We are delighted that you are visiting our website. Inxmail GmbH (hereinafter ‘Inxmail’, ‘we’ or ‘us’) attaches great importance to the security of users’ data and compliance with data protection provisions. Hereinafter, we would like to inform you about how your personal data is processed on our website.
Controller:
Inxmail GmbH
Wentzigerstr. 17
79106 Freiburg
Tel.: +49 761 296979-0
E-Mail: info@inxmail.de
External data protection officer:
DDSK GmbH
Stefan Fischerkeller
Dr.-Klein-Straße 29
88094 Tettnang
Tel.: +49 7542 94921-00
Email: datenschutz@inxmail.de
The specialist terms used in this Privacy Policy are to be understood as legally defined in article 4 GDPR.
You can visit our website without actively providing information about you as a person. However, every time our website is accessed, we automatically store access data (server log files), such as the name of your internet service provider, the operating system used, the website you visited us from, the date and duration of your visit and the name of the file accessed, as well the IP address of the computer used (for security reasons, such as to recognise attacks on our website) for a duration of 7 days. This data is solely evaluated for the purpose of improving our offering and does not enable conclusions to be drawn about you as a person. This data is not merged with other data sources. The legal basis for the processing of data is article 6 (1) (f) GDPR. We process and use the data for the following purposes: 1. to provide the website, 2. to improve our websites and 3. to prevent and identify errors/malfunctions and the abuse of the website. The processing enables us to pursue legitimate interests in ensuring the functionality of the website and its error-free, secure operation, as well as in adapting this website to suit users’ needs.
We use ‘cookies’ on our website to make visiting our website more attractive and to enable certain functions to be used. The use of cookies serves our legitimate interest in making your visit to our website as pleasant as possible and is based on article 6 (1) (f) GDPR. Cookies are standard internet technology used to store and retrieve login details and other usage information for all the users of a website. Cookies are small text files that are deposited on your end device. They enable us to store user settings, inter alia, to ensure that our website can be shown in a format tailored to your device. Some of the cookies we use are deleted after the end of a browser session, i.e. when you close your browser (known as ‘session cookies’). Other cookies remain on your end device and enable us or our partner companies to recognise your browser on your next visit (known as ‘persistent cookies’).
You can set your browser so you are informed when cookies are to be stored and decide whether to accept them in each individual situation, to accept them under certain circumstances, or to exclude them in general. In addition, cookies can be retrospectively deleted to remove data that the website stored on your computer. Deactivating cookies (known as ‘opting out’) can limit our website’s functionality in some respects.
We process personal data within the framework of online marketing, particularly regarding potential interests and to measure the effectiveness of our marketing measures, with the aim of continually boosting our reach and the prominence of our online offering.
We store the relevant information in cookies or use similar procedures for the purpose of measuring the effectiveness of our marketing measures and identifying potential interests. The data stored in the cookies could include the content viewed, webpages visited, settings, and the functions and systems used. However, plain data from users is not normally processed for the above purposes. If so, the data is changed so that the actual identity of the user is not known to us, nor the provider of the tool used. The changed data is often stored in user profiles.
In the event that user profiles are stored, the data can be used, read, supplemented, and expanded on the server of the online marketing procedure when other online offerings are visited that use the same online marketing procedure.
We can calculate the success of our adverts using summarised data that is made available to us by the provider of the online marketing procedure (known as ‘conversion measurement’). As part of these conversion measurements, we can trace whether a marketing measure caused a visitor to our online offering to decide to make a purchase. This evaluation serves to analyse the success of our online marketing.
This website uses SalesViewer® technology from SalesViewer® GmbH on the basis of the website operator’s legitimate interests (Section 6 paragraph 1 lit.f GDPR) in order to collect and save data on marketing, market research and optimisation purposes.
In order to do this, a javascript based code, which serves to capture company-related data and according website usage. The data captured using this technology are encrypted in a non-retrievable one-way function (so-called hashing). The data is immediately pseudonymised and is not used to identify website visitors personally.
The data stored by Salesviewer® will be deleted as soon as they are no longer required for their intended purpose and there are no legal obligations to retain them.
The data recording and storage can be repealed at any time with immediate effect for the future, by clicking on https://www.salesviewer.com/opt-out in order to prevent SalesViewer® from recording your data. In this case, an opt-out cookie for this website is saved on your device. If you delete the cookies in the browser, you will need to click on this link again.
We maintain online presences on social networks and career platforms so we can exchange information with users registered there and easily contact them.
Sometimes, data belonging to social network users is used for market research and, by extension, for advertising purposes. Users’ usage behaviour, such as their stated interests, can lead to user profiles being created and used in order to adapt adverts to suit the interests of the target group. To this end, cookies are normally stored on users’ end devices, which sometimes occurs regardless of whether you are a registered user of the social network.
In conjunction with the use of social media, we also make use of the associated messenger services to communicate easily with users. We would like to point out that the security of some services can depend on the user's account settings. Even in cases of end-to-end encryption, the service provider can draw conclusions about the fact that the user is communicating with us, when they do so, and, on occasion, capture location data.
Depending on where the social network is operated, the user data can be processed outside the European Union or outside the European Economic Area. This can lead to risks for users because it is more difficult for them to assert their rights, for example.
We have integrated functions and content obtained from third-party providers into our online offering. For example, videos, depictions, buttons or contributions (hereinafter termed ‘content’) can be integrated.
To enable visitors to our online offering to be shown content, the third-party provider in question processes the user’s IP address, inter alia, to transmit the content to the browser and display it. It is not possible to integrate third-party content without this processing taking place.
Sometimes, additional information is collected via ‘pixel tags’ or web beacons through which the third-party provider receives information about the use of the content or visitor traffic to our online offering, technical information about the user's browser or operating system, the visit time or referring websites. The data collected in this manner is stored in cookies on the user’s end device. We have taken security precautions to prevent this data from being automatically transferred, with the aim of protecting the personal data of visitors to our online offering. This data is only transferred if you use the buttons or click on the third-party content. To this end we use a consent management solution from Usercentrics GmbH.
You can find more information about Usercentrics at: https://usercentrics.com/privacy-policy/.
We make use of the opportunity to hold online conferences, meetings and webinars. To do so, we use offerings provided by other carefully selected providers.
When actively using offerings of this nature, data regarding the participants in the communication is processed and stored on the servers of the third-party services used, provided this data is necessary for the communication process. In addition, usage data and metadata can also be processed.
We carry out questionnaires and surveys (hereinafter ‘surveys’) on our online offering. This helps us to improve our offering and better meet our customers’ needs. To this end, it is not necessary to be able to trace whether we can associate feedback with a particular person. Before your survey is evaluated, the data we process to provide and execute our surveys on a technical level is anonymised. Participation in the survey is voluntary.
On our online offering, users have the option of subscribing to our newsletter or to notifications on various channels (hereinafter referred to overall as ‘newsletters’). We only send newsletters to recipients who have agreed to receive the newsletter, and within the framework of statutory provisions.
An email address must be provided to subscribe to our newsletter. If applicable, we collect extra data, such as to include a personal greeting in our newsletter.
Our newsletter is only sent after the ‘double opt-in procedure’ has been fully completed. If visitors to our online offering decide to receive our newsletter, they will receive a confirmation email that serves to prevent the fraudulent input of wrong email addresses and preclude a single, possibly accidental, click from causing the newsletter to be sent. The subscription to our newsletter can be ended at any time with future effect. An unsubscription (opt-out) link is given at the end of every newsletter.
In addition, we are obliged to provide proof that our subscribers actually want to receive the newsletter. To this end, we collect and store their IP address, along with the time of subscription and unsubscription.
Our newsletters are designed so that we can obtain findings about improvements, target groups or the reading behaviour of our subscribers. We are able to do this thanks to a 'web beacon’ or tracking pixel that reacts to interactions with the newsletter, such as looking at whether links are clicked on, whether the newsletter is opened at all, or at what time the newsletter is read. If we have been given a separate consent for tracking in our newsletter (so-called tracking permission), we can draw conclusions about the usage behaviour of our newsletter subscribers. The tracking permission can be withdrawn separately, i.e. without withdrawing the consent for the subscription of the newsletter itself. Without a tracking permission we cannot draw any conclusions about the usage behaviour of individual subscribers.
We also use data provided to us for advertising purposes, particularly to provide information on various channels about new products from us or in our portfolio of offerings. However, promotional contact from our side is only undertaken within the framework of the statutory requirements, and once consent has been granted, insofar this is necessary.
If the recipients of our advertising do not want to receive it, they can inform us of this at any time with future effect. We are happy to acquiesce to their request.
We use our online presence to carry out prize draws. To do so, we process the data from the competition participants so we can carry out the competition in question. This also includes the data that we need to tell the winners the outcome and distribute the prize.
Depending on the type of competition, contributions by or about the participants may be published, such as reports on the competition in question or if a vote on a contribution submitted by the participant forms part of the competition. The participant’s name will also be published as part of this. The data processed in each individual case depends on the competition actually run and the data we receive from the participant.
If competition in question is run on our page on a social network, this is also subject to the usage conditions and data protection provisions of the network in question.
On our online offering, we offer the option of contacting us directly or requesting information via various contact options. We use a management tool for these enquiries so that we always have an overview of contact that has been made with us.
In the event of contact being made, we process the data of the person making the enquiry to the extent necessary for answering or handling their enquiry. The data processed can vary depending on the method via which contact is made with us.
We offer the option of setting up a user account on our online offering in the so-called Inxmail Community or for the internal customer area. As part of the registration process, we collect the necessary data from interested users that we need to provide a user account and the associated functions.
To prevent the internal area from being exploited, we collect IP addresses and the time of access to prevent misuse of a user account and unauthorised usage. We do not pass this data on to third parties unless it is necessary to pursue our claims, or we are legally obliged to do so.
On our online offering, visitors have the opportunity to download documents, so that we can provide them with recent or relevant information. In some cases, our visitors can download pdfs without this being logged by our systems. Tracking or a statistical evaluation does not take place in this context.
In some cases, we collect personal data including IP address via a form before the download and make the provision of our free services dependent on the subscription to our newsletter. In this case, consent is obtained via a double-opt-in procedure both for the processing of user data for the download and separately for the subscription to download-related mailings, which are each freely withdrawable separately.
The download then takes place via a download link, which we provide to our users by e-mail.
We transfer the personal data of visitors to our online offering for internal purposes (e.g. for internal administration or to the HR department so we can meet statutory or contractual obligations). Internal data transfer or the disclosure of data only occurs to the extent necessary, under the pertinent data protection provisions.
We transfer data to countries outside the EEA (known as ‘third countries’). This occurs due to the above-mentioned purposes (transfer within the group and/or to other recipients). Transfer is only effected to fulfil our contractual and legal obligations, or on the basis of the consent that the data subject granted prior to this. In addition, this transfer takes place in compliance with the applicable data protection laws, and particularly in accordance with article 44 ff. GDPR, especially on the basis of adequacy decisions made by the European Commission or certain guarantees (e.g. standard protection clauses etc.).
In principle, we store the data of visitors to our online offering for as long as needed to render our service or to the extent that the European body issuing directives and regulations or another legislator stipulates in laws and regulations to which we are subject. In all other cases, we delete personal data once the purpose has been fulfilled, with the exception of data that we need to continue to store to comply with legal obligations (e.g. if retention periods under tax law and trade law require us to keep documents such as contracts and invoices for a certain period of time).
We do not use automated decision-making or profiling.
The decisive legal bases primarily arise from the GDPR. They are supplemented by national laws from member states and can, if applicable, be applied alongside or in addition to the GDPR.
Some data processing procedures can only be carried out with the express consent of the data subject. Once granted, you are able to withdraw consent at any time. To do so, sending an informal note or email to datenschutz@inxmail.de is sufficient. The legality of the data processing carried out up to the point of withdrawal shall remain unaffected by the withdrawal.
Our website includes links to online offerings from other providers. We note that we have no influence over the content of the online offerings linked to and over whether their providers comply with data protection provisions.
We reserve the right to amend this information on data protection, in compliance with the applicable data protection provisions, if changes are made to our online offering so that it complies with the legal requirements.
This Privacy Policy was drawn up by DDSK GmbH, Dr.-Klein-Straße 29, 88094 Tettnang
Thank you for your interest in Inxmail. Below, we provide information about how we process your personal data as part of the application process.
Inxmail GmbH
Wentzingerstr. 17
D-79106 Freiburg/Germany
Email: info@inxmail.de
Website: www.inxmail.de
Phone: +49 761 296979-0
Fax: +49 761 296979-9
You can find further information about our company, details of the persons authorized to represent it, and further contact options in the legal notice on our website: www.inxmail.de/en/imprint
We have an external data protection officer.
You can contact them using the following contact details:
DDSK GmbH
Stefan Fischerkeller
Phone: +49 7542 94921-00
Email: datenschutz@inxmail.de
We use technical and organizational security measures to protect your data managed by us against accidental or intentional manipulation, loss, destruction, or access by unauthorized persons. Our security measures are continuously improved in line with technological developments.
For security reasons and to protect the transmission of your confidential content, the site uses SSL (Secure Socket Layer) encryption in conjunction with the highest level of encryption supported by your browser. This is usually 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether a single page of our website is transmitted in encrypted form by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
When SSL encryption is activated, the data you transmit to us cannot be read by third parties. We would like to point out that data transmission over the Internet (e.g., when communicating by email) may be subject to security vulnerabilities. It is not possible to completely protect data from access by third parties.
We process the data you have sent us in connection with your application in order to assess your suitability for the position (or other open positions in our company, if applicable) and to carry out the application process. In addition, we process personal data that you have published on the Internet and that we are permitted to process within the framework of data protection laws. This includes, for example, your resume, career history, etc.
Note: Please only send us special categories of personal data (e.g., health data) if they are necessary for the application or if you wish to provide them voluntarily.
We process your personal data in compliance with the provisions of the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and other relevant laws.
The legal basis for the processing of your personal data in this application process is primarily Art. 6 (1) (b) GDPR (implementation of pre-contractual measures). Where relevant, processing is also carried out in accordance with § 26 BDSG (data processing for the purposes of the employment relationship).
If the data is required for legal purposes after the application process has been completed, data processing may be carried out on the basis of the requirements of Art. 6 GDPR, in particular for the purpose of pursuing legitimate interests pursuant to Art. 6 (1) (f) GDPR. Our interest then lies in asserting or defending claims.
Insofar as special categories of personal data are processed in accordance with Art. 9 (1) GDPR, this serves the purpose of establishing an employment relationship, exercising rights, or fulfilling legal obligations. This is done on the basis of Art. 9 (2) b) GDPR in conjunction with § 26 (3) BDSG. In addition, the processing of health data may be necessary for the assessment of your ability to work in accordance with Art. 9 (2) h) GDPR in conjunction with § 22 (1) b) BDSG.
In the event that we fill a position for which you have applied elsewhere, we will ask you if you would like to be included in our applicant pool if you are fundamentally interested in working with us. We will then continue to process your application data, provided we receive your express consent to do so. The legal basis for the processing is Art. 6 (1) (a) GDPR. This consent can be revoked in writing at any time without giving reasons. The revocation must be sent by mail to the responsible office (Inxmail GmbH, Team Human Resources, Wentzingerstr. 17, 79106 Freiburg, Germany) or by email to: jobs@inxmail.de.
Unless consent is revoked, it remains valid until revoked, but for a maximum of two years. It is voluntary; there are no disadvantages arising from the refusal of consent or its revocation. The legality of the data processing carried out until revocation remains unaffected by the revocation.
As part of your application, you must provide the personal data that is necessary for the establishment of the employment relationship or that we are legally obliged to collect.
Within our company, only those persons and departments (e.g., specialist department, management, human resources department) who need your personal data to carry out the application process will have access to it. After we receive your application, the human resources department will review your documents. Suitable applications will be forwarded to the relevant department managers; the next steps will then be coordinated.
We also use the recruiting/HR software of HRworks GmbH (HRworks) as a service provider (processor) for the application process. HRworks may obtain knowledge of personal data in the course of maintenance and support. A data processing agreement is in place for this purpose.
According to HRworks, hosting takes place in the EEA, specifically via an AWS data center in Ireland. As a matter of principle, no data is transferred to countries outside the EEA; if, in individual cases, subcontractors outside the EEA are used, this is only done in compliance with legal requirements (e.g., through appropriate safeguards such as EU standard contractual clauses).
In the event of rejection, applicant data will be deleted no later than 6 months after completion of the application process, unless longer storage is necessary to assert or defend claims.
If you have consented to the further storage of your personal data for other job vacancies or for a period exceeding the current application process, we will transfer your data to our applicant pool. The data will be deleted after two years.
If you have been accepted for a position as part of the application process, the data will be transferred from the applicant data system to our personnel information system.
You can request information about the data stored about you at the above address. In addition, under certain circumstances, you can request the correction or deletion of your data. You may also have the right to restrict the processing of your data and the right to receive the data you have provided in a structured, commonly used, and machine-readable format.
Furthermore, you have the right to object to the processing of your data within the framework of the legal requirements. The same applies to the right to data portability.
You also have the option of lodging a complaint with the above-mentioned data protection officer or a data protection supervisory authority.
The data protection supervisory authority responsible for us is:
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg /
The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg
P.O. Box 10 29 32, 70025 Stuttgart, Germany
Heilbronner Straße 35, 70191 Stuttgart, Germany
Phone: +49 711 615541-0
Fax: +49 711 615541-15
Email: poststelle@lfdi.bwl.de
Website: www.baden-wuerttemberg.datenschutz.de