Privacy Policy

I. Introduction

We are delighted that you are visiting our website. We respect your privacy. Data protection and data security when using our website are very important to us. With this privacy policy, we would like to inform you about the extent to which data is collected when you use our website and for what purposes we use this data. We would also like to inform you about your rights in this regard.

II. General information

In accordance with Art. 13 GDPR, we provide the following information about the collection of personal data when using our website. Personal data is any data that can be related to you personally, e.g., name, address, email addresses, user behavior.

The controller pursuant to Art. 4 (7) of the EU General Data Protection Regulation (GDPR) is

InTiCa Systems SE · Spitalhofstraße 94 · 94032 Passau · Germany

https://www.intica-systems.com/imprint

You can contact our data protection officer at:

Bugl & Kollegen Gesellschaft für Datenschutz und Informationssicherheit mbH, Alexander Bugl, Eifelstraße 55, 93057 Regensburg, email: kontakt@buglundkollegen.de

III. Visiting our website

When using the website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security:

– IP address
– Date and time of the request
– Time zone difference to Greenwich Mean Time (GMT)
– Content of the request (specific page)
– Access status/HTTP status code
– Amount of data transferred in each case
– Website from which the request originates
– Browser
– Operating system and its interface
– Language and version of the browser software.

Under certain circumstances, we may also use another service provider to display the privacy policy. This involves the use of an embed code, which transmits your IP address to the service provider in question.
We process your data on the basis of our legitimate interest for a limited period of time in order to initiate a derivation to personal data in the event of unauthorized access or access attempts to our servers, to be able to display the privacy policy properly, and to be able to load the fonts we use from our own server (Art. 6 (1) (f) GDPR).

IV. Use of cookies

In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive and assigned to the browser you are using, and through which certain information flows to the entity that sets the cookie (in this case, us). They serve to make the Internet offering more user-friendly and effective overall.

As a rule, a distinction is made between two categories of cookies: (a) essential cookies, without which the functionality of a website would be limited, and (b) optional cookies for website analysis and marketing purposes.

Since no optional cookies are used on our website, consent and thus also a cookie banner are not required. The use of essential (necessary) cookies is based on legitimate interest pursuant to Art. 6 (1) lit. f GDPR.

V. Contact

a. Type and purpose of processing

The data you enter in the contact form is stored for the purpose of individual communication with you. For this purpose, a valid email address and your name are required. This serves to assign the request and subsequently respond to it. The provision of further data is optional. If you contact us by email, the data you provide (email address, your name and telephone number, if applicable, etc.) will also be processed for individual communication.

b. Legal basis for processing

The data provided is processed on the basis of a legitimate interest (Art. 6 (1) (f) GDPR). By providing the contact form and our email address, we want to make it easy for you to contact us. The information you provide will be stored for the purpose of processing your inquiry and for possible follow-up questions. If you contact us to request a quote, the data you enter will be processed for the purpose of implementing pre-contractual measures (Art. 6 (1) (b) GDPR). 

c. Data categories

First and last name, email, etc.

d. Recipients

The recipients of the data are internal employees of InTiCa Systems SE and, if applicable, processors such as IT service providers. 

e. Storage periods  

Data will be deleted no later than 6 months after the request has been processed. If a contractual relationship is established, we are subject to the statutory retention periods under the German Commercial Code (HGB) and will delete your data after these periods have expired. 

f. Legal/contractual requirement

The provision of your personal data is voluntary. However, we can only process your request if you provide us with your name, email address, and the reason for your request.

g. Transfer to third countries

Processing does not take place outside the European Union (EU) or the European Economic Area (EEA).

h. Automated decision-making and profiling

As a responsible company, we do not use automated decision-making or profiling in this data processing..

VI. Hosting

The hosting services we use (services for operating and providing the website) serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, email delivery, security services, and technical maintenance services, which we use for the purpose of operating this online offering. 

In doing so, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties, and visitors to this online offer on the basis of our legitimate interests in the efficient and secure provision of this online offer in accordance with Art. 6 (1) lit. f GDPR in conjunction with Art. 28 GDPR (conclusion of a data processing agreement).

VII. Your rights

If you, as a user, process personal data, you are considered a data subject under the GDPR. Data subjects have the following rights vis-à-vis the controller:
    •    Right of access (Art. 15 GDPR)
    •    Right to rectification or erasure of personal data (Articles 16 and 17 GDPR)
    •    Right to restriction of processing (Art. 18 GDPR)
    •    Right to be informed in connection with the rectification or erasure of your personal data or the restriction of processing (Art. 19 GDPR))
    •    Right to data portability (Art. 20 GDPR)
    •    Right to object (Art. 21 GDPR)
    •    Right to withdraw consent. The lawfulness of data processing carried out until withdrawal remains unaffected by the consent given to date. (Art. 7(3) GDPR)
    •    Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

Contact details for the supervisory authorities in the individual countries

VIII. Information obligations in the application process

a. Type and purpose of processing
We process applicant data only for the purpose and within the scope of the application process in accordance with legal requirements. Applicant data is processed to fulfill our (pre)contractual obligations within the scope of the application process, provided that data processing becomes necessary for us, e.g., in the context of legal proceedings.
The application process requires applicants to provide us with their application data. The necessary application data is marked if we offer an online form, otherwise it can be found in the job descriptions and generally includes personal details, postal and contact addresses, and the documents relating to the application, such as cover letters, resumes, and references. In addition, applicants can voluntarily provide us with additional information. By submitting their application to us, applicants consent to the processing of their data for the purposes of the application process in the manner and to the extent set out in this privacy policy. If available, applicants can submit their applications to us using an online form on our website. The data is transmitted to us in encrypted form using state-of-the-art technology. Applicants can also send us their applications by email to karriere@intica-systems.com. However, please note that emails are not encrypted and applicants must ensure that they are encrypted themselves. We therefore cannot accept any responsibility for the transmission of the application between the sender and the receipt on our server and therefore recommend using an online form or postal delivery. The data provided by applicants may be further processed by us for the purposes of the employment relationship in the event of a successful application.

b. Legal basis for processing

The processing of your data serves primarily to establish the employment relationship in accordance with Art. 88 (1) GDPR in conjunction with § 26 (1) BDSG.  

c. Data categories

Your master data (such as first name, last name, name affixes, date of birth) – work permit/residence permit, if applicable – contact details (such as private address, (mobile) phone number, email address) – Skill data (e.g., special knowledge and skills) – If relevant to the advertised position: health suitability – Other data from the application documents, e.g., job references

If special categories of personal data within the meaning of Art. 9 (1) GDPR are voluntarily provided during the application process, they will also be processed in accordance with Art. 9 (2) (b) GDPR (e.g., health data, such as severe disability or ethnic origin).

d. Recipients

The recipients of the data are internal employees of InTiCa Systems SE 

e. Storage periods

Subject to a justified revocation by the applicant, the data will be deleted after a period of 6 months so that we can answer any follow-up questions regarding the application and fulfill our obligations to provide evidence under the Equal Treatment Act. Invoices for any travel expense reimbursements will be archived in accordance with tax law requirements.

f. Legal/contractual requirements

The provision of your personal data beyond the storage period, e.g. to be included in our applicant pool, is voluntary and based solely on your consent. You can revoke this consent to the storage of your personal data at any time with effect for the future.

g. Transfer to third countries

Processing does not take place outside the European Union (EU) or the European Economic Area (EEA).

h. Revocation of consent

If the application for a job vacancy is unsuccessful, the applicant's data will be deleted. Applicants' data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time. You can revoke your consent to the storage of your personal data beyond the storage period at any time with future effect. You can notify us of your revocation at any time using the contact details provided at the beginning of this privacy policy.

i. Automated decision-making and profiling

As a responsible company, we do not use automated decision-making or profiling in this data processing.

IX. Online presence on social networks

We maintain online presences within social networks in order to inform users active there about our services and to communicate directly via the platforms if they are interested. We are currently represented on the following networks:

https://www.facebook.com/profile.php?id=100083235641857

https://www.instagram.com/inticasystems/

All of our social media channels can only be accessed by visitors to the website via an external link. We do not use any plugins or other interfaces on our website that the respective networks offer for embedding their content on websites.

We have no influence on the collection of data and its further use by social networks. We therefore have no knowledge of the extent to which, where and for how long the data is stored, to what extent the networks comply with existing deletion obligations, what evaluations and links are made with the data, and to whom the data is passed on. We therefore expressly point out that user data (e.g., personal information, IP address) is stored by the network operators in accordance with their data usage guidelines and used for business purposes.

We process the data of users on social media platforms if they contact and communicate with us via comments or direct messages, for example.
The legal basis for the processing of user data is Art. 6 (1) lit. b and f GDPR.

    •    Facebook
    •    Instagram

You can access the social media networks Facebook and Instagram via external links on our website. All functions in the social media network are provided by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland. The channels can only be accessed via an external link. If you are logged in with your own profile on Facebook or Instagram and access our social media channel, Facebook can assign your visit to your logged-in profile. If you do not want your user account to be assigned to your IP address, please log out of your Facebook or Instagram account before using our website.
For more information on the processing of your data, please refer to Facebook's privacy policy: https://facebook.com/privacy/explanation and our privacy policy under point X.

a. Type and purpose of processing

We appreciate your interest in our presence on TWITTER. We would like to give you an overview of what data we collect, use, and store there.

Social networks can usually analyze your user behavior comprehensively when you visit their website or a website with integrated social media content (e.g., like buttons or advertising banners). Visiting our social media presence on Twitter triggers numerous data protection-related processing operations. Specifically:

If you are logged into your Twitter account and visit our social media presence, Twitter can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account on Twitter. In this case, this data collection is carried out, for example, via cookies stored on your device or by recording your IP address. Twitter can use the data collected in this way to create user profiles that store your preferences and interests. This allows interest-based advertising to be displayed to you both on and off Twitter. If you have a Twitter account, interest-based advertising can be displayed on all devices on which you are or have been logged in. Please also note that we cannot track all processing operations on Twitter. Therefore, Twitter may carry out additional processing operations. For details, please refer to Twitter's Terms of Service and Privacy Policy.

b. Legal basis for processing

Processing is carried out in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest in maintaining contact with our customers. The analysis processes initiated by Twitter may be based on different legal grounds, which are to be specified by Twitter (e.g., consent within the meaning of Art. 6 (1) (a) GDPR).

c. Data categories

Please refer to Twitter's privacy policy for details on what specific data is collected and how it is used.

Twitter: https://twitter.com/privacy

d. Recipients

    •    Employees of our own company
    •    Twitter

e. Storage periods

Once the purpose has been fulfilled and we have stopped using Twitter, the data collected in this context will be deleted.

f. Legal/contractual requirements

The provision of your personal data is voluntary. Without the provision of your personal data, we cannot grant you access to the content and services we offer.

g. Transfer to third countries

Processing outside the European Union (EU) or the European Economic Area (EEA) cannot be ruled out.

h. Revocation of consent

If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) lit. f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct marketing. If you wish to exercise your right of objection, simply send an email to the above contact address.

i. Automated decision-making and profiling

As a responsible company, we refrain from automated decision-making or profiling in this data processing.

a. Type and purpose of processing

We appreciate your interest in our LinkedIn page. We would like to give you an overview of the data we collect, use, and store there.

Social networks can usually analyze your user behavior comprehensively when you visit their website or a website with integrated social media content (e.g., like buttons or advertising banners). Visiting our social media presence on LinkedIn triggers numerous data processing operations relevant to data protection. Specifically:

If you are logged into your LinkedIn account and visit our social media presence, LinkedIn can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account on LinkedIn. In this case, this data collection is carried out, for example, via cookies stored on your device or by recording your IP address. LinkedIn can use the data collected in this way to create user profiles that store your preferences and interests. This allows interest-based advertising to be displayed to you both on and off LinkedIn. If you have a LinkedIn account, interest-based advertising can be displayed on all devices on which you are or have been logged in. Please also note that we cannot track all processing operations on LinkedIn. LinkedIn may therefore carry out further processing operations. For details, please refer to LinkedIn's Terms of Use and Privacy Policy.

b. Legal basis for processing

Processing is carried out in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest in maintaining contact with our customers. The analysis processes initiated by LinkedIn may be based on different legal grounds, which must be specified by LinkedIn (e.g., consent within the meaning of Art. 6 (1) (a) GDPR).

c. Data categories

For details on what specific data is collected and how it is used, please refer to LinkedIn's privacy policy:

LinkedIn: https://www.linkedin.com/legal/privacy-policy

d. Recipients

    •    Employees of our own company
    •    LinkedIn

e. Storage periods

Once the purpose has been fulfilled and we have stopped using LinkedIn, the data collected in this context will be deleted.

f. Legal/contractual requirements

The provision of your personal data is voluntary. Without the provision of your personal data, we cannot grant you access to the content and services we offer.

g. Transfer to third countriesr

Processing outside the European Union (EU) or the European Economic Area (EEA) cannot be ruled out.

h. Right to object

If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) lit. f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct marketing. If you wish to exercise your right to object, simply send an email to the above contact address.

i. Automated decision-making and profiling

As a responsible company, we refrain from automated decision-making or profiling in this data processing.

a. Type and purpose of processing  

We appreciate your interest in our presence on Kununu/Xing. We would like to give you an overview of what data we collect, use, and store there.

Social networks can usually analyze your user behavior comprehensively when you visit their website or a website with integrated social media content (e.g., like buttons or advertising banners). Visiting our social media presence on Kununu / Xing triggers numerous data protection-related processing operations. Specifically:

If you are logged into your Kununu/Xing account and visit our social media presence, Kununu/Xing can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account on Kununu / Xing. In this case, this data is collected, for example, via cookies stored on your device or by recording your IP address. Kununu / Xing can use the data collected in this way to create user profiles that store your preferences and interests. This allows interest-based advertising to be displayed to you both on and off Kununu / Xing. If you have an account on Kununu / Xing, interest-based advertising can be displayed on all devices on which you are or have been logged in. Please also note that we cannot track all processing operations on Kununu / Xing. Therefore, Kununu / Xing may carry out additional processing operations. For details, please refer to the terms of use and privacy policy of Kununu / Xing.

b.  Legal basis for processing

Processing is carried out in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest in maintaining contact with our customers. The analysis processes initiated by Kununu/Xing may be based on different legal grounds, which are to be specified by Kununu/Xing (e.g., consent within the meaning of Art. 6 (1) (a) GDPR).

c. Data categories

Please refer to the privacy policy of Kununu / Xing for details on what specific data is collected and how it is used:

Kununu: https://privacy.xing.com/de/datenschutzerklaerung

d. Recipients

    •    Employees of the IT department of our own company
    •    Kununu / Xing

e. Storage periods

Once the purpose has ceased to apply and we have stopped using Kununu / Xing, the data collected in this context will be deleted.

f. Legal / contractual requirements

The provision of your personal data is voluntary. Without the provision of your personal data, we cannot grant you access to the content and services we offer.

g. Transfer to third countries

Processing does not take place outside the European Union (EU) or the European Economic Area (EEA).

h. Revocation of consent

You can revoke your consent to the storage of your personal data at any time with effect for the future. You can notify us of your revocation at any time using the contact details provided at the beginning of this privacy policy.

i. Automated decision-making and profiling

As a responsible company, we refrain from automated decision-making or profiling in this data processing.

X. Facebook data protection information

InTiCa Systems SE operates an online presence on Facebook, a so-called Facebook fan page. The following additional information on data processing applies to visits to our fan page. General information on data protection at Facebook can be found here
(https://www.facebook.com/about/privacy/).

1. Joint responsibility, contact details, company data protection officer:

We are jointly responsible with Facebook for the operation of our Facebook fan page in accordance with Art. 26 GDPR. To this end, we have entered into an agreement with Facebook specifying who fulfills which obligations with regard to data protection. This agreement can be accessed here (https://www.facebook.com/legal/terms/page_controller_addendum). According to this agreement, Facebook is primarily responsible for providing the data subject with information about the joint processing and enabling them to exercise their data protection rights. Regardless of this, we hereby inform you about your visit to our fan page.

Our contact details are:

InTiCa Systems SE
Spitalhofstraße 94 · 94032 Passau · Germany
info@intica-systems.com  

You can contact Facebook at:

Meta Platforms Ireland Ltd.

4 Grand Canal Square,

Grand Canal Harbour,

Dublin 2, Ireland

You can reach Facebook online here (https://www.facebook.com/help/contact/2061665240770586)

You can contact our company data protection officer at:

Bugl & Kollegen
Gesellschaft für Datenschutz und Informationssicherheit mbH

Alexander Bugl

Eifelstraße 55

93057 Regensburg
E-Mail: kontakt@buglundkollegen.de 

You can contact Facebook's data protection officer at
https://www.facebook.com/help/contact/540977946302970.

2.  Collection and storage of personal data, as well as the type, purpose, and use thereof:

a) Data collected by Facebook:

If you are a Facebook user, Facebook collects the data described in the Facebook Data Policy under "What types of information do we collect?". If you are not a Facebook user, cookies, small text files, may still be stored in your browser with identifiers that enable tracking of your user behavior.

As a rule, user data is also processed by Facebook for market research and advertising purposes when you visit Facebook. Based on user behavior (including when visiting our fan page), complex user profiles are created that Facebook can use to display personalized advertisements to visitors both within and outside of Facebook. You can find more information on this in the Facebook Data Policy.

If you do not agree to this, you can object here (opt-out).

b) Data used by us ("Page Insights") and legal basis:

Facebook provides us with statistics and usage data that we can use to analyze the use of our fan page (so-called "Page Insights"). This enables us to continuously improve our offering on Facebook. As the operator, we do not make any decisions regarding the processing of Insights data and all other information resulting from Art. 13 GDPR, such as the storage period of cookies on user devices. The primary responsibility for the processing of Insights data under the GDPR lies with Facebook, and Facebook fulfills all obligations under the GDPR with regard to the processing of Insights data.

As the page administrator, we have no other way of evaluating user behavior on our fan page, not even through user tracking. It is also fundamentally impossible for us to identify visitors to the fan page based on page insights. In particular, we have no right under the agreement to request Facebook to disclose individual visitor data. We can only identify visitors if we can assign individual profile pictures to "Likes" for the page; however, this is only possible if the visitor has marked our fan page with "Like" and the "Likes" are set to "public."

You can find out what information Facebook uses to create Page Insights here.

The operation of the Facebook fan page and the use of page insights serve our legitimate interest in effective external representation and efficient communication with our customers and interested parties. This interest justifies the operation of the page both in relation to the legitimate interests of Facebook users and in relation to visitors to our fan page who do not have a Facebook account. The legal basis is therefore Art. 6 (1) lit. f) GDPR.

3. Transfer of data to third parties:

Data collected by Facebook is exchanged and processed within the entire Facebook group. The Facebook group also includes Instagram, WhatsApp, and Oculus, for example. For example, information collected via Facebook is used to display personalized advertising to users on Instagram, or information from WhatsApp is used to take action against accounts that send spam via WhatsApp on Facebook. This information can be found in the Facebook Data Policy under "How do Facebook companies work together?".

When Facebook processes data, user data may be transferred outside the European Economic Area (EEA), in particular to the USA. 

4. Right to object:

If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) lit. f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right to object, which we will implement without you having to specify a particular situation. If you wish to exercise your right of revocation or objection, simply send an email to info@intica-systems.com.

5. Rights of data subjects:

You have the right to withdraw your consent to us at any time. As a result, we will no longer be allowed to continue processing data based on this consent in the future. In addition, you have the right to information under Art. 15 GDPR, the right to rectification under Art. 16 GDPR, the right to erasure under Art. 17 GDPR, the right to restriction of processing under Art. 18 GDPR, and the right to data portability under Art. 20 GDPR. You also have the right to lodge a complaint with a competent data protection supervisory authority (Article 77 GDPR).

In principle, you can assert your rights as a data subject both against Facebook and against us. Since only Facebook has direct access to your user data, you can most effectively assert your rights as a data subject against Facebook.