Dear users of the Omnicom Precision Marketing Germany (interone GmbH) internet portal, protecting your privacy is very important to us. The following information on data protection is intended to inform you about how we collect, store, and use personal data.
1. Privacy Statement
We are pleased about your visit to our websites. Below, we would like to inform you about how we handle your data in accordance with Art. 13 of the General Data Protection Regulation (GDPR).
Controller
The entity listed in the imprint is responsible for the collection and processing of data described below.
IP Address Storage
We store the IP address transmitted by your web browser strictly for the purpose of detecting, limiting, and eliminating attacks on our websites, for a period of seven days. After this period, the IP address is deleted. The legal basis for this is Art. 6(1)(f) GDPR.
Usage Data
When you visit our websites, temporary usage data is stored on our web server for statistical purposes to improve the quality of our websites. This data set includes:
- The page from which the file was requested,
- The name of the file,
- The date and time of the request,
- The amount of data transferred,
- The access status (file transferred, file not found),
- A description of the type of web browser used, and the IP address of the requesting computer, which is deleted after seven days so that no personal reference can be made.
The mentioned log data is stored only in anonymized form.
2. Data Transfer to Third Parties
We transfer your data within the framework of contract processing under Art. 28 GDPR to service providers who support us in operating our websites and associated processes. Our service providers are strictly bound by our instructions and contractually obligated. The following service provider is used: Equinix Hosting
Data Transfer to Third Countries
In some cases, personal data may be transferred to a third country outside the EU. We ensure that an adequate level of data protection is maintained.
The level of protection for data transfers to the USA is considered equivalent based on the EU adequacy decision (“EU-US DPF”) under Art. 45(3) GDPR. If service providers are not covered by the adequacy decision, data transfers to the USA are safeguarded through European Standard Contractual Clauses (SCCs) and other technical and organizational measures in accordance with Art. 46(2)(c) GDPR.
3. Explanation of Security Measures
Data Security
To protect your data from unauthorized access, we take technical and organizational measures. Our websites use an encryption method. Your information is transmitted from your computer to our server and vice versa over the Internet via TLS encryption. You can recognize this by the closed padlock symbol in your browser’s status bar and the “https://” at the beginning of the address line.
4. User Rights
Your Rights as a User
Under the GDPR, you have the following rights regarding the processing of your personal data:
a. Right of Access (Art. 15 GDPR):
You have the right to request confirmation of whether personal data concerning you is being processed. If so, you have the right to access this data and receive the information listed in Art. 15 GDPR.
b. Right to Rectification and Deletion (Art. 16 and 17 GDPR):
You have the right to request the immediate correction of incorrect personal data and, if applicable, the completion of incomplete personal data.
You also have the right to request deletion of your personal data if one of the grounds listed in Art. 17 GDPR applies, e.g., if the data is no longer needed for the purposes for which it was collected.
c. Right to Restriction of Processing (Art. 18 GDPR):
You have the right to request the restriction of processing if one of the conditions listed in Art. 18 GDPR is met, e.g., if you have lodged an objection to processing, for the duration of any review.
d. Right to Data Portability (Art. 20 GDPR):
In certain cases listed in Art. 20 GDPR, you have the right to receive personal data concerning you in a structured, commonly used, and machine-readable format or to request the transfer of these data to a third party.
e. Right to Object (Art. 21 GDPR):
If data is processed on the basis of Art. 6(1)(f) (processing to protect legitimate interests), you have the right to object at any time for reasons arising from your particular situation. We will then no longer process the personal data unless there are demonstrably compelling legitimate grounds, or the processing serves the assertion, exercise, or defense of legal claims.
f. Right to Complain to a Supervisory Authority
Under Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your data violates data protection laws. This can be done in the member state of your residence, workplace, or the location of the alleged violation.
5. Contact Details of the Data Protection Officer
Our data protection officer is available for information or suggestions regarding data protection:
datenschutz nord GmbH
Konsul-Smidt-Str. 88
28217 Bremen
Web: www.dsn-group.de
Contact form: Datenschutz Nord
Phone: +49 (0)421 69 66 32 0
6. Contact Form
You can contact us via a web form. To use our contact form, we require your name and email address. Additional information may be provided but is not required. By sending your message, you consent to the processing of your personal data to handle your request. Your request is sent encrypted via HTTPS to our server.
The legal basis for processing is Art. 6(1)(b) GDPR. Your data will only be used to respond to your inquiry and will be deleted afterward. No transfer to third parties occurs.
7. Whistleblower System
Our internal whistleblower system allows employees, suppliers, and business partners to report misconduct anonymously. This includes:
- Criminal offenses or misconduct
- Serious and obvious violations of applicable law and/or international agreements
- Serious threats or risks to public interest known personally to the whistleblower
- Violations of a company code of conduct or policies
- Threats to employee health
You do not need to provide personal data about yourself, though reports may include personal data of third parties. Irrelevant data is not processed. You may remain anonymous if you do not provide personal data.
Legal Basis for Processing
Data processing serves the fulfillment of a legal obligation (Art. 6(1)(c) GDPR) under the Whistleblower Directive (EU Directive 2019/1937) and relevant national laws, as well as the company’s legitimate interest (Art. 6(1)(f) GDPR) in being informed of unlawful activities. Reports are reviewed and responded to within legal deadlines. Data is deleted no later than three years after case closure unless legal retention obligations apply.
Recipients of Data
Collected data is forwarded to responsible personnel and, if necessary, third parties (lawyers, experts, auditors) for analysis and investigation. Authorities and courts may also be involved if necessary.
Transfer to Third Countries
Data may be made accessible outside the EU if necessary to process reports. Measures are taken to ensure GDPR protection levels are maintained.
8. Online Applications
We process personal data provided during online applications in accordance with §26 BDSG and Art. 6(1)(b) GDPR solely for recruitment purposes. You control the scope of data provided. Applications are transmitted encrypted and handled confidentially. Data is forwarded to department heads only and deleted after [6 months] if not hired. If you agree, your application may be considered for future positions under Art. 6(1)(a) GDPR.
Transfers to Third Countries
For recruitment purposes, data may be accessed by responsible managers in the UK and USA. Protection is ensured via the EU-US DPF or SCCs with additional measures.
9. Corporate Social Media Pages
We operate official pages on Facebook, Instagram, LinkedIn, and Xing. Data processing is based on Art. 6(1)(f) GDPR for public relations and communication purposes.
Data Processing by Us
Content you enter (comments, videos, images, likes, tweets) is only published by the social media platform and is not used by us for other purposes. We may delete or share content as allowed by the platform.
Data Processing by the Platform Operator
Platforms may use web tracking, even if you are not logged in. We have no influence on how platforms process your data.
Joint Responsibility
For some processing, we act as joint controllers with the social media operator (Art. 26 GDPR). Agreements are in place for:
- Facebook, Instagram, LinkedIn
Statistics (Insights)
Social media platforms generate statistics based on usage data. We process this data under Art. 6(1)(f) GDPR to improve content and user experience.