Data privacy at ikor.one
Visiting our Website
Applications via the applicant portal and by mail
We offer you the opportunity to send us an application via our applicant portal. If you use this option, we will store all the information you provide in a meaningful application, such as
- Cover letter
- Curriculum Vitae
- Job description / profile
- References, special further training, honorary commitment
§ Section 26 of the BSDG, as amended in 2017, allows us to collect and store your personal data if it is required for the application process. If you provide us with additional information, this will only be done with your prior consent. After an unsuccessful application, we will store your data for a further 6 months after completion of the application process and then delete it.
Your documents are uploaded via an SSL-encrypted connection so that your data is protected against unauthorized viewing or manipulation during transmission.
The applicant portal is operated by Persis GmbH (www.persis.de) on our behalf. With regard to the processing of your personal data, Persis GmbH is obligated by us with a contract on commissioned data processing (Art. 28 DSGVO) to comply with technical and organizational security standards, compliance with which we regularly monitor. With regard to your data, Persis GmbH, as our service provider, acts only on our instructions and does not make any independent decisions.
This information also applies to an application by e-mail.
The information according to Art. 13 DSGVO for the handling of applicant data can be found in the section "Information Art. 13 Applicants".
We manage our social media channels with Hootsuite, HootSuite Media Inc, 37 Dunlevy Ave, Vancouver, BC, Canada V6A 3A3. Hootsuite allows you to manage social media channels across platforms, schedule, publish and analyze posts. Hootsuite processes data uploaded by users on social media channels or shared and made public by sharing and liking posts. We use the portal for our appearances on LinkedIn, Facebook, YouTube and Twitter.
The processing of this data is based on sec. 6 para. 1 sentence 1 lit. f GDPR and pursues our legitimate interests in the most efficient and successful company presentation possible on various social media channels.
Hootsuite acts as our service provider, you can access the existing contract for order processing under the following link: https://hootsuite.na1.echosign.com/public/esignWidget?wid=CBFCIBAA3AAABLblqZhCcWXhG9yWHpBSdFzZysSOv0U0CrvGwQl1x9thTNA-EXjsaMpcDj99i9Psfq6EFaSs*.
On our pages, plug-ins of the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA are integrated. You can recognize the Facebook plug-ins by the Facebook logo or the “Like” button (“Like”) on our site.
If you do not want Facebook to associate your visit to our pages with your Facebook user account, please log out of your Facebook user account before visiting our pages.
We use the functions of the career network XING on our websites. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. Each time one of our pages containing XING functions is called up, a connection to XING servers is established. As far as we are aware, no personal data is stored in this process. In particular, XING does not store IP addresses or evaluate usage behavior.
We use the functions of the social network Kununu on our websites. Kununu is operated by Kununu GmbH, Fischhof 3 Top 7, A – 1010 Vienna, Austria. When you access a web page of our website that contains such a button (a “plugin”), your browser establishes a direct connection with the servers of Kununu. If you are logged into Kununu and visit our pages, Kununu will store and evaluate your visit to our pages. For the purpose and scope of data collection and the further processing and use of the data by Kununu, as well as your rights in this regard and setting options for protecting your privacy, please refer to the data protection information of Kununu: http://www.kununu.com/info/agb
If you do not want Kununu to be able to assign the visit to our pages to your user account, please log out of your Kununu user account beforehand.
Our newsletter dispatch is based on your registration for the newsletter subscription on our website. For this purpose, we work together with the German newsletter system promio.connect (service provider promio.net GmbH, Giergasse 2, 53113 Bonn, Germany), whose servers are located in Germany. We maintain a corresponding order data processing contract with promio.net GmbH to ensure the security of your data. When you register for the newsletter, your e-mail address is transmitted to us, which we use exclusively for sending the newsletter. All other information requested by us, such as your name, is optional and only serves to address you appropriately and to prevent misuse.
In addition, the following data is collected during registration:
- IP address of the calling computer
- Date and time of registration
The legal basis for the processing of data after registration for the newsletter is Art. 6 para. 1 lit. a DSGVO if the user has given his consent.
We store your email address as long as your subscription to the newsletter is active. If you unsubscribe, your data will be deleted. If a subscription is not confirmed by means of the double opt-in procedure, we delete your data after 30 days.
The other personal data collected during the registration process is usually deleted after a period of seven days.
You can cancel the subscription to the newsletter at any time. For this purpose, you will find a corresponding link in each newsletter. This also allows you to revoke your consent to the storage of personal data collected during the registration process.
You may cancel your subscription at any time. When you unsubscribe, your data will be moved to a blacklist in the promio.net database that cannot be viewed and will be archived there. Only the software can compare the e-mail addresses (of former subscribers) with the imported e-mails or the e-mails used in the registration in the event of a new import of subscribers or registration by an interested party.
This data processing is based on our legitimate interest according to Art. 6 I lit f DS-GVO.
In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your end device for a certain fixed period of time. If you visit our site again to use our services, it is automatically recognized that you have already been with us and what entries and settings you have made, so that you do not have to enter them again.
The data processed by cookies is necessary for the aforementioned purposes to protect our legitimate interests and those of third parties in accordance with Art. 6 (1) p. 1 lit. f DSGVO.
Most browsers accept cookies automatically.
However, you can configure your browser so that no cookies are stored on your computer or a message always appears before a new cookie is created. However, the complete deactivation of cookies may mean that you cannot use all the functions of our website.
Analytic Tools and plug-ins
The use of Google Analytics on our websites is based on Art. 6 para. 1 p. 1 lit. f DSGVO. With the use of Google Analytics, we want to ensure a needs-based design and continuous optimization of our website. On the other hand, we use it to statistically record the use of our website. These interests are considered legitimate in the sense of the aforementioned provision.
Google Analytics is provided by Google Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. In the event that IP anonymization is activated on this website, however, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. We use Google Analytics on our websites in a variant that works with anonymized IP addresses. The IP addresses are shortened before being transmitted to Google. (“gat._anonymizeIp();”).
You can prevent the collection by Google Analytics by clicking on the following link. An opt-out cookie will be set, which will prevent the future collection of your data when visiting this website:
We have integrated Ninja Firewall into this website. The provider is NinTechNet Limited, Unit 1603, 16th Floor, The L. Plaza 367 - 375 Queen's Road Central Sheung Wan, Hong Kong (hereinafter referred to as Ninja Firewall).
Ninja Firewall is used to protect our website from unwanted access or malicious cyber attacks. For this purpose, Ninja Firewall collects IP address, request, referrer and time of page access. Ninja Firewall is embedded in our own servers and does not transmit any personal information to the tool provider or any other third party.
We have enabled IP anonymization for Ninja Firewall so that the tool only records the IP address in a shortened form.
The use of Ninja Firewall is based on Art. 6 (1) lit. f DSGVO. The website operator has a legitimate interest in protecting his website as effectively as possible against cyber attacks.
Information on the handling of Hotjar
To better understand our users' needs and optimize our ikor.one website, we use Hotjar. This technology helps us track the behavior and experiences of our users, such as how much time they spend on which pages, which links they click, and what they like or dislike. This allows IKOR to tailor our offerings to our users' feedback.
If you do not want Hotjar to create a user profile and information about your visit to our website, you can object to this by clicking on the opt-out link: https://www.hotjar.com/legal/compliance/opt-out.
Microsoft Bing Ads
We use conversion tracking from Microsoft Bing Ads on our pages. When you arrive at our website through a Microsoft Bing ad, a cookie from Microsoft Bing Ads is stored on your computer. This allows Microsoft Bing and us to recognize that someone clicked on an ad, was redirected to our site, and reached a specific landing page (conversion page). We only receive the total number of users who clicked on a Bing ad and were redirected to the conversion page. No personal information about the user's identity is transmitted.
If you do not want information about your behavior to be used by Microsoft in accordance with the terms explained above, you can refuse to set the required cookie, for example, by disabling automatic cookie setting in your browser settings. You can also prevent the collection of data generated by the cookie about your use of the website and the processing of this data by Microsoft by stating your objection at the following link: https://account.microsoft.com/privacy/ad-settings/signedout?lang=de-DE.
For more information on data protection and cookies used by Microsoft and Bing Ads, please visit Microsoft's website at https://privacy.microsoft.com/de-de/privacystatement.
We use the LinkedIn Insight tag on our website from LinkedIn Corporation, 1000 W. Maude Ave, Sunnyvale, CA 94085, USA ("LinkedIn"). The LinkedIn Insight tag allows us to track and analyze campaigns and user activity on our site to optimize our marketing and provide relevant content and offers to our users.
When you visit our site and enable the LinkedIn Insight Tag, a connection is made to LinkedIn's servers. LinkedIn receives information about your visit to our site, including your IP address, browser, and the pages you visited.
You may opt out of using the LinkedIn Insight tag on our website at any time by changing your settings on LinkedIn at https://www.linkedin.com/psettings/enhanced-advertising.
The LinkedIn Insight tag's legal basis is Art. 6 (1) lit. f DSGVO. Our legitimate interest is to improve our website and optimize our marketing to provide relevant content and offers to our users.
Information regarding the Handling of Personal Data in line with Art. 13 EU General Data Protection / FIGMA
Responsible for Data Handling:
IKOR GmbH, Borselstraße 20, 22767 Hamburg, represented by Sebastian Herrgesell (Managing Director).
Data Protection Official:
Sebastian Raguse, X1F GmbH, Nymphenburger Str. 1, 80335 München
Purpose of Data Handling:
For easy exchange of design drafts between us and our clients while working on front-end projects we use the tool “Figma” in its web-based version.
Legal Basis of Data Handling:
Art. 6 para. 1 lit f) GDPR. Our legitimate interest, in line with the regulations, for using Figma is the easy and quick cooperative work with our clients which other tools do not offer. In order to avail of this service an online account needs to be setup by creating a username and password. An e-mail address and a username are all that is required to use this service. For both login details pseudonyms can be used, this way only a fraction of your personal data will be collected.
Recipient of the Data:
Provider Figma, of company Figma Inc., based in San Francisco, USA.
Conveyance of Data to Third Countries:
If you decide to use Figma in cooperation with us, your e-mail address will be forwarded to the provider’s servers which are located in the USA.
Duration of Data Retention:
Your user account along with any personal data connected to it will be stored until you delete it.
Your Rights in Relation to your Data:
The use of Figma is voluntary. If you do not want to use Figma we will find other options to work together. If you have created a user account for Figma you may delete it at any time. Deleting your account needs to be done through Figma’s platform.
Automated Decision Making:
An automated decision making (including profiling) as per Art. 22 EU-GDPR is not involved in the usage of Figma.
Competent Supervisory Authority:
Complaints in relation to the usage of your data through us can be directed to this supervisory authority:
Der Hamburgische Beauftragte für Datenschutz und Informationssicherheit
Ludwig-Erhard-Str 22, 7. OG, 20459 Hamburg
Telefon: 040 / 42854 – 4040 Fax: 040 / 428 54 - 4000
E-Mail: email@example.com / https://datenschutz-hamburg.de/beschwerde/
Your Rights in relation to your Data
According to Art. 15 DSGVO, you can request information about the data we process about you.
In addition, if we have inaccurate or incomplete data from you, you can request the correction of this data (Art. 16 GDPR). You can also request the deletion of your data (Art. 17 DSGVO). However, there may be cases where we are not allowed or required to delete your data despite your request. If you request us to delete this data, we will check whether such reasons exist. If not, we will delete your data. The alternative to deleting your data is in certain cases to restrict the processing of your personal data (Art. 18 DSGVO). Here, too, the following applies: let us know how you want to proceed, and we will check the legal requirements and find a way that balances our mutual interests.
If you believe that we are not complying with the data protection requirements for the processing of your data on these websites, you can complain to a data protection supervisory authority. You can find a list of European supervisory authorities here: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
Passing on Data
As a rule, we do not pass on your data, which we receive when you visit our pages, to third parties. An exception to this principle and a transfer of your data may occur if: You have given us your express consent to do so (Art. 6 para. 1 p. 1 lit. a DSGVO).
The disclosure is necessary for us because we wish to assert legal claims and we have no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data (Art. 6 para. 1 p. 1 lit. f DSGVO).
Right to Object
If you wish to exercise your right to object, simply send an e-mail to firstname.lastname@example.org. We will then review your request and get back to you with a result.
Data Protection Officer
We have appointed a company data protection officer to provide ongoing support and advice on compliance with data protection requirements: Sebastian Raguse, X1F GmbH, Nymphenburger Str. 1, 80335 München
Our web pages are SSL-encrypted, i.e. the transmission is secured and protected against external access. You can see whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser.
Information Art. 13 Applicants
- Section 26 of the German Federal Data Protection Act (BDSG) as amended on July 05, 2017 (application data)
- Art. 6 (1) f) DSGVO (information from online networks and transfer of your data within X1F Holding, to which IKOR belongs).
- Art. 6 (1) a) DSGVO (storage of data of rejected applicants for possible later consideration).
- Section 21 (5) of the General Equal Treatment Act in conjunction with procedural deadlines (storage of data for 6 months after sending a rejection).
- Our ability to obtain a comprehensive picture of our applicants through the use of professional social media profiles.
- Our ability to refer applicants to other X1F Holding companies if IKOR does not have any suitable offers.
IKOR always observes the requirements after implementation of the General Data Protection Regulation (GDPR) in its software products. The requirement for 'data protection by design' in accordance with Article 25, Data Protection by Design and by Data Protection Friendly Default Settings, becomes relevant. This means that data protection in processing activities is best observed if it is already technically implemented during the development of the processing activities.
For example, authorization management, a deletion concept for personal data, a logging concept, a cryptography concept or a pseudonymization or anonymization concept must already be taken into account during technical implementation.
The IKOR-Prozessleitstand (IPLS) is a framework that an IKOR customer can use to map its processes and processing activities in a SAP environment. The IPLS is deliberately kept as generic as possible in order to be able to implement (almost) any data and processing activities. The customer decides whether personal data or confidential data is to be processed in its processes, for which the customer must then implement the requirements of Article 25, Data Protection by Design and by Default Settings. The IPLS does not contain any generic modules with which the requirement to implement the GDPR can be met directly. Instead, the IPLS customer is required to use the functions and tools of the SAP environment for this purpose.
The reproduction of information or data, in particular the use of texts, parts of texts or images is not permitted or requires the prior consent of IKOR GmbH.
IKOR constantly checks and updates the information on its websites. Nevertheless, it cannot assume any liability or guarantee for the topicality, correctness and completeness of the information provided.
The same applies to all other websites to which reference is made by means of links. IKOR is not responsible for the content of the websites that are reached via such a link. Furthermore, IKOR reserves the right to make changes or additions to the information provided.
SAP, R/3, mySAP, SAP NetWeaver and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP SE in Germany and in several other countries all over the world. All names of products and services are trademarks of their respective companies.
Guidewire, Guidewire Software, Guidewire ClaimCenter, Guidewire PolicyCenter, and Guidewire BillingCenter are registered trademarks of Guidewire Software Inc. in the U.S. and/or other countries.