will be deleted after 18 months.

Further information about timify is available on the following website of TerminApp GmbH: https://www.timify.com/de-de/pages/nutzungsbedingungen-fuer-terminbucher/ and in timify's privacy policy https://www.timify.com/de-de/legal/ 

5.1 DATA PROCESSING

We use online conference tools, among other things, to communicate with our customers. The specific tools we use are listed below. If you communicate with us via video or audio conference over the Internet, your personal data will be collected and processed by us and the provider of the respective conference tool.

The conference tools collect all data that you provide/use to use the tools (e-mail address and/or your telephone number). Furthermore, the conference tools process the duration of the conference, the start and end (time) of participation in the conference, the number of participants and other ‘context information’ related to the communication process (metadata).

In addition, the provider of the tool processes all technical data required for online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker, and the type of connection.

If content is exchanged, uploaded or otherwise made available within the tool, it will also be stored on the tool provider's servers. Such content includes, in particular, cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards and other information shared while using the service.

Please note that we do not have full control over the data processing operations of the tools used. Our options are largely determined by the corporate policy of the respective provider. For further information on data processing by the conference tools, please refer to the privacy policies of the respective tools, which we have listed below this text.

5.2 Purpose and legal basis

The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6(1)(b) GDPR for customers or Art. 6(1)(a) GDPR; Art. 9(2)(h) GDPR for clients). Furthermore, the use of the tools serves to generally simplify and accelerate communication with us or our company (legitimate interest within the meaning of Art. 6(1)(f) GDPR). If consent has been requested, the use of the relevant tools is based on this consent; consent can be revoked at any time with effect for the future. Otherwise, the legal basis for data processing when conducting ‘online meetings’ is Art. 6 para. 1 lit. b) GDPR, insofar as the meetings are conducted within the framework of contractual relationships.

5.3 Storage period

The data collected directly by us via the video and conference tools will be deleted from our systems as soon as you request us to do so, revoke your consent to storage, or the purpose for data storage no longer applies. Stored cookies remain on your device until you delete them. Mandatory statutory retention periods remain unaffected.

We have no influence on the storage period of your data stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools directly.

5.4 Zoom

We use Zoom as a means of communication. If you do not wish your data to be transmitted, you cannot participate in the web meeting.

5.4.1 Recipients

• Data centre
• External IT company

5.4.2 Transfer to third countries

Zoom Communications Inc., San Jose, 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA
Standard contractual clauses: Standard contractual clauses of the EU Commission have been concluded for data transfer to the USA: https://zoom.us/de-de/privacy.html

• Contract for order processing: A contract for order processing has been concluded.
• Details on data processing can be found in Zoom's privacy policy: https://zoom.us/de-de/privacy.html und https://explore.zoom.us/de/trust/privacy/ und https://explore.zoom.us/de/gdpr/

5.4.3 Storage period / deletion periods

Cessation of the purpose for data storage, the execution of the web meeting.

We have no influence on the storage period of your data, which is stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools directly.

5.4.4 Change of purpose

The use of personal data for purposes other than those for which it was collected is not permitted.

5.5 MS Teams

When using Microsoft Teams, various types of data are processed. The scope of the data depends on the information you provide before or during your participation in an online meeting.

The following personal data may be processed:

User information:

• First name,
• Last name,
• Telephone (optional),
• Email address, Password (if single sign-on is not used),
• Profile picture (optional),
• Department (optional)

Meeting metadata:

• Topic, Description (optional),
• Participant IP addresses,
• Device/hardware information

When dialing in by phone:

• Incoming and outgoing phone numbers,
• Country name,
• Start and end time.
• Additional connection data, such as the device's IP address, may also be stored.

Text, audio, and video data:

You may have the option to use the chat, question, or survey functions in an online meeting. In this case, the text you enter will be processed to display it in the online meeting and, if applicable, to record it. To enable video display and audio playback, data from your device's microphone and any webcam will be processed for the duration of the meeting. You can disable or mute your camera or microphone at any time using the Microsoft Teams application.

To participate in an online meeting or enter the meeting room, you must at least provide your name.

5.5.1 Scope of Processing

We use Microsoft Teams to conduct online meetings and to collaborate with our customers and business partners.

Automated decision-making as defined in Article 22 GDPR is not used.

5.5.2 Recipients

The provider, Microsoft, necessarily receives the aforementioned data to the extent provided for in our data processing agreement with Microsoft.

We have concluded a data processing agreement with Microsoft and the supporting IT service provider that complies with the requirements of Article 28 GDPR. The data collected by Microsoft is stored exclusively on European servers.

We use the online platform DPMS – Data Protection Management System, provided by LegalInnovate Technologies GmbH, Thomas Niersmann, An der Niers 6, 47608 Geldern, to offer our whistleblower system to our clients.

We have entered into a data processing agreement with the aforementioned provider to ensure that they process our clients' personal data only according to our instructions and in compliance with the GDPR.

The legal basis for this data processing is the performance of a contract pursuant to Art. 6 para. 1 lit. b GDPR; Art. 9 para. 2 lit. a GDPR. The personal data will be deleted after 10 years.

https://www.datenschutz-management.software/wp-content/uploads/terms_current.pdf 

We maintain so-called fan pages on various social media channels to raise awareness of our company among a broad public and to publish general information. We also publish photos and videos taken at events or during speaker presentations on our channels.

In doing so, we collect and process personal data of account holders who have entered this data themselves in their social media profiles.

INSITE and the social media platforms are joint controllers within the meaning of Article 26 of the GDPR and have concluded joint controllership agreements with all operators.

Data processing is based exclusively on consent (Article 6(1)(a) and Article 9(2)(a) of the GDPR). You can withdraw your consent at any time, for example, by sending an email to datenschutz@insite.de.

The data will be stored until consent is withdrawn.

We have concluded data processing agreements with other recipients, such as our IT service provider.

Social media platforms also process the personal data of account holders for their own purposes. This involves transferring data to third countries. As fan page operators, we have no control over this, nor over the data retention period on the social media platform. The transfer of data to the USA is based on standard data protection clauses (Controller Addendum) and the EU-US Data Privacy Framework.

7.1 LinkedIn

Joint Controller:
LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland

LinkedIn's role in relation to the INSITE company profile:
Provision of the LinkedIn social media platform

Personal data of profile visitors:
Profile information such as first name, last name, nickname, photo, video recordings, age, and general data stored by users in their account

Sensitive data: Biometric data and health data – if transmitted by profile visitors in the profile

Personal data of other data subjects:
Contact (work): Address, country, email address, social media, employer

Occupation/Education: Job title, references, academic degree

Person: Photo, audio, and video material, salutation, title, first name, last name, language

Work: Employer, position/function, anniversaries

Sensitive data: Biometric data and health data – if transmitted by profile visitors in the profile

LinkedIn's information obligations can be viewed at the following link: https://www.linkedin.com/legal/privacy/eu

Regarding the processing carried out by LinkedIn, data subjects can assert their rights via the following link: http://www.linkedin.com/help/legacy/redirect/app/ask/path/ppq/loc/na/trk/microsites-frontend_legal_privacy-policy/

LinkedIn's contact point for data protection issues within the meaning of Art. 26 para. 1 sentence 3 GDPR: http://www.linkedin.com/help/legacy/redirect/app/ask/path/ppq/loc/na/trk/microsites-frontend_legal_privacy-policy/

7.2 Instagram

Joint Controller:
Meta Platforms Ireland Limited, Merrion Road, Dublin, Ireland

Meta's role in relation to the INSITE company profile:
Provision of the Instagram social media platform

Personal data of profile visitors:
Profile information such as first name, last name, nickname, photo, video recordings, age, and general data stored by users in their accounts

Sensitive data: Biometric data and health data – if transmitted by profile visitors in the profile

Personal data of other data subjects:
Contact (business): Address, country, email address, social media, employer

Occupation/Education: Job title, references, academic degree

Person: Photo, audio, and video material, salutation, title, first name, last name, language

Work: Employer, position/function, anniversaries

Sensitive data: Biometric data and health data – if transmitted by profile visitors in the profile

Information obligations of the data controller Meta (Instagram) can be viewed at the following link: https://privacycenter.instagram.com/policy

Regarding the processing carried out by the data controller Meta (Instagram), data subjects can assert their rights via the following link: https://privacycenter.instagram.com/

Contact point of the data controller Meta (Instagram) for data protection issues within the meaning of Art. 26 para. 1 sentence 3 GDPR: https://privacycenter.instagram.com/

7.3 Youtube

Joint Controller:
Google LLC (YouTube), 1600 Amphitheatre Pkwy, Mountain View, CA 94043, USA

Google LLC's role in relation to the INSITE company profile:
Provision of the social media platform YouTube

Personal data of profile visitors:
Profile information such as first name, last name, nickname, photo, video recordings, age, and general data stored by users in their accounts

Sensitive data: Biometric data and health data – if transmitted by profile visitors in their profiles

Personal data of other data subjects:
Contact (business): Address, country, email address, social media profiles, employer

Occupation/Education: Job title, references, academic degree

Person: Photo, audio, and video material, salutation, title, first name, last name, language

Work: Employer, position/function, anniversaries

Sensitive data: Biometric data and health data – if transmitted by profile visitors in their profiles

Information obligations of the data controller Google LLC (YouTube) can be viewed at the following link: https://policies.google.com/privacy?hl=de

With regard to the processing carried out by the controller Google LLC (YouTube), data subjects can assert their rights via the following link: https://support.google.com/youtube/answer/7671399?hl=de&p=privacy_guidelines

Contact point of the data controller Google LLC (YouTube) for data protection issues within the meaning of Art. 26 para. 1 sentence 3 GDPR: Email: dpf-core-team@google.com 

7.4 XING

We also have a profile on XING. The provider is New Work SE, Am Strandkai 1, 20457 Hamburg, Germany.

For details on how they handle your personal data, please see XING's privacy policy: https://privacy.xing.com/de/datenschutzerklaerung.

If your personal data is being processed, you are a data subject within the meaning of the GDPR and you have the following rights against the controller:

8.1 Right to information

You can request confirmation from the data controller as to whether personal data concerning you is being processed by us. If such processing is taking place, you can request the following information from the data controller:

(1) the purposes for which the personal data are processed;

(2) the categories of personal data being processed;

(3) the recipients or categories of recipients to whom your personal data have been or will be disclosed;

(4) the envisaged period for which your personal data will be stored, or, if that is not possible, the criteria used to determine that period;

(5) the existence of the right to request from the controller rectification or erasure of your personal data or restriction of processing of your personal data or to object to such processing;

(6) the existence of a right to lodge a complaint with a supervisory authority: https://datenschutz.hessen.de/

(7) all available information about the source of the data if the personal data are not collected from the data subject;

(8) the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) GDPR and – at least in those cases – meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to request information as to whether the personal data concerning you are transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.

8.2 Right to Rectification

You have the right to rectification and/or completion from the data controller if the processed personal data concerning you is inaccurate or incomplete. The data controller must carry out the rectification without undue delay.

8.3 Right to Restriction of Processing

Under the following conditions, you may request the restriction of processing of your personal data:

(1) if you contest the accuracy of your personal data for a period enabling the controller to verify its accuracy;

(2) if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;

(3) if the controller no longer needs the personal data for the purposes of the processing, but you require it for the establishment, exercise, or defense of legal claims; or

(4) if you have objected to processing pursuant to Article 21(1) GDPR pending the verification of whether the legitimate grounds of the controller override your grounds.

If the processing is based on consent pursuant to Article 21(1) GDPR or on a contract pursuant to Article 6(1) GDPR pending the verification of whether the legitimate grounds of the controller override your grounds. If the processing of your personal data has been restricted, this data—apart from being stored—may only be processed with your consent or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State.

If the restriction of processing has been imposed under the aforementioned conditions, you will be informed by the controller before the restriction is lifted.

8.4 Right to Erasure

8.4.1 Obligation to Erase

You have the right to request that the controller erase your personal data without undue delay, and the controller is obligated to erase such data without undue delay where one of the following grounds applies:

(1) The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.

(2) You withdraw your consent on which the processing is based according to point (a) of Article 6(1) or point (a) of Article 9(2) GDPR, and there is no other legal ground for the processing.

(3) You object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR.

(4) The personal data have been unlawfully processed.

(5) The erasure of your personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.

(6) Your personal data was collected in relation to information society services offered pursuant to Article 8(1) of the GDPR.

8.4.2 Disclosure to Third Parties

If the controller has made your personal data public and is obliged to erase it pursuant to Article 17(1) GDPR, the controller, taking into account available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you, as the data subject, have requested the erasure of all links to, copies of, or replications of that personal data.

8.4.3 Exceptions

The right to erasure does not apply to the extent that processing is necessary:

(1) for exercising the right of freedom of expression and information;

(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(3) for reasons of public interest in the area of ​​public health pursuant to Article 9(2)(h) and (i) and Article 9(3) GDPR;

(4) for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Article 89(1) GDPR, insofar as the right referred to in point (a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or

(5) for the establishment, exercise, or defense of legal claims.

8.5 Right to Information

If you have asserted your right to rectification, erasure, or restriction of processing against the controller, the controller is obligated to inform all recipients to whom your personal data has been disclosed of this rectification, erasure, or restriction of processing, unless this proves impossible or involves disproportionate effort.

You have the right to be informed by the controller about these recipients.

8.6 Right to Data Portability

You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used, and machine-readable format. Furthermore, you have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, provided that

(1) the processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR and

(2) the processing is carried out by automated means.

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. The rights and freedoms of other persons must not be adversely affected by this.

The right to data portability does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

8.7 Right to Object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) of the GDPR, including profiling based on those provisions.

The controller will no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of establishing, exercising or defending legal claims.

Where personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes.

You have the option, in connection with the use of information society services – notwithstanding Directive 2002/58/EC – to exercise your right to object by means of automated procedures using technical specifications.

8.8 Right to Withdraw Consent under Data Protection Law

You have the right to withdraw your consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

8.9 Automated Decision-Making in Individual Cases, Including Profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

(1) is necessary for entering into, or performing, a contract between you and the controller,

(2) is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or

(3) is based on your explicit consent.

However, these decisions may not be based on special categories of personal data as defined in Article 9(1) GDPR, unless Article 9(2)(a) or (g) GDPR applies and appropriate measures to safeguard your rights and freedoms and legitimate interests have been taken.

In the cases referred to in paragraphs (1) and (3), the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express your point of view, and to contest the decision.

8.10 Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work, or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

In the event of infringements of the GDPR, you have the right to lodge a complaint with the competent supervisory authority pursuant to Article 77 GDPR. This right to lodge a complaint exists without prejudice to any other administrative or judicial remedy. You can find the competent supervisory authority on this website:

https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

You can, however, submit your complaint to any supervisory authority.

This applies regardless of any applicable rules of jurisdiction.

The supervisory authority to which the complaint is submitted will inform the complainant of the progress and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

https://www.insite.de/datenschutz/informationspflichten