152 Jobs

Privacy Policy

Use of our websites

  • Use of our websites

    Thank you for visiting our websites. The protection of your personal data (“Data”) is very important to us. This Privacy Policy is designed to give you an overview of which Data we collect and process when you visit our websites and contact us and what rights you have in relation to the processing of your Data.

  • I. Who are we and how can you contact us?

    We,

    IAV GmbH Ingenieurgesellschaft Auto und Verkehr (“IAV”)
    Carnotstraße 1
    10587 Berlin

    are responsible for protecting your Data.

    If you have any questions regarding the processing of data, regarding your rights or this Privacy Policy, please do not hesitate to contact our Group Data Protection Officer. He can be reached

    By post at:
    IAV GmbH Ingenieurgesellschaft Auto und Verkehr
    Data Protection Officer
    Carnotstraße 1
    10587 Berlin

    As well as by email at:
    Datenschutzbeauftragter@iav.de.

  • II. Data processing in connection with your visit to our websites

    A. Log-Files
    Description and scope of the data processing:
    When you visit our website your browser automatically transmits the following Data:

    • information about the browser type and the version used;
    • the user’s operating system;
    • the Internet service provider of the user;
    • the IP address of the user;
    • date and time of access;
    • websites from which the user’s system accesses our website (referrer URL);
    • Websites accessed by the user’s system from our website.;

    Purposes of the data processing:
    The temporary storage of the IP address by the system is necessary in order to enable the user’s electronic device to receive the requested Data. For this purpose, the IP address of the user must be stored for the duration of the session. Other Data is stored in log files to ensure the functionality of the website. The data is also used to optimize the content of our website, to help us prevent malfunctions and misuse of our systems, to ensure the long-term functionality and security of our website and information technology systems, and to provide prosecuting authorities with the information necessary for prosecution in the event of a cyber attack.

    Legal basis:
    We store this Data temporarily on the basis of legitimate interests (Art. 6 sec. 1 f GDPR). Our legitimate interest lies in achieving the purposes described above.

    Term of storage and control options:
    The Data will be erased if they are no longer necessary to achieve the purposes. Log files are erased after seven days at the latest, unless a longer storage period is necessary to comply with contractual or legal obligations. The IP address is stored for the duration of the session. Data, the further storage of which is needed for evidence purposes, are excluded from erasure until the respective incident has been finally clarified.

    B. Our own cookies
    Description and scope of the data processing:
    When you visit our website, we set so-called cookies. These are small text files that are stored on your device. Cookies typically contain a distinctive string of characters, the so-called cookieID, which identify your browser when revisiting the website.

    We use session cookies to control navigation within a session after language selection and access to user-specific areas after authentication.

    For web statistics, we work with permanent cookies that enable us to identify you beyond the browser session.

    In addition, we use permanent cookies to track whether you have agreed to the use of the Facebook pixel through our cookie banner (“consent cookie”) and whether you have withdrawn your consent or have not given your consent (“opt-out cookie”): When you click on “I agree” in our cookie banner, we set the consent cookie. This cookie is activated for 120 days. It will then expire and the cookie banner will be displayed again when you visit our website. If you close our cookie banner via the “X”, we set the opt-out cookie, the Facebook pixel is not used in this case. The opt-out cookie is also activated for 120 days and then expires so that the cookie banner is displayed again on subsequent visits.

    Purposes of the data processing:
    Both the permanent cookies and the session cookies are used to make our website more user-friendly and to guarantee certain functionalities. We use the consent cookie to identify that you have agreed to the use of the Facebook pixel. We use the revocation cookie to identify that you have revoked your consent or have not given your consent.

    Legal basis:
    We use cookies on the basis of legitimate interests (Art. 6 sec. 1 f GDPR). Our legitimate interest lies in ensuring the functioning of our websites and their user-friendly operability.

    Term of storage and control options:
    Session cookies are automatically removed after closing the browser. Permanent cookies remain permanently on your device.

    The consent and opt-out cookies expire after 120 days.

    You have total control over the use of cookies and can delete cookies in your browser, you can deactivate the storage of cookies completely, accept only certain cookies selectively and possibly set up your browser in a way that it notifies you when a cookie is to be set. To learn how to change these settings, please use the help feature of your browser. Please note that this can restrict the functionality of our website.
    Deactivate in Firefox
    Deactivate in Internet Explorer
    Deactivate in Chrome

    C. Third Party Cookies and Tracking Technologies
    HERE Maps
    Description and scope of the data processing:

    HERE:
    On our website we use “HERE Maps”, a service provided by HERE Global B.V. („HERE“), Kennedyplein 222 -226, 5611 ZT Eindhoven, Netherlands.
    With HERE Maps you can view maps and change their views. In particular, your IP address and, for example, when using the route function, the specified start and destination are transmitted to HERE via an interface.
    Further information on the processing of your data and the use of cookies can be found in the HERE Privacy Policy and in the HERE Cookie Policy.

    We:
    We are not able to view the data processed by HERE.

    Purposes of the data processing:
    HERE:

    HERE processes your data to show you map material and enable you to use the functionalities, among other things.

    We:
    With the help of the HERE Maps, we are able to show you interactive maps directly on the website, thus allowing you to make easy use of the map function.

    Legal basis:
    We use the HERE Maps on the basis of Art. 6 sec. 1 f GDPR. Our legitimate interest lies in designing the use of our web pages to match demand, i.e. especially convenient and simple.

    Term of storage and control options:
    You can prevent HERE from collecting and processing the Data by deleting the cookies in your browser, completely deactivating the storage of cookies, selectively accepting certain cookies and, if necessary, setting your browser to notify you, if a cookie should be set. Please use the help functions of your browser to find out how to change these settings. This may limit the functionality of our website.
    Deactivate in Firefox
    Deactivate in Internet Explorer
    Deactivate in Chrome

    MTCaptcha
    Description and scope of the data processing
    :

    MTCaptcha:
    On our website we use „MTCaptcha“, ”, a service provided by MTCaptcha, 1400 Four Embarcadero Center, San Francisco, CA 94111.
    MTCaptcha is used to recognize bots while subscribing to the newsletter. For this purpose, visitor behaviour data (e.g. anonymised IP address, length of stay of the website visitor, mouse movements) is recorded and evaluated in order to distinguish people from bots.
    Additional information is available here.

    We:
    We are not able to view the data processed by MTCaptcha.

    Purposes of the data processing:
    MTCaptcha:
    MTCaptcha uses the data to distinguish bots from human website visitors on our behalf.

    We:
    By using MTCaptcha we can distinguish human website visitors from bots and thus protect us from abusive automated spying and SPAM.

    Legal basis:
    We use MTCaptcha on the basis of Art. 6 sec. 1 f GDPR. Our legitimate interest lies in preventing abuses as well as SPAM.

    Term of storage and control options:
    You can prevent MTCaptcha from collecting and processing the Data by deleting the cookie in your browser, completely deactivating the storage of cookies, selectively accepting certain cookies and, if necessary, setting your browser to notify you, if a cookie should be set. Please use the help functions of your browser to find out how to change these settings. This may limit the functionality of our website.
    Deactivate in Firefox
    Deactivate in Internet Explorer
    Deactivate in Chrome

    Matomo
    Description and scope of the data processing:

    On our websites we use the free web analysis software “Matomo”.
    This uses cookies to enable us to analyse your use of the website. The analysis is based mainly on the following information: Visitor numbers, number of returning visitors, visited sites, visitors’ actions on the site (e.g. registration, newsletter subscription, download), visitors’ time spent on the site, keywords used by visitors to find the site, visitors’ behaviour on the site, visitors’ origin, visitors’ interests. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by a server.

    We:
    We use this information exclusively for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage.

    Purposes of the data processing:
    Matomo:
    On our order, the Data collected is used to evaluate the use of our websites, to compile reports on website activity and to provide other services related to website and Internet use.

    We:
    We use the statistics provided by Matomo to analyze the activities on our websites. This allows us to evaluate our services and improve the quality of our websites and content and adjust them to the needs of our users.

    Legal basis:
    We use Matomo on the basis of Art. 6 sec. 1 f GDPR. Our legitimate interest lies in evaluating the use of our websites and adjusting their content and design to your needs.

    Term of storage and control options:
    You can prevent the installation of cookies by selecting the appropriate settings in your browser software. However, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.
     

    Social-Media (Twitter, XING, LinkedIn, Facebook/Instagram)
    Description and scope of the data processing:
    There are icons on this website which enable the sharing of pages on social networks. These icons are implemented as external links (e.g. for Facebook with “sharer.php”).

    Social media platforms:
    If you click on an icon your user Data will be transferred to the website of the social media platform.

    You can find further information on data processing on social media platforms, purposes and legal bases for the data processing as well as your rights vis-á-vis the social media platforms under the following links:

    Facebook/Instagram
    Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland
    Here

    LinkedIn
    LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland
    Here

    Twitter
    Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA
    Here

    Xing
    XING AG, Dammtorstraße 29-32, 20354 Hamburg, Deutschland)
    Here

    Term of storage and control options:
    You can also prevent the collection and processing of the Data by the social media platforms by downloading and installing on your devices the browser add-on available under the following links.
    Facebook/Instagram Opt-Out
    LinkedIn Opt-Out
    Twitter Opt-Out
    Xing Opt-Out

    Facebook-Pixel
    Description and scope of the data processing:

    We and Facebook:
    We use the Facebook pixel on the career subpages of our website. Facebook pixel captures when a user visits our website. Users who belong to a defined audience will then receive audience-driven content in the Facebook Ads Network, especially job ads (detailed targeting). When a user clicks on this content, it is captured by Facebook. We then receive an anonymous evaluation from Facebook of how successful the advertising campaign was and how many users clicked on the content (retargeting). However, we do not know which individual users have visited our website.

    For more information about the scope and purpose of Facebook’s data processing and the legal basis of Facebook’s data processing, please check Facebook’s Privacy Policy.

    More information about the “Detailed Targeting” we use may also be found in the Privacy Policy of our Facebook page.

    Purposes of the data processing:
    By using the Facebook pixel and creating a “website visitor” audience, we can address our ads in the form of job postings to those who have previously visited our website.

    Legal basis:
    The legal basis for this data processing is your consent pursuant to Art. 6 sec. a GDPR. You agree by clicking on the “I agree” button in our cookie banner: “With your consent, we will use the Facebook pixel to subsequently display audience-driven content on the Facebook Ad Network to visitors of our website and to evaluate the success of our ads. We do not know who is visiting our website. [I agree]”

    Term of storage and control options:
    You can remove the consent cookie set by clicking on the “I agree” button of our cookie banner from your browser at any time, completely deactivating the storage of cookies, selectively accepting certain cookies and, if necessary, setting your browser to notify you, if a cookie should be set. Please use the help functions of your browser to find out how to change these settings.
    Deactivate in Firefox
    Deactivate in Internet Explorer
    Deactivate in Chrome

    If you remove or disable the consent cookie, you will no longer be captured by the Facebook pixel (opt-out). You can also opt-out of the use of the Facebook pixel by clicking Facebook Pixel Opt-Out.

    Indeed-Pixel
    Description and scope of the data processing:
    Indeed:

    On this website we use a web analysis tool provided by Indeed Ireland Operations, Ltd, 124 St. Stephen’s Green, Dublin 2, Ireland (“Indeed“) to measure the number of applications submitted through Indeed and thus the reach/success rate of our job advertisements.

    For this purpose we set a so-called count-pixel, which is inserted into the page programming by means of a 1×1 pixel transparent image. The pixel-code set by us itself does not collect any data, but responds to a cookie set by Indeed during your previous visit of the Indeed website. Within this cookie, a browser-specific identification as well as the IP address are stored and a unique session ID is created from this, which assigns the respective visitor (applicant) at the time of the application and records which job advertisements the visitor clicked on.

    We:

    We do not have access to the data collected by Indeed and only receive statistical, aggregated data about the reach/success rate of our job advertisements.
    You can find more information about the data processing, the purposes and legal basis of the data processing as well as about your rights vis-à-vis Indeed here.

    Term of storage and control options:

    The session cookie set by Indeed is valid for 30 days.

    In addition, you can prevent Indeed from collecting and processing the Data by deleting the cookie in your browser, completely deactivating the storage of cookies, selectively accepting certain cookies and, if necessary, setting your browser to notify you, if a cookie should be set. Please use the help functions of your browser to find out how to change these settings. This may limit the functionality of our website.
    Deactivate in Firefox
    Deactivate in Internet Explorer
    Deactivate in Chrome

  • III. Which Data is processed when you contact us?

    Contacting us via contact form or e-mail
    Description and scope of the data processing:

    We collect and process the Data provided by you, such as contact data, your name and your query, when you contact us via e-mail. All Data that you provide to us is transferred between your browser and our servers in encrypted form.

    Purposes of the data processing:
    We process your Data exclusively to handle your query.

    Legal basis:
    We process your Data in order to perform precontractual and contractual measures, that occur on the basis of your query (Art. 6 sec. 1 b GDPR).

    Term of storage and control options:
    We store your Data for as long as we need it for the specific processing purpose. In addition, we store certain Data for the duration of the statutory limitation periods (usually three years, in individual cases up to 30 years) and for as long as is prescribed by statutory retention periods (e.g. as defined in the Commercial Code (HGB), the Fiscal Code [AO]) (usually ten years).

    Contacting us via chatbot
    Our chatbot Clara will be happy to help you navigate through our career subpages and answer your questions about the application process. The chat process is not stored. If you wish us to store any information about you, you must make it available to us separately, e.g. by e-mail.

  • IV. Which data is processed when you subscribe to our press distribution list, our customer magazine “automotion“ or our newsletter?

    Our subscription services
    Description and scope of the data processing:

    If you would like to subscribe to one of our subscription services (Presseverteiler press distribution list, customer magazine “automotion”, newsletter) we require the following information:

    press distribution list: Salutation, first and last name, e-mail address, medium as well as editorial office, street, postal code and city. You have the option of adding an addendum to the address.

    customer magazine “automotion”: Salutation, first and last name, address and e-mail address. Further Data such as company and department are optional.

    newsletter: Salutation, first and last name and e-mail address. Optionally, you can enter the respective company.

    The registration for the respective subscription service is done as follows:

    press distribution list: Send an e-mail with the above-mentioned data and your wish to be added to the press distribution list to kevin.schrein@iav.de. If you fill in the online form on our website with the above data, an e-mail will likewise be sent to kevin.schrein@iav.de.

    customer magazine “automotion”: If you have provided us with the abovementioned information, in particular your postal address, we will sent our customer magazine “automotion” to the postal address provided.

    newsletter:: After subscribing to our newsletter, our system will send you an e-mail with an activation link to confirm your subscription to the service. This will ensure that you are the owner of the email address you provided. You will only be added to the distribution list once you have confirmed the activation link for receipt in the registration e-mail (so-called double opt-in process). In order to prove the authorisation of your registration and to be able to trace a (possible) misuse of your e-mail address, we store your IP addresses used and the times (date and time) of the registration as well as their confirmation.

    newsletter tracking
    open-tracking: A tracking pixel (=image) embedded in the e-mail captures the time when an e-mail was opened. This may be prevented by your e-mail service provider using automatic image blockers.

    click-tracking: If you click on a link contained in our newsletter, this process will be tracked.

    Purposes of the data processing:
    The purpose of the data processing is your wish to subscribe to one of our services and to receive the corresponding information.
    We use newsletter tracking to evaluate “whether” and “how” our newsletter is used and to improve the design and content of the newsletter.

    Legal basis:
    Legal basis for the processing of your data in connection with the registration to one of our subscription services as well as its execution is your consent according to Art. 6 sec. 1 a GDPR.

    Term of storage and control options:
    If you are no longer interested in the subscription service, you can unsubscribe at any time. Your Data will then be removed from the mailing list immediately.

    press distribution list:
    If you would like to unsubscribe from our press distribution list, you can do so by clicking the unsubscribe link at the end of each press distribution list e-mail.

    customer magazine „automotion“: If you are no longer interested in the customer magazine automotion, you can unsubscribe at any time by sending an e-mail to automotion@iav.com.

    newsletter: If you would like to unsubscribe from our newsletter, you can do so by clicking on the unsubscribe link at the end of each newsletter e-mail or by sending us an e-mail to events@iav.com.

    If you do not click on the newsletter activation link sent to you by e-mail within 30 days (double opt-in process), the activation link will be invalid and your Data (IP address and date/time of registration) will be deleted.

  • V. Who receives your Data?

    Departments within IAV GmbH
    Within IAV, access to your Data shall only be provided to those departments / persons who require this for the purposes described.

    Service providers that support us
    We will transmit your Data to our service providers, e.g. in the fields of

    • IT services;
    • Post and telecommunications;
    • Advice, legal advice,;
    • Compliance and data protection;
    • distribution and advertising;
    • Operation and maintenance of our websites,;
    • as well as communication, e.g. via our chat form and customer service (telephone and e-mail).;

    These service providers are contractually obliged to maintain confidentiality and fulfill the requirements under data protection law. Service providers that are processors have signed a corresponding contract, which guarantees that Data will be processed strictly according to our instructions.

  • VI. What rights do you have and how can you exercise these?

    A. Withdrawal of consent
    You can withdraw any consent you have granted to the processing of your Data at any time and with effect for the future. Please note that the withdrawal will have no impact on the legality of the previous data processing and that it does not extend to such data processing for which statutory authorisation exists and which can therefore be performed without your consent.

    B. Other rights of data subjects
    According to Art. 15 to 21 and 77 of the GDPR and if the conditions are met, you are furthermore entitled to the following rights.

    Access:
    You can at any time demand provision of information on the Data of yours that we process and demand a copy of the Data stored on you, Art. 15 GDPR. Please note that further copies of the Data stored on you may be subject to a charge.

    Correction:
    You can demand the correction of incorrect Data as well as the completion of incomplete Data according to Art. 16 GDPR.

    Erasure:
    You can demand the erasure of your Data. Please note that the erasure does not include Data required for the execution and processing of contracts and to assert, exercise and defend against legal claims as well as Data for which statutory, supervisory or contractual retention obligations exist, Art. 17 GDPR.

    Restriction of processing:
    You can under certain circumstances demand the restriction of the processing, e.g. if you believe that your Data is incorrect, if the processing is illegal or you have raised a complaint about the data processing. This will mean that without your consent your Data may only be processed in a very restricted way, e.g. to assert, exercise or defend against legal claims or to protect the rights of other natural or legal entities, Art. 18 GDPR.

    Objection to the data processing:
    You have the option to object to the data processing for direct advertising purposes at any time. In addition, you can object at any time to data processing performed on the basis of a legitimate interest if there is particular reason for doing so, Article 21 GDPR.

    Data portability:
    You have the right to receive the Data provided by you, which was processed based on your consent or in order to fulfill a contract, in a structured, commonly used and machine-readable format and the right to demand a direct transfer of this Data to third parties within the realms of what is technically possible, Article 20 GDPR.

    C. Contact routes
    You can assert your rights by means of the following Contact details:
    By post at:
    IAV GmbH Ingenieurgesellschaft Auto und Verkehr
    Datenschutzbeauftragter
    Carnotstraße 1
    10587 Berlin

    As well as by email at:
    datenschutzbeauftragter@iav.de.

    D. Right to appeal to the competent data protection supervisory authority
    If you, for example, consider that the processing of your Data is illegal or that your rights described above are not granted to you to the required extent, you have the right to file a complaint to the competent data protection supervisory authority.

    Last revision: May 2020

Use of the whistleblowing portal

  • Privacy Policy for the use of the whistleblowing portal and the processing in the case management system („CMS“)

    The whistleblowing portal and the CMS are used to report cases of misconduct and to record, process and manage these reports.

    This Privacy Policy is designed to give you an overview of which personal data (“Data”) we collect and process when you use the whistleblowing portal and what rights you have in relation to the processing of your Data.

  • I. Who are we and how can you contact us?

    We,

    IAV GmbH Ingenieurgesellschaft Auto und Verkehr („IAV“)
    Carnotstraße 1
    10587 Berlin

    operate the whistleblowing portal as well as the CMS for the IAV Group (consulting4Drive GmbH, CPU 24/7 GmbH, IAV Cars GmbH, IAV Fahrzeugsicherheit GmbH & Co. KG., TRE GmbH, IAV Automotive Engineering Inc., IAV S.A.S.U., IAV U.K. Ltd., IAV Automotive Engineering (Shanghai) Co., Ltd., IAV India Private Ltd., IAV do Brasil Ltda., IAV Korea Co., Ltd., IAV Automotive Engineering AB, IAV Co., Ltd.) and are responsible for protecting your Data.

    If you have any questions regarding the processing of data, regarding your rights or this Privacy Policy, please do not hesitate to contact our Group Data Protection Officer. He can be reached by post at:

    IAV GmbH Ingenieurgesellschaft Auto und Verkehr
    Datenschutzbeauftragter
    Carnotstraße 1
    10587 Berlin

    As well as by email at: datenschutzbeauftragter@iav.de.

  • II. Which Data are processed when using the whistleblower portal and in the CMS?

    Description and scope of the data processing:
    Via the whistleblowing portal, misconducts can be reported to us by phone or web message. These reports are recorded, processed and managed in the CMS.

    Reporter:
    If, as a reporter, you have decided not to make an anonymous report and provide us with your name and contact details, we process this information.

    persons about whom reports are received, including
    witnesses
    :
    If we receive Data in the context of a report, we process the information provided to us. As a rule, this will be your name, company affiliation, conduct and, if applicable, contact details.

    Purposes of the data processing:
    The recording of reports as well as their processing and administration serve to uncover misconducts. The whistleblowing portal provides us with information regarding potential violations of applicable laws, our codes of conduct or ethical principles and allows us to efficiently process and manage these reports in the CMS and to retain the information for possible administrative or criminal investigations.

    Legal basis:
    The data processing described above is based on the legal obligation to maintain an anonymous whistleblowing portal (Art. 6 Sec. 1 c GDPR in conjunction with the Whistleblower Directive) and on legitimate interests (Art. 6 Sec. 1 f GDPR), namely the detection and prevention of misconduct.

    Term of storage and control options:
    We store the data only as long as we need it for the purposes described above. After completion of the handling, the records are soon deleted or anonymized, unless storage is necessary for purposes of legal defence/ enforcement or criminal prosecution.

  • III. Log-Files

    Description and scope of the data processing:
    When visiting the whistleblowing portal’s website, the following data is automatically transmitted by your browser:
    • Information about the browser type and the version used,
    • Your operating system,
    • Your IP address,
    • Date and time of access,
    • Websites from which the system reaches the whistleblowing portal (referrer URL).

    Purposes of the data processing:
    The temporary storage of the IP address by the system is necessary in order to enable the user’s electronic device to receive the requested Data. For this purpose, the IP address of the user must be stored for the duration of the session. Other Data is stored in log files to ensure the functionality of the whistleblowing portal’s website. The Data is also used to help us prevent malfunctions and misuse of our systems, to ensure the long-term functionality and security of the whistleblowing portal and information technology systems, and to provide prosecuting authorities with the information necessary for prosecution in the event of a cyber attack

    Legal basis:
    We store this Data temporarily on the basis of legitimate interests (Art. 6 sec. 1 f GDPR). Our legitimate interest lies in achieving the purposes described above.

    Term of storage and control options:
    The Data will be erased if they are no longer necessary to achieve the purposes. Log files are erased after two weeks at the latest, unless a longer storage period is necessary to comply with contractual or legal obligations. Data, the further storage of which is needed for evidence purposes, are excluded from erasure until the respective incident has been finally clarified.

  • IV. Cookies

    Description and scope of the data processing:
    When you visit the whistleblowing portal’s website, we set so-called cookies. These are small text files that are stored on your device. Cookies typically contain a distinctive string of characters, the so-called cookieID, which identify your browser when revisiting the website.
    We use session cookies to better ensure communication within a session.

    Purposes of the data processing:
    The session cookies serve to better ensure communication.

    Legal basis:
    We use cookies on the basis of legitimate interests (Art. 6 sec. 1 f GDPR). Our legitimate interest lies in achieving the purposes described above.

    Term of storage and control options:
    Session cookies are automatically removed two hours after closing the browser.
    You have total control over the use of cookies and can delete cookies in your browser, you can deactivate the storage of cookies completely, accept only certain cookies selectively and possibly set up your browser in a way that it notifies you when a cookie is to be set. To learn how to change these settings, please use the help feature of your browser. Please note that this can restrict the functionality of our website.

    Deactivate in Firefox
    Deactivate in Internet Explorer
    Deactivate in Chrome

  • V. Who receives your Data and to which countries is your Data transferred

    Departments within IAV Group
    Within IAV, access to your Data shall only be provided to those departments / persons who require this for the purposes described, so called authorized users. Authorizations are granted according to the need-to-know principle. In the case of reports that concern one of our subsidiaries, the employees responsible for compliance at the respective subsidiary are generally involved in the processing of the report. In this process, data is transferred to the country in which the subsidiary is located. In the case of some of the subsidiaries, this involves a data transfer to a country outside the EU/EEA, a so-called third country (USA, China, India, Brazil, South Korea, Japan). Insofar as the existence of a level of data protection comparable to that in the EU has not already been confirmed for these countries by an adequacy decision of the EU Commission, we contractually secure the existence of such a level of data protection at the respective subsidiary by means of the EU standard contractual clauses.

    Service providers that support us
    We transmit your Data to service providers who support us in the operation of the whistleblowing portal and the CMS, especially the hosting.

    These service providers are contractually obliged to maintain confidentiality and fulfill the requirements under data protection law. Service providers that are processors have signed a corresponding contract, which guarantees that Data will be processed strictly according to our instructions.

  • VI. What rights do you have and how can you exercise these?

    A. Withdrawal of consent

    You can withdraw any consent you have granted to the processing of your Data at any time and with effect for the future. Please note that the withdrawal will have no impact on the legality of the previous data processing and that it does not extend to such data processing for which statutory authorisation exists and which can therefore be performed without your consent.

    B. Other rights of data subjects

    According to Art. 15 to 21 and 77 of the GDPR and if the conditions are met, you are furthermore entitled to the following rights.

    Access:
    You can at any time demand provision of information on the Data of yours that we process and demand a copy of the Data stored on you, Art. 15 GDPR. Please note that further copies of the Data stored on you may be subject to a charge.

    Correction:
    You can demand the correction of incorrect Data as well as the completion of incomplete Data according to Art. 16 GDPR.

    Erasure:
    You can demand the erasure of your Data. Please note that the erasure does not include Data required for the execution and processing of contracts and to assert, exercise and defend against legal claims as well as Data for which statutory, supervisory or contractual retention obligations exist, Art. 17 GDPR.

    Restriction of processing:
    You can under certain circumstances demand the restriction of the processing, e.g. if you believe that your Data is incorrect, if the processing is illegal or you have raised a complaint about the data processing. This will mean that without your consent your Data may only be processed in a very restricted way, e.g. to assert, exercise or defend against legal claims or to protect the rights of other natural or legal entities, Art. 18 GDPR.

    Objection to the data processing:
    You have the option to object to the data processing for direct advertising purposes at any time. In addition, you can object at any time to data processing performed on the basis of a legitimate interest if there is particular reason for doing so, Article 21 GDPR.

    C. Contact routes

    You can exercise your rights through the contact routes mentioned above under I.

    D. Right to appeal to the competent data protection supervisory authority

    If you, for example, consider that the processing of your Data is illegal or that your rights described above are not granted to you to the required extent, you have the right to file a complaint to the competent data protection supervisory authority.

    Last revision: Mai 2020

Business partners

  • Business partners and employees of business partners of IAV

    In the following we inform you about how we process your personal data (“Data”) as a business partner or employee of a business partner. The protection of your Data is very important to us. This Privacy Policy is designed to give you an overview of which Data we collect and process and what rights you have in relation to the processing of your Data.

  • I. Who are we and how can you contact us?

    We,

    IAV GmbH Ingenieurgesellschaft Auto und Verkehr („IAV“)
    Carnotstraße 1
    10587 Berlin

    are responsible for protecting your Data. If you have any questions regarding the processing of Data, regarding your rights or this Privacy Policy, please do not hesitate to contact our Group Data Protection Officer. He can be reached by post at:

    IAV GmbH Ingenieurgesellschaft Auto und Verkehr
    Datenschutzbeauftragter
    Carnotstraße 1
    10587 Berlin

    As well as by email at: Datenschutzbeauftragter@iav.de.

  • II. Which Data do we process and how do we obtain the Data?

    If you are our business partner or an employee of one of our business partners, we process your Data which we receive in the context of our business relationship with you or your employer.

    These are in particular Data that are processed when using our IT systems and if you or your colleagues have contact with our employees.

    In this context, the following categories of Data are processed by us:

    Professional contact and organisational data: e.g. name, first name, title, academic degree, gender, name of the company you work for, department, e-mail address, postal address, telephone number;
    Data on professional circumstances: e.g. job title, tasks, occupation, qualifications, advanced training and education, language skills, job-related assessments;
    IT usage data: e.g. user ID, roles and rights, login times, computer name, IP address, user-specific settings, change documentation, log data;
    Online data: e.g. IP address, location data, cookie data, data from analysis and tracking tools, websites accessed, log data;
    Photos;
    Information on work resources received and allocation plans: e.g. mobile phones, tablets, laptops, access authorisations;
    Vehicle data: e.g. model, make, registration number, driving behaviour, position data, video and audio data during vehicle use;
    Others: In addition, we may process other Data that is provided within the interaction with our employees or Data that we have collected about you from publicly available sources (e.g. commercial register, credit agencies, SCHUFA, press, publications) and statements with regard to data protection, such as declarations of consent to the processing of personal data.

  • III. Purposes and legal bases of data processing

    1. Preparation, execution and termination of a business relationship between us and you or the business partner you work for

    In order to evaluate and preselect suppliers and to prepare audits in the field of quality management, we process in particular professional contact and organisational data.

    For general communication, processing service contracts, appointment organisation, event and participant management, billing between us and the business partner, bookkeeping and debt collection, reporting, administration, fulfilment of tax control and notification obligations, we process, in particular, your professional contact data.

    Within the scope of (joint) project work, we use databases and tools in which contact persons are stored and user accounts are created (see also section 3 for the latter). In particular, we process professional contact data, online data and IT usage data.

    We process the Data on the basis of the following legal bases:

    – Contract initiation and execution if you are in person our business partner (Art. 6 sec. 1 lit. b GDPR)
    – Fulfilment of legal obligations (Art. 6 sec. 1 lit. c GDPR in conjunction with legal and administrative requirements, e.g. from tax and commercial law)
    – Prevailing legitimate interests (Art. 6 sec. 1 f GDPR): Our legitimate interest lies in the functioning and practicable cooperation with our business partners.

    2. Generating and administering access authorisations to premises, buildings, test areas and issuing key cards and tokens

    In order to issue visitor passes and access authorisations, identify visitors and authorised persons, administer visitors, issue entry and/or parking authorisations for visitor vehicles, we process, in particular, professional contact and organisational data, IT usage data, photos and other data relating to the resource handed over.

    We process the Data on the basis of the following legal bases:

    – Contract initiation and execution if you are in person our business partner (Art. 6 sec. 1 lit. b GDPR)
    – Prevailing legitimate interests (Art. 6 sec. 1 f GDPR): Our legitimate interest lies in the protection of our business and trade secrets and our house rights by means of controlling the access rights to our buildings and premises.

    3. IT-Administration

    In order to allocate IT system access, administration of authorisations, IT support, proof of changes to information in IT systems, unambiguous identification of the user for the secure operation of IT systems, detection and tracking of unauthorised access attempts and accesses, we process, in particular, professional contact data, online data and IT usage data.

    We process the Data on the basis of the following legal basis:

    – Prevailing legitimate interests (Art. 6 sec. 1 f GDPR): Our legitimate interest lies in ensuring the security and integrity of the IT systems used, the troubleshooting, the tracking of unauthorized access and access attempts and the fulfillment of our obligations in the area of data security.

    4. Safeguarding and defending our rights and disclosure in the context of administrative/judicial measures

    For the exercise and assertion of rights and claims, disclosure within the framework of national, European or non-European administrative/judicial measures for the purposes of gathering evidence, criminal prosecution, for the execution of internal investigations, within the framework of legal defence, preparation of the assertion of claims and assertion of civil law claims, processing of enquiries of data subjects in accordance with the GDPR, we process, in particular, professional contact and organisational data, data on professional conditions, IT usage data, online data, photos, information on work resources received and allocation plans, vehicle data and other Data which can contribute to clarifying the facts of the case.

    We process the Data on the basis of the following legal bases:

    – Fulfilment of legal obligations (Art. 6 sec. 1 lit. c GDPR in conjunction with legal and administrative requirements, e.g. from tax and commercial law)
    – Prevailing legitimate interests (Art. 6 sec. 1 f GDPR): Our legitimate interest lies in the assertion and defence of our rights and the fulfilment of legal and administrative requirements.

    5. Direct marketing

    In order to carry out surveys, market analyses, to inform you about our competences and projects as well as to send out event invitations and Christmas post, we particularly process your professional contact data.

    We process the Data on the basis of the following legal bases:

    – Consent (Art. 6 sec. 1 lit. a GDPR)
    – Prevailing legitimate interests (Art. 6 sec. 1 f GDPR): Our legitimate interest lies in the optimisation of our business processes and the long-term loyalty of our business partners.

  • IV. How long do we store your Data?

    We store your Data as long as we need it for the specific processing purpose. We regularly store your Data for at least the duration of the business relationship with you or the business partner you work for.

    In addition, we store certain Data for the duration of statutory limitation periods (usually 3 years, in individual cases up to 30 years) and as long as statutory retention periods (e.g. from the German Commercial Code, the Tax Code) stipulate (generally a maximum of 10 years).

    Under certain circumstances, your Data must also be retained for a longer period of time, e.g. if, in connection with an administrative or judicial procedure, a prohibition of data dele-tion is ordered for the duration of the procedure or in case of documents concerning, for example, the construction phase of our products must be retained for a longer period of time due to product liability reasons.

  • V. Who receives your Data?

    Departments within IAV

    Within IAV, access to your Data shall only be provided to those departments / persons who require this for the purposes described.

    Service providers that support us
    We will transfer your Data to our service providers, e.g. in the fields of
    • IT services,
    • Development services,
    • Event services,
    • Post and telecommunications,
    • Advice, legal advice, insurances,
    • Compliance and data protection,
    • Distribution and marketing
    • as well as communication.

    These service providers are contractually obliged to maintain confidentiality and fulfill the requirements under data protection law. Service providers that are processors have signed a contract, which guarantees that Data will be processed strictly according to our instructions.

    Others
    As part of the project work, we may also transmit Data to project partners such as affiliates of IAV or universities.

    In addition, we transmit your Data to national, European or non-European authorities (e.g. tax office, police, public prosecutor’s office, social insurance carriers) or courts within the scope of their respective responsibilities, if we are obliged to do so by law or by order.

    Also, in these cases we transfer your Data only in so far as this is necessary for the respective purposes.

  • VI. Do you have an obligation to provide any Data?

    As far as we need Data in connection with the execution/handling of the business relationship as well as the projects, you are obliged to make them available, as otherwise we are not able to provide the services owed by us.

    If you are obliged by law to provide us with Data, we will point this out to you when collecting the Data.

  • VII. Are Data transferred to a third country?

    We try to avoid transferring your Data to a third country, i.e. a country outside the Europe-an Union or the European Economic Area.

    However, if a transfer should occur because, for example, a service provider or project partner has its head office in a third country, we will only transfer the Data if an adequate level of data protection in the third country is ensured in accordance with an adequacy decision of the European Commission or if appropriate safeguards (such as data protection agreements including the standard contractual clauses of the European Commission or the participation in the EU-US Privacy Shield) can guarantee an adequate protection of Data.

    For instance, our contracts with processors usually contain the conclusion of the standard contractual clauses of the European Commission when the processor is established in a third country. A copy of these guarantees will be provided on request. Please use the con-tact routes mentioned in this privacy policy.

  • VIII. What rights do you have and how can you exercise these?

    A. A. Withdrawal of consent
    You can withdraw any consent you have granted to the processing of your Data at any time and with effect for the future. Please note that the with-drawal will have no impact on the legality of the previous data processing and that it does not extend to such data processing for which statutory authorisation exists and which can therefore be performed without your consent.

    B. Other rights of data subjects
    According to Art. 15 to 21 and 77 of the GDPR and if the conditions are met, you are furthermore entitled to the following rights:

    Access:
    You can at any time demand provision of information on the Data of yours that we process and demand a copy of the Data stored on you, Art. 15 GDPR.

    Correction:
    You can demand the correction of incorrect Data as well as the completion of in-complete Data according to Art. 16 GDPR.

    Erasure:
    You can demand the erasure of your Data. Please note that the erasure does not include Data required for the execution and processing of contracts and to assert, exercise and defend against legal claims as well as Data for which statutory, super-visory or contractual retention obligations exist, Art. 17 GDPR.

    Restriction of processing:
    You can under certain circumstances demand the restriction of the processing, e.g. if you believe that your Data is incorrect, if the processing is illegal or you have raised a complaint about the data processing. This will mean that without your con-sent your Data may only be processed in a very restricted way, e.g. to assert, exer-cise or defend against legal claims or to protect the rights of other natural or legal entities, Art. 18 GDPR.

    Objection to the data processing:
    You have the option to object to the data processing for direct advertising purposes at any time. In addition, you can object at any time to data pro-cessing performed on the basis of a legitimate interest if there is particular reason for doing so, Article 21 GDPR.

    Data portability:
    You have the right to receive the Data provided by you, which was processed based on your consent or in order to fulfill a contract, in a structured, commonly used and machine-readable format and the right to demand a direct transfer of this Data to third parties within the realms of what is technically possible, Article 20 GDPR.

    C. Contact routes
    You can exercise your rights by means of the following contact details:

    By post at:
    IAV GmbH Ingenieurgesellschaft Auto und Verkehr
    Data Protection Officer
    Carnotstraße 1
    10587 Berlin

    As well as by email at: Datenschutzbeauftragter@iav.de.

    D. Right to appeal to the competent data protection supervisory authority
    If you, for example, consider that the processing of your Data is illegal or that your rights described above are not granted to you to the required extent, you have the right to file a complaint to the competent data protection supervisory authority.

    Status: May 2020

Candidates and applicants

  • Candidates and applicants of IAV

    You have the opportunity to create a candidate profile via our career’s portal, apply for open positions at IAV and request information on vacancies and career topics at IAV.

    This Privacy Policy is designed to give you an overview of which personal data (“Data”) we collect and process when you visit our websites and contact us and what rights you have in relation to the processing of your Data.

  • I. Who are we and how can you contact us?

    We,

    IAV GmbH Ingenieurgesellschaft Auto und Verkehr („IAV“)
    Carnotstraße 1
    10587 Berlin

    are responsible for protecting your Data.
    If you have any questions regarding the processing of data, regarding your rights or this Privacy Policy, please do not hesitate to contact our Group Data Protection Officer. He can be reached

    By post at:
    IAV GmbH Ingenieurgesellschaft Auto und Verkehr
    Data Protection Officer
    Carnotstraße 1
    10587 Berlin

    As well as by email at:
    Datenschutzbeauftragter@iav.de

  • II. Which Data is processed and why?

    A. Log-Files
    Description and scope of the data processing:

    When you visit our website your browser automatically transmits the following Data:
    • Information about the browser type and version used
    • the user´s operating system
    • the Internet service provider of the user
    • the IP address of the user
    • date and time of access, date and time of the last access
    • websites from which the user’s system accesses the career portal (referrer URL)

    Purposes of the data processing:
    The temporary storage of the IP address by the system is necessary in order to enable the user’s electronic device to receive the requested Data. For this purpose, the IP address of the user must be stored for the duration of the session. Other Data is stored in log files to ensure the functionality of the website. The Data is also used to optimize the content of our website, to help us prevent malfunctions and misuse of our systems, to ensure the long-term functionality and security of our website and information technology systems, and to provide prosecuting authorities with the information necessary for prosecution in the event of a cyber-attack. We also need the log files so that you can register and login to our career portal and to determine how long you have not used our career portal.

    Legal basis:
    We store this Data temporarily on the basis of legitimate interests (Art. 6 sec. 1 f GDPR). Our legitimate interest lies in achieving the purposes described above.

    Term of storage and control options:
    The Data will be erased if they are no longer necessary to achieve the purposes. Log files are erased after 6 month at the latest.

    B. Cookies
    Description and scope of the data processing:

    When you visit our career portal, we set so-called cookies. These are small text files that are stored on your device. Cookies typically contain a distinctive string of characters, the so-called cookieID, which identify your browser when revisiting the website.

    name rmk0, rmk1
    type of cookie session cookies
    description Cookies that communicate your encrypted e-mail address and your encrypted user ID to our server so that you can register and log in to our career portal. These cookies are technically necessary.

    name JSESSIONID
    type of cookie session cookie
    description Cookie, which ensures that your user session is maintained. This cookie is technically necessary.

    Purposes of the data processing:
    The purpose of the cookies is to enable you to register and log in to our career portal and to guarantee certain functionalities of the career portal.

    Legal basis:
    We use cookies on the basis of legitimate interests (Art. 6 sec. 1 f GDPR). Our legitimate interest lies in ensuring the functioning of the career portal and their user-friendly operability.

    Term of storage and control options:
    Session cookies are automatically removed after closing the browser. Permanent cookies remain permanently on your device.
    You have total control over the use of cookies and can delete cookies in your browser, you can deactivate the storage of cookies completely, accept only certain cookies selectively and possibly set up your browser in a way that it notifies you when a cookie is to be set. To learn how to change these settings, please use the help feature of your browser.

    Deactivate in Firefox
    Deactivate in Internet Explorer
    Deactivate in Chrome

    Please note that registration, login and use of our career portal is not possible if you do not accept the technically necessary cookies.

    C. User account
    Description and scope of the data processing:

    To apply for jobs at IAV, you require a user account in our Careers Portal.
    When you create a user account in our careers portal, we record your e-mail address, password, first and last name and the country where you live. We also record whether you have agreed to our terms of use.
    Fields marked with an asterisk are required fields. If you do not fill in these fields, you will not be able to create an account.
    We also create a candidate ID.

    Purposes of the data processing:
    We record your name and e-mail address in order to be able to assign the user account to a specific person. We record the country in which you live so that we can provide you with our career portal in a suitable language. Using the candidate ID, we can assign you internally and record when you last logged in so that we can delete your user account after the deadline.

    Legal Basis:
    The legal basis for the data processing is Sec. 26 BDSG (Federal Data Protection Act) in conjunction with Art. 6 sec. 1 b GDPR.

    Term of storage and control options:
    We store your Data as long as your user account exists in our career portal. You have the possibility to delete your user account at any time. In this case we will delete your Data. If you do not use your user account for a period of 18 months, it will be automatically deleted. We will inform you by e-mail about the imminent deletion. If you are hired by IAV, your external user account will be transferred to an internal user account.

    D. Candidate Profile
    Description and scope of the data processing:

    You can create a candidate profile in our career portal. In the candidate profile, we record the additional Data requested there. This includes your basic Data (e.g., contact Data for academic titles, nationality), your qualifications (e.g., highest level of education, university, place of study), language skills (e.g., language and level), information about mobility (willingness to travel, relocate, driver’s license), and your preferred place of work. You can also upload your resume in the candidate profile.
    You must create a candidate profile if you want to apply for a job at IAV. Fields that are marked with an asterisk are mandatory fields. You cannot apply if these fields are not filled out.
    You can also create a candidate profile if you do not want to apply for a specific job.
    Candidates who have created a candidate profile are part of the IAV Candidate Pool, which means that we use your Data to check whether certain vacancies are of interest to you. If you have consented to us informing you of vacancies at IAV, we will write to you by e-mail and draw your attention to these vacancies (see II F).

    Purposes of the data processing:
    We collect your Data to check whether vacancies at IAV might be of interest to you and so that you can apply for a job with us.

    Legal basis:
    The legal basis for the data processing is Sec. 26 BDSG (Federal Data Protection Act) in conjunction with Art. 6 sec. 1 b GDPR. We process voluntary information on the basis of Sec. 26 para. 1 BDSG in conjunction with Art. 6 1 f GDPR.

    Term of storage and control options:
    We store your Data as long as your user account exists in our career portal. You can change or delete individual details and documents in the candidate profile at any time or delete your user account altogether. If you do not use your user account for a period of 18 months, your user account will be automatically deleted. We will inform you by e-mail about the imminent deletion. When you are hired by IAV, your external candidate profile is transferred to an internal candidate profile.

    E. Applications
    Description and scope of the data processing:

    If you would like to apply for a position, we need the mandatory information from your candidate profile, your CV, your cover letter, your job references and your salary expectations. We also process Data and documents that you voluntarily provide in your candidate profile or in the documents you submit. We record the positions for which you are applying and the course of the application process, in particular whether and when you have been invited for an interview, the feedback on your application and interview from the advertised positions, HR staff and internal participants in the recruitment process, and the correspondence we have had with you.

    Purposes of the data processing:
    We use your Data for the purpose of processing your application and to carry out the application procedure.

    Legal basis:
    The legal basis for the data processing is Sec. 26 BDSG (Federal Data Protection Act) in conjunction with Art. 6 sec. 1 b GDPR. We process voluntary information on the basis of Sec. 26 para. 1 BDSG in conjunction with Art. 6 1 f GDPR.

    Term of storage and control options:
    If no employment relationship is established, we will store your application documents for a maximum of 6 months from the date of notification of rejection, after which your Data will be anonymised and your application documents deleted. If you withdraw your application, your Data will be made anonymous and your application documents deleted. If you are hired, your Data will be transferred to the Human Resources system and used there for the purposes of the employment relationship, and your application documents will be deleted from the application system.

    F. Request for further information
    Description and scope of the data processing:

    You can click when creating the user account or later in your user account that you want to receive notifications of new job postings. If you do so, we will send you information on job vacancies at IAV to the e-mail address you provide. You can also click to indicate that you wish to keep informed about career opportunities and events at IAV. In this case, we will send you information on general career opportunities at IAV and on career events (e.g. trade fairs, career days) by e-mail.

    Purposes of the data processing:
    We process your Data to send you the requested information.

    Legal basis:
    The legal basis for the data processing is Sec. 26 BDSG (Federal Data Protection Act) in conjunction with Art. 6 sec. 1 a GDPR.

    Term of storage and control options:
    You can revoke your consent at any time with effect for the future by unchecking the box “Keep informed about career opportunities and events” or “Receive notifications of new job postings” in the “Search options and privacy” section of your user account or by clicking on the unsubscribe link in the e-mails. If you withdraw your consent, we will no longer send you the information.

  • III. Who receives your Data?

    A. Departments within IAV
    Within IAV, access to your Data shall only be provided to those departments / persons who require this for the purposes described, especially these are the bodies issuing the advertisements, the responsible HR employees and persons involved in the approval process.

    B. Service providers that support us
    We will transmit your Data to our service providers, e.g. in the fields of the operation of the career portal
    For the operation of the career portal
    • For the operation of the career portal
    • IT services,
    • Post and telecommunications,
    • Advice, legal advice,
    • Data protection,
    • Distribution and advertising,
    • Operation and maintenance of our website,

    These service providers are contractually obliged to maintain confidentiality and fulfill the requirements under data protection law. Service providers that are processors have signed a corresponding contract, which guarantees that Data will be processed strictly according to our instructions.

  • IV. What rights do you have and how can you exercise these?

    A. Withdrawal of consent
    You can withdraw any consent you have granted to the processing of your Data at any time and with effect for the future. Please note that the withdrawal will have no impact on the legality of the previous data processing and that it does not extend to such data processing for which statutory authorisation exists and which can therefore be performed without your consent.

    B. Other rights of data subjects
    According to Art. 15 to 21 and 77 of the GDPR and if the conditions are met, you are furthermore entitled to the following rights.

    Access:
    You can at any time demand provision of information on the Data of yours that we process and demand a copy of the Data stored on you, Art. 15 GDPR. Please note that further copies of the Data stored on you may be subject to a charge.

    Correction:
    You can demand the correction of incorrect Data as well as the completion of incomplete Data according to Art. 16 GDPR.

    Erasure:
    You can demand the erasure of your Data. Please note that the erasure does not include Data required for the execution and processing of contracts and to assert, exercise and defend against legal claims as well as Data for which statutory, supervisory or contractual retention obligations exist, Art. 17 GDPR.

    Restriction of processing:
    You can under certain circumstances demand the restriction of the processing, e.g. if you believe that your Data is incorrect, if the processing is illegal or you have raised a complaint about the data processing. This will mean that without your consent your Data may only be processed in a very restricted way, e.g. to assert, exercise or defend against legal claims or to protect the rights of other natural or legal entities, Art. 18 GDPR.

    Objection to the data processing:
    You have the option to object to the data processing for direct advertising purposes at any time. In addition, you can object at any time to data processing performed on the basis of a legitimate interest if there is particular reason for doing so, Article 21 GDPR.

    Data portability:
    You have the right to receive the Data provided by you, which was processed based on your consent or in order to fulfill a contract, in a structured, commonly used and machine-readable format and the right to demand a direct transfer of this Data to third parties within the realms of what is technically possible, Article 20 GDPR.

    C. Contact routes
    You can assert your rights by means of the following Contact details:
    By post at: IAV GmbH Ingenieurgesellschaft Auto und Verkehr
    Datenschutzbeauftragter
    Carnotstraße 1
    10587 Berlin

    As well as by email at: Datenschutzbeauftragter@iav.de.

    D. Right to appeal to the competent data protection supervisory authority
    If you, for example, consider that the processing of your Data is illegal or that your rights described above are not granted to you to the required extent, you have the right to file a complaint according to Art. 77 GDPR to the competent data protection supervisory authority.

    Last revision: January 2020

Video surveillance

  • Video surveillance at the locations of IAV

    The locations of IAV are monitored with several cameras inside and outside the buildings. This Privacy Policy applies to video surveillance measures that are identified by a corresponding sign with a link to this Privacy Policy.
    This Privacy Policy is designed to give you an overview of which personal data (hereinafter: Data) we collect and process when you visit our locations and what rights you have in relation to the processing of your Data.

  • I. Who are we and how can you contact us?

    We,

    IAV GmbH Ingenieurgesellschaft Auto und Verkehr („IAV“)
    Carnotstraße 1
    10587 Berlin

    are responsible for protecting your Data.
    If you have any questions regarding the processing of data, regarding your rights or this Privacy Policy, please do not hesitate to contact our Group Data Protection Officer. He can be reached
    By post at:
    IAV GmbH Ingenieurgesellschaft Auto und Verkehr
    Datenschutzbeauftragter
    Carnotstraße 1
    10587 Berlin

    As well as by email at: Datenschutzbeauftragter@iav.de.

  • II. Which Data is processed in the context of video surveillance?


    Description and scope of the data processing:

    We have placed video surveillance systems inside and outside the buildings of IAV (especially building parts, entrance areas, corridors), as well as on the premises of IAV. These video cameras record what is happening in the monitored areas at any time. The recordings may contain IAV staff as well as external staff in the monitored areas. The recordings, as well as the date and time of the recording, are stored temporarily.
    In certain strictly defined cases (in particular suspicion of a crime on the premises of IAV), the recordings are stored separately and can be viewed by certain IAV employees.

    Purposes of the data processing:
    Video surveillance is used to exercise our domiciliary rights. Among other things, it is necessary in order to detect security-relevant incidents at an early stage and to enable rapid intervention. It also serves to prevent dangers to the life and limb of persons due to attacks by third parties. In addition, it serves to prevent dangers from theft, burglary and vandalism on the premises. In the event that such actions nevertheless occur, data processing also serves the purpose of documentation and criminal or civil prosecution of such actions. In addition, data processing is necessary so that missing or wanted persons can be found quickly on the premises.

    Legal basis:
    We carry out video surveillance in accordance with Art. 6 Sec. 1 lit. c) GDPR in conjunction with the company agreement on the use of a video surveillance system at IAV (all locations) and on the basis of legitimate interests in accordance with Art. 6 Sec. 1 lit. f GDPR. Our legitimate interests are to protect the lives and health of persons on the premises and the property of IAV, its employees and visitors. Our legitimate interest in the storage of data lies in the subsequent preservation of evidence.

    Term of storage and control option/ erasure:
    The data will as a general rule be deleted by us after eight working days at the latest. Saturdays and days on which the employees of IAV are not obliged to work (free shift days) shall not be considered working days. In addition, we only store the Data if there is a special legal reason for doing so, such as suspicion of a criminal offence on IAV’s premises or the legal obligation to retain data.

  • III. Who receives your Data?

    Within IAV, only a limited number of authorized employees have access to the Data.

  • IV. What rights do you have and how can you exercise these?

    A. Your rights as a data subject

    According to Art. 15 to 21 and 77 of the GDPR and if the conditions are met, you are entitled to the following rights.:

    Access:
    You can at any time demand provision of information on the Data of yours that we process and demand a copy of the Data stored on you, Art. 15 GDPR. Please note that further copies of the Data stored on you may be subject to a charge.

    Correction:
    You can demand the correction of incorrect Data as well as the completion of incomplete Data according to Art. 16 GDPR.

    Erasure:
    You can demand the erasure of your Data. Please note that the erasure does not include Data required for the execution and processing of contracts and to assert, exercise and defend against legal claims as well as Data for which statutory, supervisory or contractual retention obligations exist, Art. 17 GDPR.

    Restriction of processing:
    You can under certain circumstances demand the restriction of the processing, e.g. if you believe that your Data is incorrect, if the processing is illegal or you have raised a complaint about the data processing. This will mean that without your consent your Data may only be processed in a very restricted way, e.g. to assert, exercise or defend against legal claims or to protect the rights of other natural or legal entities, Art. 18 GDPR.

    Objection to the data processing:
    You have the option to object to the data processing for direct advertising purposes at any time. In addition, you can object at any time to data processing performed on the basis of a legitimate interest if there is particular reason for doing so, Article 21 GDPR.

    Data portability:
    You have the right to receive the Data provided by you, which was processed based on your consent or in order to fulfill a contract, in a structured, commonly used and machine-readable format and the right to demand a direct transfer of this Data to third parties within the realms of what is technically possible, Article 20 GDPR.

    B. Contact routes

    You can assert your rights by means of the following Contact details:
    By post at:
    IAV GmbH Ingenieurgesellschaft Auto und Verkehr
    Datenschutzbeauftragter
    Carnotstraße 1
    10587 Berlin
    As well as by email at: Datenschutzbeauftragter@iav.de.

    C. Right to appeal to the competent data protection supervisory authority

    If you, for example, consider that the processing of your Data is illegal or that your rights described above are not granted to you to the required extent, you have the right to file a complaint to the competent data protection supervisory authority.

    Last revision: August 2019

Camera test drives

  • Performance of camera test drives

    We, IAV, are one of the world’s leading engineering service providers for the automotive industry. Our core competencies include solutions suitable for series production in all areas of electronics, powertrain and vehicle development. Since 1995 we have been researching various technologies around automated driving. In this context, the recording of the vehicle environment during test drives is also indispensable for us.

    When carrying out these camera test drives, it is unavoidable that you as a person and/or your personal data, such as the license plates of your vehicle, are visible on the recordings, possibly in the background. The identification of your person is not the subject of our data processing. According to the provisions of the EU General Data Protection Regulation (GDPR), however, we are obliged to inform you how we handle these recordings.

    The protection of your personal data (“Data”) is very important to us. This Privacy Policy is designed to give you an overview of which Data we collect and process when you visit our websites and contact us and what rights you have in relation to the processing of your Data.

  • I. Who are we and how can you contact us?

    We,

    IAV GmbH Ingenieurgesellschaft Auto und Verkehr („IAV“)
    Carnotstraße 1
    10587 Berlin

    are responsible for protecting your Data.

    If you have any questions regarding the processing of data, regarding your rights or this Privacy Policy, please do not hesitate to contact our Group Data Protection Officer. He can be reached

    by post at:
    IAV GmbH Ingenieurgesellschaft Auto und Verkehr
    Data Protection Officer/Datenschutzbeauftragter
    Carnotstraße 1
    10587 Berlin

    As well as by email at: Datenschutzbeauftragter@iav.de.

  • II. Which Data is processed during camera test drives?

    When we do camera test drives, we use camera (sensors) on and in the vehicle to create recordings. The recordings are made both on internal test sites and in public traffic areas (usually on public roads). You as a person and/or your Data, e.g. vehicle license plate or nameplate on the front door of a building or inscriptions on building facades may be recorded.

  • III. For which purposes do we process the Data?

    The Data is processed for research and development purposes mainly in the field of automated driving:

    Automated driving is a hopeful aspect to meet the increasing mobility needs of our society. However, an automated vehicle must be able to cope with a number of complex situations, including determining and maintaining vehicle spacing and recognizing lanes and obstacles. Camera test drives help us to develop systems that meet these requirements.

    The recordings we produce are used to improve the analysis of the environment in which automated vehicles will move in the future and to test existing tools and tools that are currently in the development process. For this purpose, it is necessary to record the road conditions and the other participants in road traffic. In order to exclude risks in the future, elaborately programmed control systems must therefore be developed. The recordings thus make a decisive contribution to further improving safety in the field of automated driving.

    Video recordings are used to develop, for example, systems for detecting the surroundings of automated vehicles. In addition to cameras, this also includes laser and ultrasonic sensors for distance measurement and for processing further information from the vehicle’s surroundings.

    In addition, camera test drives are useful for analyzing typical situations in road traffic and then simulating them with the help of artificial intelligence. In this way, automated vehicles learn to better assess their environment.

    Finally, camera movements can be used to test existing vehicle features. For example, it is now possible to distinguish objects from persons or to detect the direction of pedestrians and thus react to certain traffic situations.

  • IV. On which legal basis do we process the Data?

    We process the Data on the basis of legitimate interests in accordance with Art. 6 Sec. 1 lit. f GDPR. Our legitimate interest lies in the execution of the research and development projects described under III.

Facebook and Instagram

  • Privacy Policy for the Use of Our Facebook and Instagram Pages

    Thank you for visiting our Facebook / Instagram page. The protection of your personal data (hereinafter: Data) is very important to us. This Privacy Policy is designed to give you an overview of which Data we collect and process when you visit our Facebook and Instagram pages and contact us and what rights you have in relation to the processing of your Data.

  • I. Who are we and how you can contact us?

    We,

    IAV GmbH Ingenieurgesellschaft Auto und Verkehr
    Carnotstraße 1
    10587 Berlin
    Germany

    and

    Facebook Ireland Limited (hereafter: Facebook)
    4 Canal Grande-Platz
    Dublin 2
    Irland

    are responsible for protecting your Data. To that extent we have entered into an agreement with respect to the responsibilities. In the following paragraphs you will find which Data will be processed jointly (as described in II. A.) and which data will solely be processed by Facebook (as described in II. B.).

    If you have any questions regarding the processing of data by us (as described in II. A.), regarding your rights or this Privacy Policy, please do not hesitate to contact our Group Data Protection Officer. He can be reached
    By post at:

    IAV GmbH Ingenieurgesellschaft Auto und Verkehr
    Datenschutzbeauftragter
    Carnotstraße 1
    10587 Berlin
    Germany

    As well as by email at: Datenschutzbeauftragter@iav.de.

    If you have any questions regarding the processing of data on Facebook / Instagram by Facebook (as described in II. A. and II. B.) and your relevant rights, please contact Facebook’s Data Protection Officer by means of the Facebook Data Policy or Instagram Data Privacy.

  • II. Data processing in connection with your visit to our Facebook / Instagram page

    A. How we jointly process your Data
    1. Insights

    Description and scope of the data processing:
    We:
    We use the function ” Insights” on our pages. By means of this function, we obtain so-called page insights that are based on parameters and time periods previously defined by us. These are anonymized statistics about the interaction of users with our pages. This data is provided by Facebook. We cannot identify specific persons with this Data. The statistics contain different information such as:

    • activities and interactions (for example clicks, page views, commenting, sharing), „Likes“ as well as the range of our Facebook page, our advertising activities, our posts and our events,
    • number and usage times of our subscribers and visitors, as well as statistical information about age, gender and location,
    • video statistics,
    • received and sent messages.

    Facebook:
    In order to generate the page insights anonymously provided to us, Facebook will collect among other information, the following:

    • views of a page, post or video on a page,
    • subscribing to or unsubscribing from a page,
    • tagging a page or a post as „liked“ or „unliked“,
    • recommending a page in a post or comment,
    • commenting on or sharing or reacting otherwise to a page post (including the type of reaction),
    • hiding a page post or reporting it as spam,
    • clicking a link from another Facebook / Instagram page or from outside of Facebook / Instagram that redirects to the page,
    • moving the mouse over the name or the profile picture of a page to see a preview of the page contents,
    • clicking on the website, phone number, „plan route“ button or a different button on a page,
    • the information about whether the page visit or interaction happened from a computer or a mobile device.

    Further information about the scope and the purpose as well as the legal basis of Facebook’s data processing can be found on Facebook´s information about Page Insights Data.

    Purpose and legal basis of the data processing:
    These evaluations help us learn how our pages are being used. This enables us to improve the activities on our pages as well as the design and the contents of our pages, our advertising activities, our posts and our events. Hereon our legitimate interest is based (Art. 6 sec. 1f GDPR).

    2. Audience Driven Ads (detailed targeting) and Facebook pixel
    Description and scope of the data processing:

    We:
    We use the function „detailed targeting” to determine the audience of our ads. The following parameters can be used to limit the audience:

    • Which ads people click on.
    • Which pages people engage with.
    • Activities that people engage in on Facebook and Instagram related to things such as their device usage and travel preferences.
    • The mobile device people use and the speed of their network connection.
    • Demographics such as age, gender and location.

    By using the Facebook pixel, we can further restrict our audience to those people who have previously visited our website, in addition to the parameters mentioned above. For this purpose, we use the Facebook pixel with your consent when visiting the career subpages of our website.

    We cannot identify which specific persons are part of the audience we have determined and who have previously visited our website.

    Facebook:
    Facebook uses the parameters we determine to restrict the audience and addresses our ad to those audiences. The restriction to the persons who have previously visited our website is made via the Facebook pixel in the manner of so-called retargeting.

    Further information about the scope and the purpose as well as the legal basis of Facebook’s data processing can be found in the Facebook and Instagram Data Policy.

    Purpose and legal basis of the data processing:
    With the use of the “Detailed Targeting” function, we can restrict the groups of people to whom our ads are presented. This enables us to address our ads only to those groups of people who may be interested in our ads Hereon our legitimate interest is based (Art. 6 sec. 1f GDPR).

    3. Notifications
    Description and scope of the data processing
    :

    We:
    When you interact with our pages or one of our posts, advertising activities or events (for example, sharing, „Liking“, commenting), subscribe to our pages or follow us, we get a notification from Facebook with your name, your profile picture and your interaction.

    We are not able to delete the notifications, your posts or other interactions.

    Facebook:
    Facebook collects information about how you use our pages (amongst others, interactions with posts) and notifies us about it.

    Further information about the scope and the purpose as well as the legal basis of Facebook’s data processing can be found in the Facebook and Instagram Data Policy.

    Purpose and legal basis of the data processing:
    We will use the provided Data to learn about how you interact with regard to our pages and to be able to react to your interactions (for example, comments, „Likes“, shares). The data processing is based on the aforementioned legitimate interest (Art. 6 sec. 1f GDPR).

    4. Contacting us
    Description and scope of the data processing
    :

    We:
    When you contact us via Facebook / Instagram, for example, when you send us messages via Facebook, we will receive the information provided by Facebook that include your user name, your profile picture, your query as well as your contact data and will process these.

    We will not be able to delete your making contact via Facebook / Instagram.

    Facebook:
    Facebook will process the Data provided by you and will make them available to us.
    Further information about the scope and the purpose as well as the legal basis of Facebook’s data processing can be found in the Facebook and Instagram Data Policy.

    Purpose and legal basis of the data processing:
    We will process your Data as part of processing your query. The data processing is based on the aforementioned legitimate interest (Art. 6 sec 1f GDPR).

    B. How Facebook will process your Data
    When you visit our pages, Facebook will collect and process the Data previously described, as well as other different Data provided by you, through cookies and other tracking technologies, for example to provide advertisers with statistics and analyses, market research, customization of features and contents. Facebook shares these Data with other companies of the Facebook group and third parties and transmits Data to third countries outside of the European Union, such as the United States.

    Further information about the scope and the purpose as well as the legal basis of Facebook’s data processing activities can be found in the Facebook´s information about Page Insights Data, Facebook Data Policy, Facebook Cookie guidelines, Instagram Data Policy, Instagram Cookie guidelines. Information about how to adjust your privacy settings on Facebook you can found here or directly in the Facebook and Instagram settings.

  • III. Who receives your Data?

    A. Departments within IAV
    Within IAV, access to your Data shall only be provided to those departments / persons who are entrusted with the running of our Facebook and Instagram pages.

    B. Service providers that support us
    We transmit your Data to service providers who support us in the design and running of our pages. These service providers are contractually obliged to maintain confidentiality and fulfill the requirements under data protection law. Service providers that are processors have signed a corresponding contract, which guarantees that Data will be processed strictly according to our instructions.

  • IV. What rights do you have and how can you exercise these?

    A. Withdrawal of consent
    You can withdraw any consent you have granted to the processing of your Data at any time and with effect for the future. Please note that the withdrawal will have no impact on the legality of the previous data processing and that it does not extend to such data processing for which statutory authorisation exists and which can therefore be performed without your consent.

    B. Other rights of data subjects
    According to Art. 15 to 21 and 77 of the GDPR and if the conditions are met, you are furthermore entitled to the following rights.

    Please note that we can only assist you in exercising your rights with regard to our data processing previously mentioned in II. A.

    To exercise your rights with regard to Facebook’s data processing, please contact Facebook. Information about this can be found in your Facebook settings, Instagram Data Policy, among others.

    Access:
    You can at any time demand provision of information on the Data of yours that we process and demand a copy of the Data stored on you, Art. 15 GDPR. Please note that further copies of the Data stored on you may be subject to a charge.

    Correction:
    You can demand the correction of incorrect Data as well as the completion of incomplete Data according to Art. 16 GDPR.

    Erasure:
    You can demand the erasure of your Data. Please note that the erasure does not include Data required for the execution and processing of contracts and and to assert, exercise and defend against legal claims as well as Data for which statutory, supervisory or contractual retention obligations exist, Art. 17 GDPR.

    Restriction of processing:
    You can under certain circumstances demand the restriction of the processing, e.g. if you believe that your Data is incorrect, if the processing is illegal or you have raised a complaint about the data processing. This will mean that without your consent your Data may only be processed in a very restricted way, e.g. to assert, exercise or defend against legal claims or to protect the rights of other natural or legal entities, Art. 18 GDPR.

    Objection to the data processing:
    You have the option to object to the data processing for direct advertising purposes at any time. In addition, you can object at any time to data processing performed on the basis of a legitimate interest if there is particular reason for doing so, Art. 21 GDPR. This also applies to a profiling based on this provision according to Art. 4 No. 4 GDPR. In case of an objection your Data will no longer be processed, unless there are compelling and legitimate reasons for the processing that prevail over your interests, rights and freedoms or unless the processing serves to assert, exercise or defend against legal claims or to protect the rights of other natural or legal entities.

    Data portability:
    You have the right to receive the Data provided by you, which was processed based on your consent or in order to fulfill a contract, in a structured, commonly used and machine-readable format and the right to demand a direct transfer of this Data to third parties within the realms of what is technically possible, Article 20 GDPR.

    C. Contact routes
    You can assert your rights by means of the Contact details stated above in I.

    D. Right to appeal to the competent data protection supervisory authority
    If you, for example, consider that the processing of your Data is illegal or that your rights described above are not granted to you to the required extent, you have the right to file a complaint to the competent data protection supervisory authority.

    Last revision: July 2019

LinkedIn

  • Use of Our LinkedIn Page

    Thank you for visiting our LinkedIn page. The protection of your personal data (hereinafter: Data) is very important to us. This Privacy Policy is designed to give you an overview of which Data we collect and process when you visit our LinkedIn page and contact us and what rights you have in relation to the processing of your Data.

  • I. Who are we and how can you contact us?

    We,

    IAV GmbH Ingenieurgesellschaft Auto und Verkehr
    Carnotstraße 1
    10587 Berlin

    and

    LinkedIn Ireland Unlimited Company
    Wilton Place,
    Dublin 2, Ireland

    are responsible for protecting your Data.

    If you have any questions regarding the processing of Data by LinkedIn (as described in II. B.) and your relevant rights, please contact LinkedIn ‘s Data Protection Officer by means of the LinkedIn Data Policy.

    If you have any questions regarding the processing of Data by us (as described in II. A.), regarding your rights or this Privacy Policy, please do not hesitate to contact our Group Data Protection Officer. He can be reached

    By post at:
    IAV GmbH Ingenieurgesellschaft Auto und Verkehr
    Datenschutzbeauftragter
    Carnotstraße 1
    10587 Berlin

    As well as by email at: Datenschutzbeauftragter@iav.de.

  • II. Which data is processing in connection with your visit to our LinkedIn page?

    A. How we process your Data
    To interact with you on LinkedIn and align our LinkedIn page to the interests of our followers, we use the LinkedIn functions described below. The processing of the Data collected here is done by staff responsible for the support of our LinkedIn page.

    1. Analytics
    Description and scope of the data processing:
    In the administrator view of our LinkedIn page, we receive information from LinkedIn about visitors, followers and updates to our LinkedIn page.

    Purpose and legal basis of the data processing:
    These statistics help us learn how our LinkedIn page is being used. This enables us to improve the activities on our LinkedIn page as well as the design and the contents of our LinkedIn page, our advertising activities, our posts and our events. Hereon our legitimate interest is based (Art. 6 sec. 1f GDPR).

    2. Notifications
    Description and scope of the data processing:

    When you interact with our LinkedIn page or one of our posts, advertising activities or events (for example, „Liking“, commenting), subscribe to our LinkedIn page or follow us, we get a notification from LinkedIn with your name, your profile picture and your interaction.
    We are not able to delete the LinkedIn notifications, your posts or other interactions.

    Purpose and legal basis of the data processing:
    We will use the provided Data to learn about how you interact with regard to our LinkedIn page and to be able to react to your interactions (for example, comments, „Likes“). The data processing is based on the aforementioned legitimate interest (Art. 6 sec. 1f GDPR).

    3. Contacting us
    Description and scope of the data processing:

    When you contact us via LinkedIn, for example, when you send us messages via LinkedIn, we will receive the information provided by LinkedIn that include your user name, your profile picture, your query as well as your contact data and will process these.
    We will not be able to delete your making contact via LinkedIn.

    Purpose and legal basis of the data processing:
    We will process your Data as part of processing your query. The data processing is based on the aforementioned legitimate interest (Art. 6 sec 1f GDPR).

    4. Raffles
    Description and scope of the data processing:

    In order to run the raffles on our LinkedIn page, we need, among other things, the names of the participants and the postal address of the winners so that we can send them their prizes. This information must be sent to an email address provided in the raffle announcement.
    The Data provided by you will be processed in the course of the respective raffle. For this purpose, we store your Data as long as it is necessary for the running of the raffles.
    We are not able to delete any posts, comments or other interactions you may have with or to our raffles on LinkedIn.

    Purpose and legal basis of the data processing:
    We process your personal data exclusively for the purpose of running raffles (Art. 6 sec 1f GDPR).

    B. How LinkedIn will process your Data
    When you visit our LinkedIn page, LinkedIn will collect and process the Data previously described, as well as other different Data provided by you, through cookies and other tracking technologies, for example to provide advertisers with statistics and analyses, market research, customization of features and contents. LinkedIn shares these Data with other companies and third parties and transmits Data to third countries outside of the European Union, such as the USA.
    Further information about the scope and the purpose as well as the legal basis of LinkedIn ‘s data processing can be found in the LinkedIn Data Policy.

  • III. What rights do you have and how can you exercise these?

    A. Withdrawal of consent
    You can withdraw any consent you have granted to the processing of your Data at any time and with effect for the future. Please note that the withdrawal will have no impact on the legality of the previous data processing and that it does not extend to such data processing for which statutory authorisation exists and which can therefore be performed without your consent.

    B. Other rights of data subjects
    According to Art. 15 to 21 and 77 of the GDPR and if the conditions are met, you are furthermore entitled to the following rights.
    Please note that we can only assist you in exercising your rights with regard to our data processing previously mentioned in II. A.
    To exercise your rights with regard to LinkedIn´s data processing, please contact LinkedIn.

    Access:
    You can at any time demand provision of information on the Data of yours that we process and demand a copy of the Data stored on you, Art. 15 GDPR. Please note that further copies of the Data stored on you may be subject to a charge.

    Correction:
    You can demand the correction of incorrect Data as well as the completion of incomplete Data according to Art. 16 GDPR.

    Erasure:
    You can demand the erasure of your Data. Please note that the erasure does not include Data required for the execution and processing of contracts and and to assert, exercise and defend against legal claims as well as Data for which statutory, supervisory or contractual retention obligations exist, Art. 17 GDPR.

    Restriction of processing:
    You can under certain circumstances demand the restriction of the processing, e.g. if you believe that your Data is incorrect, if the processing is illegal or you have raised a complaint about the data processing. This will mean that without your consent your Data may only be processed in a very restricted way, e.g. to assert, exercise or defend against legal claims or to protect the rights of other natural or legal entities, Art. 18 GDPR.

    Objection to the data processing:
    You have the option to object to the data processing for direct advertising purposes at any time. In addition, you can object at any time to data processing performed on the basis of a legitimate interest if there is particular reason for doing so, Art. 21 GDPR. This also applies to a profiling based on this provision according to Art. 4 No. 4 GDPR. In case of an objection your Data will no longer be processed, unless there are compelling and legitimate reasons for the processing that prevail over your interests, rights and freedoms or unless the processing serves to assert, exercise or defend against legal claims or to protect the rights of other natural or legal entities.

    Data portability:
    You have the right to receive the Data provided by you, which was processed based on your consent or in order to fulfill a contract, in a structured, commonly used and machine-readable format and the right to demand a direct transfer of this Data to third parties within the realms of what is technically possible, Article 20 GDPR.

    C. Contact routes
    You can assert your rights by means of the Contact details stated above in I.

    D. Right to appeal to the competent data protection supervisory authority
    If you, for example, consider that the processing of your Data is illegal or that your rights described above are not granted to you to the required extent, you have the right to file a complaint to the competent data protection supervisory authority.

    Last revision: July 2019

Twitter

  • Use of Our Twitter Profile

    Thank you for visiting our Twitter profile. The protection of your personal data (hereinafter: Data) is very important to us. This Privacy Policy is designed to give you an overview of which Data we collect and process when you visit our Twitter profile and contact us and what rights you have in relation to the processing of your Data.

  • I. Who are we and how can you contact us?

    We,

    IAV GmbH Ingenieurgesellschaft Auto und Verkehr
    Carnotstraße 1
    10587 Berlin

    and

    Twitter International Company
    One Cumberland Place
    Fenian Street
    Dublin 2
    D02 AX07
    Ireland

    are responsible for protecting your Data.

    If you have any questions regarding the processing of data by Twitter (as described in II. B.) and your relevant rights, please contact Twitter(you can find more information here).

    If you have any questions regarding the processing of data by us (as described in II. A.), regarding your rights or this Privacy Policy, please do not hesitate to contact our Group Data Protection Officer. He can be reached

    By post at:
    IAV GmbH Ingenieurgesellschaft Auto und Verkehr
    Datenschutzbeauftragter
    Carnotstraße 1
    10587 Berlin

    As well as by email at: Datenschutzbeauftragter@iav.de.

  • II. Which data is processing in connection with your visit to our Twitter profile?

    A. How we jointly process your Data
    To interact with you on Twitter and align our Twitter profile to the interests of our followers, we use the Twitter functions described below. The processing of the Data collected here is done by staff responsible for the support of our Twitter profile.

    1. Twitter Analytics and Audience Insights
    Description and scope of the data processing:

    We:
    We use the function “Twitter Analytics”. This function provides us with information on the number of profile visits, tweet impressions, tweet interactions and overviews of the number of followers won and lost for the last 28 days. We also learn how often our videos are shown and how long the video frequencies are.
    We can also use the “Audience Insights” function to view anonymous statistics on our followers. We cannot identify any specific persons from this Data. The statistical reports contain various information, e.g.:

    • gender,
    • interests,
    • country / region,
    • language,
    • device type.

    Twitter:
    In order to generate the page insights anonymously provided to us, Twitter will collect among other information, the following:

    • views of a page, post or video on a page,
    • subscribing to or unsubscribing from a Twitter profile,
    • interact with a Twitter profile or a tweet (e.g. tagging a page or a post as „liked“)
    • demographic characteristics
    • interests,
    • the information about whether the page visit or interaction happened from a computer or a mobile device.

    Further information about the scope and the purpose as well as the legal basis of Twitter’s data processing can be found on Twitter Privacy Policy.

    Purpose and legal basis of the data processing:
    These statistics help us learn how our Twitter profile is being used. This enables us to improve the activities on our Twitter profile as well as the design and the contents of our Twitter profile, our advertising activities, our posts and our events. Hereon our legitimate interest is based (Art. 6 sec. 1f GDPR).

    2. Audience Driven Ads / sponsored Tweets
    Description and scope of the data processing:

    We:
    We use the possibility to address our ads audience driven via “Twitter Ads” respectively “sponsored Tweets”. The determination of the audience is carried out according to parameters analysed by Audience Insights, among others:

    • gender,
    • interests,
    • country / region,
    • language,
    • device type.

    We cannot identify which specific persons are part of the audience we have determined.

    Twitter:
    Twitter uses the parameters we determine to restrict the audience and addresses our ad to those audiences.

    Further information about the scope and the purpose as well as the legal basis of Twitter’s data processing can be found on Twitter Privacy Policy.

    Purpose and legal basis of the data processing:
    With the use of the “Twitter Ads”, we can restrict the groups of people to whom our ads are presented. This enables us to address our ads only to those groups of people who may be interested in our ads. Through “sponsored Tweets”, we can also reach a wider group of users and encourage our followers to interact. Hereon our legitimate interest is based (Art. 6 sec. 1f GDPR).

    3. Notifications
    Description and scope of the data processing:

    We:
    When you interact with our Twitter profile or one of our posts, advertising activities or events (for example, „Liking“, commenting), subscribe to our Twitter profile or follow us, we get a notification from Twitter with your name, your profile picture and your interaction.
    We are not able to delete the Twitter notifications, your tweets or other interactions.

    Twitter:
    Twitter collects information about how you use our Twitter profile (amongst others, interactions with tweets) and notifies us about it.

    Further information about the scope and the purpose as well as the legal basis of Twitter’s data processing can be found on Twitter Privacy Policy.

    Purpose and legal basis of the data processing:
    We will use the provided Data to learn about how you interact with regard to our Twitter profile and to be able to react to your interactions (for example, comments, „Likes“). The data processing is based on the aforementioned legitimate interest (Art. 6 sec. 1f GDPR).

    4. Contacting us
    Description and scope of the data processing:

    We:
    When you contact us via Twitter, for example, when you send us messages via Twitter, we will receive the information provided by Twitter that include your user name, your profile picture, your query as well as your contact data and will process these.
    We will not be able to delete your making contact via Twitter.

    Twitter:
    Twitter will process the Data provided by you and will make them available to us.

    Further information about the scope and the purpose as well as the legal basis of Twitter’s data processing can be found on Twitter Privacy Policy.

    Purpose and legal basis of the data processing:
    We will process your Data as part of processing your query. The data processing is based on the aforementioned legitimate interest (Art. 6 sec 1f GDPR).

    B. How Twitter will process your Data
    When you visit our Twitter profile, Twitter will collect and process the Data previously described, as well as other different Data provided by you, through cookies and other tracking technologies, for example to provide advertisers with statistics and analyses, market research, customization of features and contents. Twitter shares these Data with other companies and third parties and transmits Data to third countries outside of the European Union, such as the USA.
    Further information about the scope and the purpose as well as the legal basis of Twitter’s data processing can be found in the Twitter Privacy Policy.

  • III. What rights do you have and how can you exercise these?

    A. Withdrawal of consent
    You can withdraw any consent you have granted to the processing of your Data at any time and with effect for the future. Please note that the withdrawal will have no impact on the legality of the previous data processing and that it does not extend to such data processing for which statutory authorisation exists and which can therefore be performed without your consent.

    B. Other rights of data subjects
    According to Art. 15 to 21 and 77 of the GDPR and if the conditions are met, you are furthermore entitled to the following rights.
    Please note that we can only assist you in exercising your rights with regard to our data processing previously mentioned in II. A.
    To exercise your rights with regard to Twitter´s data processing, please contact Twitter.

    Access:
    You can at any time demand provision of information on the Data of yours that we process and demand a copy of the Data stored on you, Art. 15 GDPR. Please note that further copies of the Data stored on you may be subject to a charge.

    Correction:
    You can demand the correction of incorrect Data as well as the completion of incomplete Data according to Art. 16 GDPR.

    Erasure:
    You can demand the erasure of your Data. Please note that the erasure does not include Data required for the execution and processing of contracts and and to assert, exercise and defend against legal claims as well as Data for which statutory, supervisory or contractual retention obligations exist, Art. 17 GDPR.

    Restriction of processing:
    You can under certain circumstances demand the restriction of the processing, e.g. if you believe that your Data is incorrect, if the processing is illegal or you have raised a complaint about the data processing. This will mean that without your consent your Data may only be processed in a very restricted way, e.g. to assert, exercise or defend against legal claims or to protect the rights of other natural or legal entities, Art. 18 GDPR.

    Objection to the data processing:
    You have the option to object to the data processing for direct advertising purposes at any time. In addition, you can object at any time to data processing performed on the basis of a legitimate interest if there is particular reason for doing so, Art. 21 GDPR. This also applies to a profiling based on this provision according to Art. 4 No. 4 GDPR. In case of an objection your Data will no longer be processed, unless there are compelling and legitimate reasons for the processing that prevail over your interests, rights and freedoms or unless the processing serves to assert, exercise or defend against legal claims or to protect the rights of other natural or legal entities.

    Data portability:
    You have the right to receive the Data provided by you, which was processed based on your consent or in order to fulfill a contract, in a structured, commonly used and machine-readable format and the right to demand a direct transfer of this Data to third parties within the realms of what is technically possible, Article 20 GDPR.

    C. Contact routes
    You can assert your rights by means of the Contact details stated above in I.

    D. Right to appeal to the competent data protection supervisory authority
    If you, for example, consider that the processing of your Data is illegal or that your rights described above are not granted to you to the required extent, you have the right to file a complaint to the competent data protection supervisory authority.

    Last revision: July 2019

Xing

  • Use of Our Xing Page

    Thank you for visiting our Xing page. The protection of your personal data (hereinafter: Data) is very important to us. This Privacy Policy is designed to give you an overview of which Data we collect and process when you visit our Xing page and contact us and what rights you have in relation to the processing of your Data.

  • I. Who are we and how can you contact us?

    We,

    IAV GmbH Ingenieurgesellschaft Auto und Verkehr
    Carnotstraße 1
    10587 Berlin

    and

    Xing SE
    Dammtorstraße 30
    20354 Hamburg

    are responsible for protecting your Data.

    If you have any questions regarding the processing of Data by Xing (as described in II. B.) and your relevant rights, please contact Xing’s Data Protection Officer by means of the Xing Data Policy.

    If you have any questions regarding the processing of Data by us (as described in II. A.), regarding your rights or this Privacy Policy, please do not hesitate to contact our Group Data Protection Officer. He can be reached

    By post at: IAV GmbH Ingenieurgesellschaft Auto und Verkehr
    Datenschutzbeauftragter
    Carnotstraße 1
    10587 Berlin

    As well as by email at: Datenschutzbeauftragter@iav.de.

  • II. Which data is processing in connection with your visit to our Xing page?

    A. How we process your Data
    To interact with you on Xing and align our Xing page to the interests of our followers, we use the Xing functions described below. The processing of the Data collected here is done by staff responsible for the support of our Xing page.

    1. Profile analysis
    Description and scope of the data processing:

    Via the “Profile Analysis” function, we receive overviews provided by Xing as well as anonymized statistics on the visitors and followers of our Xing page over the last 30 days. The anonymous statistics contain various information, e.g.:

    • company belonging,
    • industry branch,
    • career levels,
    • age groups.

    Purpose and legal basis of the data processing:
    With the help of profile analysis we learn who or which groups of people use our Xing site. This enables us to adapt the design of our Xing page, advertising campaigns, posts and events to the interests of our visitors and followers. Hereon our legitimate interest is based (Art. 6 sec. 1f GDPR).

    2. Contacting us
    Description and scope of the data processing:
    When you contact us via Xing, for example, when you send us messages via Xing, we will receive the information provided by Xing that include your user name, your profile picture, your query as well as your contact data and will process these.
    We will not be able to delete your making contact via Xing.

    Purpose and legal basis of the data processing:
    We will process your Data as part of processing your query. The data processing is based on the aforementioned legitimate interest (Art. 6 sec 1f GDPR).

    B. How Xing will process your Data
    When you visit our Xing page, Xing will collect and process the Data previously described, as well as other different Data provided by you, through cookies and other tracking technologies, for example to provide advertisers with statistics and analyses, market research, customization of features and contents. Xing shares these Data with other companies and third parties and transmits Data to third countries outside of the European Union, such as the USA. Further information about the scope and the purpose as well as the legal basis of Xing ‘s data processing can be found in the Xing Data Policy.

  • III. What rights do you have and how can you exercise these?

    A. Withdrawal of consent
    You can withdraw any consent you have granted to the processing of your Data at any time and with effect for the future. Please note that the withdrawal will have no impact on the legality of the previous data processing and that it does not extend to such data processing for which statutory authorisation exists and which can therefore be performed without your consent.

    B. Other rights of data subjects
    According to Art. 15 to 21 and 77 of the GDPR and if the conditions are met, you are furthermore entitled to the following rights.
    Please note that we can only assist you in exercising your rights with regard to our data processing previously mentioned in II. A.
    To exercise your rights with regard to Xing´s data processing, please contact Xing.

    Access:
    You can at any time demand provision of information on the Data of yours that we process and demand a copy of the Data stored on you, Art. 15 GDPR. Please note that further copies of the Data stored on you may be subject to a charge.

    Correction:
    You can demand the correction of incorrect Data as well as the completion of incomplete Data according to Art. 16 GDPR.

    Erasure:
    You can demand the erasure of your Data. Please note that the erasure does not include Data required for the execution and processing of contracts and and to assert, exercise and defend against legal claims as well as Data for which statutory, supervisory or contractual retention obligations exist, Art. 17 GDPR.

    Restriction of processing:
    You can under certain circumstances demand the restriction of the processing, e.g. if you believe that your Data is incorrect, if the processing is illegal or you have raised a complaint about the data processing. This will mean that without your consent your Data may only be processed in a very restricted way, e.g. to assert, exercise or defend against legal claims or to protect the rights of other natural or legal entities, Art. 18 GDPR.

    Objection to the data processing:
    You have the option to object to the data processing for direct advertising purposes at any time. In addition, you can object at any time to data processing performed on the basis of a legitimate interest if there is particular reason for doing so, Art. 21 GDPR. This also applies to a profiling based on this provision according to Art. 4 No. 4 GDPR. In case of an objection your Data will no longer be processed, unless there are compelling and legitimate reasons for the processing that prevail over your interests, rights and freedoms or unless the processing serves to assert, exercise or defend against legal claims or to protect the rights of other natural or legal entities.

    Data portability:
    You have the right to receive the Data provided by you, which was processed based on your consent or in order to fulfill a contract, in a structured, commonly used and machine-readable format and the right to demand a direct transfer of this Data to third parties within the realms of what is technically possible, Article 20 GDPR.

    C. Contact routes
    You can assert your rights by means of the Contact details stated above in I.

    D. Right to appeal to the competent data protection supervisory authority
    If you, for example, consider that the processing of your Data is illegal or that your rights described above are not granted to you to the required extent, you have the right to file a complaint to the competent data protection supervisory authority.

    Last revision: July 2019

YouTube

  • Privacy Policy for the use of our YouTube channel

    Thank you for visiting our YouTube channel. The protection of your personal data (hereinafter: Data) is very important to us. This Privacy Policy is designed to give you an overview of which Data we collect and process when you visit our YouTube channel and contact us and what rights you have in relation to the processing of your Data.

  • I. Who are we and how you can contact us?

    We,

    IAV GmbH Ingenieurgesellschaft Auto und Verkehr
    Carnotstraße 1
    10587 Berlin
    Germany

    and

    Google Ireland Limited
    Gordon House, Barrow Street
    Dublin 4, Irland

    are responsible for protecting your Data.

    If you have any questions regarding the processing of Data on YouTube (as described in II. B.) and your relevant rights, please contact Google’s Data Protection Officer by means of the Google Privacy Policy.

    If you have any questions regarding the processing of Data by us (as described in II. A.), regarding your rights or this Privacy Policy, please do not hesitate to contact our Group Data Protection Officer. He can be reached

    by post at:

    IAV GmbH Ingenieurgesellschaft Auto und Verkehr
    Datenschutzbeauftragter
    Carnotstraße 1
    10587 Berlin

    As well as by email at: Datenschutzbeauftragter@iav.de.

  • II. Data processing in connection with your visit to our YouTube channel

    A. How we process your Data
    To interact with you on YouTube and align our YouTube channel to the interests of our subscribers, we use the YouTube functions described below. The processing of the Data collected here is done by staff responsible for the support of our YouTube channel.

    1. Analytics
    Description and scope of the data processing
    :
    Via the YouTube function “Analytics” we receive information about our subscribers as well as exact statistics about our YouTube channel and its usage. The statistics contain a variety of information, e.g:

    • the viewing time (in minutes / percentage, average viewing time, views),
    • the interactions (e.g. “like me” ratings, comments, shared content, subscribers),
    • to playlists (e.g., playlist exit rate, average time in playlist),
    • to use the info cards (e.g. click on info card, teaser),
    • to use the end screen function (e.g. displayed end screen elements, clicks on end screen elements),
    • to YouTube Premium (e.g. viewing time, views),
    • to our videos (published videos, added videos).

    With regard to the points mentioned above, we can display a detailed overview of the following aspects, among others:

    • regions and TOP-10 countries,
    • demographic aspects (gender of viewers, age of viewers),
    • Access sources (e.g. external, video suggestions, YouTube search, end screen functions),
    • viewing locations (YouTube viewing page embedded in external web pages or apps, YouTube channel page, YouTube others),
    • by device (e.g. computer, mobile phone, TV) and operating system (e.g. Android, ios, Linux),
    • Livestreaming,
    • translations,
    • “Where was it shared?” (e.g. Facebook, WhatsApp, Twitter).

    Also a representation as 360°-Headmap is possible or a comparative overview regarding viewing time, views, average percentage of viewing, gained subscribers.

    We can define the period for which the statistics are displayed, e.g. for this week (Sunday – Today), last week, last 7 days, first 7 days, this month, last month, last 28 days, last 30 days, first 28 days, this quarter, last quarter, last 90 days, last 90 days, this year, last year, last 365 days, first 365 days, period since creation of the YouTube channel.

    We can also set the level of detail of the analysis overview, e.g. daily, daily (continuous totals for 7 days), daily (continuous averages for 7 days), daily (continuous totals for 28 days), daily (continuous averages for 28 days) (continuous totals for 30 days), weekly, monthly, quarterly, yearly.

    We can choose the way of presentation, e.g. graphical analysis, map analysis, bar chart, pie chart, bubble chart.

    In addition to the analysis options shown above, our YouTube channel is automatically analysed in real time. We get an overview of the estimated views of our videos for the last 48 hours and / or the last 60 minutes. This real-time analysis is updated every 10 seconds.

    Purpose and legal basis of the data processing:
    This way we learn who is watching our videos, following our YouTube channel and how our YouTube channel is used. This allows us to adapt the design of our YouTube channel to the interests of our viewers and subscribers. This is also our legitimate interest according to Art. 6 sec. 1f GDPR.

    2. Notifications
    Description and scope of the data processing
    :
    If you subscribe to our YouTube channel for the first time or interact with our YouTube channel (e.g. comment), we will receive a notification from Google with your name, your profile picture and your interaction.

    We can’t delete the YouTube notifications. We also cannot delete interactions (from the YouTube servers), we can only remove your comments on our YouTube channel.

    Purpose and legal basis of the data processing:
    We use the information provided to see how you interact with respect to our YouTube channel and to respond to your interactions (e.g. comments, “like me” rating). Data processing is based on this legitimate interest (Art. 6 sec. 1f GDPR).

    3. Contacting us
    Description and scope of the data processing
    :
    When you contact us via YouTube, for example, when you send us messages via YouTube, we will receive the information provided by Google that include your user name, your profile picture, your query as well as your contact data and will process these.
    We will not be able to delete your making contact via YouTube.

    Purpose and legal basis of the data processing:
    We will process your Data as part of processing your query. The data processing is based on the aforementioned legitimate interest (Art. 6 sec 1f GDPR).

    4. Community
    Description and scope of the data processing
    :
    Via the YouTube function “Community” we can also communicate with our subscribers beyond our videos and contact them directly with posts.

    Under the Community tab, we learn since when the subscribers (who share their subscriptions publicly) have subscribed to our YouTube channel and how many subscribers they have themselves.

    We are not able to delete your your posts, comments or other interactions.

    Purpose and legal basis of the data processing:
    We use the community function to communicate directly with you. Data processing is based on this legitimate interest (Art. 6 sec. 1f GDPR).

    B. How Google will process your Data on YouTube
    When you visit our YouTube channel, Google will collect and process the Data previously described, as well as other different Data provided by you, through cookies and other tracking technologies, for example to provide advertisers with statistics and analyses, market research, customization of features and contents. Google shares these Data with affiliated companies and third parties and transmits Data to third countries outside of the European Union, such as the USA. Further information about the scope and the purpose as well as the legal basis of Google ‘s data processing can be found in the Google Privacy Policy.

  • III. What rights do you have and how can you exercise these?

    A. Withdrawal of consent
    You can withdraw any consent you have granted to the processing of your Data at any time and with effect for the future. Please note that the withdrawal will have no impact on the legality of the previous data processing and that it does not extend to such data processing for which statutory authorisation exists and which can therefore be performed without your consent.

    B. Other rights of data subjects
    According to Art. 15 to 21 and 77 of the GDPR and if the conditions are met, you are furthermore entitled to the following rights.

    Please note that we can only assist you in exercising your rights with regard to our data processing previously mentioned in II. A.

    To exercise your rights with regard to the data processing on YouTube, please contact Google.

    Access:
    You can at any time demand provision of information on the Data of yours that we process and demand a copy of the Data stored on you, Art. 15 GDPR. Please note that further copies of the Data stored on you may be subject to a charge.

    Correction:
    You can demand the correction of incorrect Data as well as the completion of incomplete Data according to Art. 16 GDPR.

    Erasure:
    You can demand the erasure of your Data. Please note that the erasure does not include Data required for the execution and processing of contracts and and to assert, exercise and defend against legal claims as well as Data for which statutory, supervisory or contractual retention obligations exist, Art. 17 GDPR.

    Restriction of processing:
    You can under certain circumstances demand the restriction of the processing, e.g. if you believe that your Data is incorrect, if the processing is illegal or you have raised a complaint about the data processing. This will mean that without your consent your Data may only be processed in a very restricted way, e.g. to assert, exercise or defend against legal claims or to protect the rights of other natural or legal entities, Art. 18 GDPR.

    Objection to the data processing:
    You have the option to object to the data processing for direct advertising purposes at any time. In addition, you can object at any time to data processing performed on the basis of a legitimate interest if there is particular reason for doing so, Art. 21 GDPR. This also applies to a profiling based on this provision according to Art. 4 No. 4 GDPR. In case of an objection your Data will no longer be processed, unless there are compelling and legitimate reasons for the processing that prevail over your interests, rights and freedoms or unless the processing serves to assert, exercise or defend against legal claims or to protect the rights of other natural or legal entities.

    Data portability:
    You have the right to receive the Data provided by you, which was processed based on your consent or in order to fulfill a contract, in a structured, commonly used and machine-readable format and the right to demand a direct transfer of this Data to third parties within the realms of what is technically possible, Article 20 GDPR.

    C. Contact routes
    You can assert your rights by means of the Contact details stated above in I.

    D. Right to appeal to the competent data protection supervisory authority
    If you, for example, consider that the processing of your Data is illegal or that your rights described above are not granted to you to the required extent, you have the right to file a complaint to the competent data protection supervisory authority.

    Last revision: July 2019