1 Controller of the data processing
The controller pursuant to Art. 4 (7) of the EU General Data Protection Regulation (GDPR) is
United Initiators GmbH
(see our imprint).
2 How to contact the data protection officer
You can contact our data protection officer at Datenschutz@united-in.com or our postal address with the addition of "der Datenschutzbeauftragte" [the data protection officer].
3 Your rights
You have the following rights with regard to personal data concerning you
3.1 General rights
You have the right to information, correction, deletion, restriction of processing, objection to processing and data portability. If processing is based on your consent, you have the right to revoke this with effect for the future.
To exercise your rights, please contact us by e-mail at Datenschutz@united-in.com or by post at United Initiators GmbH, Dr.-Gustav-Adolph-Str. 3, 82049 Pullach. The exercising of your rights described under this point is free of charge for you.
3.2 Rights regarding data processing according to legitimate interest
Pursuant to Article 21(1) GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) GDPR (data processing in the public interest) or on the basis of Article 6(1)(f) GDPR (data processing for the purposes of pursuing a legitimate interest); this also applies to profiling based on this provision. In the event of your objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
3.3 Rights in the case of direct marketing
If we process your personal data for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing in accordance with Article 21(2) of the GDPR; this also applies to profiling insofar as it is related to such direct marketing.
In the event of your objection to the processing for the purpose of direct marketing, we will no longer process your personal data for these purposes.
3.4 Right to complain to a supervisory authority
Without prejudice to these rights and the possibility of seeking any other administrative or judicial remedy, you may at any time exercise your right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes data protection law (Article 77 GDPR).
The supervisory authority responsible for us is:
Bavarian State Office for Data Protection Supervision (BayLDA).
4 Collection of personal data when visiting our website
When you call up and use our website for information purposes only, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. When you use our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure its stability and security.
- Operating system of the end device with which you visit our website
- Browser (type, version & language settings)
- the amount of data retrieved
- the current IP address of the end device with which you visit our website
- date and time of access
- the URL of the previously visited website (referrer)
- the URL of the (sub)page you are accessing on the website
- the Internet service provider of the accessing system
The collection of this data is technically necessary in order to display our website to you and to ensure stability and security. We (and our service provider) do not regularly know who is behind an IP address. We do not combine the data listed above with other data.
The legal basis is Art. 6 para. 1 s. 1 lit. f GDPR. Since the collection of data for the provision of the website and the storage in log files are absolutely necessary for the operation of the website (error identification) and for protection against misuse, our legitimate interest in data processing prevails at this point.
The data is deleted as soon as it is no longer required to achieve the purpose (to defend against attempted attacks on our web server and error identification). Within the scope of our IT security precautions, this is usually the case after 14 days at the latest.
Insofar as data is collected to the extent described, this is absolutely necessary for the security and operation of the website. There is therefore no possibility to object.
5 Legal basis of our data processing
The processing of personal data can be based on various legal grounds. If we need your data to fulfil a contract with you or to respond to enquiries from you regarding a contract, the legal basis for this data processing is Art. 6 para. 1 s. 1 lit. b GDPR.
If we obtain your consent for certain data processing, the legal basis is Art. 6 para. 1. s. 1 lit. a GDPR. We carry out some data processing on the basis of our legitimate interest, whereby a balancing of your interests worthy of protection and our legitimate interests is always carried out. The legal basis for this is Art. 6 para. 1 s. 1 lit. f GDPR. If processing is necessary to fulfil a legal obligation to which we are subject, the legal basis is Art. 6 para. 1 s. 1 lit. c GDPR.
Below we explain how we process personal data via our website.
There are different types of cookies: session cookies are sets of data that are only temporarily held in memory and deleted when you close your browser. Permanent or persistent cookies are automatically deleted after a set period of time, which may vary depending on the cookie. With this type of cookie, the information can also be stored in text files on your computer. However, you can also delete these cookies at any time via your browser settings.
First-party cookies are set by the website you are currently visiting. Only this website is allowed to read information from these cookies. Third-party cookies are set by organisations that do not operate the website you are visiting. These cookies are used by marketing companies, for example.
The legal basis for possible processing of personal data using cookies and their storage period may vary. Insofar as you have given us your consent, the legal basis is Art. 6 para. 1 s. 1 lit. a GDPR. Insofar as the data processing is based on our overriding legitimate interests, the legal basis is Art. 6 para. 1 s. 1 lit. f GDPR. The stated purpose then corresponds to our legitimate interest.
6.1 Technically necessary technologies
Name of the cookie: CC2session
Purpose of processing: session cookie to secure relevant configurations of users in the career portal (e.g. the selected language, the filtering of jobs).
Legal basis of processing: Legitimate interest - technically necessary
Storage period: Until end of session
We use the service Usercentrics to manage consent on our website. Usercentrics is a software of Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich.
Usercentrics determines the language used by your browser. In order to check whether you have already made a selection in our consent tool during a previous visit to our website, information on this is written to the local storage of your browser. In addition, a log file is created in order to be able to prove that consent has been given. This file contains the IP address in anonymised form, information on the browser used, data on the scope of the consent, as well as the date and time of the visit.
The legal basis for the processing is our legitimate interest according to Art. 6 para. 1 s. 1 lit. f GDPR.
The purpose of the data processing is the user-friendly and legally compliant design of our website. We want to make it as easy as possible for you to give or withdraw consent and to increase the transparency of data processing by means of cookies, pixels, tag or similar on our website. Our legitimate interest also lies in the purpose of the data processing.
Your consent or refusal to use / play out services that may also set cookies is stored on your end device in the so-called local storage. The consent data (consent given and withdrawal of consent) remains stored on your computer until the local storage is deleted. In order to enable a comparison, Usercentrics stores this as hash values for 3 years.
6.2 Website analysis
For the purpose of analysing and optimising our websites, we use various services which are described below. We use these services to analyse how many users visit our site, which information is most in demand or how users find the offer. We also collect data on which internet page a user came to our website from (so-called referrer), which sub-pages of the website were accessed or how often and for how long a sub-page was viewed. This helps us to design our offers in a user-friendly way, to find errors and to improve our offers.
6.2.1 Google Analytics
If you have given your consent, this website uses Google Analytics, a web analytics service provided by Google LLC. The responsible entity for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").
We use the Client ID function. With the help of the Client ID, we can assign a unique, permanent ID to one or more sessions (and the activities within these sessions) and analyse user behaviour across devices.
Google Analytics 4 has IP anonymisation enabled by default. Due to IP anonymisation, your IP address will be shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
During your website visit, your user behaviour is recorded in the form of "events". Events can be:
- Page views
- First visit to the website
- Start of session
- Your "click path", interaction with the website
- Scrolls (whenever a user scrolls to the end of the page (90%)
- Clicks on external links
- Internal search queries
- interaction with videos
- ads seen / clicked on
- your approximate location (region)
- in rare cases, your IP address (in shortened form)
- technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
- your internet service provider
- the referrer URL (via which website/advertising medium you came to this website)
On behalf of United Initiators GmbH, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity. The reports provided by Google Analytics are used to analyse the performance of our website and the success of our marketing campaigns.
Recipients of the data are/may be
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as data processor according to Art. 28 GDPR)
Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
It cannot be ruled out that US authorities will access the data stored by Google.
Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not have any legal remedy against access by authorities.
The data sent by us and linked to cookies are automatically deleted after 2 months in the case of Google Analytics 4. Data whose retention period has been reached is automatically deleted once a month.
The legal basis for this data processing is your consent pursuant to Art. 6 Para.1 s.1 lit. a GDPR. Once you have given your consent, you can revoke it at any time with future effect by changing your selection in the tracking settings (see above, under Cookies). Alternatively, you can delete your cookies (all or only from this website). The banner with the selection options will then be displayed again.
Alternatively, you can prevent cookies from being stored in the first place by configuring your browser software accordingly. However, if you configure your browser to reject all cookies, this may restrict functionalities on this and other websites. You can also prevent the collection of data generated by the cookie and relating to your use of the website (including your IP address) by Google, and the processing of this data by Google, by
a. not giving your consent to the setting of the cookie or
b. downloading and installing the browser add-on to deactivate Google Analytics HERE.
7 Google Tag Manager
For reasons of transparency, we would like to point out that we use Google Tag Manager of the provider Google Ireland Limited (registration number: 368047), Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager itself does not collect any personal data. Google Tag Manager makes it easier for us to integrate and manage our tags. Tags are small pieces of code that are used to, among other things, measure traffic and visitor behaviour, track the impact of online advertising and social channels, set up remarketing and targeting, and test and optimise websites. We use Tag Manager for the service Google Analytics, so Google Tag Manager is also only activated once you have consented to this.
Once you have given your consent, you can withdraw it at any time with future effect by changing your selection in the cookie settings (see above, point 6. Cookies). Alternatively, you can delete your cookies (all or only from this website). The banner with the selection options will then be displayed again. For more information on Google Tag Manager, see: https://www.google.com/intl/de/tagmanager/use-policy.html.
8 Web Fonts from fonts.com
For the uniform display of fonts on our website, we use "fonts.com" web fonts from Monotype Imaging Inc, 600 Unicorn Park, Massachusetts 01801, USA.
When you visit our website, the necessary data is loaded into your browser cache in order to display texts and fonts correctly. This requires a connection to the fonts.com servers of Monotype Imaging Inc. and may result in the transmission of personal data, in particular the IP address, to the servers of Monotype Imaging Inc. in the USA. The IP address is stored by Monotype for 30 days without anonymising and is deleted completely after this period, so that no more personal data is stored. The web fonts from Monotype Imaging Inc. are transferred to your browser's cache to avoid repeated loading. If your browser does not support web fonts or prevents access, a standard font will be used by your computer.
Insofar as data is processed outside the EEA, where there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish a secure level of data protection.
The use of web fonts is in the interest of a uniform and appealing presentation of our online offers with regard to efficiency and cost-saving considerations. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 s. 1 lit. f GDPR.
9 YouTube (extended data protection mode)
We use services from YouTube, LLC 901 Cherry Ave, 94066 San Bruno, CA, USA, a Google Inc. company, Amphitheatre Parkway, Mountain View, CA 94043, USA, on our website. If you call up a page in which a YouTube video is embedded, a connection is normally established to the YouTube servers and the content is displayed on the website by informing your browser. By using our consent management tool (Usercentrics), this is prevented if you have not consented to the data processing with regard to YouTube. Thus, due to the integration of YouTube, no data is transferred without your consent.
In this case, we also use the extended data protection option provided by YouTube to protect your personal data. According to YouTube's information, however, data is only transmitted to the YouTube server in "extended data protection mode" when you actively start the video. If you are logged in to YouTube at this time, the information about the videos you have viewed will be assigned to your YouTube member account. You can prevent this by logging out of your member account before visiting our website.
Further information on YouTube's data protection is provided by Google under the following link: https://www.google.de/intl/de/policies/privacy/.
By activating this option in the tracking settings, you consent to YouTube receiving data through your use, which may also be used to analyse your usage behaviour for market research and marketing purposes. The legal basis for the described data processing is therefore your consent, Art. 6 para. 1 p. 1 lit. a GDPR. You can withdraw this consent at any time with effect for the future by changing your selection in the tracking settings (see above, under Cookies). Alternatively, you can delete your cookies (all or only from this website). The banner with link to the selection options will then be displayed again. If you do not agree or withdraw your consent, you will not be able to use them.
10 Contacting us by e-mail or contact form
When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, name and telephone number, if applicable) will be stored by us in order to answer your questions and process your requests. The legal basis in this respect is Art. 6 para. 1 s. 1 lit. f GDPR. Insofar as we request information via our contact form that is not necessary for contacting you, we have always marked this as optional. We use this information to specify your request and to improve the processing of your request. This information is provided expressly on a voluntary basis and with your consent, Art. 6 para. 1 s. 1 lit. a GDPR. Insofar as this involves information on communication channels (e.g. e-mail address, telephone number), you also consent to us contacting you via this communication channel, if necessary, in order to respond to your request. You can, of course, withdraw this consent at any time for the future.
Your data that we have received in the course of contacting you will be deleted as soon as it is no longer required to achieve the purpose for which it was collected, your request has been fully processed and no further communication with you is necessary or desired by you.
As the controller, our company has implemented numerous technical and organisational measures to ensure the most complete protection of personal data processed through this website. Nevertheless, internet-based data transmissions can always have security gaps. Absolute protection cannot be guaranteed; in any case, sending unencrypted e-mails is not secure. We therefore ask you not to send sensitive data by unencrypted e-mail, but to use either encrypted communication channels (e.g. our contact form) or the postal service.
11 Applications/ Applicant portal
You can apply online via our application portal at https://www.united-initiators.com/careers/. Your online application will be forwarded there via an encrypted connection directly via our order processor SDWorx to our applicant management tool to the HR department and will of course be treated confidentially.
Applications are to be submitted exclusively via the applicant portal. Should you nevertheless apply to us by e-mail, we expressly point out that sending unencrypted e-mails or e-mail attachments is not secure.
Please note that, in particular, CVs, references or the other data you send for application purposes may also contain particularly sensitive data, such as information on racial or ethnic origin, political opinions, religious or philosophical beliefs, membership of a trade union or political party, physical or mental health or sexual life. We therefore recommend that, where possible, you do not provide any information relating to such special category sensitive data.
Your information will be used for processing your application and deciding on the establishment of an employment relationship. The legal basis is § 26 para. 1 in conjunction with. § 8 s. 2 BDSG. Furthermore, your personal data may be processed insofar as this should be necessary for the defence of asserted legal claims against us arising from the application process. The legal basis for this is Art. 6 para. 1 s. 1 lit. f GDPR. The legitimate interest in the processing also lies in the stated purposes.
Insofar as an employment relationship between you and us is established, we may further process the personal data already received from you for the purposes of the employment relationship in accordance with § 26 para. 1 BDSG if this is necessary for the implementation or termination of the employment relationship or for the exercise or fulfilment of the rights and obligations of the employee representation resulting from a law or a collective agreement, a works agreement or a service agreement (collective agreement).
Your application data will not be processed beyond the described use.
If no employment relationship is established between you and us, your personal data will be deleted at the latest after 6 months following the conclusion of the application process, unless there are other legitimate interests on our part that prevent such deletion or you have given us permission to store the data for a longer period. Other legitimate interest in this sense is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz - AGG).
If you wish to be included in our Talent Pool beyond a specific application procedure, we will store your application documents for the future filling of vacancies if you give us your consent to do so in accordance with Art. 6 para. 1 s. 1 lit. a GDPR. The further retention period is another 6 months initially.
You can withdraw your consent at any time with effect for the future without giving reasons and without having to fear any disadvantages. You can contact us at human email@example.com.
12 Social Bookmarks
So-called social bookmarks of the following provider are integrated on our website:
- LinkedIn (EU operator: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland).
- Instagram (EU operator: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland)
Social bookmarks are internet bookmarks that allow users of such a service to collect links and news stories. These are only integrated on our website as links to the corresponding services. After clicking on the embedded graphic, you will be redirected to the page of the respective provider, i.e. only then will user information be transmitted to the respective provider. For information on the handling of your personal data when using these websites, please refer to the respective provider's data protection regulations.
13 Data transfer
As a matter of principle, your data will not be transferred to third parties unless we are legally obliged to do so, or the transfer of data is necessary for the performance of the contractual relationship, or you have previously expressly consented to the transfer of your data.
External service providers and partner companies, such as online payment providers or the shipping company commissioned with the delivery, only receive your data insofar as this is necessary to process your order. In these cases, however, the scope of the transmitted data is limited to the necessary minimum. Insofar as our service providers come into contact with your personal data, we ensure within the framework of order processing pursuant to Art. 28 GDPR that they comply with the provisions of the data protection laws in the same manner. Please also note the respective data protection notices of the providers. The respective service provider is responsible for the content of third-party services, whereby we check the services for compliance with the legal requirements within the scope of reasonableness.
We attach importance to processing your data within the EU / EEA. However, it may happen that we use service providers who process data outside the EU / EEA. In these cases, we ensure that an adequate level of data protection is established at the recipient before transferring your personal data. This means that via EU standard contracts or an adequacy decision of the European Commission, a level of data protection is achieved that is comparable to the standards within the EU.
14 Data security
We have taken extensive technical and operational precautions to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Our security procedures are regularly reviewed and adapted to technological progress.
Status June 2022