Privacy policy

Data Privacy Policy

How we respect and protect your personal data. Whether you are a visitor at our website, a customer or an applicant, we are invested in protecting your privacy.


interpersonal GmbH and its employees take the protection of your data very seriously! Please carefully read the following privacy policy, as it relates to your rights and responsibilities when using this website under European and German data protection law. Please note any possible changes. This data privacy policy explains the way, the scope and purpose of processing your personal data (subsequently referred to as 'data') within our online services, the connecting websites, functions and content as well as external online presence, for example our social media profile (subsequently referred to as 'online offer'. Concerning the terms used here, for example 'processing' or 'responsible person/entity', please refer to the definitions in article 4 of the European General Data Protection Regulation (DSGVO). This privacy policy was last updated on: 01-02-2022.

By using this website as well as by clicking the “I accept the privacy policy” checkbox during registration, or by sending an application for an employing company on whose behalf we are providing services, you explicitly consent without any limitation or qualification, to the collection, processing and transfer of the personal information and data provided by you, according to the manner described in this policy (see below 'data protection notice for applicants).

You may revoke this declaration of consent at any time with effect for the future. Where this is the case, please use the following e-mail address:



Responsible Entity

interpersonal GmbH
Geschwister-Beschütz-Bogen 4
D-22335 Hamburg, Germany


Data protection officer

RA Hendrik Sievers,
Beck Service GmbH
Ericusspitze 4,
D- 20457 Hamburg


If the user submits a specific application in response to a job advertisement of DC Aviation GmbH, the required data will be submitted to and processed by:


DC Aviation GmbH
Stuttgart Airport
D-70629 Stuttgart

The responsible party acc. Art. 4 DSGVO is DC Aviation GmbH, interpersonal GmbH processes the necessary data on behalf of DC Aviation GmbH.

Data Protection Officer:

Marc Weiß
Marc Weiß Verwaltungs-GmbH
Herrenkellergasse 6
D-89073 Ulm


Types of processed data

  • Inventory data (e.g. name, addresses)
  • Contact data (e.g. e-mail address, telephone numbers)
  • Biographical data (e.g. date of birth, nationality) as far as these data are relevant for processing applications
  • Qualification data (e.g. level of formal qualification, license data, language skills, test data) as far as these data are relevant for processing applications
  • psychometric data (e.g. test results) for selection services.
  • content data (e.g. text submissions, images, videos)
  • Usage data (e.g. visited websites, interest in content, time of access)
  • Meta- or communication data (e.g. device information, IP addresses)
  • Working hours, account and payment data, as far as this is required to process recruitment services.


Particular categories of data according to article 9 paragraph 1 DSGVO are generally not processed via our online portal Exempt are certain data concerning the health and/or conduct of users/applicants, as far as these data are either legally required or are necessary to exercise a particular career (e.g. Medical Certificate, Background Check/ZUP)

Categories of Data Subjects

  • Visitors and users of the online portal
  • Interested parties and applicants of our job ads and training offers
  • Providers of job ads and training offers
  • service providers
  • employees and independent appraisers


All data subjects will subsequently be referred to as "users".

Purpose of Processing

  • Making the online offer available with all its functions and content.
  • Responding to contact requests and communication with users.
  • Making available of staffing, recruitment and applicant management services.
  • Security measures
  • Measuring market range and marketing purposes


"Personal data" is all information relating to an identified or identifiable natural person (subsequently: data subject). An identifiable person is defined as a person who can directly or indirectly be identified, particularly by allocation to an ID like a name, an ID number, location data, to online data e.g. cookies, or to a particular trait which is an expression of psychological, psychic, physiological, genetic, economic, cultural or social identity of the natural person.

"Processing" is every procedure carried out with or without the help of automatized processes or every series of procedures within the context of personal data. The term is broadly defined and encompasses practically all data handling.

"Pseudonymisation" is the processing of personal data in a way whereby specific data subjects can no longer be allocated without the enlistment of additional information, so long as the additional information is maintained separately and is subject to technical and organisational measures which guarantee that the personal data cannot be allocated to an identified or identifiable natural person. 

"Profiling" is every kind of automatized processing of personal data which consists of being able to use certain of personal aspects relating to a natural person to be able to evaluate these aspects to analyse or predict in particular the work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location of the natural person. 

"Responsible entity" is defined as the natural or legal person, authority, agency or any other body which makes decisions about the means and purpose of processing personal data, whether alone or together with others.

"Processor" is a natural or legal person, authority, agency or other body which processes personal data on behalf of the responsible entity.

Relevant Legal Bases

Under stipulation of article 13 DSGVO we hereby inform you about the legal bases of our data processing. Insofar as the basis is not named in the data privacy policy, the following regulation applies: the legal basis for requesting consent is article 6 paragraph 1 lit. a and article 7 DSGVO. The legal basis for processing in order to fulfil our services and carry out contractual measures as well as responding to requests is article 6 paragraph 1 lit. b DSGVO. The legal basis for processing in order to fulfil our legal obligations is article 6 paragraph 1 lit. c DSGVO. The legal basis for processing and maintaining our legitimate interests is article 6 paragraph 1 lit. f DSGVO. In the case that the vital interests of data subjects or of other natural persons makes the processing of personal data necessary, then article 6 paragraph 1 lit. d DSGVO serves as the legal basis.

Security Measures

Under stipulation of article 32 DSGVO, taking into account technological progress, implementation costs and the kind, the scope the circumstances and the purpose of the processing, as well as the varying probability of occurrence and seriousness of the risk for the rights and liberties of natural persons, we take suitable technical and organisational measures in order to guarantee a level of protection appropriate for the risk at hand.

Included in these measures are in particular the securing of confidentiality, integrity and availability of data by controlling the physical access to the data as well as the respective access, entry, transmission, the securing of availability and its disconnection. Furthermore, we have established processes which guarantee the exercising of the data subjects and the deletion of data and reaction to endangerment of the data. In addition, we take into consideration the protection of personal data when developing or selecting hardware, software as well as processes according to the principle of data privacy by design and by data privacy-friendly settings (article 25 DSGVO). Among other things, our data are encrypted with the latest technology before transmission.  

Cooperation with Third Parties

Generally, all data are handled with extreme confidentiality and not passed on to third parties except in the following specific cases.

Provided that a user, during the process of a specific application for a job description at a company explicitly agrees to the disclosure of his personal registration and application data to particular employing companies in a separate data release declaration, then only the legitimate authorities of that company receive access to their data for a specific purpose.

Provided that the user, in the process of a job application or the creation of his profile, explicitly and separately agrees to the disclosure of his personal data to a particular employing company, then only the legitimate authorities of that company receive access to his data for a specific purpose.

We provide data processing-, technology- and related services for applicant management (also termed as "hosted career sites") to leading employing companies, so as to support the recruitment on the websites of these companies and to provide services in applicant management. The data and information provided by users on this site are processed by interpersonal GmbH under stipulation of this data privacy policy and are handled with extreme confidentiality. Only with the explicit consent of the user are they made accessible to the concerned companies.

Provided that within the framework of our data processing we disclose, transmit or otherwise grant other persons and companies (processors or third parties) access to the data, then this only takes place on the basis of a legal permission (e.g. when a transmission of data to third parties, such as a payment provider, is necessary for contractual obligations according to article 6 paragraph 1 lit. b DSGVO, when you as a user have agreed when a legal obligation requires this (e.g. in justified exceptions regarding the aviation or criminal punishment authorities for the safety in aviation) or on the basis of our legitimate interests (e.g. during deployment of agents, webhosts etc.). 

Provided that we contract third parties with the processing of data on the basis of a so-called "order management contract", this happens on the basis of article 28 DSGVO.

We and the employing companies selected in a separate declaration of consent by the user process the lifted data in aggregated and completely anonymised form for internal company purposes (e.g. needs analysis), quality assurance or scientific purposes.

Transmission in Third Countries

If we process data in a third country (i.e. outside of the European Union (EU) or of the European Economic Area (EEA)) or disclose these in the context of the use of services of third parties, or if any data is passed on to third parties, this takes place only if it fulfils our (pre)contractual obligations, on the basis of the user’s explicit consent, or on the basis of legal obligations or our legitimate interests. Subject to legal or contractual permissions we process the data or have it processed in a third country only when the special legal requirement is provided as stipulated in article 44 ff. DSGVO. That means the processing takes place on the basis of particular guarantees, like the officially recognised declaration of a corresponding data privacy policy (e.g. for the USA the "privacy shield"), or on the basis of the observation of officially recognised contractual obligations (so called "standard contractual clauses")

Your Rights as a Data Subject

You have the right to demand a confirmation whether the affected data is being processed and to receive details about this data as well as further details and a copy of the data in accordance with article 15 DSGVO. In accordance with article 16 DSGVO you have the right to demand the completion of data relating to you or the correction of incorrect data relating to you.

Under stipulation of article 17 DSGVO you have the right to demand that data concerning you be immediately deleted, or alternatively under stipulation of article 18 DSGVO to demand a restriction of the data processing.

You have the right to demand to receive the concerned data which you have provided us according to article 20 DSGVO and to demand their transmission to other responsible entities. In addition, you have the right, according to article 77 DSGVO to submit an official complaint to the corresponding supervisory authorities.

Right of cancellation

In accordance with article 7 paragraph 3 DSGVO, you have the right to revoke any given consent with effect for the future.

Right of Objection

In accordance with article 21 DSGVO, you can object to the future processing of the data concerning you at all times. The objection can be made in particular against the processing for purposes of direct advertising.

To exercise these rights please contact us directly using the e-mail address:

Cookies and Right of Objection to Direct Advertising

Cookies are defined as small files which are stored on the user's computer. Various information can be stored within the cookies. Primarily a cookie is designed to save information about a user, or about their device during their visit to an online offer. "Temporary cookies", "session cookies" or “transient cookies" are cookies which are deleted after the user leaves the online offer and closes the browser. In such a cookie, information such as the content of a shopping basket or a login status can be saved. "permanent" or "persistent cookies" are defined as cookies which remain stored after closing the browser. In this way the login status can be saved when the user reopens it days later. In the same way, the user's interests can be saved in such a cookie, which can be used for range measurement and marketing purposes. Third-Party cookies are defined as cookies which can be offered by other providers other than the responsible entity operating the online offer (otherwise if it is only the online offer’s cookies, one speaks of "first party cookies").

We can use temporary and permanent cookies and clarify this process in our data privacy policy.

If users do not want cookies to be stored on their computer, they are prompted to deactivate the corresponding option in their settings. Deactivating cookies can lead to restricted functionality and unavailability of some services.

A general rejection of the use of cookies for purposes of online marketing, especially in the case of tracking but also for many other services, is explained at the American site or the European Union site Furthermore you can manage to deactivate cookies being saved using your browser settings. Please note that this can lead to a limited or restricted functionality.

Your Obligations

If you provide us data with a personal point of reference, you are obliged to ensure that the affected person is notified and has agreed to the transmission of their personal data (e.g. e-mail address, telephone number). We cannot assume responsibility for compliance to these data protection regulations in this case. If you as a user transfer data via the online portal by starting a registration process, an application a job advert or any other creation, these data may not contain any details concerning racial or ethnic background, political opinions, philosophical or religious beliefs or sexual orientation. Details regarding committing of infringements, crimes, criminal trials or other relating penalties, fines, dependencies or physical and mental health are only permitted in a few select security-relevant professions (e.g. passenger airplane pilot).

In order to ensure a high level of data privacy, every user is obliged to keep their personal login credentials strictly confidential!

Alteration and Deletion of Data

The data we process are deleted or are subject to limited processing according to the stipulation in article 17 and 18 DSGVO. Unless otherwise specified in the following data privacy policy, the data we save will be deleted as soon as they are no longer required for their specific purpose and no legal retention requirements hinder this.

If you would like to change your profile data, you can also do so at any time by accessing your account and selecting the “Maintain applicant profile” option. Please note that doing so will not automatically change the data you possibly used to apply for a position with an employer at an earlier date.

In submitting your registration and/or submitting your application you explicitly consent to the policy that registration/application data will be kept for a period of 5 years in the application system to cover longer qualification and periods of creditable selections as well as possible periods of re-application.

If you would like to close your account (delete registration) and erase your data in the application system, please contact us at: We will delete your personal details and send you a confirmation e-mail. If your data is or was used for the purpose of a specific application to an employing company, or requested by an employing company to post a profile or job application, and the rights of these companies are affected, data might remain in the files of the employing company for a limited time under the full authority and responsibility of the employing company compliant with the data protection policies of this company. This can apply to data for which there is a legal burden of proof for the employing company, e.g. in order to fulfil the Equal Treatment Act (AAG) or to data which must be kept due to commercial or tax regulations, e.g. proof of travel reimbursements are archived according to the corresponding fiscal law.

In accordance with legal requirements in Germany, storage of books, records, reviews of operations, booking receipts, trading books or documents relevant for taxation takes place for 10 years according to §§ 147 paragraph. 1 AO, 257 Paragraph. 1 Nr. 1 and 4, paragraph. 4 of the German Commercial Code. Moreover, it can take place for 6 years for trading documents and letters in accordance with § 257 paragraph. 1 Nr. 2 and 3, paragraph. 4 of the German Commercial Code.

According to legal requirements in Austria § 132 paragraph. 1 BAO (Federal Fiscal Code) bookkeeping documents, receipts and invoices, accounts, business papers, statements of revenue and expenditure etc., can be kept for up to 7 years, for 22 years within the context of property lots, and for 10 years with documents regarding electronically rendered services, telecommunications, radio and television services for non-entrepreneurs in EU member states and for whom the Mini-One-Stop-Shop (MOSS) is used.

Business related processing

In addition, we process the:

  • Contract data (e.g. contract clauses, duration, customer category)
  • Payment data (e.g. Bank account number, payment history)


of our customers, interested parties, and business partners for the purposes of contractual services, service and customer care, marketing, advertising and market research.


Agency Services

We process the data of our customers within the frame of our contractual services which include staffing and recruiting services, advisory services, concept and strategic consulting, campaign planning, software and design development and maintenance, execution of campaign and processes/handling, server administration, data analysis/consultation services and training services.

In this case we process inventory data (e.g. customer master data like name and address), contact data (e.g. e-mail address, telephone numbers), content data (e.g. text entries, images, videos), contract data (e.g. contract objects, duration), payment data (e.g. bank account number, payment history), usage and metadata (e.g. in the context of evaluation and success measuring of marketing measures).

There are particular categories of personal data that we generally do not process in this context, except when these are content-related constituents of a contracted processing. Included in the data subjects are our customers, interested parties as well as their customers, users, website visitors, employees as well as third parties. The purpose of processing such data is for the fulfilment of a contracted service, invoicing and after sale services.

The legal basis for this processing is Article. 6 paragraph. 1 lit. b DSGVO (contractual services), Article. 6 paragraph. 1 lit. f DSGVO (analysis, statistics, optimisation, security measures). we process data which are required for justification and fulfilment of contractual services and draw your attention to the necessity of their disclosure. A disclosure to external parties will only happen if it is required within the framework of a contract. When processing the data within the framework of a contractual agreement, we only act according to the instructions of the contractor as well as the legal requirements for job processing in accordance with article 28 DSGVO. We process the data only for the contractual purpose and for no other purpose.

We delete these data upon expiry of legal warranty and comparable obligations. The necessity of keeping the data will be controlled every three years. In the case of a legal archiving obligation, the deletion will take place after its expiry (6 years, in accordance with. § 257 paragraph. 1 German Commercial Code, 10 years, in accordance with. § 147 paragraph. 1 Federal Code. In the case of data which have been disclosed to us within the framework of a contract given by a contractor, we delete the data according to the regulations stated in the contract, generally upon completion of the contract.

Consultency, Recruiting & Selection Services

We provide employing companies and training providers with consulting and recruiting services for the selection of appropriate applicants for their business. We process the data of these contractors or contracting parties as well as the applicant's data in accordance with article 6 paragraph 1 lit. b DSGVO, in order to fulfil our (pre) contractual services. The data we process in this case, the kind, scope and purpose of the processing are determined by the underlying contractual relationship as well as the legal regulations. The following data are included in the processing: customer master data, name and address, contact data and the contract data (e.g. e-mail address, telephone, the contracted services, remuneration, bank account number, payment history etc.). of the contracting companies and their legitimate parts (e.g. consultants and surveyors).

Provided it is legally required or to fulfil a contract, we disclose these data of the client companies within the contact of communication with other experts (e.g. consultants), third parties who are required to fulfil the contract or typically involved third parties (e.g. accounting offices or comparable service providers), provided this takes place in order to fulfil our contractual requirements in accordance with article 6 paragraph 1 lit. b DSGVO, is legally prescribed or happens within a prior agreement in accordance with article 6 paragraph 1 lit. a, article 7 DSGVO.

The deletion of these data takes places when the data is no longer necessary for the contractual or legal obligations as well as for the possible warrant of any other obligations. However, the necessity of keeping the data is checked every three years and otherwise the usual legal retention laws apply here.

Within the context of these services, relevant applicant data are also processed which applicants provide when applying or being consulted during the selection process. Insofar as this is required we can process psychometric data and particular data categories according to Article. 9 paragraph. 1 DSGVO, in particular data regarding health, personality and the committing of infringements, crimes or criminal cases, other connected criminal cases, penalties and fines, dependencies or psychological or mental health of applicants. This is only permitted in a few select security-relevant professions (e.g. passenger airplane pilot). In this case we will request the permission of the applicant if this should be necessary (according to Article 6 paragraph 1 lit. a, article 7, article 9 paragraph 2 lit. a DSGVO. In all other cases we process the data according to Article 9 paragraph 2 lit. h DSGVO, § 22 paragraph. 1 Nr. 1 b. Federal Data Privacy Act.

The deletion of these data takes place subject to any legally necessary burden of proof at the point in time agreed at the time of permission, (see above "Deletion of Data"



Contractual Services

We process the data of our client companies, interested parties, other contractors, customers, mandates, clients (subsequently referred to as "client companies", in accordance with article 6 paragraph 1 lit. b DSGVO to be able to fulfil our (pre) contractual services. The processed data, the type, scope, purpose and necessity is determined by the underlying contract. The following data are included in the processing: customer master data, name and address, contact data and the contract data (e.g. e-mail address, telephone, the contracted services, remuneration, bank account number, payment history etc.). of the contracting companies and their legitimate parts (e.g. consultants and surveyors).

There are particular categories of personal data that we generally do not process in this context, except when these are content-related constituents of a contracted processing. Included in the data subjects are our customers, interested parties as well as their customers, users, website visitors, employees as well as third parties. The purpose of processing such data is for the fulfilment of a contracted service, invoicing and after sale services.

The legal basis for this processing is Article. 6 paragraph. 1 lit. b DSGVO (contractual services), Article. 6 paragraph. 1 lit. f DSGVO (analysis, statistics, optimisation, security measures). we process data which are required for justification and fulfilment of contractual services and draw your attention to the necessity of their disclosure. A disclosure to external parties will only happen if it is required within the framework of a contract. When processing the data within the framework of a contractual agreement, we only act according to the instructions of the contractor as well as the legal requirements for job processing in accordance with article 28 DSGVO. We process the data only for the contractual purpose and for no other purpose.

Within the framework of our online services being contracted, we may store IP addresses and the point of time of the user action. The storage is based on our legitimate interests as well as the interests of our users to protect against misuse and other improper use. Transmission to third parties generally does not take place, unless it is necessary for the pursuit of our requirements in accordance with article 6 paragraph 1 lit. f. DSGVO or if any legal obligations are present according to article 6 paragraph 1 lit. c. DSGVO.

We delete these data upon expiry of legal warranty and comparable obligations. The necessity of keeping the data will be controlled every three years. In the case of a legal archiving obligation, the deletion will take place after its expiry (6 years, in accordance with. § 257 paragraph. 1 German Commercial Code)

Administration, Accounting, Office Organisation, Contact Administration

We process data as a part of our administrative tasks as well as the operation of our business, accounting and fulfilment of legal obligations, for example archiving. In this case we are processing the same data that we process in order to fulfil our contractual services. The legal basis for this is article 6 paragraph 1 lit. c. DSGVO, article 6 paragraph 1 lit. f. DSGVO. The data subjects in this case are customers, interested parties, business partners and the visitors to the website. Our interest in processing these data serves purposes in the administration, accounting, office organisation, archiving of data, etc., in other words, tasks which are necessary for the upkeep of our business operations, the fulfilment of our offered services. The deletion of the data regarding contractual services and contractual communication corresponds with the above named processing operations.

During this process we disclose or transmit your data to the financial authorities, consultants e.g. tax advisors or auditors, as well as other points of payment and payment providers.

Furthermore, based on our business interests we save data concerning service providers, event managers, and other business partners in order to relieve future contacting. In general, we save these data, the majority of which are business-related data, permanently.

Business Analysis and Market Research

In order to operate our business economically, to be able to recognise market trends and the preferences of our customers and users, we analyse the data provided to us from business procedures, contracts, requests etc. We analyse customer master data, communication data, contract data, payment data, user data, metadata in accordance with article 6 paragraph 1 lit. f. DSGVO. Included in the data subjects are contract partners, interested partners, customers, visitors and users of our site.

The analyses take place for reasons of economic evaluation, marketing and market research. For this we take into account the profiles of the registered users with data, e.g. the services they make use of. The analyses help us to improve our user experience, optimise our online offers and our economic efficiency. The analyses serve only our interests and are not disclosed to third parties, provided we are not dealing with anonymous analyses and summarised values.

Provided the analyses or profiles are personal, they will be deleted or made anonymous when users terminate their contracts, otherwise two years after conclusion of contract. In all other cases, business and economic analyses will be compiled anonymously. 

Data Privacy Notice for the Application Process

We process the applicant data exclusively within all legal boundaries and only for purposes and in the framework of the application process in order to initiate an employment relationship.

The processing of applicant data takes place in accordance with article 6 paragraph 1 lit.  b. DSGVO and article 6 paragraph 1 lit. f. DSGVO in order to fulfil our (pre) contractual obligations within the framework of the application process, provided that the data processing is legally necessary (In Germany § 26 BDSG Federal Data Protection Act applies additionally).

The application process requires applicants to provide applicant data. The necessary data are marked accordingly and result from the job specifications or the requirements of the employing company. In general, these data include details to the person, postal address and all documents and evidence required for the application e.g. letter of motivation, curriculum vitae, references, as well as proof of aviation experience, such as licence data, certificate of air worthiness, background checks. In addition, applicants may give other details.

By submitting an application the applicant consents to the processing of his/her data in the way and scope described in this data privacy policy for the purpose of the application process expressly agrees that the data of a specific application process for an employing company (application data) may be stored in the application system for a period of 5 years after the application has been completed or latest changed in order to facilitate longer-term qualification processes and, if necessary, to enable the recognition of selection levels and / or reapplications according to certain terms or periods set by the employer.


As far as any sensitive personal information is disclosed within the framework of the application process in terms of article 9 paragraph 1 DSGVO, the processing of these data happens in accordance with article 9 paragraph 2 lit. b. DSGVO (e.g. health records such as a severe disability). Provided any sensitive personal data are required within the framework of the application process, the processing takes place in accordance with article 9 paragraph 2 lit. a. DSGVO (e.g. biometric data, health records), if these data are required for aeronautical regulations. 

If an applicant requests the deletion of his application data in accordance with Art. 17 DSGVO, revokes his consent stipulating Art. 7 paragraph 3 DSGVO or objects to the future processing of his personal data stipulating Art. 21 DSGVO, then his data will be deleted or archived in accordance with the aforementioned regulation.
If a deletion of partial data is requested, e.g. an individual application, then generally all application data and registration data will be deleted, as complete deletion of all application and applicant data is required in accordance with Art. 17 and Art.18 and every application uses registration data (e.g. name, address etc.)

The processing of all data via the internet portal is all encrypted using the latest cutting-edge technology. If applicants transmit data to us it shall be noted that e-mails are generally not encrypted and applicants must take responsibility for encryption themselves. Therefore, we cannot take on any responsibility for the applicant's transmission route between sender and receiver on our server and recommend using the upload function on the online portal.

If an applicant makes use of the option of uploading an application photo or video to his/her application documents, he/she hereby consents agrees to the collection, storage and use of theses image data solely for the purpose of possible employment with the employer. Image and video data are only shared with the employer's authorized bodies. The upload of application photos and videos is completely voluntary.

Talent Pool

In the course of the application we offer applicants the option of being affiliated in our "talent pool" for a time period of five years based on consent in terms of article 6 paragraph 1 lit. b. and article 7 DSGVO. The application documents in the talent pool are processed only within the confines of future job advertisements and recruitment and will be deleted on conclusion of the deadline at the latest. Applicants are instructed that consent for being recorded in the talent pool is voluntary and can be revoked or objected to at all times with effect for the future in accordance with article 21 DSGVO. 

The disclosure of applicant data from the talent pool to interested parties, employing companies shall only take place with the previous expressed consent of the applicant.

Registration Function

Users can set up an account. The registration is free of charge. In the scope of the registration, the users are informed about mandatory data, and these data are processed in accordance with article 6 paragraph 1 lit. b. DSGVO for purposes of creating the user account. Included in the processed data in particular are the log-in data (name, address, password, e-mail address and basic profile data). The data which are processed in the course of registering are only used for purposes of the user account and its purposes and can be used by the applicant to easily and repeatedly create applications for numerous companies. 

The users can be informed about information relevant to their account via e-mail, for example technical data. Once users have terminated their account, the data in respect to their account will be deleted with the exception of any legally required data. We are entitled to reject registration data or delete it if it violates legal regulations, is being used inappropriately or because of other serious reasons.  

In the course of the use of our registration and sign-in functions and the user account, e store the IP address and the point of time of the user's action. This storage takes place bases on our legitimate interests and also the interests of the user to avoid improper use. These data are generally not transmitted to third parties, unless there is a legal obligation to do so as described in article 6 paragraph 1 lit. c DSGVO.

Making contact

When contact is established to us, (e.g. via e-mail, telephone or social media) the user's data are processed in order to handle and settle the communication in accordance with article 6 paragraph 1 lit. b. DSGVO. The user's data may be stored in a customer Relationship Management System or similar system. 

We delete requests insofar as these are no longer required. We check this necessity every two years, otherwise legal storing obligations apply.


In the following notes, we shall inform you about the content of our newsletter as well as the sign-in, sending and statistical evaluation procedure including your rights of objection. By subscribing to our newsletter you consent to receiving our mail and to the procedure described below. 

Content: we send newsletters, e-mails and further electronic notifications with employment and training offers and other advertising information (subsequently termed "newsletter") only with the consent of the receiver or a legal permission. 

Double opt-in and logging: signing up for our newsletter happens in a so-called double opt-in process. This means you receive an email after registering in which you are requested to confirm your sign-up. This confirmation is necessary so that no one can sign up using someone else's email address. The sign-up for the newsletter is logged to be able to prove this for legal demands. This includes the storing of sign-up, the point of time of the confirmation as well as the IP address. Additionally, we save any changes in data at the messaging provider. 

Login-data: in order to sign up for the newsletter it is sufficient to provide your email address. Optionally we may ask you for your name in order to enable direct communication.

The sending of the newsletter and the connected success measurement take place based on consent of the recipient in accordance with article 6 paragraph 1 lit. a. and article 7 DSGVO in connection with article 7 paragraph 2 nr. 3 UWG, or in the case that consent is not necessary, this is based on our legitimate interest in direct marketing in accordance with article 6 paragraph 1 lit. f. DSGVO in connection with article 7 paragraph 3 UWG.

The logging of the sign-up procedure takes place based on our legitimate interests in accordance with article 6 paragraph 1 lit. f. DSGVO. Our interest is directed at a user-friendly and secure newsletter system, which serves our business interests as well as the expectations of the user and further permits the proof of consents.

After consenting via the double opt-in method, our newsletter subscribers receive a newsletter that provides them information about current job offers available on You can unsubscribe from this newsletter at any time, your email may be stored for up to three years based on our legitimate interests before being deleted, in order to be able to prove previous consent. you can unsubscribe by a) clicking on the respective link at the bottom of the newsletter b) calling up the link below and completing the deregistration process: or c) sending an e-mail to
Our newsletter is sent via the Germany-based provider CleverReach (Cleverreach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany). To this end, your e-mail address and your stated interests are transferred to CleverReach and stored there in such a manner that third parties have no access to this data. You can find more information about this on the CleverReach website. CleverReach is a certified member of the Certified Senders Alliance. In our html newsletters, we measure clicks and openings. Learn more about this at CleverReach. This messaging service is used based on our legitimate interests and in accordance with article 6 paragraph 1 lit. f DSGVO. 

Newsletter - Success Evaluation

o this we and or our hosting providers process master customer data, content data, contract data, user data, meta and communication data of customers, interested parties, and visitors to our sites, based on our legitimate interest in an efficient and secure offer in accordance with article 6 paragraph lit. f. DSGVO in connection with article 28. DSGVO (contract for processing of data)

Hosting and Dispatch of E-mails

The hosting services we use serve purposes of making available the following services: infrastructure and platform services, computing performance, storage capacity and databank services, e-mail dispatching, security services as well as technical maintenance which we use to operate our online services.

In doing this we and or our hosting providers process customer master data, contact data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to our sites. This is bases on our legitimate interest in an efficient and secure providing of our online services in accordance with article 6 paragraph 1 lit. f. DSGVO in connection with article 28 DSGVO (agreement contract for processing of data).

Lifting of Login Data and Log Files

On the basis of our legitimate interests in terms of article 6 paragraph 1 lit. f. DSGVO, we and or our hosting providers lift data about every access to the server, on which our services take place (so called server log files). Included in the access data are the name of the fetched website, file, time and date of retrieval, transferred data volume, confirmation of successful retrieval of data, browser type and version, operating system of the user, referrer URL (last visited site), IP address and the requesting provider.

Log file information are saved for a maximum of seven days and thereafter deleted due to security reasons, e.g. clarification of improper use or fraud. Further storage may happen in the exceptions where proof is necessary in case of such as incident.


MS Teams

Data protection information in accordance with Art. 13, 14 GDPR for employees, business partners and applicants

We use Microsoft Teams to conduct conference calls, online meetings and / or video conferences and video interviews. Microsoft Teams is a service from Microsoft Ireland Operations, Ltd. For this we have concluded a contractual agreement with the provider. Various types of data are processed when using Microsoft Teams. The scope of the data also depends on the information you provide before or when participating in an online meeting.

The following personal data are processed:
• User information: display name, email address, profile picture (optional)
• Meeting metadata: e.g. B. Date, time, meeting ID, possibly telephone number, possibly location
• Text, audio and video data: You may have the option of using the chat function in an online meeting. In this case, the text entries you have made are processed in order to display them in the online meeting.

In order to enable the display of video and the playback of audio, the data from the microphone of your end device and a video camera of the end device are processed for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time using the "Microsoft Teams" applications.

The online meetings are not recorded. If a recording is made in special cases, the consent of the interlocutor will be obtained in advance.

If video interviews are used in the course of selection services, these will only be carried out after prior agreement with the interlocutors. Such consent is only given voluntarily. Refusing to consent to the video interview has no effect on the outcome of the application process.

If there is no contractual relationship with you, the legal basis for the processing of your personal data is Article 6 (1) (f) GDPR, our legitimate interest in the effective implementation of online meetings.

Further information on how Microsoft processes data can be found here:


Google Analytics

On the basis of our legitimate interests, for optimisation and economic running of our website, this website uses Google Analytics, a web analytics service provided by Google, Inc. ("Google"). Google Analytics uses "cookies", which are text files saved on your computer, to help the website analyze how you use the site. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States. If this website anonymizes IP addresses, your IP address will be truncated by Google within a EU member state or other EEA state before being transmitted to the US. Only in exceptional situations will your full IP address be transmitted to Google servers in the United States and truncated there. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above. You can also prevent Google from collecting information (including your IP address) via cookies and processing this information by downloading this browser plugin and installing it:

You can prevent data collection via Google Analytics by clicking here. An "Opt-out Cookie" shall then be applied to your website which shall prevent any future collection of your data when visiting this website.

Further information concerning the terms and conditions of use and data privacy can be found at the Google Analytics Terms of Service or at the Google Analytics Privacy Overview. Please note that on this website, Google Analytics is supplemented by "gat._anonymizeIp();" to ensure anonymized collection of IP addresses (IP masking).

The personal user data will be deleted or anonymised after 14 months.

Google AdWords and Conversion Measurement

On the basis of our legitimate interest in the analysis, optimisation, and economic running of our web services in terms of article 6 paragraph 1 lit. f. DSGVO, we use the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, („Google“). We use Google AdWords to advertise our website in Google search results and on third-party websites. For this purpose, when you visit our website, the so-called remarketing cookie of Google is set on your browser, which allows the automatic displaying of interest-based advertising using a pseudonymous cookie ID and information about your website visits. This serves the protection of our legitimate interests in the optimal marketing of our website according to art. 6 (1) 1 lit f GDPR that are overriding in the process of balancing of interests.

Any data processing that goes beyond that scope takes place only if you have allowed Google to associate your web and app browsing history with your Google account and to use information from your Google account to personalise ads that you see across the web. If, in such a case, you visit our website while being signed in to Google, Google will use your data together with Google Analytics data to build and define audience lists for cross-device remarketing. For this purpose, Google will temporarily join your data with Google Analytics data to build audiences.

Google AdWords remarketing is offered by Google LLC ( Google LLC is headquartered in the USA und and is certified to the EU-US-Privacy Shield. You will see the up-to-date certificate here. Based on this agreement between the USA and the European Commission, the latter has recognised entities certified to the Privacy Shield as those ensuring an adequate level of data protection.

You can disable the remarketing cookie via this link. In addition, you can obtain information about the setting of cookies from the Digital Advertising Alliance and accordingly adapt the settings of your browser.

Online Presence in Social Media

We maintain online presence on various social media networks and platforms so as to communicate with customers interested parties and users and inform them about our services. When retrieving the sites of these networks and platforms, the terms and conditions of the respective operators apply.

Provided it is not stated elsewhere in our privacy policy, we process the user data insofar as the users communicate with us on the social media and platforms, for example written contributions on our posts or messages sent to us.

Integration of Services and Content provided by Third Parties

In our online services we use content or service offers of third-party providers. This happens bases on our legitimate interests (this means interest in the analysis, optimisation and economic running of our online services in terms of article 6 paragraph 1 lit. f. DSGVO. We use these services and content in order to integrate them into our site e.g. videos or fonts (subsequently termed "content")

This requires that third party providers of this content recognise the IP address of the user as they can otherwise not send the content to the user’s browser. The IP address is therefore necessary in order to display the content. We go to efforts to only use content of which the respective providers only use your IP address for displaying the content. Third party providers may use so called pixel-tags (invisible graphics, also referred to as "web beacons") for statistical or marketing purposes. Using the pixel tags, data such as user traffic on the pages of the website can be analysed. Furthermore, the pseudonym data can be stored in cookies and contain other technical details such as browser and operating system, linking websites, duration on the site, as well as other usage data and information connected with other sources.


We incorporate videos of the "YouTube" platform of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy:, Opt-Out:


Google Fonts

We incorporate ("Google Fonts") from the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy:, Opt-Out:


Google Maps

We incorporate Maps services by “Google Maps” of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Included in the processed data are in particular IP addresses and location data of the user, which are however not lifted without the consent of the user (usually done in the context of the device settings). The data may be processed in the USA. Privacy Policy:, Opt-Out:


Google Tag Manager

Google Tag Manager is a solution with which we can administrate so-called website-tags via a user interface (and therefore integrate Google Analytics as well as other Google marketing services in our web services). The tag manager itself (which implements the tags) does not process any user data. Concerning the processing of personal user data, we refer you to the Google Services Usage Guidelines

For all further questions about our Privacy Policy, please feel free to contact us at the e-mail address:

Datenschutzerklärung der interpersonal GmbH  
Wie wir Ihre persönlichen Daten respektieren und schützen

A) Unsere Datenschutzerklärung

Ob Sie nur Besucher unserer Website, Kunde oder Bewerber sind: Wir nehmen den Schutz ihrer Daten sehr ernst und
3 Welche personenbezogenen Daten  erheben wir von  Ihnen? Wir erheben Ihre personenbezogenen Daten, wenn Sie mit uns in Kontakt treten, z. B. als Interessent, Antragsteller oder Kunde. Das heißt: Insbesondere, wenn Sie sich für unsere Produkte interessieren, Anträge einreichen, Online­Eröffnungsstrecken ausfüllen, sich für unsere Online­Dienste registrieren oder sich per E­Mail oder Telefon an uns wenden oder wenn Sie im Rahmen bestehender Geschäftsbeziehungen unsere Produkte und Dienstleistungen nutzen.

3.1 Sensible Daten Besondere Kategorien personenbezogener Daten, bekannt als „Sensible Daten“, z. B. Informationen zu Ihrer religiösen Zugehörigkeit, erheben wir ausschließlich, wenn dies unbedingt notwendig ist. Also beispielsweise zur Abführung der Kirchensteuer.
3.2 Daten von Kindern Angaben zu Kindern erheben wir nur dann, wenn Sie ein Konto für Minderjährige eröffnen.
4 Wofür nutzen wir Ihre Daten – und auf  welcher  Rechtsgrundlage? 4.1 Wir nutzen Ihre Daten, damit Sie unsere Produkte und Dienstleistungen nutzen können (Erfüllung vertraglicher Pflichten) Um unsere Verträge zu erfüllen, müssen wir Ihre Daten verarbeiten. Das gilt auch für vorvertragliche Angaben, die Sie uns im Rahmen einer Antragstellung machen. Die Zwecke der Datenverarbeitung richten sich in erster Linie nach dem jeweiligen Produkt (z. B. Girokonto, Extrakonto, Konsumentenkredit, Wertpapierdepot) und können unter anderem auch dazu dienen, Ihren Bedarf zu analysieren und zu prüfen, ob ein Produkt für Sie geeignet ist.
Durchführung des Vertragsverhältnisses Zur Durchführung des Vertragsverhältnisses benötigen wir Ihre Anschrift, Ihre Telefonnummer bzw. Ihre E­Mail­Adresse, um mit Ihnen in Kontakt treten zu können.
Wir nehmen beispielsweise zur Abwicklung von Zahlungsdiensten Auftragsdaten entgegen und übermitteln auftragsgemäß Zahlungsdaten an Zahler, Zahlungsempfänger und deren Banken.
Anbieten von Produkten und Dienstleistungen Wir benötigen Ihre persönlichen Daten auch, um prüfen zu können, ob wir Ihnen ein Produkt oder eine Dienstleistung anbieten können und dürfen (z. B. einen Konsumentenkredit oder ein Wertpapierdepot).
Analyse des Kreditrisikos und -verhaltens (Scoring) Bei der Vergabe von Krediten/Dispositionskrediten sind wir verpflichtet, Ihre Kreditwürdigkeit zu überprüfen. Dabei
 wenden wir bestimmte statistische Risikomodelle auf Ihre persönlichen Daten an. So können wir einschätzen, ob Sie in der Lage sind, den Kredit zurückzuzahlen. Wenn Sie zu den Zielen der Datenverarbeitung noch mehr wissen wollen,
 finden Sie diese Informationen in den Allgemeinen Vertragsbedingungen der jeweiligen Produkte oder Dienstleistungen und in Ihrer Vertragsdokumentation.
Einzelheiten zu den jeweiligen Zwecken der Datenverar beitung können Sie den Vertragsunterlagen und unseren
 Geschäfts­ und Produktbedingungen entnehmen.
4.2 Wir erfüllen Ihre Wünsche, verbessern unsere
 Dienstleistungen und bieten Ihnen passende Produkte an (nach Interessenabwägung) Stärkung der Kundenbeziehung Wir freuen uns, wenn Sie Einladungen zu Kundenumfragen (z. B. zur Messung Ihrer Zufriedenheit) folgen. Die Ergebnisse solcher Umfragen helfen uns dabei, die Produkte, Angebote und Dienstleistungen der ING­DiBa zu verbessern.
Datenverarbeitung und -analyse zu Marketingzwecken Ihre individuellen Bedürfnisse sind uns wichtig und wir versuchen, Ihnen Informationen zu Produkten und Dienstleistungen zu geben, die genau zu Ihnen passen. Dafür nutzen wir Erkennt nisse aus unserer Geschäftsbeziehung mit Ihnen oder auch aus der Marktforschung und Meinungsumfragen.
 Wesentliches Ziel der Verarbeitung Ihrer Daten ist, die Persona lisierung von Produktvorschlägen. Berechnete Kaufwahrschein lichkeiten helfen uns dabei, Ihre Bedarfe besser zu
 erkennen. Wir gewährleisten, dass wir Ihre personenbezogenen Daten immer in Übereinstimmung mit den Bestim mungen des  geltenden Datenschutzrechts verarbeiten. Wichtig zu wissen: Sie können der Analyse oder der Nutzung Ihrer personenbe zogenen Daten zu diesen Zwecken jederzeit wider sprechen.
Seite 3/6
Was wird von der ING­DiBa konkret analysiert und verarbeitet? •  Wir analysieren die Ergebnisse von Marketingaktivitäten, um die Effizienz und Relevanz unserer Kampagnen zu  messen •  Wir analysieren Informationen, die wir beim Websitebesuch erheben •  Wir analysieren möglichen Bedarf sowie die Eignung
 unserer Produkte und Dienstleistungen. •  Wir analysieren Daten aus der Geschäftsbeziehung mit Kunden zur Selektion von Zielgruppen für Marketingaktivitäten •  Wir analysieren das Zahlungsverhalten (z. B. große Zu­/ Abflüsse auf Ihrem Konto) •  Wir bewerten Ihren Bedarf in besonderen Situa tionen und prüfen, ob bestimmte Finanzprodukte oder ­dienstleistungen für Sie relevant werden (z. B. bei der  Geburt eines
 Kindes, Ihrem ersten Job oder dem Kauf eines  Eigenheims) •  Wir ermitteln Ihre Interessen auf der Grundlage von
 Simulationen, die Sie beim Besuch unserer Website vorgenommen haben •  Wenn wir Scores nutzen, basieren die Modelle auf mathematisch­statistisch anerkannten und bewährten Verfahren
Direktwerbung Wir schreiben Ihnen Briefe oder E­Mails mit persönlicher Note. Oder machen Ihnen ganz persönliche Angebote auf unserer Website oder unseren Mobilanwendungen. Sie haben jederzeit das Recht, dieser personalisierten Werbung zu widersprechen.
Maßnahmen zu Ihrer Sicherheit Wir nutzen u. a. Ihre personenbezogenen Daten in folgenden Fällen: •  Um Sie und Ihr Vermögen vor betrügerischen Aktivitäten zu schützen, analysieren wir Ihre personenbezogenen Daten. Das kann vorkommen, wenn Sie Opfer eines Identitätsdiebstahls (z. B. Phishing) geworden sind, Ihre persönlichen Daten offengelegt wurden oder Ihr Computer gehackt  wurde •  Um mögliche Straftaten zu verhindern sowie schnell und
 effizient zu erkennen, nutzen wir z. B. Name, IBAN, Depotnummer, Alter, Staatsangehörigkeit, IP­Adresse, etc. •  Um die IT-Sicherheit gewährleisten zu können •  Um Bonitäts- und Ausfallrisiken im Kreditgeschäft zu  ermitteln, tauschen wir Daten mit Auskunfteien aus  (z. B. SCHUFA) •  Um im Falle rechtlicher Auseinandersetzungen Sachverhalte nachvollziehen und belegen zu können
4.3 Wir nutzen Ihre Daten mit Ihrer Einwilligung Wenn Sie uns eine Einwilligung zur Verarbeitung personenbezogener Daten für bestimmte Zwecke erteilt haben, ist die Verarbeitung dieser Daten rechtmäßig. Sie können Ihre
 Einwilligung jederzeit widerrufen. Dies gilt auch für den
 Widerruf von Einwilligungserklärungen, die Sie uns gegenüber vor Geltung der DSGVO (Datenschutz­Grundverordnung),
 also vor dem 25. Mai 2018, abgegeben haben. Der Widerruf der Einwilligung berührt nicht die Rechtmäßigkeit der bis zum Widerruf verarbeiteten Daten.
4.4 Wir verarbeiten Ihre Daten aufgrund gesetzlicher
 Vorgaben oder im öffentlichen Interesse Wir unterliegen als Bank zahlreichen gesetzlichen Anforderungen (z. B. aus dem Geldwäschegesetz, dem Kreditwesengesetz, dem Wertpapierhandelsgesetz oder den Steuergesetzen). Auch bankaufsichtsrechtliche Anforderungen müssen wir erfüllen (z. B. von Institutionen, wie der Bundesanstalt für Finanzdienstleistungsaufsicht (BaFin), der Deutschen Bundesbank, der Europäischen Zentralbank oder der Europäischen Bankenaufsicht).
Die Verarbeitung von Daten erfüllt unter anderem folgenden Sinn und Zweck: Die Kreditwürdigkeitsprüfung, die Identitäts­ und Altersprüfung, die Erfüllung steuerrechtlicher Kontroll­ und Meldepflichten, die Betrugs­ und Geldwäscheprävention sowie die Bewertung und Steuerung von Risiken, auch innerhalb der ING Group.
5 Wer bekommt Ihre Daten (und warum)? 5.1 Ihre personenbezogenen Daten innerhalb der ING-DiBa Innerhalb der Bank erhalten nur diejenigen Stellen Zugriff auf Ihre Daten, die diese zur Wahrung unserer berechtigten Interessen oder zur Erfüllung unserer vertraglichen und
 gesetzlichen Pflichten benötigen.
5.2 Ihre personenbezogenen Daten außerhalb der ING-DiBa Wir haben uns in unseren allgemeinen Geschäftsbedingungen zur Wahrung des Bankgeheimnisses über alle kundenbezogenen Tatsachen und Wertungen verpflichtet. Informationen über Sie dürfen wir nur weitergeben, wenn gesetzliche Bestim mungen dies gebieten, Sie eingewilligt haben oder wir zur Erteilung einer Bankauskunft befugt sind.
Eine gesetzliche Verpflichtung, Ihre personenbezogenen Daten an externe Stellen weiterzuleiten, kommt insbesondere bei folgenden Empfängern in Betracht: •  Öffentliche Stellen, Aufsichtsbehörden und -organe, wie z. B. Steuerbehörden, Bankenaufsicht (BaFin, EZB oder  Bundesbank) •  Rechtsprechungs-/Strafverfolgungsbehörden, wie z. B.
 Polizei, Staatsanwaltschaften, Gerichte •  Anwälte und Notare, wie z. B. in Insolvenzverfahren •  Wirtschaftsprüfer
Seite 4/6
Um unsere vertraglichen Verpflichtungen zu erfüllen,
 arbeiten wir mit anderen Unternehmen zusammen. Dazu zählen: Spezialisten aus der Finanzdienstleistungsbranche Diese sind ebenfalls gesetzlich verpflichtet, persönliche
 Daten mit der erforderlichen Sorgfalt zu behandeln. Einige Beispiele: •  SWIFT zum sicheren Austausch von finanziellen Transaktionen •  VISA bei Zahlungen und Kreditkartentransaktionen weltweit •  Bankverlag bei weltweiten Girocard­Transaktionen •  equensWorldline bei weltweiten Kreditkartentransaktionen •  Clearingstellen wie Clearstream zur Abwicklung von in­ und ausländischen Wertpapiertransaktionen oder EBA
 (Europäische Bankenaufsichtsbehörde) und Clearingstellen vor Ort zur Abwicklung von Zahlungen
Korrespondierende Banken/Finanzdienstleister im Ausland sowie andere Banken Wenn Sie beispielsweise eine Zahlung an einen Empfänger in den USA in Auftrag geben oder von jemandem dort eine Zahlung erwarten, benötigen wir z. B. die Dienste einer Korres pondenzbank in den USA. Nur dann können wir diese Zahlung anweisen oder empfangen.
Wenn Sie Zahlungen auf Konten bei anderen Banken anweisen, sind wir verpflichtet, persönliche Angaben über Sie an diese anderen Banken weiterzugeben (z. B. Ihren Namen oder Ihre IBAN).
Dienstleister, die uns unterstützen Auch von uns eingesetzte Dienstleister können, zur Erfüllung der beschriebenen Zwecke Daten erhalten, wenn diese das Bankgeheimnis wahren und besondere Vertraulichkeitsanforderungen erfüllen. Dies können beispielsweise Unternehmen in den Kategorien IT­Dienstleistungen, Kartendienstleister, Logistik, Druckdienstleistungen, Telekommu nikation, Inkasso, Beratung oder Vertrieb und Marketing sein.
Wir schauen genau hin, wenn es um Ihre personenbezogenen Daten außerhalb der ING-DiBa geht
In allen oben genannten Fällen stellen wir sicher, dass Dritte nur Zugriff auf personenbezogene Daten erhalten, die für das Erbringen einzelner Aufgaben notwendig sind. Sie können sicher sein, dass wir z. B. bei Clearingstellen, SWIFT oder VISA nur Daten weitergeben, die Ihre Zahlungsanweisung oder Anlageorder enthält. Außerdem arbeiten wir auf der Grundlage von branchenspezifischen Best Practices, um zu gewährleisten, dass die Daten von diesen Dritten sicher und vertraulich behandelt und nur zu den von uns genannten Zwecken genutzt werden.
Bei Dritten außerhalb des Europäischen Wirtschaftsraums (EWR) wird der Schutz persönlicher Daten anders gehandhabt als im EWR. In diesen Fällen nehmen wir Sicherheitsmaßnahmen vor (z. B. besondere Vertragsklauseln), damit I hre personenbezogene Daten mit der gleichen Sorgfalt
 behandelt werden wie im Europäischen Wirtschaftsraum (EWR).
Ganz wichtig: Unter keinen Umständen verkaufen wir
 persönliche Daten an Dritte
5.3 Ihre personenbezogenen Daten innerhalb der ING Group Damit wir Ihnen den bestmöglichen Service anbieten und wettbewerbsfähig bleiben können, tauschen wir gelegentlich Daten innerhalb der ING Group aus. Wann immer dies der Fall ist, gewährleisten wir, dass die Übermittlung der Daten nach Maßgabe der datenschutzrechtlichen Anforderungen geschieht und Ihre personenbezogenen Daten geschützt sind.
Wir haben weitreichende Maßnahmen ergriffen, um die Einhaltung des Datenschutzes konzernweit zu gewährleisten: Um ein angemessenes Sicherheitsniveau zu gewährleisten, haben ING­DiBa und die ING Group verbindliche interne
 Datenschutzvorschriften (Binding Corporate Rules – BCR) im Sinne der EU­Datenschutz­Grundverordnung beschlossen. Diese BCR haben die Datenschutzbehörden in allen EU­Mitgliedsländern genehmigt. Mithilfe der BCR können die Unternehmen der ING Group gewährleisten, dass persönliche Daten, die innerhalb des Konzerns ausgetauscht oder mitgeteilt werden, geschützt bleiben.
In Übereinstimmung mit den BCR und den gesetzlichen
 Anforderungen übertragen wir personenbezogene Daten für die in dieser Datenschutzerklärung genannten Zwecke an andere Unternehmen und Niederlassungen der ING Group. Die ING unterstützt uns insbesondere operativ (z. B. im Rahmen des gesetzlich geforderten Zahlungsscreenings) bei der IT­ Sicherheit oder bei bestimmten Aspekten zur Bereitstellung von Dienstleistungen oder Produkten sowie bei Analysen zu Marketingzwecken. Wann immer es der Verarbeitungszweck zulässt, schützen wir die Daten durch Anonymisierung oder Pseudonymisierung. Befindet sich ein Unternehmen der ING Group außerhalb des Europäischen Wirtschaftsraums (EWR) gewährleisten wir, durch die konzernweite Anwendung unserer BCR, denselben Schutz Ihrer persönlichen Daten wie innerhalb des EWR (dies kann beispielsweise relevant
 werden, wenn Tätigkeiten an ING Business Shared Services B. V., Nieder lassung Manila, Philippinen, ausgelagert werden).
Seite 5/6
6 Warum sind uns Ihre Rechte wichtig? Wir wollen so schnell wie möglich auf alle Ihre Fragen
 antworten. Manchmal kann es aber trotzdem bis zu einem Monat dauern, ehe Sie eine Antwort von uns bekommen – sofern dies gesetzlich zulässig ist. Sollten wir länger als einen Monat für eine abschließende Klärung brauchen, sagen wir Ihnen selbstverständlich vorher Bescheid, wie lange es  dauern wird.
In einigen Fällen können oder dürfen wir keine Auskunft
 geben. Sofern dies gesetzlich zulässig ist, teilen wir Ihnen in diesem Fall immer zeitnah den Grund für die Verweigerung mit. Sie haben das Recht, Beschwerde einzureichen.
Welche Rechte haben Sie als Interessent oder Kunde der
 ING-DiBa, wenn es um die Verarbeitung Ihrer Daten geht?
Einzelheiten ergeben sich aus den jeweiligen Regelungen der Datenschutz-Grundverordnung (Artikel 15 bis 21):
6.1 Ihr Recht auf Auskunft, Information und Berichtigung Sie können Auskunft über Ihre von uns verarbeiteten
 per sonenbezogenen Daten verlangen. Sollten Ihre Angaben nicht (mehr) zutreffend sein, können Sie eine Berichtigung ver langen. Sollten Ihre Daten unvollständig sein, können Sie eine Vervollständigung verlangen. Wenn wir Ihre Angaben an Dritte weitergegeben haben, informieren wir diese Dritten über Ihre Berichtigung – sofern dies gesetzlich vorgeschrieben ist.
6.2 Ihr Recht auf Löschung Ihrer personenbezogenen  Daten Aus folgenden Gründen können Sie die unverzügliche
 Löschung Ihrer personenbezogenen Daten verlangen: •  Wenn Ihre personenbezogenen Daten für die Zwecke, für die sie erhoben wurden, nicht länger benötigt werden •  Wenn Sie Ihre Einwilligung widerrufen und es an einer
 anderweitigen Rechtsgrundlage fehlt •  Wenn Sie der Verarbeitung widersprechen und es keine überwiegenden, schutzwürdigen Gründe für eine Verarbeitung gibt •  Wenn Ihre personenbezogenen Daten unrechtmäßig  verarbeitet wurden •  Wenn Ihre personenbezogenen Daten gelöscht werden müssen, um gesetzlichen Anforderungen zu entsprechen
Bitte beachten Sie, dass ein Anspruch auf Löschung davon abhängt, ob ein legitimer Grund vorliegt, der die Verarbeitung der Daten erforderlich macht.
6.3 Ihr Recht auf Einschränkung der Verarbeitung Ihrer  personenbezogenen Daten Sie haben das Recht, aus einem der folgenden Gründe, eine Einschränkung der Verarbeitung Ihrer personenbezogenen Daten zu verlangen: •  Wenn die Richtigkeit Ihrer personenbezogenen Daten von Ihnen bestritten wird und wir die Möglichkeit hatten, die Richtigkeit zu überprüfen •  Wenn die Verarbeitung nicht rechtmäßig erfolgt und Sie statt der Löschung eine Einschränkung der Nutzung  ver langen •  Wenn wir Ihre Daten nicht mehr für die Zwecke der Verarbeitung benötigen, Sie diese jedoch zur Geltendmachung, Ausübung oder Verteidigung gegen Rechtsansprüche  brauchen •  Wenn Sie Widerspruch eingelegt haben, solange noch nicht feststeht, ob Ihre Interessen überwiegen
6.4 Ihr Recht auf Widerspruch Wir dürfen Ihre Daten aufgrund von berechtigten Interessen oder im öffentlichen Interesse verarbeiten. In diesen Fällen haben Sie das Recht, der Verarbeitung Ihrer Daten zu widersprechen. Dies gilt auch dann, wenn wir Ihre Daten für unsere Direktwerbung nutzen. Bitte beachten Sie unseren gesonderten Hinweis in Abschnitt B: „Information über Ihr Widerspruchsrecht“.
6.5 Ihr Beschwerderecht In einzelnen Fällen kann es passieren, dass Sie nicht zufrieden mit unserer Antwort auf Ihr Anliegen sind. Dann sind Sie
 berechtigt, beim Datenschutzbeauftragten der ING­DiBa sowie bei der zuständigen Datenschutzaufsichtsbehörde Beschwerde einzureichen.
6.6 Ihr Recht auf Datenübertragbarkeit Sie haben das Recht, personenbezogene Daten, die Sie uns gegeben haben, in einem übertragbaren Format zu erhalten.
7 Sind Sie verpflichtet, der ING-DiBa  bestimmte
 personenbezogene Daten zu  geben? Im Rahmen unserer Geschäftsbeziehung benötigen wir von Ihnen folgende personenbezogenen Daten: •  Daten, die für die Aufnahme und die Durchführung einer Geschäftsbeziehung gebraucht werden •  Daten, die für die Erfüllung der damit verbundenen
 vertraglichen Pflichten notwendig sind •  Daten, zu deren Erhebung wir rechtlich verpflichtet sind
Ohne diese personenbezogenen Daten sind wir in der Regel nicht in der Lage, einen Vertrag mit Ihnen einzugehen oder auszuführen.
Seite 6/6
Durch das Geldwäschegesetz sind wir verpflichtet, Sie mithilfe Ihrer Ausweisdokumente zu identifizieren, bevor wir
 eine Geschäftsbeziehung eingehen (per Postident­Verfahren oder Videolegitimation). Dabei werden Ihr Name, Geburtsort und ­datum, Staatsangehörigkeit, Anschrift und Ausweisdaten erhoben und festgehalten. Sollten im Laufe unserer Geschäftsbeziehung mögliche Änderungen auftreten, sind Sie verpflichtet, uns diese unverzüglich mitzuteilen.
Wenn Sie uns die notwendigen Informationen und Unterlagen nicht zur Verfügung stellen, dürfen wir die von Ihnen angestrebte Geschäftsbeziehung weder aufnehmen noch fortführen.
8 Wofür verarbeiten wir automatisiert personenbezogene Daten? Damit wir unsere Dienstleistungen und Produkte schnell und einfach anbieten können, nutzen wir in unseren Online­ Strecken oder im Internetbanking manchmal die technische Möglichkeit, einer vollautomatisierten Entscheidungsfindung. Sollten wir dieses Verfahren in Ihrem Fall einsetzen, informieren wir Sie darüber – sofern dies gesetzlich vorgesehen ist. Schließlich haben Sie das Recht, eine persönliche Überprüfung der automatisierten Einzelentscheidung zu verlangen.
Wir verarbeiten Ihre Daten teilweise automatisiert mit dem Ziel, bestimmte persönliche Aspekte zu bewerten (Profiling). Das gilt beispielsweise für folgende Fälle: • Aufgrund gesetzlicher und aufsichtsrechtlicher Vorgaben sind wir zur Bekämpfung von Geldwäsche, Terrorismusfinanzierung und anderen vermögensgefährdenden Straftaten verpflichtet. Dabei werden auch Datenauswertungen (unter anderem im Zahlungsverkehr) vorgenommen. Diese Maßnahmen werden insbesondere zu Ihrem Schutz ergriffen. • Durch gezieltes Marketing wollen wir Ihnen nur Angebote machen, die auf Ihre Bedürfnisse zugeschnitten sind. • Um die Kreditwürdigkeit unserer potenziellen Kunden zu beurteilen, nutzen wir das sogenannte Scoring. Dabei wird die Wahrscheinlichkeit berechnet, mit der ein Kunde seinen Zahlungsverpflichtungen vertragsgemäß nachkommt. Das Scoring beruht auf einem mathematisch­statistisch anerkannten und bewährten Verfahren. Die errechneten ScoreWerte unterstützen uns bei der Entscheidungsfindung, wenn jemand ein Produkt abschließen will. Außerdem gehen sie in das laufende Risikomanagement mit ein.
9 Wie lange speichern wir Ihre Daten? Wir speichern Ihre Daten nicht länger, als wir sie für die
 jeweiligen Verarbeitungszwecke benötigen.
Sind die Daten für die Erfüllung vertraglicher oder gesetzlicher Pflichten nicht mehr erforderlich, werden diese regelmäßig gelöscht, es sei denn, deren – befristete – Aufbewahrung ist weiterhin notwendig. Gründe hierfür können z. B. Folgende sein: • Die Erfüllung handels- und steuerrechtlicher Aufbewahrungspflichten: Zu nennen sind insbesondere das Handelsgesetzbuch, die Abgabenordnung, das Kreditwesengesetz, das Geldwäschegesetz und das Wertpapierhandelsgesetz. Die dort vorgegebenen Fristen zur Aufbewahrung bzw.
 Dokumentation betragen bis zu zehn Jahre. • Das Erhalten von Beweismitteln für rechtliche Auseinandersetzungen im Rahmen der gesetzlichen Verjährungsvorschriften: Zivilrechtliche Verjährungsfristen können bis zu 30 Jahre betragen, wobei die regelmäßige Verjährungsfrist drei Jahre beträgt.
B Information über Ihr Widerspruchsrecht
1 Einzelfallbezogenes Widerspruchsrecht Sie haben das Recht, aus Gründen, die sich aus Ihrer besonderen Situation ergeben, gegen die Verarbeitung Ihrer personenbezogenen Daten Widerspruch einzulegen. Voraussetzung hierfür ist, dass die Datenverarbeitung im öffentlichen Interesse oder auf der Grundlage einer Interessenabwägung erfolgt. Dies gilt auch für ein Profiling.
Im Falle eines Widerspruchs werden wir Ihre personenbezogenen Daten nicht mehr verarbeiten. Es sei denn, wir können zwingende schutzwürdige Gründe für die Verarbeitung
 dieser Daten nachweisen, die Ihren Interessen, Rechten und Freiheiten überwiegen. Oder Ihre personenbezogenen Daten dienen der Geltendmachung, Ausübung oder Verteidigung von Rechtsansprüchen.
2 Widerspruch gegen die Verarbeitung Ihrer Daten für  unsere Direktwerbung In Einzelfällen nutzen wir Ihre personenbezogenen Daten für unsere Direktwerbung. Sie haben das Recht, jederzeit Widerspruch dagegen einzulegen; dies gilt auch für das Profiling, wenn es mit einer Direktwerbung in Verbindung steht.
Im Falle eines Widerspruchs verarbeiten wir Ihre personenbezogenen Daten nicht mehr für diese Zwecke.
Der Widerspruch kann formfrei erfolgen und sollte möglichst gerichtet werden an: ING­DiBa AG Datenschutzbeauftragter Theodor­Heuss­Allee 2 60486 Frankfurt am Main E­Mail: datenschutz@ing­diba.d