Privacy Policy
Thank you for visiting our websites. The protection of your personal data is very important to us.
Use of our websites
Thank you for visiting our websites. The protection of your personal data (“ Data ”) is very important to us. This Privacy Policy is designed to give you an overview of which Data we collect and process when you visit our websites and contact us and what rights you have in relation to the processing of your Data.
I. Who are we and how can you contact us?
We,
IAV GmbH Ingenieurgesellschaft Auto und Verkehr (“IAV”)
Carnotstraße 1
10587 Berlin
are responsible for protecting your Data.
If you have any questions regarding the processing of data, regarding your rights or this Privacy Policy, please do not hesitate to contact our Group Data Protection Officer. He can be reached
By post at:
IAV GmbH Ingenieurgesellschaft Auto und Verkehr
Data Protection Officer
Carnotstraße 1
10587 Berlin
As well as by email at:
datenschutzbeauftragter@iav.de
II. Data processing in connection with your visit to our websites
Insofar as the Telecommunication-Telemedia-Data-Protection-Act (“ TTDSG “) applies to the technologies used on our website and the cookies set by us, we obtain your consent via our cookie banner or the cookie settings (Sec. 25 para. 1 TTDSG). In other cases, the data processing is technically necessary for the operation of the website designed by us, in particular to ensure the permanent functionality and security of our website and our information technology systems or it is necessary to meet legal requirements.
You can access the cookie settings via the menu item of the same name in our website footer – at the bottom of the website.
A. Log-Files
Description and scope of the data processing:
When you visit our website your browser automatically transmits the following Data:
- information about the browser type and the version used
- the user’s operating system
- the Internet service provider of the user
- the IP address of the user
- date and time of access
- websites from which the user’s system accesses our website (referrer URL)
- Websites accessed by the user’s system from our website
Purposes of the data processing:
The temporary storage of the IP address by the system is necessary in order to enable the user’s electronic device to receive the requested Data. For this purpose, the IP address of the user must be stored for the duration of the session. Other Data is stored in log files to ensure the functionality of the website. The data is also used to optimize the content of our website, to help us prevent malfunctions and misuse of our systems, to ensure the long-term functionality and security of our website and information technology systems, and to provide prosecuting authorities with the information necessary for prosecution in the event of a cyber attack.
Legal basis:
We store this Data temporarily on the basis of legitimate interests (Art. 6 sec. 1 f GDPR). Our legitimate interest lies in achieving the purposes described above.
Term of storage and control options:
The Data will be erased if they are no longer necessary to achieve the purposes. Log files are erased after seven days at the latest, unless a longer storage period is necessary to comply with contractual or legal obligations. The IP address is stored for the duration of the session. Data, the further storage of which is needed for evidence purposes, are excluded from erasure until the respective incident has been finally clarified.
B. Cookies and other Technologies
Description and scope of the data processing:
When you visit our website, we set so-called cookies. These are small text files that are stored on your device. Cookies typically contain a distinctive string of characters, the so-called cookieID, which identify your browser when revisiting the website.
We use cookies to make our websites user-friendly and illustrative (e.g. integration of photos).
For web statistics, we work with permanent cookies that enable us to identify you beyond the browser session.
You can adjust the settings and read which cookies we set and for which purposes in the cookie settings at any time. You can access the cookie settings via the menu item of the same name “cookie settings” in our website footer – at the bottom of the website.
More detailed information on the cookies set and other technologies we provide below in this section.
Cookiebot Cookie
Description and scope of the data processing:
We use „Cookiebot“ – a consent-cookie-technology provided by Cybot A/S – Havnegade 39, 1058 Kopenhagen, Denmark.
With the help of the Cookiebot cookie (CookieConsent), we document whether you have consented to the setting of certain cookies in the cookie banner or have revoked consents or objected to data processing. The following Data is stored:
- your IP number in anonymized form (last three digits are set to ‘0’),
- date and time of your consent,
- user agent of your browser,
- URL from which your consent was submitted,
- an anonymous, random and encrypted key value,
- your consent state, serving as proof of consent.
Further information on Cookiebot you can find here .
Purposes of the data processing:
Cookiebot is used to comply with data protection requirements on the setting and documentation of cookies.
Legal basis:
We use the Cookiebot to be able to prove compliance with legal obligations, Article 6 (1) c GDPR.
Term of storage and control options:
The cookie expires after 12 months. In addition, the collected Data will be deleted if you ask us to do so or delete the Cookiebot cookie yourself or if the purpose for storing the Data no longer applies. Mandatory legal retention periods remain unaffected.
Adobe Fonts
Description and scope of the data processing:
Adobe:
We use “ Adobe Fonts ” on our websites, a service provided by Adobe Systems Software Ireland Limited: 4-6 Riverwalk, City West Business Campus, Saggart, Dublin 24, Irland („Adobe“).
By using Adobe Fonts, we are able to display our website texts in a uniform and eye-catching way. When you visit our website, your browser loads the required Adobe fonts into your browser cache in order to display texts and fonts correctly. In particular, the following information is transmitted to Adobe:
- IP address
- the time from downloading the fonts with the web browser to applying the fonts
- Whether an ad blocker is installed (to determine if the ad blocker is interfering with the correct tracking of page views)
- Operating system and browser version.
Further information on the processing of your Data can be found in the Adobe privacy policy.
We:
We are not able to view the data processed by Adobe.
Purposes of the data processing:
Adobe:
Adobe uses the collected data to display the fonts correctly and to optimise the display in the future.
We:
With the help of the Adobe Fonts service, we can design our website texts in a uniform and eye-catching way.
Legal basis:
We use Adobe Fonts on the basis of Art. 6 sec. 1 f GDPR. Our legitimate interest lies in designing our web page texts more attractive.
Term of storage and control options:
You can prevent the collection as well as the processing of data by Adobe by setting your browser so that the fonts are not loaded from the Adobe servers (e.g. by installing add-ons). If your browser does not support the Adobe fonts or you prevent access to the Adobe servers, the text will be displayed in the system’s default font.
HERE Maps
Description and scope of the data processing:
HERE:
On our website we use “HERE Maps”, a service provided by HERE Global B.V. („HERE“), Kennedyplein 222 -226, 5611 ZT Eindhoven, Netherlands.
With HERE Maps you can view maps and change their views. In particular, your IP address and, for example, when using the route function, the specified start and destination are transmitted to HERE via an interface.
Further information on the processing of your data and the use of cookies can be found in the HERE Privacy Policy and in the HERE Cookie Policy .
We:
We are not able to view the data processed by HERE.
Purposes of the data processing:
HERE:
HERE processes your data to show you map material and enable you to use the functionalities, among other things.
We:
With the help of the HERE Maps, we are able to show you interactive maps directly on the website, thus allowing you to make easy use of the map function.
Legal basis:
We use the HERE Maps on the basis of Art. 6 sec. 1 f GDPR. Our legitimate interest lies in designing the use of our web pages to match demand, i.e. especially convenient and simple.
Term of storage and control options:
You can prevent HERE from collecting and processing the Data by deleting the cookies in your browser, completely deactivating the storage of cookies, selectively accepting certain cookies and, if necessary, setting your browser to notify you, if a cookie should be set. Please use the help functions of your browser to find out how to change these settings. This may limit the functionality of our website.
Deactivate in Firefox
Deactivate in Internet Explorer
Deactivate in Chrome
Friendly Captcha
Description and scope of the data processing:
On our website we use „Friendly Captcha“, a service provided by Friendly Captcha GmbH, Am Anger 3-5, 82237 Woerthsee.
The use of Friendly Captcha is supposed to make it more difficult for bots to use our website, in particular to fill out our online forms. For this purpose, we use a so-called widget which, when our website is visited, causes a “puzzle task” to be sent to the user’s device. The user’s device solves the puzzle task and sends the solution back to our web server. The following log data is processed:
- http request header data, origin and referrer URL,
- Date and time of the request,
- hash value (one-way encryption) of the IP address,
- Number of requests from the hashed IP address,
- answer to the puzzle task solved by the device.Additional information is available here.
The puzzle task is always sent from the nearest server, i.e. if you visit our website from outside the EU, the Data is usually also exchanged with a server outside the EU; conversely, data processing takes place on EU servers if you visit our website from the EU. In the former case, appropriate safeguards have been put in place to ensure an adequate level of data protection (conclusion of EU standard contractual clauses, EU-US Data Privacy Framework certification).
Further information you can find here .
Purposes of the data processing:
The use of Friendly Captcha makes it more difficult for bots to use our website, especially to fill out our website forms. As a result, the protection of our website against abusive automated spying, SPAM and malicious attacks is increased. The use of Friendly Captcha is therefore necessary to improve the security of our website.
Legal basis:
We use Friendly Captcha on the basis of Art. 6 sec. 1 f GDPR. Our legitimate interest lies in making abuse, malicious attacks and SPAM more difficult.
Term of storage and control options:
The widget we use does not set any cookies on your device. Your IP address is only stored in hashed form. Your Data will be deleted after 30 days at the latest.
Matomo
Description and scope of the data processing:
On our website we use the cookieless tracking of the free web analysis software “ Matomo“. For this purpose, a hash value is obtained from the following user information: operating system, browser, browser plugins, shortened IP address and browser language. This hash value is temporarily stored as a so-called config_id in our Matomo database and compared with the config_ids of the visitors of the last 30 minutes.
On this basis, we receive aggregated reports of the usage behavior of the website users in the Matomo dashboard, in particular: user numbers (restricted statement, as users are recognized as new website visitors after 30 minutes); (sub)websites visited; user activities on the website (e.g. newsletter subscription, download); length of time users spend on the website; keywords entered to find the website; user behaviour on the website; devices used when visiting our website, including device settings (screen resolution, operating system, browser used).
Purposes of the data processing:
We use the statistics provided by Matomo to analyze the activities on our website, in particular to evaluate from which websites users come to our website. This allows us to improve the quality and content of our website and adjust our website to the needs of our users.
Legal basis:
We use Matomo on the basis of legitimate interests (Art. 6 Sec. 1 f GDPR). Our legitimate interest lies in the aforementioned purposes.
Term of storage and control options:
The config_id is valid for a maximum of 24 hours, whereby the config_ids are only compared for a 30-minute time window.
Social-Media (Twitter, XING, LinkedIn, Facebook/Instagram)
Description and scope of the data processing:
There are icons on this website which enable the sharing of pages on social networks. These icons are implemented as external links (e.g. for Facebook with “sharer.php”).
Social media platforms:
If you click on an icon your user Data will be transferred to the website of the social media platform.
You can find further information on data processing on social media platforms, purposes and legal bases for the data processing as well as your rights vis-á-vis the social media platforms under the following links:
Facebook/Instagram
Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Irland
Privacy Policy Facebook/Instagramm
LinkedIn
LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland
Privacy Policy LinkedIn
X (Twitter)
Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Irland
Privacy Policy Twitter
Xing
New Work SE, Am Strandkai 1, 20457 Hamburg, Germany
Privacy Policy Xing
Term of storage and control options:
You can also prevent the collection and processing of the Data by the social media platforms by downloading and installing on your devices the browser add-on available or change your settings on the platform privacy settings, if available.
Facebook-Pixel
Description and scope of the data processing:
We and Facebook:
We use the Facebook pixel on the career subpages of our website. Facebook pixel captures when a user visits our website. Users who belong to a defined audience will then receive audience-driven content in the Facebook Ads Network, especially job ads (detailed targeting). When a user clicks on this content, it is captured by Facebook. We then receive an anonymous evaluation from Facebook of how successful the advertising campaign was and how many users clicked on the content (retargeting). However, we do not know which individual users have visited our website.
For more information about the scope and purpose of Facebook’s data processing and the legal basis of Facebook’s data processing, please check Facebook’s Privacy Policy.
More information about the “Detailed Targeting” we use may also be found in the Privacy Policy of our Facebook page.
Purposes of the data processing:
By using the Facebook pixel and creating a “website visitor” audience, we can address our ads in the form of job postings to those who have previously visited our website.
Legal basis:
The legal basis for this data processing is your consent pursuant to Art. 6 sec. a GDPR. You agree by give your consent in our cookie banner or in the cookie settings.
Term of storage and control options:
You can prevent the Facebook pixel from being set at any time in the cookie settings by revoking your consent, i.e. removing the tick from the “Marketing” category. You can access the cookie settings via the menu item of the same name “cookie settings” in our website footer – at the bottom of the website.
You can also delete cookies in your browser at any time, completely deactivat the storage of cookies, selectively accepting certain cookies and, if necessary, set your browser to notify you, if a cookie should be set. Please use the help functions of your browser to find out how to change these settings.
Deactivate in Firefox
Deactivate in Internet Explorer
Deactivate in Chrome
III. Which Data is processed when you contact us?
Description and scope of the data processing:
We collect and process the Data provided by you, such as contact data, your name and your query, when you contact us via e-mail. All Data that you provide to us is transferred between your browser and our servers in encrypted form.
Purposes of the data processing:
We process your Data exclusively to handle your query.
Legal basis:
We process your Data in order to perform precontractual and contractual measures, that occur on the basis of your query (Art. 6 sec. 1 b GDPR). In all other cases, the processing is based on our legitimate interest in the effective processing of the queries addressed to us (Art. 6 sec. 1 f GDPR).
Term of storage and control options:
We store your Data for as long as we need it for the specific processing purpose. In addition, we store certain Data for the duration of the statutory limitation periods (usually three years, in individual cases up to 30 years) and for as long as is prescribed by statutory retention periods (e.g. as defined in the Commercial Code (HGB), the Fiscal Code [AO]) (usually ten years).
IV. Which Data is processed when you subscribe to our press distribution list, our customer magazine "automotion" or our newsletter?
Our subscription services
Description and scope of the data processing:
If you would like to subscribe to one of our subscription services ( press distribution list , customer magazine “automotion” , newsletter) we require the following information:
press distribution list:
Salutation, first and last name, e-mail address, medium as well as editorial office, street, postal code and city. You have the option of adding an addendum to the address.
customer magazine “automotion”:
Salutation, first and last name, address and e-mail address. Further Data such as company and department are optional.
newsletter:
Salutation, first and last name and e-mail address. Optionally, you can enter the respective company.
The registration for the respective subscription service is done as follows:
press distribution list:
Send an e-mail with the above-mentioned data and your wish to be added to the press distribution list to presse@iav.de . If you fill in the online form on our website with the above data, an e-mail will likewise be sent to presse@iav.de .
customer magazine “automotion”:
If you have provided us with the abovementioned information, in particular your postal address, we will sent our customer magazine “automotion” to the postal address provided.
newsletter::
After subscribing to our newsletter, our system will send you an e-mail with an activation link to confirm your subscription to the service. This will ensure that you are the owner of the email address you provided. You will only be added to the distribution list once you have confirmed the activation link for receipt in the registration e-mail (so-called double opt-in process). In order to prove the authorisation of your registration and to be able to trace a (possible) misuse of your e-mail address, we store your IP addresses used and the times (date and time) of the registration as well as their confirmation.
newsletter tracking
open-tracking:
A tracking pixel (=image) embedded in the e-mail captures the time when an e-mail was opened. This may be prevented by your e-mail service provider using automatic image blockers.
click-tracking:
If you click on a link contained in our newsletter, this process will be tracked.
Purposes of the data processing:
The purpose of the data processing is your wish to subscribe to one of our services and to receive the corresponding information.
By means of open tracking we can determine whether our newsletter is being read. We also use the click tracking to evaluate “how” our newsletter is used and to improve the design and content.
Legal basis:
Legal basis for the processing of your data in connection with the registration to one of our subscription services as well as its execution is your consent according to Art. 6 sec. 1 a GDPR.
Term of storage and control options:
If you are no longer interested in the subscription service, you can unsubscribe at any time. Your Data will then be removed from the mailing list immediately.
press distribution list:
If you would like to unsubscribe from our press distribution list, you can do so by clicking the unsubscribe link at the end of each press distribution list e-mail.
customer magazine „automotion“: If you are no longer interested in the customer magazine automotion, you can unsubscribe at any time by sending an e-mail to automotion@iav.com.
newsletter:
If you would like to unsubscribe from our newsletter, you can do so by clicking on the unsubscribe link at the end of each newsletter e-mail or by sending us an e-mail to events@iav.com.
If you do not click on the newsletter activation link sent to you by e-mail within 30 days (double opt-in process), the activation link will be invalid and your Data (IP address and date/time of registration) will be deleted.
V. Which Data is processed when you apply for a job with us?
Description and scope of the data processing:
You can send us your documents via the IAV applicant portal, by e-mail or by post.
If you apply to us via the applicant portal, your Data will be transmitted to us in encrypted form.
To participate in an application process we require, depending on the type of application, your contact details, your email address, information on your professional qualifications in the form of education and graduation certificates and/or employer references as well as your CV. If you give us additional Data voluntarily, we use this exclusively for the purpose of processing your application and conducting the application process.
We, IAV, as the operator of the applicant portal, process the application documents submitted via this platform. Your application documents will only be made available to the company of the IAV Group in whose responsibility the position is located. If you apply for a job, your applicant Data will not be passed on to third parties. Within the company to which you have applied for a job, only those persons have access to your Data who are internally involved in filling the position. Detailed information on the Data processed in the applicant portal can be found here .
With your consent, we store your application documents in our job pool so that your application can also be considered for future job vacancies.
Purposes of the data processing:
The purpose of processing the Data provided by you is to select an applicant for employment. Applicants are required to provide the Data. Without providing the Data, participation in the application process is not possible.
Legal basis:
The legal basis for the data processing is Sec. 26 BDSG (Federal Data Protection Act) in conjunction with Art. 6 sec. 1 b GDPR. We process voluntary information on the basis of Sec. 26 para. 1 BDSG in conjunction with Art. 6 1 f GDPR. Participation in the applicant pool is on the basis of your consent according to Article 26. para. 2 BDSG in conjunction with Art. 6 sec. 1 a GDPR.
Term of storage and control options:
If we decline your application, we will store your application documents for a maximum of six months from the time of notification of the unsuccessful application. The Data in the applicant pool is stored for 24 months.
If you wish to withdraw any consents to process your Data granted as part of the application process, please contact us at the above-mentioned address by post or send us an email to karriere@iav.de .
Information on the duration of the storage of your Data in the IAV applicant portal, in particular the Data recorded in your candidate profile, can be found here .
VI. Who receives your Data?
Departments within IAV GmbH
Within IAV, access to your Data shall only be provided to those departments / persons who require this for the purposes described.
Service providers that support us
We will transmit your Data to our service providers, e.g. in the fields of
- IT services;
- Post and telecommunications;
- Advice, legal advice,;
- Compliance and data protection;
- distribution and advertising;
- Operation and maintenance of our websites,;
- as well as communication, e.g. via our chat form and customer service (telephone and e-mail).;
These service providers are contractually obliged to maintain confidentiality and fulfill the requirements under data protection law. Service providers that are processors have signed a corresponding contract, which guarantees that Data will be processed strictly according to our instructions.
VII. What rights do you have and how can you exercise these?
A. Withdrawal of consent
You can withdraw any consent you have granted to the processing of your Data at any time and with effect for the future. Please note that the withdrawal will have no impact on the legality of the previous data processing and that it does not extend to such data processing for which statutory authorisation exists and which can therefore be performed without your consent.
B. Other rights of data subjects
According to Art. 15 to 21 and 77 of the GDPR and if the conditions are met, you are furthermore entitled to the following rights.
Access:
You can at any time demand provision of information on the Data of yours that we process and demand a copy of the Data stored on you, Art. 15 GDPR. Please note that further copies of the Data stored on you may be subject to a charge.
Correction:
You can demand the correction of incorrect Data as well as the completion of incomplete Data according to Art. 16 GDPR.
Erasure:
You can demand the erasure of your Data. Please note that the erasure does not include Data required for the execution and processing of contracts and to assert, exercise and defend against legal claims as well as Data for which statutory, supervisory or contractual retention obligations exist, Art. 17 GDPR.
Restriction of processing:
You can under certain circumstances demand the restriction of the processing, e.g. if you believe that your Data is incorrect, if the processing is illegal or you have raised a complaint about the data processing. This will mean that without your consent your Data may only be processed in a very restricted way, e.g. to assert, exercise or defend against legal claims or to protect the rights of other natural or legal entities, Art. 18 GDPR.
Objection to the data processing:
You have the option to object to the data processing for direct advertising purposes at any time. In addition, you can object at any time to data processing performed on the basis of a legitimate interest if there is particular reason for doing so, Article 21 GDPR.
Data portability:
You have the right to receive the Data provided by you, which was processed based on your consent or in order to fulfill a contract, in a structured, commonly used and machine-readable format and the right to demand a direct transfer of this Data to third parties within the realms of what is technically possible, Article 20 GDPR.
C. Contact routes
You can assert your rights by means of the following Contact details:
By post at:
IAV GmbH engineering company for cars and traffic
Data Protection Officer
Carnotstraße 1
10587 Berlin
As well as by email at:
dat a protection officer@iav.de .
D. Right to appeal to the competent data protection supervisory authority
If you, for example, consider that the processing of your Data is illegal or that your rights described above are not granted to you to the required extent, you have the right to file a complaint to the competent data protection supervisory authority.
Last revision: December 2021
Use of the whistleblowing system
Privacy Notice for our whistleblowing system and the processing in the case management system ("CMS")
Our whistleblowing system offers both our employees and third parties the opportunity to inform us of intentional or negligent violations of the law, internal regulations and ethical principles. In addition to internal reporting channels, a whistleblower portal is available for this purpose, allowing anonymous reports to be submitted. All incoming reports are recorded, processed and managed via our case management system (“ CMS “).
This Privacy Notice is designed to give you an overview of which personal data (“Data”) we collect and process when you use the whistleblowing portal and what rights you have in relation to the processing of your Data.
I. Who we are and how can you contact us?
We,
IAV GmbH Ingenieurgesellschaft Auto und Verkehr („IAV“)
Carnotstraße 1
10587 Berlin
manage the whistleblowing portal as well as the CMS for the IAV Group (consulting4Drive GmbH, IAV Cars GmbH, IAV Fahrzeugsicherheit GmbH & Co. KG., TRE GmbH, IAV Automotive Engineering Inc., IAV S.A.S., IAV Automotive Engineering (Shanghai) Co., Ltd., IAV do Brasil Ltda., IAV Korea Co., Ltd., IAV Automotive Engineering AB, IAV Co., Ltd., IAV Poland sp. zo.o) and are responsible for protecting your Data.
If you have any questions regarding the processing of data, regarding your rights or this Privacy Notice, please do not hesitate to contact our Data Protection Officer. He can be reached
By post at:
IAV GmbH engineering company for cars and traffic
Data Protection Officer
Carnotstraße 1
10587 Berlin
As well as by email at: Datenschutzbeauftragter@iav.de .
II. Which Data in processed when using the whistle-blowing system?
A. Reporting
Description and scope of the data processing:
Via the whistleblowing portal, violations of rules or suspicions of violations of rules can be reported by telephone or web message.
Reporter:
You can make a report anonymously. If you decide against reporting anonymously and provide us with your name and contact details, we process this information.
Persons about whom reports are received, including witnesses:
If a report includes Data of a person, we process this Data. As a rule, this will be name, company affiliation, conduct of a person and, if applicable, contact details.
The reports are recorded, processed and managed in the CMS (see below under section IV. “Which Data is processed in the CMS?”).
Purposes of the data processing:
The purpose of recording reports of violations of applicable laws, our codes of conduct or ethical principles is to uncover misconduct. The whistleblowing portal provides the opportunity to submit a report anonymously.
Legal basis:
The data processing described above is based on Sec. 11, 13 of the German Whistleblower Protection Act (= Hinweisgeberschutzgesetz) or, insofar as a report is not covered by the scope of the Act, the data processing is based on legitimate interests (Art. 6 Sec. 1 f General Data Protection Regulation “ GDPR ”), namely the detection and prevention of misconduct.
Term of storage and control options:
We only store the Data in the CMS as long as we need it for the purposes described above (see section IV. “Which Data is processed in the CMS?” below).
B. Log-Files
Description and scope of the data processing:
When visiting the whistleblowing portal’s website, the following Data is automatically transmitted by your browser:
- information about the browser type and the version used,
- your operating system,
- your IP address,
- date and time of access,
- websites from which the system reaches the whistleblowing portal (referrer URL).
Purposes of the data processing:
The temporary storage of the IP address by the system is necessary in order to enable the user’s electronic device to receive the requested Data. For this purpose, the IP address of the user must be stored for the duration of the session. Other Data is stored in log files to ensure the functionality of the whistleblowing portal’s website. The Data is also used to help us prevent malfunctions and misuse of our systems, to ensure the long-term functionality and security of the whistleblowing portal and information technology systems, and to provide prosecuting authorities with the information necessary for prosecution in the event of a cyber attack.
Legal basis:
We store this Data temporarily on the basis of legitimate interests (Art. 6 sec. 1 f GDPR). Our legitimate interest lies in achieving the purposes described above.
Term of storage and control options:
The Data will be erased if they are no longer necessary to achieve the purposes. Log files are erased after two weeks at the latest, unless a longer storage period is necessary to comply with contractual or legal obligations. Data, the further storage of which is needed for evidence purposes, are excluded from erasure until the respective incident has been finally clarified.
C. Cookies
Description and scope of the data processing:
When you visit the whistleblowing portal’s website, we set so-called cookies. These are small text files that are stored on your device. Cookies typically contain a distinctive string of characters, the so-called cookieID, which identify your browser when revisiting the website.
We use session cookies to better ensure communication within a session.
Purposes of the data processing:
The session cookies serve to better ensure communication.
Legal basis :
We use cookies on the basis of legitimate interests (Art. 6 sec. 1 f GDPR). Our legitimate interest lies in achieving the purposes described above.
Term of storage and control options:
Session cookies are automatically removed two hours after closing the browser.
You have total control over the use of cookies and can delete cookies in your browser, you can deactivate the storage of cookies completely, accept only certain cookies selectively and possibly set up your browser in a way that it notifies you when a cookie is to be set. To learn how to change these settings, please use the help feature of your browser. Please note that this can restrict the functionality of our website.
Deactivate in Firefox
Deactivate in Internet Explorer
Deactivate in Chrome
III. Which Data is processed when using the IAV internal reporting channels?
Description and scope of the data processing:
IAV employees can report violations or suspected violations directly to the Compliance Organisation at any time. The contact details of the Compliance Organisation are available on the internet and intranet. A report can be made by e-mail, telephone, letter or scan.
In addition, rule violations can be reported as part of line management, quality control or internal audits.
Subsequent to a report, the name, department and e-mail address of the reporter are usually processed.
Persons about whom reports are received, including witnesses:
If we receive Data in the context of a report, we process the information provided to us. As a rule, this will be name, company affiliation, conduct of a person and, if applicable, contact details.
The reports are recorded, processed and managed in the CMS (see below under section IV. “Which Data is processed in the CMS?”).
Purposes of the data processing:
The provision of internal reporting channels serves to uncover misconduct. Employees are given the opportunity to report violations through channels they are familiar with.
Legal basis:
The data processing described above is based on Sec. 11, 13 of the German Whistleblower Protection Act (= Hinweisgeberschutzgesetz) or, insofar as a report is not covered by the scope of the Act, the data processing is based on legitimate interests (Art. 6 Sec. 1 f GDPR), namely the detection and prevention of misconduct.
Term of storage and control options:
We only store the Data in the CMS as long as we need it for the purposes described above (see section IV. “Which Data is processed in the CMS?” below).
IV. Which Data is processed in the CMS?
Description and scope of the data processing:
In the CMS, we record, process and manage all reports that are received by or forwarded to our Compliance Organisation. The reports usually contain the following Data:
Reporter:
If the report is not anonymous, a compliance file contains the name and contact details of the reporter.
Persons about whom reports are received, including witnesses:
The compliance files contain all information relevant to the handling of the case that we have received in the context of a report and have investigated in the course of the investigation. This information will usually include the name, company affiliation, conduct of a person and, if applicable, contact details.
All incoming reports are recorded in the CMS, the further proceeding is specified depending on the individual case and the processing steps and results are documented. Thus, it is possible that cases are immediately closed by telephone or written communication or that further information is requested from the reporter. If necessary, other persons are involved who have a certain proximity to the case or who have the necessary knowledge and expertise for the case. This consultation of the persons is recorded and filed in the CMS.
If necessary, a hearing of the persons named in the report (witnesses, persons reported) will be conducted. This will be documented in the CMS.
Purposes of the data processing:
The recording of reports, as well as their handling and management, serves to uncover misconduct. The use of the CMS provides efficient processing and management of the reports and central storage of the information for any administrative / criminal or miscellaneous litigation proceedings.
Legal basis:
The data processing described above is carried out on the basis of Sec. 11, 13 of the German Whistleblower Protection Act (= Hinweisgeberschutzgesetz) or, insofar as a report is not covered by the scope of the Act, on the basis of legitimate interests (Art. 6 Sec. 1 f GDPR), namely the detection and prevention of misconduct as well as common processing and administration of all incoming reports.
Term of storage and control options:
Data related to the investigation will only be kept as long as necessary for the purposes of the investigation or for the defence against third-party claims or for the enforcement of claims of IAV. After an investigation is completed, the Data used will be retained for the following periods:
- If a report is clearly unjustified or if it is certain after an investigation that no violation of the rules has occurred, the report and the relevant compliance file will be deleted within two months.
- If, after an investigation, it is certain that a violation of the rules has occurred, or if this cannot be proven due to a lack of evidence, the compliance file will be deleted five years after the end of the investigation.
V. Who receives your Data and to which countries is your Data transferred?
Departments within IAV Group
Within IAV, access to Data shall only be provided to those departments / persons who require this for the purposes described.
Authorizations are granted according to the need-to-know principle.
With regard to the involvement / hearing of other persons, the IAV internal principles of confidentiality and need-to-know apply: All persons involved in the conduct of an investigation must treat all information obtained in the course of the investigation as confidential. This applies in particular to information that could directly or indirectly lead to conclusions about the identity of the reporter or the persons concerned. The group of those who are informed about the conduct of the investigation must be kept as small as possible. For example, the respective line managers of persons concerned are only informed about the conduct of the investigation if this appears suitable, necessary and appropriate to achieve the purpose of the investigation.
In the case of reports that concern one of our affiiates, the employees responsible for compliance at the respective affiliate are generally involved in the processing of the report. In this process, Data is transferred to the country in which the affiliate is located (EU countries: Poland, France, Sweden; non-EU countries: USA, China, Brazil, South Korea, Japan). With regard to the joint use of the whistleblower system, we have concluded data protection agreements within the IAV Group using the European Commission’s standard contractual clauses. In this way, we can contractually ensure that a comparable level of data protection exists within the IAV Group.
Service providers that support us
We use software from service providers for our operations. Within the scope of their system maintenance, access to the Data is technically possible.
These service providers are contractually obliged to maintain confidentiality and fulfill the requirements under data protection law. Service providers that are processors have signed a contract, which guarantees that Data will be processed strictly according to our instructions.
Investigating authorities
In addition, we may transfer your Data to investigating/ competent authorities in compliance with data protection law, in particular if we are legally obliged to do so in order to prosecute criminal offences (e.g. in the case of requests for information, seizures) or if this is necessary to defend against accusations or to avert danger / prevent crimes.
VI. What rights do you have and how can you exercise these?
A. Withdrawal of consent
You can withdraw any consent you have granted to the processing of your Data at any time and with effect for the future. Please note that the withdrawal will have no impact on the legality of the previous data processing and that it does not extend to such data processing for which statutory authorisation exists and which can therefore be performed without your consent.
B. Other rights of data subjects
According to Art. 15 to 21 and 77 GDPR and if the conditions are met, you are furthermore entitled to the following rights.
Access :
You can at any time demand provision of information on the Data of yours that we process and demand a copy of the Data stored on you, Art. 15 GDPR. Please note that further copies of the Data stored on you may be subject to a charge.
Correction:
You can demand the correction of incorrect Data as well as the completion of incomplete Data according to Art. 16 GDPR.
Erasure:
You can demand the erasure of your Data. Please note that the erasure does not include Data required for the execution and processing of contracts and to assert, exercise and defend against legal claims as well as Data for which statutory, supervisory or contractual retention obligations exist, Art. 17 GDPR.
Restriction of processing :
You can under certain circumstances demand the restriction of the processing, e.g. if you believe that your Data is incorrect, if the processing is illegal or you have raised a complaint about the data processing. This will mean that without your consent your Data may only be processed in a very restricted way, e.g. to assert, exercise or defend against legal claims or to protect the rights of other natural or legal entities, Art. 18 GDPR.
Objection to the data processing : You have the option to object to the data processing for direct advertising purposes at any time. In addition, you can object at any time to data processing performed on the basis of a legitimate interest if there is particular reason for doing so, Article 21 GDPR.
C. Contact details
You can exercise your rights through the contact details mentioned above
under I.
D. Right to appeal to the competent data protection supervisory authority
If you, for example, consider that the processing of your Data is illegal or that your rights described above are not granted to you to the required extent, you have the right to file a complaint to the competent data protection supervisory authority.
Last update: September 2023
Business partners
Business partners and employees of business partners of IAV
In the following we inform you about how we process your personal data (“ Data ”) as a business partner or employee of a business partner. The protection of your Data is very important to us. This Privacy Policy is designed to give you an overview of which Data we collect and process and what rights you have in relation to the processing of your Data.
I. Who are we and how can you contact us?
We,
IAV GmbH Engineering Company Car and Traffic (“IAV”)
Carnotstraße 1
10587 Berlin
are responsible for protecting your Data. If you have any questions regarding the processing of Data, regarding your rights or this Privacy Policy, please do not hesitate to contact our Group Data Protection Officer. He can be reached by post at:
IAV GmbH engineering company for cars and traffic
Data Protection Officer
Carnotstraße 1
10587 Berlin
As well as by email at: Datenschutzbeauftragter@iav.de .
II. Which Data do we process and how do we obtain the Data?
If you are our business partner or an employee of one of our business partners, we process your Data which we receive in the context of our business relationship with you or your employer.
These are in particular Data that are processed when using our IT systems and if you or your colleagues have contact with our employees.
In this context, the following categories of Data are processed by us:
Professional contact and organisational data :
e.g. name, first name, title, academic degree, gender, name of the company you work for, department, e-mail address, postal address, telephone number;
Data on professional circumstances :
e.g. job title, tasks, occupation, qualifications, advanced training and education, language skills, job-related assessments;
IT usage data :
e.g. user ID, roles and rights, login times, computer name, IP address, user-specific settings, change documentation, log data;
Online data :
e.g. IP address, location data, cookie data, data from analysis and tracking tools, websites accessed, log data;
Photos:
Information on work resources received and allocation plans :
e.g. mobile phones, tablets, laptops, access authorisations;
Vehicle data :
e.g. model, make, registration number, driving behaviour, position data, video and audio data during vehicle use;
Others :
In addition, we may process other Data that is provided within the interaction with our employees or Data that we have collected about you from publicly available sources (e.g. commercial register, credit agencies, SCHUFA, press, publications) and statements with regard to data protection, such as declarations of consent to the processing of personal data.
III. Purposes and legal bases of Data processing
1. Preparation, execution and termination of a business relationship between us and you or the business partner you work for.
In order to evaluate and preselect suppliers and to prepare audits in the field of quality management, we process in particular professional contact and organisational data.
For general communication, processing service contracts, appointment organisation, event and participant management, billing between us and the business partner, bookkeeping and debt collection, reporting, administration, fulfilment of tax control and notification obligations, we process, in particular, your professional contact data.
Within the scope of (joint) project work, we use databases and tools in which contact persons are stored and user accounts are created (see also section 3 for the latter). In particular, we process professional contact data, online data and IT usage data.
We process the Data on the basis of the following legal bases:
- Contract initiation and execution if you are in person our business partner (Art. 6 sec. 1 lit. b GDPR)
- Fulfilment of legal obligations (Art. 6 sec. 1 lit. c GDPR in conjunction with legal and administrative requirements, e.g. from tax and commercial law)
- Prevailing legitimate interests (Art. 6 sec. 1 f GDPR): Our legitimate interest lies in the functioning and practicable cooperation with our business partners.
2. Generating and administering access authorisations to premises, buildings, test areas and issuing key cards and tokens
In order to issue visitor passes and access authorisations, identify visitors and authorised persons, administer visitors, issue entry and/or parking authorisations for visitor vehicles, we process, in particular, professional contact and organisational data, IT usage data, photos and other data relating to the resource handed over.
We process the Data on the basis of the following legal bases:
- Contract initiation and execution if you are in person our business partner (Art. 6 sec. 1 lit. b GDPR)
- Prevailing legitimate interests (Art. 6 sec. 1 f GDPR): Our legitimate interest lies in the protection of our business and trade secrets and our house rights by means of controlling the access rights to our buildings and premises.
3. IT-Administration
In order to allocate IT system access, administration of authorisations, IT support, proof of changes to information in IT systems, unambiguous identification of the user for the secure operation of IT systems, detection and tracking of unauthorised access attempts and accesses, we process, in particular, professional contact data, online data and IT usage data.
We process the Data on the basis of the following legal basis:
- Prevailing legitimate interests (Art. 6 sec. 1 f GDPR): Our legitimate interest lies in ensuring the security and integrity of the IT systems used, the troubleshooting, the tracking of unauthorized access and access attempts and the fulfillment of our obligations in the area of data security.
4. Safeguarding and defending our rights and disclosure in the context of administrative/judicial measures
For the exercise and assertion of rights and claims, disclosure within the framework of national, European or non-European administrative/judicial measures for the purposes of gathering evidence, criminal prosecution, for the execution of internal investigations, within the framework of legal defence, preparation of the assertion of claims and assertion of civil law claims, processing of enquiries of data subjects in accordance with the GDPR, we process, in particular, professional contact and organisational data, data on professional conditions, IT usage data, online data, photos, information on work resources received and allocation plans, vehicle data and other Data which can contribute to clarifying the facts of the case.
We process the Data on the basis of the following legal bases:
- Fulfilment of legal obligations (Art. 6 sec. 1 lit. c GDPR in conjunction with legal and administrative requirements, e.g. from tax and commercial law)
- Prevailing legitimate interests (Art. 6 sec. 1 f GDPR): Our legitimate interest lies in the assertion and defence of our rights and the fulfilment of legal and administrative requirements.
5. Direct marketing
In order to carry out surveys, market analyses, to inform you about our competences and projects as well as to send out event invitations and Christmas post, we particularly process your professional contact data.
We process the Data on the basis of the following legal bases:
- Consent (Art. 6 sec. 1 lit. a GDPR)
- Prevailing legitimate interests (Art. 6 sec. 1 f GDPR): Our legitimate interest lies in the optimisation of our business processes and the long-term loyalty of our business partners.
IV. How long do we store your Data?
We store your Data as long as we need it for the specific processing purpose. We regularly store your Data for at least the duration of the business relationship with you or the business partner you work for.
In addition, we store certain Data for the duration of statutory limitation periods (usually 3 years, in individual cases up to 30 years) and as long as statutory retention periods (e.g. from the German Commercial Code, the Tax Code) stipulate (generally a maximum of 10 years).
Under certain circumstances, your Data must also be retained for a longer period of time, e.g. if, in connection with an administrative or judicial procedure, a prohibition of data dele-tion is ordered for the duration of the procedure or in case of documents concerning, for example, the construction phase of our products must be retained for a longer period of time due to product liability reasons.
V. Who receives your Data?
Departments within IAV
Within IAV, access to your Data shall only be provided to those departments / persons who require this for the purposes described.
Service providers that support us
We will transfer your Data to our service providers, e.g. in the fields of:
- IT services,
- Development services,
- Event services,
- Post and telecommunications,
- Advice, legal advice, insurances,
- Compliance and data protection,
- Distribution and marketing
- as well as communication.
These service providers are contractually obliged to maintain confidentiality and fulfill the requirements under data protection law. Service providers that are processors have signed a contract, which guarantees that Data will be processed strictly according to our instructions.
Others
As part of the project work, we may also transmit Data to project partners such as affiliates of IAV or universities.
In addition, we transmit your Data to national, European or non-European authorities (e.g. tax office, police, public prosecutor’s office, social insurance carriers) or courts within the scope of their respective responsibilities, if we are obliged to do so by law or by order.
Also, in these cases we transfer your Data only in so far as this is necessary for the respective purposes.
VI. Do you have an obligation to provide any Data?
As far as we need Data in connection with the execution/handling of the business relationship as well as the projects, you are obliged to make them available, as otherwise we are not able to provide the services owed by us.
If you are obliged by law to provide us with Data, we will point this out to you when collecting the Data.
VII. Are Data transferred to a third country?
We try to avoid transferring your Data to a third country, i.e. a country outside the Europe-an Union or the European Economic Area.
However, if a transfer should occur because, for example, a service provider or project partner has its head office in a third country, we will only transfer the Data if an adequate level of data protection in the third country is ensured in accordance with an adequacy decision of the European Commission or if appropriate safeguards (such as data protection agreements including the standard contractual clauses of the European Commission) can guarantee an adequate protection of Data.
For instance, our contracts with processors usually contain the conclusion of the standard contractual clauses of the European Commission when the processor is established in a third country. A copy of these guarantees will be provided on request. Please use the con-tact routes mentioned in this privacy policy.
VIII. What rights do you have and how can you exercise these?
A. A. Withdrawal of consent
You can withdraw any consent you have granted to the processing of your Data at any time and with effect for the future. Please note that the with-drawal will have no impact on the legality of the previous data processing and that it does not extend to such data processing for which statutory authorisation exists and which can therefore be performed without your consent.
B. Other rights of data subjects
According to Art. 15 to 21 and 77 of the GDPR and if the conditions are met, you are furthermore entitled to the following rights:
Access:
You can at any time demand provision of information on the Data of yours that we process and demand a copy of the Data stored on you, Art. 15 GDPR.
Correction:
You can demand the correction of incorrect Data as well as the completion of in-complete Data according to Art. 16 GDPR.
Erasure:
You can demand the erasure of your Data. Please note that the erasure does not include Data required for the execution and processing of contracts and to assert, exercise and defend against legal claims as well as Data for which statutory, super-visory or contractual retention obligations exist, Art. 17 GDPR.
Restriction of processing:
You can under certain circumstances demand the restriction of the processing, e.g. if you believe that your Data is incorrect, if the processing is illegal or you have raised a complaint about the data processing. This will mean that without your con-sent your Data may only be processed in a very restricted way, e.g. to assert, exer-cise or defend against legal claims or to protect the rights of other natural or legal entities, Art. 18 GDPR.
Objection to the data processing:
You have the option to object to the data processing for direct advertising purposes at any time. In addition, you can object at any time to data pro-cessing performed on the basis of a legitimate interest if there is particular reason for doing so, Article 21 GDPR.
Data portability:
You have the right to receive the Data provided by you, which was processed based on your consent or in order to fulfill a contract, in a structured, commonly used and machine-readable format and the right to demand a direct transfer of this Data to third parties within the realms of what is technically possible, Article 20 GDPR.
C. Contact routes
You can exercise your rights by means of the following contact details:
By post at:
IAV GmbH Ingenieurgesellschaft Auto und Verkehr
Data Protection Officer
Carnotstraße 1
10587 Berlin
As well as by email at: Datenschutzbeauftragter@iav.de.Use
D. Right to appeal to the competent data protection supervisory authority
If you, for example, consider that the processing of your Data is illegal or that your rights described above are not granted to you to the required extent, you have the right to file a complaint to the competent data protection supervisory authority.
Status: May 2020
Candidates and applicants
Candidates and applicants of IAV
You have the opportunity to create a candidate profile via our applicant portal, apply for open positions at IAV GmbH Ingenieurgesellschaft Auto und Verkehr („IAV GmbH“), at IAV Fahrzeugsicherheit GmbH & Co. KG („IAV-S“), as well as at Consulting4Drive GmbH („C4D“) and request information on vacancies and career topics at IAV. This Privacy Policy is designed to give you an overview of which personal data (“Data”) we collect and process when you visit our websites and contact us and what rights you have in relation to the processing of your Data.
If you would like to apply to TRE GmbH or a group company abroad (IAV Automotive Engineering Inc., IAV S.A.S., IAV Poland sp. z o. o.,IAV Automotive Engineering (Shanghai) Co., Ltd., IAV do Brasil Ltda., IAV Korea Co., Ltd., IAV Automotive Engineering AB, IAV Japan Co., Ltd.), please send your application documents to the e-mail address / mailing address stated in the vacancy or on the company’s website.
I. Who are we and can you contact us?
We,
IAV GmbH Ingenieurgesellschaft Auto und Verkehr („IAV GmbH“ or hereinafter also “we“)
Carnotstraße 1
10587 Berlin
operate the applicant portal and enable you to apply for vacancies of IAV GmbH, IAV Fahrzeugsicherheit GmbH & Co. KG („IAV-S“) as well as Consulting4Drive GmbH („C4D“) (hereinafter jointly referred to as “IAV“). We are responsible for protecting your Data.
If you have any questions regarding the processing of Data, regarding your rights or this Privacy Policy, please do not hesitate to contact our Data Protection Officer. He can be reached
By post at:
IAV GmbH Ingenieurgesellschaft Auto und Verkehr
Data Protection Officer
Carnotstraße 1
10587 Berlin
As well as by email at: Datenschutzbeauftragter@iav.de.
II. Which Data is processed and why?
Insofar as the Telecommunications Telemedia Data Protection Act (Telekommunikation-Telemedien-Datenschutz-Gesetz “TTDSG“) applies to the technologies used on the applicant portal and the cookies set by us, we either obtain your consent (Sec. 25 (1) TTDSG) or the data processing is technically necessary for the operation of the applicant portal, in particular to ensure the permanent functionality and security of the applicant portal and our information technology systems, or the data processing is necessary to meet legal requirements (Sec. 25 (2) TTDSG).
A. Log files
Description and scope of the data processing: When you visit our applicant portal your browser automatically transmits the following Data:
- Information about the browser type and version used
- the user´s operating system
- the Internet service provider of the user
- the IP address of the user
- date and time of the last access
- websites from which the user’s system accesses the applicant portal (Referrer URL).
Purposes of the data processing:
The temporary storage of the IP address by the system is necessary in order to enable your electronic device (e.g. computer, smartphone) to receive the requested Data. For this purpose, your IP address must be stored for the duration of the session. Other Data is stored in log files to ensure the functionality of the applicant portal. The Data is also used to help us prevent malfunctions and misuse of our systems, to ensure the long-term functionality and security of our applicant portal and information technology systems, and to provide prosecuting authorities with the information necessary for prosecution in the event of a cyber-attack. We also process the log files as part of the registration and login process, in particular to determine how long you have not visited the application portal in order to delete your candidate profile in the event of long-term inactivity (see below in the section “Apply”).
Legal basis:
We store this Data temporarily on the basis of legitimate interests (Art. 6 sec. 1 f) General Data Protection Regulation “GDPR”). Our legitimate interest lies in achieving the purposes described above.
Term of storage and control options:
The Data will be erased if they are no longer necessary to achieve the purposes. Log files are erased after six (6) months at the latest.
B. Cookies
Description and scope of the data processing:
When you visit our applicant portal, we set so-called cookies. These are small text files that are stored on your device. Cookies typically contain a distinctive string of characters, the so-called cookieID, which identify your browser when revisiting the website.
name: rmk0, rmk1
type of cookie: session cookies
description: Cookies that communicate your encrypted e-mail address and your encrypted user ID to our server so that you can register and log in to our applicant portal. These cookies are technically necessary.
name: JSESSIONID
type of cookie: session cookie
description: Cookie, which ensures that your user session is maintained. This cookie is technically necessary.
Purposes of the data processing:
The purpose of the cookies is to enable you to register and log in to our applicant portal and to guarantee certain functionalities of the applicant portal.
Legal basis:
We use cookies on the basis of legitimate interests (Art. 6 sec. 1 f GDPR). Our legitimate interest lies in ensuring the functioning of the applicant portal and its user-friendly operability.
Term of storage and control options:
Session cookies are automatically removed after closing the browser. Permanent cookies remain permanently on your device.
You have total control over the use of cookies and can delete cookies in your browser, you can deactivate the storage of cookies completely, accept only certain cookies selectively and possibly set up your browser in a way that it notifies you when a cookie is to be set. To learn how to change these settings, please use the help feature of your browser.
Deactivate in Firefox
Deactivate in Internet Explorer
Deactivate in Chrome
Please note that registration, login and use of our career portal is not possible if you do not accept the technically necessary cookies.
C. Apply
Description and scope of the data processing: To apply for a job at IAV, all you need to do is fill in the mandatory fields marked with an asterisk in the application form (first and last name, salutation, email address, phone number, address, earliest entry date, country of residence and password), upload your CV and accept the terms of use. We will then assign you a candidate ID. We also record how you found out about the job you are applying for (including the name of the recommending IAV employee, if applicable).
You can add the optional information to your candidate profile later. This includes:
- your qualifications (highest level of education, university, place of study),
- language skills (language and level),
- information about mobility (willingness to travel, relocate, driver’s license),
- and your preferred place of work.
You can access your candidate profile at any time by clicking on the “Apply” button on our website: “You are already registered as a user? Please log in here”. Or, you can click on “Job Alert” at the very bottom of our website, which will take you to the login page.
Purposes of the data processing:
On the one hand, we collect the first and last name and the e-mail address in order to be able to assign the created user account or candidate profile to a particular person. On the other hand, we process the first and last name and the e-mail address for handling the application and for completing the application process. The same applies to the further information. We record the country in which you live in order to be able to present our applicant portal to you in a suitable language. With the help of the candidate ID, we can assign you internally and record when you last logged in in order to be able to delete your account or candidate profile after a longer period of inactivity (see section “Term of storage and control options” below).
Legal Basis:
The data processing takes place in order to enable you to use our applicant portal and thus to participate in our application process (Sec. 26 Federal Data Protection Act (Bundesdatenschutzgesetz “BDSG”) in conjunction with Art. 6 sec. 1 b GDPR). Optional information supplements the documents required for your application. We take these into account as part of the application process (Sec. 26 (1) BDSG in connection with Art. 6 sec. 1 f) GDPR).
Term of storage and control options:
We store your data as long as your user account / candidate profile exists in our applicant portal. You have the option to change or delete individual details and documents in your candidate profile or to delete your account / candidate profile as a whole at any time. In this case we will delete your Data. If you do not use your user account for a period of 18 months, it will be automatically deleted. We will inform you by e-mail about the imminent deletion.
If no employment relationship is established, we will store your application documents for a maximum of six (6) months from the date of notification of rejection, after which your Data will be anonymised and your application documents deleted, so that no more conclusions can be drawn about your person. The anonymised data remains in the system for analyses purposes, in particular to be able to track how many candidates were interested in a vacancy or how many candidates took part in an interview.
If you withdraw your application, your application is initially given the status “inactive” in the applicant portal until after six months at the latest, your Data will be automatically made anonymous and your application documents will be deleted.
Your application documents will be deleted from the applicant portal at the same time as your user account / candidate profile is deleted (see previous section D. under “Term of Storage and control options”).
D. Application process (interview scheduling, survey on the application process, subsequent data processing, specifics of applications at IAV-S and C4D)
Description and scope of the data processing:
a) Recording the application process and interview scheduling:
We record the positions for which you apply and the course of the application process, in particular whether and when you have been invited for an interview, the feedback/ general impression on your application and interview from the HR staff and internal participants in the recruitment process. We also store the correspondence we have had with you.
We plan our interviews directly in our applicant portal. To do this, we select an interview date in the system (your respective interview partners are filed). The interview partners participating in your interview will receive an email, to which your CV will usually be attached. The interview partners will only use your CV to prepare for the interview and will delete it from their e-mail inbox after the interview.
b) Survey on experiences in the application process
We are always trying to improve our application process. We would therefore be grateful if you would take part in a survey about your experience in the application process once you have completed it.
After completing the application process, you will receive a final email – at best with an offer of employment. At the end of this final email, you will be informed that we may contact you in the near future to ask you to take part in a survey and that you have the opportunity to object to being contacted again. If you wish to take part in the survey, i.e. if you do not object, we will send you an email with a link to the survey as soon as possible, usually within the next two weeks. The evaluation of the survey is anonymous – we cannot draw any conclusions about the participants. The collection of demographic, i.e. “additional information” (gender; age category; highest level of education; area of current employment; professional experience) is used exclusively to get a detailed evaluation overview according to these criteria, so that we can determine whether our application process is equally well suited to all groups of applicants. A group-specific presentation is only made if the number of participants in a group is large enough that re-identification is not possible.
c) Export control
If a hiring is made, your Data will be checked against official embargo and sanctions lists in the context of export control (see also below in section III. “Who receives your Data?” under C.).
d) Internal candidate profile
If a hiring is made, an internal candidate profile is created with the following data: First and last name, e-mail address, telephone number. You can complete this profile and use it to participate in the internal job market (see also the privacy policy for internal applicants).
e) Particularities of applications to vacancies of IAV-S and C4D:
If you apply for a job vacancy at IAV-S or C4D, we, as the operator of the application portal, will process your application documents. We then release your application documents via the applicant portal for the company in whose area of responsibility the position is located. Within IAV GmbH and the company where you have applied for a position, only those persons have access to your Data who are internally involved in filling the position (persons responsible for the vacancy).
Purposes of the data processing:
We use your Data for the purpose of processing your application and to carry out the application procedure. We undertake checks against official embargo and sanctions lists in order to comply with legal requirements. In addition, we would like to find out about the experiences of our applicants during the application process so that we can continuously improve our application process.
Legal basis:
The data processing is carried out for the purpose of carrying out the application process (Sec. 26 BDSG in connection with Art. 6 sec. 1 b) GDPR). Optional information supplements the documents required for your application. We take these into account as part of the application process (Sec. 26 (1) BDSG in connection with Art. 6 sec. 1 f) GDPR). The embargo and sanctions list checks are carried out to fulfil legal obligations (Art. 6 sec. 1 c GDPR, Sec. 26 (1) sentence 1 BDSG in connection with EU requirements as well as the German Foreign Trade and Payments Act). Participation in our survey on experiences in the application process is voluntary. If you have decided to participate, we will conduct the survey and its evaluation on the basis of legitimate interests, namely the assessment and improvement of our application process (Art. 6 sec. 1 f GDPR).
Term of storage and control options:
If no employment relationship is established, we will store your application documents for a maximum of six (6) months from the date of notification of rejection, after which your Data will be anonymised and your application documents deleted, so that no more conclusions can be drawn about your person. The anonymised data remains in the system for evaluation purposes, in particular to be able to track how many candidates were interested in a vacancy or how many candidates took part in an interview). If you withdraw your application, your application is initially given the status “inactive” in the applicant portal until after six months at the latest, your Data will be automatically made anonymous and your application documents will be deleted. The surveys on experiences in the application process are carried out close to the end of the application process, which ends with the sending of a final e-mail. After the survey has been completed and evaluated, the personal data processed as part of it is deleted after 8 weeks at the latest. The aggregated evaluations, which do not allow any conclusions to be drawn about the survey participants, are stored by us as long as they are useful for the evaluation of our application process.
If you are hired, your data will be transferred to our HR management systems and used there for the purpose of executing the employment relationship.
E. Share the visibility of your candidate profile (talent pool of IAV GmbH and IAV-S)
Description and scope of the data processing:
In the application form or later in the settings of your candidate profile you can set for whom your candidate profile should be visible. You can set that
- only those employees can view your candidate profile who are responsible for appointing someone to the vacancy for which you are applying or have applied (Hiring Manager).
- our Recruiting Team and Hiring Manager responsible for appointing someone to a vacancy similar to the one for which you are applying or have applied can view your candidate profile.
If you choose to share your candidate profile with our Recruiting Team and other Hiring Managers, you are agreeing to be included in the talent pool of IAV GmbH and IAV-S as well. As a result, our Recruiting Team and selected Hiring Managers are allowed to consider your current candidate profile as part of the application process for open positions at IAV GmbH and IAV-S that match your candidate profile, regardless of any active application by you. Within the talent pool, our Recruiting Team can view suitable candidate profiles based on selected filter criteria (e.g. job level and job field). In addition, your candidate profile can be recommended to those Hiring Managers responsible for vacancies similar to the one you have applied for. There is then the possibility that you will be informed by our Recruiting Team or the Hiring Managers via email about the vacancy(ies) that match your candidate profile, or about upcoming events during which IAV employees are available for conversation. You can then decide to apply to the recommended job(s) or not.
The respective checkbox reads:
“Set your own profile visible for the Recruiting-Team (talent pool of IAV GmbH Ingenieurgesellschaft Auto und Verkehr and IAV Fahrzeugsicherheit GmbH und Co. KG) and other employees responsible for vacancies.“
Ticking the checkbox is voluntary and has no effect on your chances in the application process. You can decide not to tick the checkbox without having to fear any disadvantages. You can change your setting in your candidate profile settings at any time and thus withdraw your consent to the visibility of your candidate profile to our Recruiting Team and to those Hiring Managers responsible for vacancies similar to the one for which you are applying or have applied (including participation in the talent pool) at any time with effect for the future. Please note that the change of setting (your withdrawal) does not affect the legality of the previous view of your candidate profile by our Recruiting Team or selected Hiring Managers. This means that if your candidate profile has already been checked before the change in setting, you may be contacted by us to find out if you are interested in a current vacancy. The candidate profiles available in the talent pool are updated every 24 hours. (The deletion of your application and your internal candidate profile occurs according to the information in the section II. C. “Apply” under “Term of storage and control options”. Setting the visibility of your candidate profile, including participation in the talent pool or consent herein does not change this).
If you would like to be added to the talent pool without applying for a specific vacancy, you can click on “Job Alert” at the very bottom of our website. Clicking on “Create an account to apply for our career opportunities” will take you to our account registration form. If you fill out this form, confirm the corresponding checkbox and click on “Create account”, you will be added to the talent pool even without an active application.
To be able to prove that you have given your consent, we store the time at which you confirmed the checkbox or at which you gave your consent in the settings of your candidate profile, and your IP address.
Purposes of the data processing:
When the visibility of your candidate profile is shared with our Recruiting Team and other Hiring Managers we can send you e-mails recommending vacancies that match your candidate profile. We can also recommend events where you can talk to our employees and possibly find a suitable position with us through this approach. We store proof of your consent to this on the basis of applicable legal and judicial verification requirements.
Legal basis:
The legal basis for the data processing is your consent, Sec. 26 BDSG in connection with Art. 6 sec. 1 a) GDPR. The processing for the purpose of proving the consent given is based on Art. 6 Sec. 1 c), Art. 7 GDPR with regard to the sending of emails in conjunction with Para. 7 (2) No. 2 Gesetz gegen den unlauteren Wettbewerb (= German law against unfair competition).
Term of storage and control options:
You can withdraw your consent at any time with future effect by restricting the visibility of your candidate profile again in your candidate profile settings. If you withdraw your consent, our employees will only have limited access to your candidate profile, namely: only those Hiring Managers who are responsible for filling a position for which you are applying or have applied. The candidate profiles available in the talent pool are updated every 24 hours.
We store proof of the consent given for three years after the end of the year in which we last processed data on the basis of the consent.
F. Request for further information
Description and scope of the data processing:
When applying or later in your candidate profile settings, you can click that you want to receive notifications of new job postings. You hereby consent to us sending you information on job vacancies at IAV to the e-mail address you provided. You can also click to indicate that you wish to keep informed about career opportunities and events at IAV. In this case, you consent to us sending you information on general career opportunities at IAV and on career events (e.g. trade fairs, career days) by e-mail.
To be able to prove that you have given your consent, we store the time at which you confirmed the checkbox or at which you gave your consent in the settings of your candidate profile, and your IP address.
Purposes of the data processing:
We process your Data to send you the requested information and to fulfil the applicable legal and judicial verification requirements.
Legal basis:
The legal basis for the data processing is your consent, Sec. 26 BDSG in connection with Art. 6 sec. 1 a) GDPR; the fulfilment of applicable legal and judicial verification requirements according to Art. 6 Sec. 1 c), Art. 7 GDPR in conjunction with Para. 7 (2) No. 2 Gesetz gegen den unlauteren Wettbewerb (= German law against unfair competition).
Term of storage and control options:
You can revoke your consent at any time with effect for the future by unchecking the box “Keep informed about career opportunities and events” or “Receive notifications of new job postings” in the “Search options and privacy” section of your candidate profile or by clicking on the unsubscribe link in the e-mails. If you withdraw your consent, we will no longer send you the information.
We store proof of the consent given for three years after the end of the year in which we last processed data on the basis of the consent.
G. Use of our applicant portal by persons under the age of 18
Description and scope of the data processing:
If you are under 18 years of age, you need the consent of your legal representatives to use the application portal and thus to participate in our application processes. You can find a form of the necessary declaration of consent here. In addition to your name, the first and last names of your legal representatives must be stated in the declaration of consent. Please upload the declaration of consent signed by your legal representatives when applying. We cannot consider your application without the consent form. If, when checking your application documents, we discover that no declaration of consent from your legal representatives has been uploaded, we will inform you of this by e-mail. If you then do not provide us with the signed declaration of consent from your legal representatives, your Data will be deleted.
Purposes of the data processing:
We store the consent form of your legal representatives as proof of the existing consent form.
Legal basis:
The data processing is carried out in order to fulfil the legal requirements of the protection of minors (Sec. 6 1 c GDPR in connection with the protection of minors regulations).
Term of storage and control options:
We store the declaration of consent of your legal representatives for the duration of your training period / employment at IAV. You have the option to change or delete individual details and documents in the candidate profile or to delete the user account / candidate profile altogether at any time. If you delete your legal representatives’ declaration of consent, you will not be able to participate in our application processes. If you do not use your candidate profile for a period of 18 months, your user account will be deleted automatically. We will notify you of the impending deletion by e-mail.
If you are hired, your Data will be transferred to the HR management systems and will be used for the purposes of implementing the employment relationship.
For information on the deletion of applications to individual vacancies, please see section II. C. above.
H. Use of the Applicant Portal by Personnel Service Providers (“Agencies”)
If you have commissioned a personnel service provider (“agency“) with the placement of jobs, our applicant portal can be used by the agency to initiate an application process between you and us. Our applicant portal contains special vacancies for which the agencies can propose applicants. For this purpose, the agency commissioned by you creates a so-called “rump profile” of you in which, in addition to your name and e-mail address, your CV in particular is entered by the agency. You start into our application process with this “rump profile” and will then be asked by email to create a complete candidate profile in our applicant portal (for the individual data processing in connection with a candidate profile and applications, as well as the purpose, legal basis and term of storage and control options, see section C. above; the information there applies to your ” rump profile ” as well).
The agency you have commissioned can view your application status via our applicant portal. In addition, the agency will only be shown the Data provided in the rump profile; the agency will not be able to view the information you have stored in your full candidate profile.
I. Requirement for the provision of the Data
The mandatory information described in the previous sections is required for participation in our application processes. In addition, it is up to you to provide information on the optional data fields or to enable further data processing, such as job alerts or release of the candidate profile for recommendations, in your candidate settings.
III. Who receives your Data?
A. Departments within IAV
Within IAV, access to your Data shall only be provided to those departments / persons who require this for the purposes described, especially these are the bodies issuing the vacancy, the responsible HR employees and persons involved in the approval process of your recruitment.
B. Service providers that support us
We will transmit your Data to our service providers, in particular
- for the operation of the applicant portal (SAP cloud solution)
- Conducting surveys
- IT services
- Post and telecommunications
- Advice, legal advice
- Data protection
- Distribution and advertising
- Operation and maintenance of our website
These service providers are contractually obliged to maintain confidentiality and fulfill the requirements under data protection law. Service providers that are processors (= service providers who are directly commissioned with the processing of your Data) have signed a contract, which guarantees that Data will be processed strictly according to our instructions.
C. Checking against official embargo and sanctions lists
We are obliged to check your Data against official embargo and sanctions lists in the course of your recruitment. The check includes the following lists in particular: Embargo Lists (Russia), EU Financial Sanctions List, US Sanctions Lists [Denied Persons List (BIS), Entity List (BIS), List of Administratively Debarred Parties (Department of State), List of Statutorily Debarred Parties (Department of State), List of Nonproliferation Sanctions (Department of State), Consolidated Sanctions List (OFAC), Specially Designated Nationals List (OFAC), Unverified List (BIS)], End User List (Japan, Ministry of Economy, Trade and Industry), Consolidated Sanctions List (SECO), Consolidated List of Financial Sanctions Targets in the UK, Consolidated United Nations Security Council Sanctions List. If the check reveals a match with one of the lists, you will be informed. Upon request, the Export Control Officer will provide you with further information on the facts of the case.
Your Data will not be transferred to any official authority.
IV. What rights do you have and how can you exercise these?
A. Withdrawal of consent
You can withdraw any consent you have granted to the processing of your Data at any time and with effect for the future. Please note that the withdrawal will have no impact on the legality of the previous data processing and that it does not extend to such data processing for which statutory authorisation exists and which can therefore be performed without your consent, e.g. Data that are necessary for the use of the applicant portal.
B. Other rights of data subjects
According to Art. 15 to 21 and 77 of the GDPR and if the conditions are met, you are furthermore entitled to the following rights.
Access:
You can at any time demand provision of information on the Data of yours that we process and demand a copy of the Data stored on you, Art. 15 GDPR. Please note that further copies of the Data stored on you may be subject to a charge.
Correction:
You can demand the correction of incorrect Data as well as the completion of incomplete Data according to Art. 16 GDPR.
Erasure:
You can demand the erasure of your Data. Please note that the erasure does not include Data required for the execution and processing of contracts and to assert, exercise and defend against legal claims as well as Data for which statutory, supervisory or contractual retention obligations exist, Art. 17 GDPR.
Restriction of processing:
You can under certain circumstances demand the restriction of the processing, e.g. if you believe that your Data is incorrect, if the processing is illegal or you have raised a complaint about the data processing. This will mean that without your consent your Data may only be processed in a very restricted way, e.g. to assert, exercise or defend against legal claims or to protect the rights of other natural or legal entities (e.g. companies, institutions), Art. 18 GDPR.
Objection to the data processing: You have the option to object to the data processing for direct advertising purposes at any time. In addition, you can object at any time to data processing performed on the basis of a legitimate interest if there is particular reason for doing so, Article 21 GDPR.
Data portability:
You have the right to receive the Data provided by you, which was processed based on your consent or in order to fulfill a contract, in a structured, commonly used and machine-readable format and the right to demand a direct transfer of this Data to third parties within the realms of what is technically possible, Article 20 GDPR.
C. Contact routes
You can assert your rights via the contact details mentioned above in section I.
D. Right to appeal to the competent data protection supervisory authority
If you, for example, consider that the processing of your Data is illegal or that your rights described above are not granted to you to the required extent, you have the right to file a complaint according to Art. 77 GDPR to the competent data protection supervisory authority.
Last revision: January 2024
Video surveillance
Video surveillance at the locations of IAV
The locations of IAV are monitored with several cameras inside and outside the buildings. This Privacy Policy applies to video surveillance measures that are identified by a corresponding sign with a link to this Privacy Policy.
This Privacy Policy is designed to give you an overview of which personal data (hereinafter: Data) we collect and process when you visit our locations and what rights you have in relation to the processing of your Data.
I. Who we are and how you can contact us?
We,
IAV GmbH Ingenieurgesellschaft Auto und Verkehr („IAV“)
Carnotstraße 1
10587 Berlin
are responsible for protecting your Data.
If you have any questions regarding the processing of data, regarding your rights or this Privacy Policy, please do not hesitate to contact our Group Data Protection Officer. He can be reached
By post at:
IAV GmbH Ingenieurgesellschaft Auto und Verkehr
Datenschutzbeauftragter
Carnotstraße 1
10587 Berlin
As well as by email at: Datenschutzbeauftragter@iav.de.
II. Which Date is processed in the context of video surveillance?
Description and scope of the data processing:
We have placed video surveillance systems inside and outside the buildings of IAV (especially building parts, entrance areas, corridors), as well as on the premises of IAV. These video cameras record what is happening in the monitored areas at any time. The recordings may contain IAV staff as well as external staff in the monitored areas. The recordings, as well as the date and time of the recording, are stored temporarily.
In certain strictly defined cases (in particular suspicion of a crime on the premises of IAV), the recordings are stored separately and can be viewed by certain IAV employees.
Purposes of the data processing:
Video surveillance is used to exercise our domiciliary rights. Among other things, it is necessary in order to detect security-relevant incidents at an early stage and to enable rapid intervention. It also serves to prevent dangers to the life and limb of persons due to attacks by third parties. In addition, it serves to prevent dangers from theft, burglary and vandalism on the premises. In the event that such actions nevertheless occur, data processing also serves the purpose of documentation and criminal or civil prosecution of such actions. In addition, data processing is necessary so that missing or wanted persons can be found quickly on the premises.
Legal basis:
We carry out video surveillance in accordance with Art. 6 Sec. 1 lit. c) GDPR in conjunction with the company agreement on the use of a video surveillance system at IAV (all locations) and on the basis of legitimate interests in accordance with Art. 6 Sec. 1 lit. f GDPR. Our legitimate interests are to protect the lives and health of persons on the premises and the property of IAV, its employees and visitors. Our legitimate interest in the storage of data lies in the subsequent preservation of evidence.
Term of storage and control option/ erasure:
The data will as a general rule be deleted by us after eight working days at the latest. Saturdays and days on which the employees of IAV are not obliged to work (free shift days) shall not be considered working days. In addition, we only store the Data if there is a special legal reason for doing so, such as suspicion of a criminal offence on IAV’s premises or the legal obligation to retain data.
III. Who receives your Data?
Within IAV, only a limited number of authorized employees have access to the Data.
IV. What rights do you have and how can you exercise these?
A. Your rights as a data subject
According to Art. 15 to 21 and 77 of the GDPR and if the conditions are met, you are entitled to the following rights.:
Access:
You can at any time demand provision of information on the Data of yours that we process and demand a copy of the Data stored on you, Art. 15 GDPR. Please note that further copies of the Data stored on you may be subject to a charge.
Correction:
You can demand the correction of incorrect Data as well as the completion of incomplete Data according to Art. 16 GDPR.
Erasure:
You can demand the erasure of your Data. Please note that the erasure does not include Data required for the execution and processing of contracts and to assert, exercise and defend against legal claims as well as Data for which statutory, supervisory or contractual retention obligations exist, Art. 17 GDPR.
Restriction of processing:
You can under certain circumstances demand the restriction of the processing, e.g. if you believe that your Data is incorrect, if the processing is illegal or you have raised a complaint about the data processing. This will mean that without your consent your Data may only be processed in a very restricted way, e.g. to assert, exercise or defend against legal claims or to protect the rights of other natural or legal entities, Art. 18 GDPR.
Objection to the data processing:
You have the option to object to the data processing for direct advertising purposes at any time. In addition, you can object at any time to data processing performed on the basis of a legitimate interest if there is particular reason for doing so, Article 21 GDPR.
Data portability:
You have the right to receive the Data provided by you, which was processed based on your consent or in order to fulfill a contract, in a structured, commonly used and machine-readable format and the right to demand a direct transfer of this Data to third parties within the realms of what is technically possible, Article 20 GDPR.
B. Contact routes
You can assert your rights by means of the following Contact details:
By post at:
IAV GmbH Ingenieurgesellschaft Auto und Verkehr
Datenschutzbeauftragter
Carnotstraße 1
10587 Berlin
As well as by email at: Datenschutzbeauftragter@iav.de.
C. Right to appeal to the competent data protection supervisory authority
If you, for example, consider that the processing of your Data is illegal or that your rights described above are not granted to you to the required extent, you have the right to file a complaint to the competent data protection supervisory authority.
Last revision: August 2019
Camera test drives
Performance of camera test drives
We, IAV, are one of the world’s leading engineering service providers for the automotive industry. Our core competencies include solutions suitable for series production in all areas of electronics, powertrain and vehicle development. Since 1995 we have been researching various technologies around automated driving. In this context, the recording of the vehicle environment during test drives is also indispensable for us.
When carrying out these camera test drives, it is unavoidable that you as a person and/or your personal data, such as the license plates of your vehicle, are visible on the recordings, possibly in the background. The identification of your person is not the subject of our data processing. According to the provisions of the EU General Data Protection Regulation (GDPR), however, we are obliged to inform you how we handle these recordings.
The protection of your personal data (“Data”) is very important to us. This Privacy Policy is designed to give you an overview of which Data we collect and process when you visit our websites and contact us and what rights you have in relation to the processing of your Data.
I. Who we are and how you can contact us?
We,
IAV GmbH Ingenieurgesellschaft Auto und Verkehr („IAV“)
Carnotstraße 1
10587 Berlin
are responsible for protecting your Data.
If you have any questions regarding the processing of data, regarding your rights or this Privacy Policy, please do not hesitate to contact our Group Data Protection Officer. He can be reached
By post at:
IAV GmbH Ingenieurgesellschaft Auto und Verkehr
Datenschutzbeauftragter
Carnotstraße 1
10587 Berlin
As well as by email at: Datenschutzbeauftragter@iav.de.
II. Which Data is processed during camera test drives?
When we do camera test drives, we use cam
era (sensors) on and in the vehicle to create recordings. The recordings are made both on internal test sites and in public traffic areas (usually on public roads). You as a person and/or your Data, e.g. vehicle license plate or nameplate on the front door of a building or inscriptions on building facades may be recorded.
III. For which purposes do we process the Data?
The Data is processed for research and development purposes mainly in the field of automated driving:
Automated driving is a hopeful aspect to meet the increasing mobility needs of our society. However, an automated vehicle must be able to cope with a number of complex situations, including determining and maintaining vehicle spacing and recognizing lanes and obstacles. Camera test drives help us to develop systems that meet these requirements.
The recordings we produce are used to improve the analysis of the environment in which automated vehicles will move in the future and to test existing tools and tools that are currently in the development process. For this purpose, it is necessary to record the road conditions and the other participants in road traffic. In order to exclude risks in the future, elaborately programmed control systems must therefore be developed. The recordings thus make a decisive contribution to further improving safety in the field of automated driving.
Video recordings are used to develop, for example, systems for detecting the surroundings of automated vehicles. In addition to cameras, this also includes laser and ultrasonic sensors for distance measurement and for processing further information from the vehicle’s surroundings.
In addition, camera test drives are useful for analyzing typical situations in road traffic and then simulating them with the help of artificial intelligence. In this way, automated vehicles learn to better assess their environment.
Finally, camera movements can be used to test existing vehicle features. For example, it is now possible to distinguish objects from persons or to detect the direction of pedestrians and thus react to certain traffic situations.
IV. On which legal basis do we process the Data?
We process the Data on the basis of legitimate interests in accordance with Art. 6 Sec. 1 lit. f GDPR. Our legitimate interest lies in the execution of the research and development projects described under III.
Facebook and Instagram
Privacy policy for the use of our Facebook and Instagram pages
Thank you for visiting our Facebook / Instagram page. The protection of your personal data (“Data”) is very important to us. This Privacy Policy is designed to give you an overview of which Data we collect and process when you visit our Facebook and Instagram pages, contact us and participate in raffles as well as what rights you have in relation to the processing of your Data.
I. Who we are and how you can contact us?
We,
IAV GmbH Ingenieurgesellschaft Auto und Verkehr (“IAV”)
Carnotstraße 1
10587 Berlin
and
Meta Platforms Ireland Limited (“Facebook”)
4 Grande Canal Square
Dublin 2
Irland
are responsible for protecting your Data. To that extent we have entered into an agreement with respect to the responsibilities. In the following paragraphs you will find which Data will be processed jointly (as described in II. A.) and which data will solely be processed by Facebook (as described in II. B.).
If you have any questions regarding the processing of data by us (as described in II. A.), regarding your rights or this Privacy Policy, please do not hesitate to contact our Group Data Protection Officer. He can be reached
By post at:
IAV GmbH Ingenieurgesellschaft Auto und Verkehr
Data Protection Officer
Carnotstraße 1
10587 Berlin
As well as by email at: Datenschutzbeauftragter@iav.de.
II. Data processing in connection with your visit to our Facebook / Instagram page
If you have any questions regarding the processing of data on Facebook / Instagram by Facebook (as described in II. A. and II. B.) and your relevant rights, please contact Facebook’s Data Protection Officer by means of the Facebook Data Policy or Instagram Data Policy.
A. How we jointly process your Data
1. Insights
Description and scope of the data processing:
We:
We use the function “Insights” on our pages. By means of this function, we obtain so-called page insights that are based on parameters and time periods previously defined by us. These are anonymized statistics about the interaction of users with our pages. This data is provided by Facebook. We cannot identify specific persons with this Data. The statistics contain different information such as:
- activities and interactions (for example clicks, page views, commenting, sharing), “Likes” as well as the range of our Facebook page, our advertising activities, our posts and our events,
- number and usage times of our subscribers and visitors, as well as statistical information about age, gender and location,
- video statistics,
- received and sent messages.
Facebook:
In order to generate the page insights anonymously provided to us, Facebook will collect among other information, the following:
- views of a page, post or video on a page,
- subscribing to or unsubscribing from a page,
- tagging a page or a post as “liked” or “unliked”,
- recommending a page in a post or comment,
- commenting on or sharing or reacting otherwise to a page post (including the type of reaction),
- hiding a page post or reporting it as spam,
- clicking a link from another Facebook / Instagram page or from outside of Facebook / Instagram that redirects to the page,
- moving the mouse over the name or the profile picture of a page to see a preview of the page contents,
- clicking on the website, phone number, “plan route” button or a different button on a page,
- the information about whether the page visit or interaction happened from a computer or a mobile device.
Further information about Facebook’s data processing can be found on Facebook´s information about Page Insights Data and in the Facebook Data Policy in section “How is this information shared?” under the heading “Partners who use our analytics services”.
Purpose and legal basis of the data processing:
These evaluations help us learn how our pages are being used. This enables us to improve the activities on our pages as well as the design and the contents of our pages, our advertising activities, our posts and our events. Hereon our legitimate interest is based (Art. 6 sec. 1f GDPR).
2. Audience Driven Ads (detailed targeting) and Facebook pixel
Description and scope of the data processing:
We:
- We use the function “detailed targeting” to determine the audience of our ads. The following parameters can be used to limit the audience:
Which ads people click on. - Which pages people engage with.
- Activities that people engage in on Facebook and Instagram related to things such as their device usage and travel preferences.
- The mobile device people use and the speed of their network connection.
- Demographics such as age, gender and location.
By using the Facebook pixel, we can further restrict our audience to those people who have previously visited our website, in addition to the parameters mentioned above. For this purpose, we use the Facebook pixel with your consent when visiting the career subpages of our website.
We cannot identify which specific persons are part of the audience we have determined and who have previously visited our website.
Facebook:
Facebook uses the parameters we determine to restrict the audience and addresses our ad to those audiences. The restriction to the persons who have previously visited our website is made via the Facebook pixel in the manner of so-called retargeting.
Further information about the scope and the purpose as well as the legal basis of Facebook’s data processing can be found in the Facebook and Instagram Data Policy.
Purpose and legal basis of the data processing:
With the use of the “Detailed Targeting” function, we can restrict the groups of people to whom our ads are presented. This enables us to address our ads only to those groups of people who may be interested in our ads Hereon our legitimate interest is based (Art. 6 sec. 1f GDPR).
3. Notifications
Description and scope of the data processing:
We:
When you interact with our pages or one of our posts, advertising activities or events (for example, sharing, “Liking”, commenting), subscribe to our pages or follow us, we get a notification from Facebook with your name, your profile picture and your interaction.
We are not able to delete the notifications, your posts or other interactions.
Facebook:
Facebook collects information about how you use our pages (amongst others, interactions with posts) and notifies us about it.
Further information about the scope and the purpose as well as the legal basis of Facebook’s data processing can be found in the Facebook and Instagram Data Policy.
Purpose and legal basis of the data processing:
We will use the provided Data to learn about how you interact with regard to our pages and to be able to react to your interactions (for example, comments, “Likes”, shares). The data processing is based on the aforementioned legitimate interest (Art. 6 sec. 1f GDPR).
4. Raffles
Description and scope of the data processing:
We:
If you would like to participate in one of our raffles on Facebook/ Instagram, the terms of participation require you to perform certain actions on Facebook / Instagram (e.g. follow our Facebook / Instagram page). We are notified of such actions (related to our Facebook / Instagram page) by Facebook (see on data processing for notifications above under section 3).
If you are one of the winners randomly picked, you will be informed of this by means of a personal message from us and asked to provide us with your name and postal address so that we can send you your price (see below under section 5 for information on data processing when contacting us). The winners will not be published on our Facebook/ Instagram page.
We store your data as long as it is necessary for the execution of the raffles and the delivery of the prices.
We cannot delete the notifications, your posts, your contacting or other interactions.
Facebook:
Facebook tracks your interactions with our pages, notifies us, processes the information you provide and makes it available to us.
Further information about the scope and the purpose as well as the legal basis of Facebook’s data processing can be found in the Facebook and Instagram Data Policy.
Purpose and legal basis of the data processing:
We process your data within the scope of your participation in the raffle in order to randomly pick the winners among those participants who have fulfilled our conditions of participation and send them their prices. The data processing is carried out in order to enable you to participate in the raffle (Art. 6 sec. 1 b GDPR for the fulfilment of the contract).
5. Contacting us
Description and scope of the data processing:
We:
When you contact us via Facebook / Instagram, for example, when you send us messages via Facebook, we will receive the information provided by Facebook that include your user name, your profile picture, your query as well as your contact data and will process these.
We will not be able to delete your making contact via Facebook/ Instagram.
Facebook:
Facebook will process the Data provided by you and will make them available to us.
Further information about the scope and the purpose as well as the legal basis of Facebook’s data processing can be found in the Facebook and Instagram Data Policy.
Purpose and legal basis of the data processing:
We will process your Data as part of processing your query. The data processing is based on the aforementioned legitimate interest (Art. 6 sec. 1f GDPR).
B. How Facebook will process your Data
When you visit our pages, Facebook will collect and process the Data previously described, as well as other different Data provided by you, through cookies and other tracking technologies, for example to provide advertisers with statistics and analyses, market research, customization of features and contents. Facebook shares these Data with other companies of the Facebook group and third parties and transmits Data to third countries outside of the European Union, such as the USA.
Further information about the scope and the purpose as well as the legal basis of Facebook’s data processing activities can be found in the agreement with respect to the responsibilities, Facebook Data Policy, Facebook Cookie guidelines, Instagram Data Policy, Instagram Cookie guidelines. Information about how to adjust your privacy settings on Facebook you can found here or directly in the Facebook and Instagram settings.
III. Who receives your Data from us?
A. Departments within IAV
Within IAV, access to your Data shall only be provided to those departments / persons who are entrusted with the running of our Facebook and Instagram pages.
B. Service providers that support us
We transmit your Data to service providers who support us in the design and running of our pages. These service providers are contractually obliged to maintain confidentiality and fulfill the requirements under data protection law. Service providers that are processors have signed a contract, which guarantees that Data will be processed strictly according to our instructions.
IV. What rights do you have and how can you exercise these?
A. Withdrawal of consent
You can withdraw any consent you have granted to the processing of your Data at any time and with effect for the future. Please note that the withdrawal will have no impact on the legality of the previous data processing and that it does not extend to such data processing for which statutory authorisation exists and which can therefore be performed without your consent.
B. Other rights of data subjects
According to Art. 15 to 21 and 77 of the GDPR and if the conditions are met, you are furthermore entitled to the following rights.
Please note that we can only assist you in exercising your rights with regard to our data processing previously mentioned in II. A.
To exercise your rights with regard to Facebook’s data processing, please contact Facebook. Information about this can be found in your Facebook settings, Instagram Data Policy, among others.
Access:
You can at any time demand provision of information on the Data of yours that we process and demand a copy of the Data stored on you, Art. 15 GDPR. Please note that further copies of the Data stored on you may be subject to a charge.
Correction:
You can demand the correction of incorrect Data as well as the completion of incomplete Data according to Art. 16 GDPR.
Erasure:
You can demand the erasure of your Data. Please note that the erasure does not include Data required for the execution and processing of contracts and and to assert, exercise and defend against legal claims as well as Data for which statutory, supervisory or contractual retention obligations exist, Art. 17 GDPR.
Restriction of processing:
You can under certain circumstances demand the restriction of the processing, e.g. if you believe that your Data is incorrect, if the processing is illegal or you have raised a complaint about the data processing. This will mean that without your consent your Data may only be processed in a very restricted way, e.g. to assert, exercise or defend against legal claims or to protect the rights of other natural or legal entities, Art. 18 GDPR.
Objection to the data processing:
You have the option to object to the data processing for direct advertising purposes at any time. In addition, you can object at any time to data processing performed on the basis of a legitimate interest if there is particular reason for doing so, Art. 21 GDPR. This also applies to a profiling based on this provision according to Art. 4 No. 4 GDPR. In case of an objection your Data will no longer be processed, unless there are compelling and legitimate reasons for the processing that prevail over your interests, rights and freedoms or unless the processing serves to assert, exercise or defend against legal claims or to protect the rights of other natural or legal entities.
Data portability:
You have the right to receive the Data provided by you, which was processed based on your consent or in order to fulfill a contract, in a structured, commonly used and machine-readable format and the right to demand a direct transfer of this Data to third parties within the realms of what is technically possible, Article 20 GDPR.
C. Contact routes
You can assert your rights by means of the Contact details stated above in I.
D. Right to appeal to the competent data protection supervisory authority
If you, for example, consider that the processing of your Data is illegal or that your rights described above are not granted to you to the required extent, you have the right to file a complaint to the competent data protection supervisory authority.
Last revision: November 2022
Use of our LinkkedIn page
Thank you for visiting our LinkedIn page. The protection of your personal data (“Data”) is very important to us. This Privacy Policy is designed to give you an overview of which Data we collect and process when you visit our LinkedIn page and contact us and what rights you have in relation to the processing of your Data.
I. Who we are and how you can contact us?
We,
IAV GmbH Ingenieurgesellschaft Auto und Verkehr (“IAV”)
Carnotstraße 1
10587 Berlin
and
LinkedIn Ireland Unlimited Company (“LinkedIn”)
Wilton Place,
Dublin 2, Ireland
are responsible for protecting your Data.
If you have any questions regarding the processing of Data by LinkedIn (as described in II. B.) and your relevant rights, please contact LinkedIn ‘s Data Protection Officer by means of the LinkedIn Privacy Policy.
If you have any questions regarding the processing of Data by us (as described in II. A.), regarding your rights or this Privacy Policy, please do not hesitate to contact our Group Data Protection Officer. He can be reached
By post at:
IAV GmbH Ingenieurgesellschaft Auto und Verkehr
Data Protection Officer
Carnotstraße 1
10587 Berlin
As well as by email at: Datenschutzbeauftragter@iav.de.
II. Which Data is processing in connection with your visit on our LinkedIn page?
A. How we process your Data
To interact with you on LinkedIn and align our LinkedIn page to the interests of our followers, we use the LinkedIn functions described below. The processing of the Data collected here is done by staff responsible for the support of our LinkedIn page.
1. Analytics
Description and scope of the data processing:
In the administrator view of our LinkedIn page, we receive statistical analyses from LinkedIn about visitors, followers and updates to our LinkedIn page as well as about the interactions with our content.
Purpose and legal basis of the data processing:
These statistics help us learn how our LinkedIn page is being used and how our content is being experienced by LinkedIn users. This enables us to improve the activities on our LinkedIn page as well as the design and the contents of our LinkedIn page and our job offers, our advertising activities, our posts and our events. Hereon our legitimate interest is based (Art. 6 sec. 1f GDPR).
2. Notifications
Description and scope of the data processing:
When you interact with our LinkedIn page or one of our posts, advertising activities or events (for example, „Liking“, commenting), subscribe to our LinkedIn page or follow us, we get a notification from LinkedIn with your name, your profile picture and your interaction.
We are not able to delete the LinkedIn notifications, your posts or other interactions.
Purpose and legal basis of the data processing:
We will use the provided Data to learn about how you interact with regard to our LinkedIn page and to be able to react to your interactions (for example, comments, „Likes“). The data processing is based on the aforementioned legitimate interest (Art. 6 sec. 1f GDPR).
3. Contacting us
Description and scope of the data processing:
When you contact us via LinkedIn, for example, when you send us messages via LinkedIn, we will receive the information provided by LinkedIn that include your user name, your profile picture, your query as well as your contact data and will process these.
We will not be able to delete your making contact via LinkedIn.
Purpose and legal basis of the data processing:
We will process your Data as part of processing your query. The data processing is based on the aforementioned legitimate interest (Art. 6 sec. 1f GDPR).
4. Raffles
Description and scope of the data processing:
In order to run the raffles on our LinkedIn page, we need, among other things, the names of the participants and the postal address of the winners so that we can send them their prizes. This information must be sent to an email address provided in the raffle announcement.
The Data provided by you will be processed in the course of the respective raffle. For this purpose, we store your Data as long as it is necessary for the running of the raffles.
We are not able to delete any posts, comments or other interactions you may have with or to our raffles on LinkedIn.
Purpose and legal basis of the data processing:
We process your personal data exclusively for the purpose of running raffles (Art. 6 sec 1f GDPR).
5. LinkedIn Recruiting
Description and scope of the data processing:
We use LinkedIn Recruiting. This enables us to filter LinkedIn users using specific search criteria, such as professional experience, location, references, etc., in particular by means of the advanced search function. As a result, we come into contact with people whose qualifications match the requirements of the positions we offer (see section 3 above for information on the processing of data when exchanging personal messages).
Purpose and legal basis of the data processing:
We use LinkedIn Recruiting to expand our reach as an employer and to target individuals who meet our job requirements. The data processing is based on our legitimate interests and has the purpose of establishing new employment relationships (Art. 6 sec. 1 lit. b, f GDPR).
B. How LinkedIn will process your Data
When you visit our LinkedIn page, LinkedIn will collect and process the Data previously described, as well as other different Data provided by you, through cookies and other tracking technologies, for example to provide advertisers with statistics and analyses, market research, customization of features and contents. LinkedIn shares these Data with other companies and third parties and transmits Data to third countries outside of the European Union, such as the USA.
Further information about the scope and the purpose as well as the legal basis of LinkedIn ‘s data processing can be found in the LinkedIn Privacy Policy.
III. Who receives you Data?
A. Departments within IAV
Within IAV, access to your Data shall only be provided to those departments / persons who are entrusted with the running of our LinkedIn page.
B. Service providers that support us
We transmit your Data to service providers who support us in the design and running of our page. These service providers are contractually obliged to maintain confidentiality and fulfill the requirements under data protection law. Service providers that are processors have signed a contract, which guarantees that Data will be processed strictly according to our instructions.
IV. What rights do you have and how can you exercise these?
A. Withdrawal of consent
You can withdraw any consent you have granted to the processing of your Data at any time and with effect for the future. Please note that the withdrawal will have no impact on the legality of the previous data processing and that it does not extend to such data processing for which statutory authorisation exists and which can therefore be performed without your consent.
B. Other rights of data subjects
According to Art. 15 to 21 and 77 of the GDPR and if the conditions are met, you are furthermore entitled to the following rights.
Please note that we can only assist you in exercising your rights with regard to our data processing previously mentioned in II. A.
To exercise your rights with regard to LinkedIn´s data processing, please contact LinkedIn.
Access:
You can at any time demand provision of information on the Data of yours that we process and demand a copy of the Data stored on you, Art. 15 GDPR. Please note that further copies of the Data stored on you may be subject to a charge.
Correction:
You can demand the correction of incorrect Data as well as the completion of incomplete Data according to Art. 16 GDPR.
Erasure:
You can demand the erasure of your Data. Please note that the erasure does not include Data required for the execution and processing of contracts and and to assert, exercise and defend against legal claims as well as Data for which statutory, supervisory or contractual retention obligations exist, Art. 17 GDPR.
Restriction of processing:
You can under certain circumstances demand the restriction of the processing, e.g. if you believe that your Data is incorrect, if the processing is illegal or you have raised a complaint about the data processing. This will mean that without your consent your Data may only be processed in a very restricted way, e.g. to assert, exercise or defend against legal claims or to protect the rights of other natural or legal entities, Art. 18 GDPR.
Objection to the data processing:
You have the option to object to the data processing for direct advertising purposes at any time. In addition, you can object at any time to data processing performed on the basis of a legitimate interest if there is particular reason for doing so, Art. 21 GDPR. This also applies to a profiling based on this provision according to Art. 4 No. 4 GDPR. In case of an objection your Data will no longer be processed, unless there are compelling and legitimate reasons for the processing that prevail over your interests, rights and freedoms or unless the processing serves to assert, exercise or defend against legal claims or to protect the rights of other natural or legal entities.
Data portability:
You have the right to receive the Data provided by you, which was processed based on your consent or in order to fulfill a contract, in a structured, commonly used and machine-readable format and the right to demand a direct transfer of this Data to third parties within the realms of what is technically possible, Article 20 GDPR.
C. Contact routes
You can assert your rights by means of the Contact details stated above in I.
D. Right to appeal to the competent data protection supervisory authority
If you, for example, consider that the processing of your Data is illegal or that your rights described above are not granted to you to the required extent, you have the right to file a complaint to the competent data protection supervisory authority.
Last revision: November 2022
X (Twitter)
Use of our X (Twitter) profile
Thank you for visiting our X (Twitter) profile. The protection of your personal data (“Data”) is very important to us. This Privacy Policy is designed to give you an overview of which Data we collect and process when you visit our Twitter profile and contact us and what rights you have in relation to the processing of your Data.
I. Who we are and how you can contact us?
We,
IAV GmbH Ingenieurgesellschaft Auto und Verkehr (“IAV”)
Carnotstraße 1
10587 Berlin
and
Twitter International Company (“Twitter”)
One Cumberland Place
Fenian Street
Dublin 2
D02 AX07
Ireland
are responsible for protecting your Data.
If you have any questions regarding the processing of data by Twitter (as described in II. B.) and your relevant rights, please contact Twitter (you can find more information here).
If you have any questions regarding the processing of data by us (as described in II. A.), regarding your rights or this Privacy Policy, please do not hesitate to contact our Group Data Protection Officer. He can be reached
By post at:
IAV GmbH Ingenieurgesellschaft Auto und Verkehr
Data Protection Officer
Carnotstraße 1
10587 Berlin
As well as by email at: Datenschutzbeauftragter@iav.de.
II. Which Data is processing in connection with your visit on our X (Twitter) profile?
A. How we jointly process your Data
To interact with you on Twitter and align our Twitter profile to the interests of our followers, we use the Twitter functions described below. The processing of the Data collected here is done by staff responsible for the support of our Twitter profile.
1. Twitter Analytics and Audience Insights
Description and scope of the data processing:
We:
We use the function “Twitter Analytics”. This function provides us with information on the number of profile visits, tweet impressions, tweet interactions and overviews of the number of followers won and lost for the last 28 days. We also learn how often our videos are shown and how long the video frequencies are.
We can also use the “Audience Insights” function to view anonymous statistics on our followers. We cannot identify any specific persons from this Data. The statistical reports contain various information, e.g.:
- gender,
- interests,
- country / region,
- language,
- device type.
Twitter:
In order to generate the page insights anonymously provided to us, Twitter will collect among other information, the following:
- views of a page, post or video on a page,
- subscribing to or unsubscribing from a Twitter profile,
- interact with a Twitter profile or a tweet (e.g. tagging a page or a post as „liked“)
- demographic characteristics
- interests,
- the information about whether the page visit or interaction happened from a computer or a mobile device.
Further information about the scope and the purpose as well as the legal basis of Twitter’s data processing can be found on Twitter Privacy Policy.
Purpose and legal basis of the data processing:
These statistics help us learn how our Twitter profile is being used. This enables us to improve the activities on our Twitter profile as well as the design and the contents of our Twitter profile, our advertising activities, our posts and our events. Hereon our legitimate interest is based (Art. 6 sec. 1f GDPR).
2. Audience Driven Ads / sponsored Tweets
Description and scope of the data processing:
We:
We use the possibility to address our ads audience driven via “Twitter Ads” respectively “sponsored Tweets”. The determination of the audience is carried out according to parameters analysed by Audience Insights, among others:
- gender,
- interests,
- country / region,
- language,
- device type.
We cannot identify which specific persons are part of the audience we have determined.
Twitter:
Twitter uses the parameters we determine to restrict the audience and addresses our ad to those audiences.
Further information about the scope and the purpose as well as the legal basis of Twitter’s data processing can be found on Twitter Privacy Policy.
Purpose and legal basis of the data processing:
With the use of the “Twitter Ads”, we can restrict the groups of people to whom our ads are presented. This enables us to address our ads only to those groups of people who may be interested in our ads. Through “sponsored Tweets”, we can also reach a wider group of users and encourage our followers to interact. Hereon our legitimate interest is based (Art. 6 sec. 1f GDPR).
3. Notifications
Description and scope of the data processing:
We:
When you interact with our Twitter profile or one of our posts, advertising activities or events (for example, „Liking“, commenting), subscribe to our Twitter profile or follow us, we get a notification from Twitter with your name, your profile picture and your interaction.
We are not able to delete the Twitter notifications, your tweets or other interactions.
Twitter:
Twitter collects information about how you use our Twitter profile (amongst others, interactions with tweets) and notifies us about it.
Further information about the scope and the purpose as well as the legal basis of Twitter’s data processing can be found on Twitter Privacy Policy.
Purpose and legal basis of the data processing:
We will use the provided Data to learn about how you interact with regard to our Twitter profile and to be able to react to your interactions (for example, comments, „Likes“). The data processing is based on the aforementioned legitimate interest (Art. 6 sec. 1f GDPR).
4. Contacting us
Description and scope of the data processing:
We:
When you contact us via Twitter, for example, when you send us messages via Twitter, we will receive the information provided by Twitter that include your user name, your profile picture, your query as well as your contact data and will process these.
We will not be able to delete your making contact via Twitter.
Twitter:
Twitter will process the Data provided by you and will make them available to us.
Further information about the scope and the purpose as well as the legal basis of Twitter’s data processing can be found on Twitter Privacy Policy.
Purpose and legal basis of the data processing:
We will process your Data as part of processing your query. The data processing is based on the aforementioned legitimate interest (Art. 6 sec 1f GDPR).
B. How Twitter will process your Data
When you visit our Twitter profile, Twitter will collect and process the Data previously described, as well as other different Data provided by you, through cookies and other tracking technologies, for example to provide advertisers with statistics and analyses, market research, customization of features and contents. Twitter shares these Data with other companies and third parties and transmits Data to third countries outside of the European Union, such as the USA.
Further information about the scope and the purpose as well as the legal basis of Twitter’s data processing can be found in the Twitter Privacy Policy.
III. Who receives your Data?
A. Departments within IAV
Within IAV, access to your Data shall only be provided to those departments / persons who are entrusted with the running of our Twitter profile.
B. Service providers that support us
We transmit your Data to service providers who support us in the design and running of our page. These service providers are contractually obliged to maintain confidentiality and fulfill the requirements under data protection law. Service providers that are processors have signed a contract, which guarantees that Data will be processed strictly according to our instructions.
IV. What rights do you have and how do you exercis these?
A. Withdrawal of consent
You can withdraw any consent you have granted to the processing of your Data at any time and with effect for the future. Please note that the withdrawal will have no impact on the legality of the previous data processing and that it does not extend to such data processing for which statutory authorisation exists and which can therefore be performed without your consent.
B. Other rights of data subjects
According to Art. 15 to 21 and 77 of the GDPR and if the conditions are met, you are furthermore entitled to the following rights.
Please note that we can only assist you in exercising your rights with regard to our data processing previously mentioned in II. A.
To exercise your rights with regard to Twitter´s data processing, please contact Twitter.
Access:
You can at any time demand provision of information on the Data of yours that we process and demand a copy of the Data stored on you, Art. 15 GDPR. Please note that further copies of the Data stored on you may be subject to a charge.
Correction:
You can demand the correction of incorrect Data as well as the completion of incomplete Data according to Art. 16 GDPR.
Erasure:
You can demand the erasure of your Data. Please note that the erasure does not include Data required for the execution and processing of contracts and and to assert, exercise and defend against legal claims as well as Data for which statutory, supervisory or contractual retention obligations exist, Art. 17 GDPR.
Restriction of processing:
You can under certain circumstances demand the restriction of the processing, e.g. if you believe that your Data is incorrect, if the processing is illegal or you have raised a complaint about the data processing. This will mean that without your consent your Data may only be processed in a very restricted way, e.g. to assert, exercise or defend against legal claims or to protect the rights of other natural or legal entities, Art. 18 GDPR.
Objection to the data processing:
You have the option to object to the data processing for direct advertising purposes at any time. In addition, you can object at any time to data processing performed on the basis of a legitimate interest if there is particular reason for doing so, Art. 21 GDPR. This also applies to a profiling based on this provision according to Art. 4 No. 4 GDPR. In case of an objection your Data will no longer be processed, unless there are compelling and legitimate reasons for the processing that prevail over your interests, rights and freedoms or unless the processing serves to assert, exercise or defend against legal claims or to protect the rights of other natural or legal entities.
Data portability:
You have the right to receive the Data provided by you, which was processed based on your consent or in order to fulfill a contract, in a structured, commonly used and machine-readable format and the right to demand a direct transfer of this Data to third parties within the realms of what is technically possible, Article 20 GDPR.
C. Contact routes
You can assert your rights by means of the Contact details stated above in I.
D. Right to appeal to the competent data protection supervisory authority
If you, for example, consider that the processing of your Data is illegal or that your rights described above are not granted to you to the required extent, you have the right to file a complaint to the competent data protection supervisory authority.
Last revision: November 2022
Use of our Xing page
Thank you for visiting our Xing page. The protection of your personal data (“Data”) is very important to us. This Privacy Policy is designed to give you an overview of which Data we collect and process when you visit our Xing page and contact us and what rights you have in relation to the processing of your Data.
I. Who are we and how can you contact us?
We,
IAV GmbH Ingenieurgesellschaft Auto und Verkehr (“IAV”)
Carnotstraße 1
10587 Berlin
and
New Work SE (“Xing”)
Am Strandkai 1
20457 Hamburg
are responsible for protecting your Data.
If you have any questions regarding the processing of Data by Xing (as described in II. B.) and your relevant rights, please contact Xing’s Data Protection Officer by means of the Xing Data Policy.
If you have any questions regarding the processing of Data by us (as described in II. A.), regarding your rights or this Privacy Policy, please do not hesitate to contact our Group Data Protection Officer. He can be reached
By post at: IAV GmbH Ingenieurgesellschaft Auto und Verkehr
Data Protection Officer
Carnotstraße 1
10587 Berlin
As well as by email at: Datenschutzbeauftragter@iav.de.
II. Which Data is processing in connection with your visit to our Xing page?
A. How we process your Data
To interact with you on Xing and align our Xing page to the interests of our followers, we use the Xing functions described below. The processing of the Data collected here is done by staff responsible for the support of our Xing page.
1. Profile analysis
Description and scope of the data processing:
Via the “Profile Analysis” function, we receive overviews provided by Xing as well as anonymized statistics on the visitors and followers of our Xing page over the last 30 days. The anonymous statistics contain various information, e.g.:
- company belonging,
- industry branch,
- career levels,
- age groups.
Purpose and legal basis of the data processing:
With the help of profile analysis we learn who or which groups of people use our Xing site. This enables us to adapt the design of our Xing page, advertising campaigns, posts and events to the interests of our visitors and followers. Hereon our legitimate interest is based (Art. 6 sec. 1f GDPR).
2. Contacting us
Description and scope of the data processing:
When you contact us via Xing, for example, when you send us messages via Xing, we will receive the information provided by Xing that include your user name, your profile picture, your query as well as your contact data and will process these.
We will not be able to delete your making contact via Xing.
Purpose and legal basis of the data processing:
We will process your Data as part of processing your query. The data processing is based on the aforementioned legitimate interest (Art. 6 sec 1f GDPR).
B. How Xing will process your Data
When you visit our Xing page, Xing will collect and process the Data previously described, as well as other different Data provided by you, through cookies and other tracking technologies, for example to provide advertisers with statistics and analyses, market research, customization of features and contents. Xing shares these Data with other companies and third parties and transmits Data to third countries outside of the European Union, such as the USA. Further information about the scope and the purpose as well as the legal basis of Xing ‘s data processing can be found in the Xing Data Policy.
III. Who receives your Data?
A. Departments within IAV
Within IAV, access to your Data shall only be provided to those departments / persons who are entrusted with the running of our Xing page.
B. Service providers that support us
We transmit your Data to service providers who support us in the design and running of our page. These service providers are contractually obliged to maintain confidentiality and fulfill the requirements under data protection law. Service providers that are processors have signed a contract, which guarantees that Data will be processed strictly according to our instructions.
IV. What rights do you have and how can you exercise these?
A. Withdrawal of consent
You can withdraw any consent you have granted to the processing of your Data at any time and with effect for the future. Please note that the withdrawal will have no impact on the legality of the previous data processing and that it does not extend to such data processing for which statutory authorisation exists and which can therefore be performed without your consent.
B. Other rights of data subjects
According to Art. 15 to 21 and 77 of the GDPR and if the conditions are met, you are furthermore entitled to the following rights.
Please note that we can only assist you in exercising your rights with regard to our data processing previously mentioned in II. A.
To exercise your rights with regard to Xing´s data processing, please contact Xing.
Access:
You can at any time demand provision of information on the Data of yours that we process and demand a copy of the Data stored on you, Art. 15 GDPR. Please note that further copies of the Data stored on you may be subject to a charge.
Correction:
You can demand the correction of incorrect Data as well as the completion of incomplete Data according to Art. 16 GDPR.
Erasure:
You can demand the erasure of your Data. Please note that the erasure does not include Data required for the execution and processing of contracts and and to assert, exercise and defend against legal claims as well as Data for which statutory, supervisory or contractual retention obligations exist, Art. 17 GDPR.
Restriction of processing:
You can under certain circumstances demand the restriction of the processing, e.g. if you believe that your Data is incorrect, if the processing is illegal or you have raised a complaint about the data processing. This will mean that without your consent your Data may only be processed in a very restricted way, e.g. to assert, exercise or defend against legal claims or to protect the rights of other natural or legal entities, Art. 18 GDPR.
Objection to the data processing:
You have the option to object to the data processing for direct advertising purposes at any time. In addition, you can object at any time to data processing performed on the basis of a legitimate interest if there is particular reason for doing so, Art. 21 GDPR. This also applies to a profiling based on this provision according to Art. 4 No. 4 GDPR. In case of an objection your Data will no longer be processed, unless there are compelling and legitimate reasons for the processing that prevail over your interests, rights and freedoms or unless the processing serves to assert, exercise or defend against legal claims or to protect the rights of other natural or legal entities.
Data portability:
You have the right to receive the Data provided by you, which was processed based on your consent or in order to fulfill a contract, in a structured, commonly used and machine-readable format and the right to demand a direct transfer of this Data to third parties within the realms of what is technically possible, Article 20 GDPR.
C. Contact routes
You can assert your rights by means of the Contact details stated above in I.
D. Right to appeal to the competent data protection supervisory authority
If you, for example, consider that the processing of your Data is illegal or that your rights described above are not granted to you to the required extent, you have the right to file a complaint to the competent data protection supervisory authority.
Last revision: November 2022
YouTube
Privacy policy for the use of our YouTube channel
Thank you for visiting our YouTube channel. The protection of your personal data (“Data”) is very important to us. This Privacy Policy is designed to give you an overview of which Data we collect and process when you visit our YouTube channel and contact us and what rights you have in relation to the processing of your Data.
I. Who we are and how you can contact us?
We,
IAV GmbH Ingenieurgesellschaft Auto und Verkehr (“IAV”)
Carnotstraße 1
10587 Berlin
Germany
and
Google Ireland Limited (“Google”)
Gordon House, Barrow Street
Dublin 4, Irland
are responsible for protecting your Data.
If you have any questions regarding the processing of Data on YouTube (as described in II. B.) and your relevant rights, please contact Google’s Data Protection Officer by means of the Google Privacy Policy.
If you have any questions regarding the processing of Data by us (as described in II. A.), regarding your rights or this Privacy Policy, please do not hesitate to contact our Group Data Protection Officer. He can be reached
by post at:
IAV GmbH Ingenieurgesellschaft Auto und Verkehr
Data Protection Officer
Carnotstraße 1
10587 Berlin
As well as by email at: Datenschutzbeauftragter@iav.de.
II. Data processing in connection with your visit to our YouTube channel
A. How we process your Data
To interact with you on YouTube and align our YouTube channel to the interests of our subscribers, we use the YouTube functions described below. The processing of the Data collected here is done by staff responsible for the support of our YouTube channel.
1. Analytics
Description and scope of the data processing:
Via the YouTube function “Analytics” we receive information about our subscribers as well as exact statistics about our YouTube channel and its usage. The statistics contain a variety of information, e.g:
- the viewing time (in minutes / percentage, average viewing time, views),
- the interactions (e.g. “like me” ratings, comments, shared content, subscribers),
- to playlists (e.g., playlist exit rate, average time in playlist),
- to use the info cards (e.g. click on info card, teaser),
- to use the end screen function (e.g. displayed end screen elements, clicks on end screen elements),
- to YouTube Premium (e.g. viewing time, views),
- to our videos (published videos, added videos).
With regard to the points mentioned above, we can display a detailed overview of the following aspects, among others:
- regions and TOP-10 countries,
- demographic aspects (gender of viewers, age of viewers),
- Access sources (e.g. external, video suggestions, YouTube search, end screen functions),
- viewing locations (YouTube viewing page embedded in external web pages or apps, YouTube channel page, YouTube others),
- by device (e.g. computer, mobile phone, TV) and operating system (e.g. Android, ios, Linux),
- Livestreaming,
- translations,
- “Where was it shared?” (e.g. Facebook, WhatsApp, Twitter).
Also a representation as 360°-Headmap is possible or a comparative overview regarding viewing time, views, average percentage of viewing, gained subscribers.
We can define the period for which the statistics are displayed, e.g. for this week (Sunday – Today), last week, last 7 days, first 7 days, this month, last month, last 28 days, last 30 days, first 28 days, this quarter, last quarter, last 90 days, last 90 days, this year, last year, last 365 days, first 365 days, period since creation of the YouTube channel.
We can also set the level of detail of the analysis overview, e.g. daily, daily (continuous totals for 7 days), daily (continuous averages for 7 days), daily (continuous totals for 28 days), daily (continuous averages for 28 days) (continuous totals for 30 days), weekly, monthly, quarterly, yearly.
We can choose the way of presentation, e.g. graphical analysis, map analysis, bar chart, pie chart, bubble chart.
In addition to the analysis options shown above, our YouTube channel is automatically analysed in real time. We get an overview of the estimated views of our videos for the last 48 hours and / or the last 60 minutes. This real-time analysis is updated every 10 seconds.
Purpose and legal basis of the data processing:
This way we learn who is watching our videos, following our YouTube channel and how our YouTube channel is used. This allows us to adapt the design of our YouTube channel to the interests of our viewers and subscribers. This is also our legitimate interest according to Art. 6 sec. 1f GDPR.
2. Notifications
Description and scope of the data processing:
If you subscribe to our YouTube channel for the first time or interact with our YouTube channel (e.g. comment), we will receive a notification from Google with your name, your profile picture and your interaction.
We can’t delete the YouTube notifications. We also cannot delete interactions (from the YouTube servers), we can only remove your comments on our YouTube channel.
Purpose and legal basis of the data processing:
We use the information provided to see how you interact with respect to our YouTube channel and to respond to your interactions (e.g. comments, “like me” rating). Data processing is based on this legitimate interest (Art. 6 sec. 1f GDPR).
3. Contacting us
Description and scope of the data processing:
When you contact us via YouTube, for example, when you send us messages via YouTube, we will receive the information provided by Google that include your user name, your profile picture, your query as well as your contact data and will process these.
We will not be able to delete your making contact via YouTube.
Purpose and legal basis of the data processing:
We will process your Data as part of processing your query. The data processing is based on the aforementioned legitimate interest (Art. 6 sec 1f GDPR).
4. Community
Description and scope of the data processing:
Via the YouTube function “Community” we can also communicate with our subscribers beyond our videos and contact them directly with posts.
Under the Community tab, we learn since when the subscribers (who share their subscriptions publicly) have subscribed to our YouTube channel and how many subscribers they have themselves.
We are not able to delete your your posts, comments or other interactions.
Purpose and legal basis of the data processing:
We use the community function to communicate directly with you. Data processing is based on this legitimate interest (Art. 6 sec. 1f GDPR).
B. How Google will process your Data on YouTube
When you visit our YouTube channel, Google will collect and process the Data previously described, as well as other different Data provided by you, through cookies and other tracking technologies, for example to provide advertisers with statistics and analyses, market research, customization of features and contents. Google shares these Data with affiliated companies and third parties and transmits Data to third countries outside of the European Union, such as the USA. Further information about the scope and the purpose as well as the legal basis of Google ‘s data processing can be found in the Google Privacy Policy.
III. Who receives your Data?
A. Departments within IAV
Within IAV, access to your Data shall only be provided to those departments / persons who are entrusted with the running of our Youtube channel.
B. Service providers that support us
We transmit your Data to service providers who support us in the design and running of our page. These service providers are contractually obliged to maintain confidentiality and fulfill the requirements under data protection law. Service providers that are processors have signed a contract, which guarantees that Data will be processed strictly according to our instructions.
IV. What rights do you have and how can you exercise these?
A. Withdrawal of consent
You can withdraw any consent you have granted to the processing of your Data at any time and with effect for the future. Please note that the withdrawal will have no impact on the legality of the previous data processing and that it does not extend to such data processing for which statutory authorisation exists and which can therefore be performed without your consent.
B. Other rights of data subjects
According to Art. 15 to 21 and 77 of the GDPR and if the conditions are met, you are furthermore entitled to the following rights.
Please note that we can only assist you in exercising your rights with regard to our data processing previously mentioned in II. A.
To exercise your rights with regard to the data processing on YouTube, please contact Google.
Access:
You can at any time demand provision of information on the Data of yours that we process and demand a copy of the Data stored on you, Art. 15 GDPR. Please note that further copies of the Data stored on you may be subject to a charge.
Correction:
You can demand the correction of incorrect Data as well as the completion of incomplete Data according to Art. 16 GDPR.
Erasure:
You can demand the erasure of your Data. Please note that the erasure does not include Data required for the execution and processing of contracts and and to assert, exercise and defend against legal claims as well as Data for which statutory, supervisory or contractual retention obligations exist, Art. 17 GDPR.
Restriction of processing:
You can under certain circumstances demand the restriction of the processing, e.g. if you believe that your Data is incorrect, if the processing is illegal or you have raised a complaint about the data processing. This will mean that without your consent your Data may only be processed in a very restricted way, e.g. to assert, exercise or defend against legal claims or to protect the rights of other natural or legal entities, Art. 18 GDPR.
Objection to the data processing:
You have the option to object to the data processing for direct advertising purposes at any time. In addition, you can object at any time to data processing performed on the basis of a legitimate interest if there is particular reason for doing so, Art. 21 GDPR. This also applies to a profiling based on this provision according to Art. 4 No. 4 GDPR. In case of an objection your Data will no longer be processed, unless there are compelling and legitimate reasons for the processing that prevail over your interests, rights and freedoms or unless the processing serves to assert, exercise or defend against legal claims or to protect the rights of other natural or legal entities.
Data portability:
You have the right to receive the Data provided by you, which was processed based on your consent or in order to fulfill a contract, in a structured, commonly used and machine-readable format and the right to demand a direct transfer of this Data to third parties within the realms of what is technically possible, Article 20 GDPR.
C. Contact routes
You can assert your rights by means of the Contact details stated above in I.
D. Right to appeal to the competent data protection supervisory authority
If you, for example, consider that the processing of your Data is illegal or that your rights described above are not granted to you to the required extent, you have the right to file a complaint to the competent data protection supervisory authority.
Last revision: November 2022
eventure-online
Use of eventure-online
Thank you for using “eventure-online”. The protection of your personal data („Data“) is very important to us. This Privacy Policy is designed to give you an overview of which Data we collect and process when you visit „eventure-online“ or register for an IAV conference and what rights you have in relation to the processing of your Data.
I. Who we are and how you can contact us?
We,
IAV GmbH Ingenieurgesellschaft Auto und Verkehr („IAV“)
Carnotstraße 1
10587 Berlin
are responsible for protecting your Data.
If you have any questions regarding the processing of Data, regarding your rights or this Privacy Policy, please do not hesitate to contact our Group Data Protection Officer. He can be reached
by post at:
IAV GmbH Ingenieurgesellschaft Auto und Verkehr
Group Data Protection Officer
Carnotstraße 1
10587 Berlin
As well as by e-mail at: datenschutzbeauftragter@iav.de.
II. Data processing in connection with your visit to eventure-online
A. Log-Files
Description and scope of the data processing:
When you use “eventure-online“ your browser automatically transmits the following Data:
• the IP address of the user,
• date and time of access,
• Session ID,
• information about the browser type and the version used,
• the user’s operating system and its version,
• the user’s screen resolution.
Purposes of the data processing:
The temporary storage of the IP address by the system is necessary in order to enable the user’s electronic device to receive the requested Data. For this purpose, the IP address of the user must be stored for the duration of the session. Other Data is stored in log files to ensure the functionality of “eventure-online“ and to provide technical support.
Legal basis:
We store this Data temporarily on the basis of legitimate interests (Art. 6 sec. 1 f GDPR). Our legitimate interest lies in achieving the purposes described above.
Term of storage and control options:
The Data will be erased if they are no longer necessary to achieve the purposes. The maximum storage period is six months.
B. Our own cookies
Description and scope of the data processing:
When you use “eventure-online“, we set so-called cookies. These are small text files that are stored on your device. Cookies typically contain a distinctive string of characters, the so-called cookieID, which identify your browser when revisiting “eventure-online“.
We use session cookies that enable users to log on to the site and maintain a session.
Purposes of the data processing:
The Session-Cookies are used to make “eventure-online“ more user-friendly and to guarantee certain functionalities.
Legal basis:
We use cookies on the basis of legitimate interests (Art. 6 sec. 1 f GDPR). Our legitimate interest lies in ensuring the functioning of “eventure-online“ and their user-friendly operability.
Terms of storage and control options:
Session cookies are automatically removed after closing the browser.
You have total control over the use of cookies and can delete cookies in your browser, you can deactivate the storage of cookies completely, accept only certain cookies selectively and possibly set up your browser in a way that it notifies you when a cookie is to be set. To learn how to change these settings, please use the help feature of your browser. Please note that this can restrict the functionality of “eventure-online“.
Deactivate in Firefox
Deactivate in Internet Explorer
Deactivate in Chrome
III. Which Data is processed when you register for a conference via eventure-online
A. Data processing during registration on „eventure-online“
Description and scope of the data processing:
To register for an event, you must complete the registration form. In the registration form, we collect the Data requested there. This includes your professional contact and organisational Data, in particular your first and last name, your professional telephone number and e-mail address, as well as the company in which you work and its address details. These are mandatory fields (they are marked with an asterisk). You cannot register for an event if these fields are not filled in. Optionally, you can enter your title and dietary requirements. We will also ask you for your participant status (participant, speaker or exhibitor) in order to determine the participant fees.
In addition, your Data will be evaluated anonymously for statistical purposes of IAV, in particular, how many participants from which areas (OEM, universities/research institutes, suppliers, automotive engineering, others) took part in the event; from which countries do the participants come?
Purposes of the data processing:
We collect your Data for registration at IAV conferences and the related event organization.
Legal basis:
We process your Data for the execution of pre-contractual and contractual measures that take place upon your registration (Art. 6 sec. 1 b GDPR). We process voluntary information on the basis of your consent (Art. 6 sec. 1 a GDPR).
Terms of storage and control options:
We store your Data for as long it is needed for the specific purpose of processing.
We usually delete your registration Data after the end of the event and successful payment processing, but no later than six months after the event, unless longer storage is necessary, in particular to enforce payment claims.
B. Data processing for payment
Description and scope of the data processing:
If you decide to pay online, you will be forwarded to a payment service provider. The associated IT usage data of the payment process will be processed. Your Data will be transmitted in encrypted form. Your bank data will not transmitted. We only receive the last four digits of your card number.
Purposes of the data processing:
The data processing is necessary in order to be able to track received payments of the participation fees.
Legal basis:
We process your Data for the purpose of carrying out pre-contractual and contractual measures which are carried out in response to your registration (Art. 6 sec. 1 b GDPR).
Terms of storage and control options:
We store your Data as long as we need it for the specific processing purpose. In addition, we store certain Data for the duration of statutory limitation periods (usually 3 years, in individual cases up to 30 years) and as long as statutory retention periods (e.g. from the German Commercial Code, the Tax Code) require (usually max. 10 years).
IV. Invitation to the next event of the same conference series and the associated storage of your data
Description and scope of the data processing:
In order to be able to invite you to the follow-up event of the conference you attended, we store your name, contact details and (if specified) your company membership in an IAV internal tool. The cycle of our conferences to be held is usually two years.
Purposes of the data processing:
The storage of Data allows us to effectively manage our meeting invitations.
Legal basis:
We store this Data on the basis of legitimate interests (Art. 6 sec. 1 f GDPR). Our legitimate interest lies in achieving the purpose described above.
Terms of storage and control options:
As our conferences are usually held in a two-year cycle, we store your Data for a period of two years. If you do not agree to this, you can object to the storage and thus to the sending of an invitation to the follow-up event of the same conference series by sending us an e-mail to events@iav.com.
V. Which Data is processed when you subscribe to our newsletter?
Description and scope of the data processing:
If you would like to subscribe to our newsletter to receive information about similar conferences or conference-specific content, we need the following information: Salutation, first and last name, e-mail address.
The registration for the subscription is done as follows: After clicking the checkbox to our newsletter, our system will send you an e-mail with an activation link to confirm your subscription to the service. This will ensure that you are the owner of the email address you provided. You will only be added to the distribution list once you have confirmed the activation link for receipt in the registration e-mail (so-called double opt-in process). In order to prove the authorisation of your registration and to be able to trace a (possible) misuse of your e-mail address, we store your IP addresses used and the times (date and time) of the registration as well as the confirmation.
newsletter tracking
open-tracking:
A tracking pixel (=image) embedded in the e-mail captures the time when an e-mail was opened. This may be prevented by your e-mail service provider using automatic image blockers.
click-tracking:
If you click on a link contained in our newsletter, this process will be tracked.
Purposes of the data processing:
The purpose of the data processing is your wish to subscribe to our newsletter and to receive the corresponding information.
Legal basis:
Legal basis for the processing of your Data in connection with the registration to our newsletter as well as its execution is your consent according to Art. 6 sec. 1 a GDPR.
Terms of storage and control options:
If you would like to unsubscribe from our newsletter, you can do so by clicking on the unsubscribe link at the end of each newsletter-email or by sending us an e-mail to events@iav.com.
If you do not click on the newsletter activation link sent to you by e-mail within 30 days (double opt-in process), the activation link will be invalid and your Data (IP address and date/time of registration) will be deleted.
VI. Who receives your Data?
Departments within IAV
Within IAV, access to your Data shall be only provided to those departments / persons who require this for the purposes described, these are in particular the departments responsible for the organization of events.
Service Providers that support us
We will transmit your Data to our service providers, especially for the following purposes
- the organization of events,
- participant management,
- Provision, operation and maintenance of our tools.
These service providers are contractually obliged to maintain confidentiality and fulfill the requirements under data protection law. Service providers that are processors have signed a corresponding contract, which guarantees that Data will be processed strictly according to our instructions.
VII. What rights do you have and how can you exercise these?
A. Withdrawal of consent
You can withdraw any consent you have granted to the processing of your Data at any time and with effect for the future. Please note that the withdrawal will have no impact on the legality of the previous data processing and that it does not extend to such data processing for which statutory authorization exists and which can therefore be performed without your consent.
B. Other rights of data subjects
According to Art. 15 to 21 and 77 of the GDPR and if the conditions are met, you are furthermore entitled to the following rights:
Access:
You can at any time demand provision of information on the Data of yours that we process and demand a copy of the Data stored on you, Art. 15 GDPR. Please note that further copies of the Data stored on you may be subject to a charge.
Correction:
You can demand the correction of incorrect Data as well as the completion of incomplete Data according to Art. 16 GDPR.
Erasure:
You can demand the erasure of your Data. Please note that the erasure does not include Data required for the execution and processing of contracts and to assert, exercise and defend against legal claims as well as Data for which statutory, supervisory or contractual retention obligations exist, Art. 17 GDPR.
Restriction of processing:
You can under certain circumstances demand the restriction of the processing, e.g. if you believe that your Data is incorrect, if the processing is illegal or you have raised a complaint about the data processing. This will mean that without your consent your Data may only be processed in a very restricted way, e.g. to assert, exercise or defend against legal claims or to protect the rights of other natural or legal entities, Art. 18 GDPR.
Objection to the data processing:
You have the option to object to the data processing for direct advertising purposes at any time. In addition, you can object at any time to data processing performed on the basis of a legitimate interest if there is particular reason for doing so, Article 21 GDPR.
Data portability:
You have the right to receive the Data provided by you, which was processed based on your consent or in order to fulfill a contract, in a structured, commonly used and machine-readable format and the right to demand a direct transfer of this Data to third parties within the realms of what is technically possible, Article 20 GDPR.
C. Contact routes
You can assert your rights by means of the following Contact details:
By post at:
IAV GmbH Ingenieurgesellschaft Auto und Verkehr
Group Data Protection Officer
Carnotstraße 1
10587 Berlin
as well as by e-mail at: datenschutzbeauftragter@iav.de
D. Right to appeal to the competent data protection supervisory authority
If you, for example, consider that the processing of your Data is illegal or that your rights described above are not granted to you to the required extent, you have the right to file a complaint according to Art. 77 GDPR to the competent data protection supervisory authority.
Last revision: November 2021