Table of content

The use of this website is basically possible without the indication of personal data. However, if a person concerned wishes to use special services via our website, personal data may be processed. If the processing of personal data is necessary and there is no legal basis for the processing, we generally obtain the consent of the person concerned.

The processing of personal data takes place in accordance with the requirements of the General Data Protection Regulation (GDPR) and in accordance with the applicable country-specific data protection regulations. By means of this data protection declaration, we would like to inform the public about the type, scope and purpose of the personal data processed by us. In addition, this privacy statement will inform visitors of this website about their rights. Numerous technical and organisational measures have been implemented to ensure the most complete possible protection of the personal data processed via this website. Nevertheless, internet-based data transmissions can in principle have security gaps, so that absolute protection cannot be guaranteed. For this reason, each person concerned is free to transmit personal data to us by alternative means, such as telephone or encrypted e-mail.

§ 1 Definitions of terms

(1) Personal Data

Personal data means any information relating to an identified or identifiable natural person (hereinafter "data subject"). A natural person shall be considered identifiable if he can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more specific characteristics expressing the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.

(2) Controller

The controller shall be the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are laid down by union law or by the law of the member states, the controller or controllers may be designated in accordance with union law or with the law of the member states on the basis of specific criteria.

(3) Person concerned

Data subject is any identified or identifiable natural person whose personal data are processed by the data controller.

(4) Processing

Processing means any operation or set of operations which is carried out with or without the support of automated processes and which relates to personal data, such as collection, recording, organisation, sorting, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or association, qualification, erasure or destruction.

(5) Restriction of Processing

Limitation of processing is the marking of stored personal data with the aim of limiting their future processing.

(6) Profiling

Profiling is any automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the work performance, economic situation, health, personal preferences, interests, reliability, conduct, whereabouts or movement of that natural person.

(7) Pseudonymisation

Pseudonymisation means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the provision of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures ensuring that the personal data are not attributed to an identified or identifiable natural person.

(8) Processors

Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

(9) Receiver

The recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not that person is a third party. However, authorities which may receive personal data in the course of a specific investigation task under Union law or the law of the Member States shall not be considered as recipients.

(10) Third Party

Third party means any natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons authorised to process the personal data under the direct responsibility of the controller or processor.

(11) Consent

Consent shall mean any voluntary, informed and unambiguous expression by the data subject of his or her will in the particular case, in the form of a statement or other unequivocal confirmatory act, indicating that he or she consents to the processing of his or her personal data.

§ 2 Name and address of the controller

Controller according to Art. 4 (7) GDPR and contact person is:
Scientists into Business GmbH
Theresienstr. 12
01097 Dresden
E-Mail: kontakt@scib.consulting

§ 3 Legal basis of the processing

The legal basis for all processing operations for which we obtain the consent of the data subject is Art. 6 (1) a GDPR.

Processing operations that serve to fulfil a contract are based on Art. 6 (1) b GDPR. This also applies to processing operations that are necessary to carry out pre-contractual measures.

If the processing results from a legal obligation, Art. 6 (1) c GDPR is the legal basis for the processing.

In the event that the processing is intended to protect the vital interests of the persons concerned or other natural persons, the processing is based on Art. 6 (1) d GDPR.

If the controller is obliged to carry out tasks which are in the public interest or are carried out in the exercise of official authority, Art. 6 (1) e GDPR provides the legal basis.

If the processing is necessary to safeguard the legitimate interests of the controller or third parties, the processing is based on Art. 6 (1) f GDPR. The interests or fundamental rights and freedoms of the data subject must not predominate.

§ 4 Duration of storage of personal data

Personal data is only stored for as long as the purpose for which it was collected exists. An exception exists only if statutory retention periods provide for a different period.

§ 5 Routine deletion and blocking of personal data

The controller processes and stores personal data of the person concerned only for the period of time necessary to achieve the stated purpose or insofar as this has been provided for by the European directive and regulation giver or another legislator in laws or regulations to which the person responsible is subject.

If the stated purpose ceases to apply or if a storage period prescribed by the European directive and regulation giver or another competent legislator expires, the personal data will be blocked or deleted routinely and in accordance with the statutory provisions.

§ 6 Rights of the data subject

(1) Assert affected rights

If a data subject wishes to exercise the rights to which he or she is entitled, he or she may at any time contact the employee referred to in § 2.

(2) Right to confirmation

Any data subject shall have the right to obtain from the controller confirmation as to whether personal data relating to him or her are being processed.

(3) Right to obtain information

If personal data has been processed, the data subject has the right to request information free of charge on the personal data stored about him or her. It is also possible to obtain a copy of the relevant data. The data subject is entitled to the following information when providing information:

  • the processing purposes
  • the categories of personal data processed
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations
  • if possible, the planned duration for which the personal data will be stored or, if that is not possible, the criteria for determining that duration
  • the existence of a right to the rectification or erasure of personal data concerning him or her or to the limitation of the processing carried out by the controller or of a right to object to such processing
  • the existence of a right of appeal to a supervisory authority
  • if the personal data are not collected from the data subject: All available information on the origin of the data
  • where personal data is transferred to a third country or to an international organisation, the data subject shall have the right to be informed of appropriate safeguards relating to the transfer

(4) Right to rectification

The data subject concerned by the processing of personal data has the right to obtain from the controller without delay the rectification of any inaccurate personal data concerning him or her. The data subject shall also have the right to request the completion of incomplete personal data, including by means of a supplementary statement, having regard to the purposes of the processing.

(5) Right to erasure

The data subject who processes personal data shall have the right to request the controller to erase personal data concerning him without delay if one of the following reasons applies:

  • The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
  • The data subject withdraws his/her consent and there is no other valid legal basis for the processing.
  • The data subject objects to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate reasons for the processing or the data subject objects to the processing pursuant to Art. 21 (2) GDPR.
  • The personal data have been processed unlawfully.
  • The deletion of the personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the controller is subject
Exceptions exist if processing is necessary. If the controller has made the personal data public and is obliged to delete them in accordance with Art. 17 (1) GDPR, he shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform the data controllers processing the personal data that a data subject has requested them to delete all links to this personal data or copies or replications of this personal data.

(6) Right to restrict processing

The data subject who is subject to the processing of personal data shall have the right to request the controller to limit the processing if one of the following conditions is met:

  • the accuracy of the personal data is contested by the data subject for a period of time which enables the controller to verify the accuracy of the personal data,
  • the processing is unlawful and the data subject refuses to erase the personal data and instead requests that the use of the personal data be restricted;
  • the controller no longer needs the personal data for the purposes of the processing, but the data subject needs them for the assertion, exercise or defence of legal rights, or
  • the data subject has lodged an objection to the processing pursuant to Art. 21 (1) GDPR as long as it has not yet been established whether the legitimate reasons of the data controller outweigh those of the data subject.
Where processing has been restricted, personal data, other than those stored, may not be processed without the consent of the data subject or for the exercise, exercise or defence of rights or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the union or of a member state.

(7) Right to data portability

The data subject concerned by the processing of personal data has the right to obtain the personal data concerning him which he has made available to the controller in a structured, common and machine-readable format. It shall also have the right to communicate the data to another controller without being hampered by the controller to whom the personal data have been provided, provided that:

  • the processing is based on a consent pursuant to Art. 6 (1) a GDPR or Art. 9 (2) a GDPR or on a contract pursuant to Art. 6 (1)para. 1 letter b GDPR a
  • processing is carried out using automated procedures.
Furthermore, the data subject has the right, in order to exercise his/her right to data transferability, to have personal data communicated directly by one data controller to another data controller, in so far as this is technically feasible.

This right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. Furthermore, this right shall not apply if the rights or freedoms of other persons are infringed.

(8) Right to object

The data subject who processes personal data has the right to object at any time, on grounds relating to his particular situation, to the processing of personal data concerning him on the basis of Article 6 (1) (e) or (f) of the GDPR.

Where personal data is processed for the purpose of direct marketing, the data subject shall have the right to object at any time to the processing of personal data concerning him for the purpose of such advertising, in so far as it relates to such direct marketing. If the data subject objects to the processing for the purposes of direct marketing, the personal data shall no longer be processed for those purposes.

The controller shall no longer process the personal data unless he can prove compelling legitimate reasons for the processing outweighing the interests, rights and freedoms of the data subject or the processing is for the exercise, exercise or defence of legal rights.

In addition, the data subject shall have the right to object to the processing of personal data concerning him/her for scientific or historical research purposes or for statistical purposes in accordance with Article 89 (1) of the GDPR, unless such processing is necessary for the performance of a task in the public interest, for reasons connected with his particular situation.

In connection with the use of information society services, the data subject may, notwithstanding Directive 2002/58/EC, exercise his right of objection by means of automated procedures using technical specifications.

(9) Automated decisions in individual cases including profiling

The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects upon him or her or significantly affects him or her in a similar manner. This shall not apply where the decision:

  • is necessary for the conclusion or performance of a contract between the data subject and the controller,
  • is authorised by legislation of the Union or of the Member States to which the person responsible is subject, and such legislation contains appropriate measures to safeguard the rights and freedoms and the legitimate interests of the persons concerned, or
  • with the express consent of the data subject.
Where the decision is necessary for the conclusion or performance of a contract between the data subject and the data controller, or with the express consent of the data subject, the data controller shall take reasonable steps to safeguard the rights, freedoms and legitimate interests of the data subject, including at least the right to have the data subject intervene, to present his or her views and to contest the decisi

(10) Right to revoke a consent

The person concerned by the processing of personal data has the right to withdraw his or her consent at any time. The revocation shall not affect the lawfulness of the processing carried out on the basis of the consent until revoked.

§ 7 Legitimate interests in the processing pursued by the controller or by a third party

If the processing of personal data is based on Art. 6 (1) f GDPR, the person responsible affirms that a conscientious weighing of our interests and the interests and fundamental rights of the data subject has taken place prior to the collection of the data. The data subject may demand that the legitimate interests of the data subject be substantiated.

§ 8 Legal or contractual provisions for the provision of personal data

It can happen that personal data must be provided due to legal regulations or contractual regulations. In the event of a request for an offer or the conclusion of a contract, it is necessary for the person concerned to provide us with certain personal data, which we then process. Failure to provide the necessary data would mean that the contract cannot be concluded.

Before providing personal data, the person concerned can inquire with the employee named in § 2 whether the collection of the same data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and what the consequences would be if the data were not provided.

§ 9 Provision of infrastructure

All our data is hosted and stored on the servers of Hetzner Online GmbH.

Hetzner Online GmbH
Industriestrasse 25
91710 Gunzenhausen
Germany

Further information on data protection at Hetzner Online GmbH can be found at: https://www.hetzner.com/rechtliches/datenschutz?country=gb.

§ 10 Cookies

Cookies are used on our website. Cookies are text files which users of a visited website receive and which can be used to identify you to this website.

Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters through which web pages and servers can be assigned to the specific Internet browser in which the cookie was stored. This enables the visited websites and servers to distinguish the individual browser of the person concerned from other Internet browsers that contain other cookies. A particular Internet browser can be recognized and identified by its unique cookie ID.

By using cookies, the responsible person can provide the users of this website with more user-friendly services, which would not be possible without the setting of cookies.

By means of a cookie, the information and offers on our website can be optimised in the interests of the user. The purpose of this recognition is to make it easier for users to use our website.

The person concerned can prevent the setting of cookies by our website at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. In addition, cookies that have already been set can be deleted at any time via the Internet browser or other software programs used. This is possible in all common Internet browsers. By deactivating cookies, it may happen that some functions of our website are no longer fully usable.

§ 11 Collecting data using server log files

On our website, a series of general data is collected each time a person concerned or an automated system accesses our website. These general data are collected anonymously and stored in the log files of the server. We record (a) the browser types and versions used, (b) the operating system used by the accessing system, (c) the website from which an accessing system accesses our website (so-called referrer), (d) the sub-sites which are accessed via an accessing system on our website, (e) the date and time of an access to the website, (f) an Internet protocol address (IP address), (g) the Internet service provider of the accessing system and (h) other similar data used to avert danger in the event of attacks on our IT systems.

The data collected is anonymised after seven days. Due to the anonymisation, the person responsible cannot draw any conclusions about the person concerned. This data is rather required to (a) correctly deliver the contents of our website, (b) optimise the contents of our website and the advertising for it, (c) guarantee the permanent functionality of our IT systems and the technology of our website and (d) provide law enforcement authorities with the data necessary for criminal prosecution in the event of a cyber attack. This anonymously collected data is therefore evaluated by the responsible person both statistically and with the aim of increasing data protection and data security in our institution. The anonymous data of the server log files are stored separately from all personal data provided by the person concerned.

§ 12 Contact details of the provider

Due to legal regulations, our website contains information that enables us to be contacted quickly and electronically and to communicate directly with you, including a general e-mail address. If a person concerned makes contact by e-mail, the personal data transmitted by the person concerned is automatically stored. Such personal data transmitted voluntarily by an affected person will be stored for the purpose of processing or contacting the affected person. This personal data will not be passed on to third parties.

§ 13 Troubleshooting

In order to be able to analyse and correct errors that have occurred on our website, monitoring is carried out. In the event of an error, crash, etc., the IP address of the user is collected. The data will be deleted after 35 days.

§ 14 Login using third party authentication services

Users can use the authentication service of one of the listed providers to register and login for our services. An user account at the provider is required.

The available providers are: Facebook, Google, Xing, LinkedIn

If a user wishes to authenticate with a third party service, he or she consents that we automatically obtain the first name, last name and e-mail address from the provider. Furthermore we obtain a user ID and the information that a user is registered with this user ID at the service (so-called user handle).

As part of the login and registration process the user gets notified that his or her data is shared. The password that is used while logging in to a service is not visible or accessible by the controller.

Applicable are the terms of service and privacy policy of the respective provider: Facebook: https://www.facebook.com/about/privacy/, Google: https://policies.google.com/privacy?hl=en, Xing: https://privacy.xing.com/en/privacy-policy, LinkedIn: https://www.linkedin.com/legal/privacy-policy?trk=uno-reg-guest-home-privacy-policy.

§ 15 Newsletter subscription

On the website of the Scientists into Business GmbH, users are given the opportunity to subscribe to our enterprise's newsletter. The input mask used for this purpose determines what personal data are transmitted, as well as when the newsletter is ordered from the controller.

The Scientists into Business GmbH informs its customers and business partners regularly by means of a newsletter about enterprise offers. The enterprise's newsletter may only be received by the data subject if (1) the data subject has a valid e-mail address and (2) the data subject registers for the newsletter shipping. A confirmation e-mail will be sent to the e-mail address registered by a data subject for the first time for newsletter shipping, for legal reasons, in the double opt-in procedure. This confirmation e-mail is used to prove whether the owner of the e-mail address as the data subject is authorized to receive the newsletter.

During the registration for the newsletter, we also store the IP address of the computer system assigned by the Internet service provider (ISP) and used by the data subject at the time of the registration, as well as the date and time of the registration. The collection of this data is necessary in order to understand the (possible) misuse of the e-mail address of a data subject at a later date, and it therefore serves the aim of the legal protection of the controller.

The personal data collected as part of a registration for the newsletter will only be used to send our newsletter. In addition, subscribers to the newsletter may be informed by e-mail, as long as this is necessary for the operation of the newsletter service or a registration in question, as this could be the case in the event of modifications to the newsletter offer, or in the event of a change in technical circumstances. There will be no transfer of personal data collected by the newsletter service to third parties. The subscription to our newsletter may be terminated by the data subject at any time. The consent to the storage of personal data, which the data subject has given for shipping the newsletter, may be revoked at any time. For the purpose of revocation of consent, a corresponding link is found in each newsletter. It is also possible to unsubscribe from the newsletter at any time directly on the website of the controller, or to communicate this to the controller in a different way.

We use MailChimp, a newsletter service to store your details and send you our newsletter. If you register for our newsletter your data may be transferred outside the EEA, to the US. Mailchimp is self-certified under Privacy Shield and lawfully transfers EU/EEA personal data to the US according to its Privacy Shield Certification. Find out more about MailChimp’s privacy policy here: https://mailchimp.com/legal/privacy/.

§ 16 Newsletter tracking

The newsletter of the - contains so-called tracking pixels. A tracking pixel is a miniature graphic embedded in such e-mails, which are sent in HTML format to enable log file recording and analysis. This allows a statistical analysis of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, the Scientists into Business GmbH may see if and when an e-mail was opened by a data subject, and which links in the e-mail were called up by data subjects.

Such personal data collected in the tracking pixels contained in the newsletters are stored and analyzed by the controller in order to optimize the shipping of the newsletter, as well as to adapt the content of future newsletters even better to the interests of the data subject. These personal data will not be passed on to third parties. Data subjects are at any time entitled to revoke the respective separate declaration of consent issued by means of the double-opt-in procedure. After a revocation, these personal data will be deleted by the controller. The Scientists into Business GmbH automatically regards a withdrawal from the receipt of the newsletter as a revocation.

§ 17 Usage of the intap portal

We collect personal data from you when you provide it to our portal, such as when you fill out a form or submit a resume. You don’t have to post or upload personal data, though if you don’t, it limits your ability to use our services.

We only pass your personal data on to third parties when this is required to fulfil our business purposes of intap and its project executing organization (i.e. in particular to perform the services we provide you with) or when you have given your consent to this. In cases where we work together with external service providers for our data processing this is usually carried out on an order data processing basis.

Your personal data is not visible to third party users oft he platform and will not be transferred to the participating company users in the network without your explicit consent.