Information on data processing
Information on data processing with regard to the use of the website www.hicandidate.com including the use of downloads and registrations (v190806)
Responsible for the data processing on this website as well as in the context of application processes are in the sense of Art. 4 No. 7 DSGVO:
70176 Stuttgart, Germany
Phone 0711 252429-0
Fax 0711 252429-99
Represented by the Managing Directors Lars Kroll, Willi Schmidt, Andreas Schöning
– In the following socialtelligence –
2. Subject of data protection
The subject of data protection is personal data. According to Art. 4 No. 1 DSGVO, this includes all information relating to an identified or identifiable person. This includes, for example, information such as name, postal address, e-mail address or telephone number, but also usage data such as the IP address or content data such as comments on the blog.
3. Scope and purpose of data collection and storage
In the following, we clarify the scope of data collection, storage and use (hereinafter referred to as “data processing", used within the meaning of Art. 4 No. 2 DSGVO) and the purpose of the respective data processing within the framework of the website (Clause 4) as well as within the framework of recruitment processes (Clause 5) at socialtelligence.
4. Processing of personal data within the scope of website use
In principle, the use of this website is possible without providing personal data. An exception is the IP address. We need this at short notice (please read section 4.1).
In the following, however, we will then clarify the use, integration and use of
Cookies (point 4.2),
Universal Analytics (Google Analytics) (Section 4.2.1)
Facebook pixels (item 4.2.2)
Sharpspring (numeral 4.2.3)
Google Web Fonts (Item 4.3)
Google Maps (Item 4.4)
Youtube videos (Item 4.5)
Social PlugIns (Item 4.6)
4.1 IP Addresses
Without Internet Protocol addresses, or IP addresses for short, the Internet would not work, to put it very simply. In computer networks, an IP address represents an address so that web servers and/or individual terminal devices can be addressed and reached via it. Without an IP address, the web server and the end devices cannot communicate – and therefore cannot display anything. The web server on which the website is hosted is therefore pinned with a data request – from you, the user, who finally wants to use the website. To deliver the data, the web server must know the IP address. Consequently, the web server must process your IP address at this moment of data retrieval. To do this, the web server receives the information as to which website or file was accessed, which browser and which operating system was used. Normally these data are stored completely in the so-called web server log files on a long-term basis. socialtelligence, on the other hand, stores the IP addresses of the users only for a further 7 days, except at the time of the necessary processing described here, for technical reasons, in order to detect Brut Force attacks, identify and ward off hacker attacks and, if necessary, prosecute criminal offences. The log files including the IP address are then automatically deleted.
If you are wondering why we are explaining all this here at all: Since May 2018, the IP address has been legally defined as a person-related date by the Data Protection Basic Regulation (DSGVO). And if the IP address is qualified as a personal date, then we have to clarify that we process it at short notice for the purpose that you can use the website at all.
The legal basis for this data processing is regularly Art. 6 para. 1 b) DSGVO, as we need your IP address in order to be able to send you the website and the information contained therein.
Cookies are small text files that are stored on the computer by web pages in order to
for example to make the site usable at all, for example to store the status of a shopping basket for a session in the cookies or to specify that no cookies may be stored at that moment (so-called necessary cookies), or
in order to be able to define preferences such as the user’s voice output over the long term or personalise content (so-called preference cookies)
or to enable the analysis of the use of the website (so-called statistics cookies)
or in order to be able to provide third party providers with information about the users (so-called marketing cookies).
According to the data protection conference (DSK, the association of national data protection authorities), cookies may only be set without consent if they are absolutely necessary for the operation of the site. We adhere to this.
When you visit our website for the first time, you will see a cookie banner displayed. You can use this cookie banner to decide individually (agree) which categories of cookies may be set.
Below you can see which consent you have currently given and which cookies are set by us or our third party providers in which category:
By the way: You can prevent any installation of cookies by preventing the installation of cookies by making the appropriate settings in the browser software (see “Settings" in most browsers); however, it should be noted that in this case not all functions may be fully usable.
Cookies that have already been set can also be deleted (also to be found under “Settings" in the browser).
Furthermore, we would like to inform you about the integration of Universal Analytics (Google Analytics) (section 4.2.1), Facebook Pixel (section 4.2.2) and Youtube videos (section 4.5) as well as the use of our Social PlugIns (section 4.6).
4.2.1 Use of Universal Analytics (Google Analytics)
On our website the tracking service Universal Analytics (formerly: Google Analytics) is integrated. The following sections explain how this service is integrated and how it works.
Universal Analytics is a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (formerly Google). Universal Analytics is a web analytics tool that can be used to analyze visitor interaction with the online platform and further improve the online platform. Google LLC sets a cookie for this purpose (text files that are stored on the computer and enable an analysis of the user’s use of the website). This cookie processes the following data:
used operating system
the IP address (abbreviated)
Time of the server request
The information generated by the cookie about your use of the website will generally be transmitted to and stored by Google on servers in the United States. However, we have activated IP anonymisation on our online platform. As a result, the IP address is shortened by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area prior to transmission to the USA. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. On our behalf, Google will use the above information to evaluate the use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Universal Analytics is not combined with other data from Google.
In our opinion, this data processing may be based on Art. 6 I f) DSGVO due to the settings selected here. socialtelligence has a legitimate interest in being able to track the basic usage behavior on the website in order to optimize the offers on the website according to the usage behavior and thus strengthen its own business. It is not apparent that users have an opposing legitimate, predominant interest in the browser type, the operating system used, the IP address (abbreviated) and the time of the server request being processed using the UA cookie. socialtelligence cannot relate the data itself to specific persons.
Nevertheless, we will obtain your specific consent here in accordance with DSK’s opinion (see Position Determination of the Conference of the Independent Data Protection Authorities of the Federal Government and the Federal States – Düsseldorf, 26 April 2018). This is because you determine via the cookie settings – as explained above – whether we are allowed to set cookies for statistical purposes. If you deny this, no cookies will be set. Data processing here is therefore based on Art. 6 I a) in conjunction with Art. 7 DSGVO.
Google LLC is obligated to us under data protection law under an order processing contract.
In addition, you could prevent Google from collecting the data generated by the cookie and related to the use of the website (including the IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl.
If you use the site via a tablet or mobile phone and would like to prevent Universal Analytics from collecting future visits to this website, please click this link: [ga_optout]. By clicking on the link, an opt-out cookie is stored in the mobile browser. If this cookie is deleted, the link must be clicked again.
4.2.2 Integration of the Facebook Pixel (“Custom Audience")
Our website uses the pixel of Facebook, Facebook Inc. 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook").
This pixel is used to determine which Facebook users visit our website. This has two purposes:
First, it allows us to determine whether visitors have clicked on our ads on Facebook. This enables us to evaluate the effectiveness of our Facebook ads for statistical and market research purposes and to optimize future advertising efforts. (Optimization of advertising campaigns; Facebook calls the data transferred here to the responsible person “context data")
On the other hand, we can use it on Facebook to create our own target groups for advertisements, which consist of the visitors to the website. Accordingly, we can create and play through Facebook a Facebook advertising campaign that is tailored exactly to the target audience of our website visitors. (Re-marketing; here Facebook calls the data transferred to Facebook “user-defined data", since we, as the persons responsible, can determine the target groups on the basis of parameters specified by Facebook).
It is important to note that it is not possible for us as the person responsible for this page to draw conclusions about the identity of individual users.
We obtain your specific consent for this type of advertising. You use the cookie settings – as explained above – to determine whether we are allowed to set cookies for marketing purposes. If you deny this, no cookies will be set. Data processing here is therefore based on Art. 6 I a) in conjunction with Art. 7 DSGVO.
In the event that website operators transmit data to Facebook and Facebook processes this data as an order processor, a corresponding order processing contract is automatically concluded with Facebook in accordance with Art. 28 DSGVO. (cf.: https://www.facebook.com/legal/terms/dataprocessing)
You should also note that the data is processed by Facebook, that Facebook can connect to the respective user profile and that Facebook can use the data for its own advertising purposes in accordance with the Facebook Data Usage Guidelines (https://www.facebook.com/about/privacy/). This allows Facebook to optimize the placement of advertisements on Facebook pages and outside Facebook. This use of data cannot be influenced by us as the site operator.
If you do not want this, you can turn off the remarketing feature through your Facebook settings. To do this, you must select the “not allowed" setting under “Advertisements based on partner data".
4.2.3 Integration of the “Sharpspring" tool
Sharpspring is a tracking and lead management tool of Sharpspring Inc, 550 SW 2nd Avenue Gainesville, FL 32601.
Via Sharpspring, each visitor to the website is assigned a user ID. This user ID enables us to trace the visitor’s customer journey on the website exactly. What is special about Sharpspring is that the customer journey can be traced all the way to completion of a contact or newsletter registration form and that Sharpspring merges the personal data from the contact form with the user ID.
This enables us to identify exactly which areas of interest our prospective customers and potential customers are pursuing, play out individualised and personalised content and offers to them on the website and thus advise them individually on their main interests right from the very first contact.
Also for this kind of tracking we obtain your concrete consent. This is because you determine via the cookie settings – as explained above – whether we are allowed to set cookies for marketing purposes. If you negate this, no cookies will be set that are used to assign the user ID. Data processing here is therefore based on Art. 6 I a) in conjunction with Art. 7 DSGVO.
We have concluded an order processing agreement with Sharpspring.
4.3 Google Web Fonts
We use the web fonts from Google LLC, but we host them ourselves and have blocked the queries from/to the Google server. As a result, we do not use Google Fonts to process personally identifiable information.
4.4 Google Maps
To make it easier for you to find us, we have included maps of the Google Maps service from Google, LLC on our website via an API. To view this content, Google must receive your IP address, otherwise Google could not provide you with this embedded content (see section 4.1. IP address).
4.5 Integration of Youtube videos
If you want to make sure that your data is not stored on YouTube, please do not click on the embedded videos.
4.6 Share buttons (from Facebook, Twitter, XING, LinkedIn, WhatsApp)
Recommendation buttons (so-called “share buttons", i.e. a button for sharing content on social networks) are implemented on this website. These are integrated in such a way that you – or the browser – only send personal data to the respective social service when a share button is activated (clicked) by you (so-called Shariff solution). Without the Shariff tool, data would already be sent to the social services by calling the website.
By activating (clicking) a share button several data are sent to the respective social network. Please read in detail the explanations below about the respective services.
4.6.1 Share Button Facebook
We have the share button from the social network of Facebook, which is operated by facebook Inc., 1601 Willow Road, Menlo Park, CA 94025, USA. If you have your habitual residence in the European Union, you will be offered the services of facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. The share button is recognizable by the characteristic Facebook logos.
By activating the share button, the following data is transmitted to Facebook to the best of our knowledge:
Date and time of the visit
The Internet address/URL of the website you are currently visiting
Your IP address
Traffic data (information about used device and browser, operating system)
Your Facebook user ID, if you are logged in to Facebook with your browser.
and of course the information that you have used this specific plugin on our site.
4.6.2 Share button Twitter
4.6.3 Share Button XING
We use the XING share button of the XING social network. If you activate the share button, a connection will be established to the servers of XING SE, Dammtorstraße 30, 20354 Hamburg, Germany. XING does not store any personal data when you access this website. In particular, no IP addresses are stored. There is also no evaluation of usage behavior.
The latest data protection information on the XING Share button and additional information can be found here.
4.6.4 Linked-in Button
LinkedIn provides the following information:
If you activate this button, LinkedIn will also set cookies and automatically receive the URL of the website you came from. In addition, advertisers receive the URL of this information. LinkedIn also receives the Internet Protocol (“IP") address of the computer or proxy server through which you access the Internet, the operating system of the computer and the web browser used, the mobile device (including the mobile device ID available through the operating system of your mobile device), the operating system of your mobile device (if you are accessing from a mobile device), and the name of the Internet service or mobile service provider. LinkedIn may also receive location data transferred to it from third party services or GPS-enabled devices that are enabled.
For more information about LinkedIn’s data processing practices, click here.
4.6.5 WhatsApp Button
A WhatsApp button, WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, is also placed in the mobile view. However, the WhatsApp button is a simple hyperlink (Share with WhatsApp) that creates a native deep link into WhatsApp. Apart from the normal referrer data (including the IP address, see Section 4.1), no personal data is transmitted and/or tracked. The referrer data is generated automatically each time a link is accessed on the Internet.
4.7 Data processing for enquiries from interested parties via the website
When you contact us, we process the following information about you.
4.7.1 Making contact via the contact form
If you would like to contact us as an interested party using the contact form, please enter the following personal data in the contact form:
Salutation and title
First name and surname
This data will only be used to process your request and to be able to come back to you afterwards.
The legal basis for this data processing here is Art. 6 Para. 1 b) DSGVO, as we could not return to you and your concern if we did not receive any personal contact data from you.
4.7.2 Contact by e-mail
If you contact us as a customer or prospective customer by e-mail, you must at least leave us the following personal data or transmit them to us:
First name and surname
The legal basis for this data processing here is also Art. 6 Para. 1 b) DSGVO, as we could not return to you and your concern if we did not receive any personal contact data from you.
4.7.3 Processing of data relating to interested parties
If you describe your interest in our services with your message, we will process your data as prospective customer data. This means that we transfer the contact data and the reason for your inquiry into our CRM system. This processing takes place on the basis of Art. 6 I f) DSGVO. We have a legitimate interest in maintaining and intensifying contact with interested parties. This is only possible if we do not delete the data. An opposing interest on your part is not apparent in this case, since you have provided us with the data yourself within the scope of an expression of interest.
4.8 Registration for the newsletter
If you subscribe to our newsletter, we will of course need your e-mail address to send you the newsletter and your name for the purpose of personalising the newsletter.
In addition, we statistically record which users have opened the newsletter and which users have clicked on links in the newsletter in order to be able to track which content is of interest to our users.
This data processing is based on your consent in accordance with Art. 6 I a iVm Art. 7 DSGVO.
We obtain your consent as part of the double opt-in procedure. You first register for our newsletter in order to receive an e-mail with a reference to this information on data processing and a confirmation link. Only after clicking on the confirmation link will you be included in the newsletter distribution list. We do this to ensure that you have actually registered your e-mail address with us and wish to receive the newsletter, and to be able to prove this in case of doubt.
For the aforementioned verification purposes, we log your subscription to the newsletter; for this purpose, we save the registration and confirmation times as well as your complete IP address at the time of registration or confirmation. We process this data on the basis of Art. 6 I f) DSGVO, as we have a legitimate interest in your person registering for the newsletter in the event of any legal disputes. A predominant legitimate interest on your part that we do not process this data is not apparent. Rather, the double opt-in process is also in your interest, as this is the only way to ensure that unauthorised third parties do not register for you.
4.9 Comment function
If you use the comment function in the socialtelligence blog, the transmitted data will naturally be collected and stored. According to the comment fields of the blog, these are usually your name, your email address, your URL and the comment itself as well as your IP address. Your email is not displayed on the website, nor is your IP address. Since you do not have to enter your real name, it is possible to use the comment function under a pseudonym.
Your IP address will be deleted automatically after 60 days. Over this period, the IP address is stored for reasons of spam protection (prevention of Brutforce attacks).
Your comments and the aforementioned personal data will of course be stored on a long-term basis. Otherwise we would not be able to display them on the website under the articles. Should you wish your data to be deleted, we will of course be happy to do so. To do so, please simply go to the point “Rights of data subjects" below.
Here, too, data processing with regard to the e-mail address collected and the content data is based on Art. 6 Para. 1 b) DSGVO, as otherwise we simply cannot offer you the possibility of commenting.
The IP address is stored for 60 days on the basis of Art. 6 para. 1 f) DSGVO. It is in our legitimate interest to be able to recognise and prevent SPAM, a predominant conflicting interest on your part is not recognisable. In particular, because real users are regularly assigned dynamic IP addresses that exclude a personal reference after a few days and we can only obtain the surrender of your personal data with a court order against the provider.
To prevent spam comments we use the privacy friendly Anti-Spam PlugIn AntiSpambee. The options “consider public spam database" and “only allow comments in a certain language" are deactivated. As a result, users’ IP addresses stored via the WordPress commenting tool – as explained above – are not forwarded to third parties. More information can be found here.
4.10 Data processing for purposes of receiving whitepapers, information or studies, access to webinars (download function)
If you wish to make use of contents and services which we (not constantly) make available for download on our pages (also on special landing pages), then we process your data for the purpose of executing the contract, as described in more detail in the following paragraphs.
4.10.1 Contract for the receipt of services for download
On our website we offer the following services among others
Whitepapers and studies for download
Access to webinars on relevant HR topics
In return for the use of the aforementioned contents and services, you provide us with the data specified in Section 4.9.3 and grant us permission to use this data for the purpose of sending further information and for the purpose of addressing other offers.
Otherwise we will unfortunately not be able to offer you this service and you will not be able to use the services provided by us.
The download function together with the respective registration and download forms represent our offer for you.
You accept this offer if you enter your data, click on the required opt-in box with reference to this agreement and the information on data processing and then click on the link which you will then receive by e-mail to confirm your acceptance of the offer (so-called double opt-in).
However, you can of course revoke your permission to use your personal data at any time in connection with the acceptance of the offer.
4.10.2 Information on data processing with regard to the download area
If you would like to take advantage of an offer from our download area, you must provide the following information:
Salutation and title if applicable
As set out in Section 4.10.1, we use this data to inform you about other interesting offers matching your company profile and the content you use. We include your data in our database of interested parties.
In this respect, we process your data on the basis of Art. 6 Para. 1 b) for the execution of the contract. The prohibition of tying under Art. 4 No. 7 DSGVO is not affected here. Within the framework of private autonomy, socialtelligence can decide against which service it offers its services and the user can decide under which conditions he wishes to receive these services. In addition, the user is of course entitled to the rights flowing from the DSGVO at any time. The User may revoke the declaration of intent thereby made at any time.
Every time you download additional content, register for a webinar or contact us directly, for example at a trade fair, we record this in our database. The same applies if you call us to arrange a consultation with us, for example. In this way, we know what your needs are and can establish a relationship with you.
We process this additional data on the basis of Art. 6 Para. 1 f) DSGVO.
4.11 Data processing in the context of paid webinars, seminars and events
If you wish to book a paid ticket for a webinar, seminar or conference via our website, we need the following data of the person booking:
Personal email address
If you as a company would like to book tickets for one or more employees, we also need the following data of the participants
As the company making the booking, you confirm, if necessary, that you have informed the participants about this form of data processing.
We process all aforementioned data for the execution of the contract. This includes the preparation and follow-up of the events. As a result, data processing is based on Art. 6 I b) DSGVO.
5. not applicable
6. use of data for a specific purpose, recipients of data, transmission of data
We observe the principle of earmarked data use. We process all of the above data only for the purposes already mentioned.
Beside the responsible persons of the web page are
Internetwerk GmbH (hosting provider)
Google Maps, Google LLC (if this tool is used)
As well as other recipients with respect to whom the user has consented to the disclosure of his data (e.g. Google, LLV or Facebook via the cookie consensus form)
possible recipients of the data.
As far as necessary, the recipients are obliged to us by order processing contracts.
Personal data will not be passed on to third parties outside the scope described here without express consent.
Also the transmission to state institutions and authorities entitled to receive information only takes place within the scope of the legal obligations to provide information or if we are obligated by a court decision to provide information.
7. duration of processing, deletion of data
7.1 Deletion periods within the scope of using the website
Your IP address is stored in the web server log files during connection setup and is automatically deleted from the log files after 7 days.
The data that we collect within the framework of the Universal Analytics usage profile is automatically deleted after 14 months.
7.2 Deletion Periods for Contact Requests via E-Mail or Form
Your data, which you send us by e-mail, will be deleted by us immediately after your request has been dealt with.
This does not apply if your enquiries and the associated data are to be classified as interested party data.
7.3 Deletion periods for interested party data
Data of interested parties will be deleted two years after the last contact point.
A contact point can be the download of a white paper, interaction with an employee at a trade fair, via social media, e-mail or telephone, or participation in a webinar, seminar or event. The long storage period is due to the long planning and budget cycles of the personnel marketing industry.
Unless, it is to be fulfilled retention periods after ? 257 HGB. In this case the data are kept up to 6 years and deleted afterwards. In this case, the data will be limited in use to the fulfilment of the storage obligation in accordance with Art. 18 DSGVO after the expiry of the two-year period and deleted after the expiry of the above-mentioned periods.
If a deletion of individual data and data records is only possible with a disproportionate effort with regard to extraction and separation with regard to different deletion periods, these data will be limited uniformly after completion of the request and deleted at the end of 6 years after the last contact point.
The period begins with the end of the calendar year, in which the respective date was raised.
7.4 Deletion periods within the framework of the execution of the event
We are legally obliged to keep your data for 10 years in accordance with §§ 146, 147 AO. Your data will then be deleted.
The period begins with the end of the calendar year, in which the respective date was raised.
8 Rights affected (including rights of information, revocation, objection and deletion)
Irrespective of the above, you have the following rights:
You have the right to request information regarding the data processed by us. (You already know everything we know about you, but we will be happy to let you know again).
You may object to the processing of your data at any time, provided that the requirements of Art. 21 DSGVO are met, and revoke any consent you may have given to the processing of your data at any time. If the consent to data processing is revoked or the use of the data is objected to, this does not affect the legality of the data processing until the time of revocation or objection.
You can also have the data processed by us corrected, limited or deleted at any time. We expressly point out that there may be legal obligations – such as storage obligations – to further store data. In this case, the data can only be limited. This means that the data are processed exclusively for the purpose of fulfilling the legal obligations and are not used otherwise.
In addition, you also have the right to data transfer in accordance with Art. 20 DSGVO and the right to lodge a complaint with a supervisory authority within the meaning of Art. 77 DSGVO.
If you have any questions, please contact us at email@example.com at any time.
9 Data Protection Officer
According to Art. 37 DSGVO, § 38 BDSG-Neu, the appointment of a data protection officer is currently not required.
Information on data processing with regard to the Facebook page
On 5 June 2018, the European Court of Justice ruled that Facebook and a Facebook page operator are jointly responsible for data processing under data protection law. (More on this in Nina Diercks’ blog.)
One day later, on 06.06.2018, the data protection conference (merger of the German supervisory authorities) published a so-called resolution with regard to this joint data protection responsibility. (Also here great reading material of RAin Nina Diercks).
Accordingly, we must inform you comprehensively about the data processing that takes place via and through the Facebook page, especially if you do not use Facebook yourself. Of course we would like to do that. However, we do not currently have more information than Facebook itself has at our disposal. Facebook’s data policy, including information about your rights as a data subject, can be found here.
Furthermore, we would have to conclude a contract with Facebook pursuant to Art. 26 DSGVO with regard to joint responsibility with Facebook. We would like to do that as well – but Facebook has not yet commented on the matter.