Data Protection

We are very delighted that you have shown interest in our enterprise.

1. Privacy Policy

Data protection is of a particularly high priority for the management of the KI labs GmbH. The use of the Internet pages of the KI labs GmbH is possible without any indication of personal data; however, if a data subject wants to use special enterprise services via our website, processing of personal data could become necessary. If the processing of personal data is necessary and there is no statutory basis for such processing, we generally obtain consent from the data subject.

This data protection declaration applies to the online offer of KI labs GmbH, which can be accessed on the websites available under the domain "www.ki-group.com" (hereinafter referred to as "our website").

As a person affected by data processing, you also have the legal right to information on your processed personal data (Art. 15 para. 1 and 2 DSGVO) as well as the rights to deletion (Art. 17 DSGVO) and correction (Art. 16 sentence 1 DSGVO) e.g. incorrect data and to blocking (Art. 18 DSGVO). For details, please refer to the following section "Rights of Data Subjects" within this data protection declaration. It may no longer be possible to continue using our services if your data is deleted or blocked.

2. Name and Address of the controller

Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:

KI labs GmbH
Prannerstraße 2
80333 Munich

[email protected]

Eintragung im Handelsregister Registernummer: HR B 60695

Registergericht: Amtsgericht Köln

3. Personal data

Personal data is information about personal or factual circumstances of a specific or identifiable natural person. This includes information such as your name, address, telephone number and date of birth, but also data about your specific career, etc., which can be assigned to a specific person with reasonable effort. Information that is not (in)directly associated with your real identity, however, is not personal data.

4. Purpose

We will collect, process and use the personal data you provide online only for the purposes disclosed to you.

Some of the information we may collect from you is necessary to enable us to provide you with the services you request, to fulfill our contracts with you, to comply with legal requirements or if we have a legitimate interest in the use of your information.

If we collect data directly from you, we may ask you for your consent and clearly mark mandatory information (e.g. with an asterisk (*)). You voluntarily provide us with any other information that is not marked.

For the rest, we use your personal data exclusively to be able to offer you an extensive and interesting offer via our web services and to constantly improve this.

5. Legal basis for the processing

The legal basis for the processing of your data may be the following:

  • Art. 6(1) lit. a GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose.
  • If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, when processing operations are necessary for the supply of goods or to provide any other service, the processing is based on Article 6(1) lit. b GDPR.
  • The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning our products or services. Is our company subject to a legal obligation by which processing of personal data is required, such as for the fulfillment of tax obligations, the processing is based on Art. 6(1) lit. c GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor were injured in our company and his name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6(1) lit. d GDPR.
  • Finally, processing operations could be based on Article 6(1) lit. f GDPR. This legal basis is used for processing operations which are not covered by any of the abovementioned legal grounds, if processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. He considered that a legitimate interest could be assumed if the data subject is a client of the controller (Recital 47 Sentence 2 GDPR).

6. Which personal data is stored and processed?

You can use our websites without providing us with personal data (e.g. name, address, telephone number or e-mail address), unless you make them available to us voluntarily (e.g. for registrations for events, enquiries or surveys) or the corresponding legal provisions on the protection of your data permit this.

Your personal data will be used as follows:

6.1. Data protection for applications and the application procedures

If you apply to us electronically, i.e. by e-mail or via our web form, we collect and process your personal data for the purpose of handling the application procedure and carrying out pre-contractual measures.

By submitting an application on our recruiting page, you express your interest in joining our company. In this context, you provide us with personal data which we use and store exclusively for the purpose of your job search/application.

In particular, the following data is collected:

  • Name (first and last name)
  • E-mail address
  • Telephone number

You also have the opportunity to upload relevant documents such as a cover letter, your CV and certificates. This may contain further personal data such as date of birth, address, etc.

Only authorized employees from the personnel department or employees involved in the application process have access to your data.

Personal data is stored exclusively for the purpose of filling the vacant position for which you have applied.

Your data will be stored for a period of 180 days after the end of the application process. As a rule, this is done to fulfil legal obligations or to defend against any claims arising from legal regulations. We are then obliged to delete or make your data anonymous. In this case, the data is only available to us as so-called metadata without direct personal reference for statistical evaluations (for example, proportion of applications from women or men, number of applications per period, etc.).

In addition, we reserve the right to store your data for inclusion in our "Talent Pool" for 180 days after the end of the application process in order to identify any other interesting positions for you. This also applies, for example, to applications for training or internship positions. By accepting the data protection declaration, you consent to any further storage of your data and inclusion in our "Talent Pool".

If you receive and accept an offer of employment with us as part of the application process, we will store the personal data collected during the application process at least for the duration of the employment relationship.

6.2. Contact possibility via the website

For general inquiries and contact requests, please use our contact form at www.ki-labs.com or send us an e-mail [email protected] In this case we use your personal data exclusively to answer your inquiries to your satisfaction. It is generally your free decision which data you provide to us. However, we may not be able to fulfil your contact request without certain details required in individual cases.

The legal basis for this data processing is that of Art. 6 para. 1 lit. b DSGVO (which permits the processing of data to fulfil a contract or pre-contractual measures), Art. 6 para. 1 lit. f GDPR (which permits the processing of data to safeguard the data controller's legitimate interests) and Art. 6 para. 1 lit. a GDPR (which permits data processing on the basis of your consent).

6.3. Cookies

We do not create any personal user profiles. In connection with the retrieval of the information requested by you, data will only be stored on our servers in anonymous form for the provision of our various services or for evaluation purposes. Here general information is logged, e.g. when which contents from our offer are called up or which pages are visited most frequently. For these purposes we use so-called "cookies" (small text files with configuration information). The cookies used serve in particular to determine the frequency of use and the number of users of our websites. This tells us which area of our websites and which other websites our users have visited.

However, these usage data do not allow any conclusions to be drawn about the user. All of this anonymously collected usage data will not be merged with your personal data and will be deleted immediately after the statistical evaluation.

In addition, our websites do not store cookies that do not have purely technically necessary functions and serve the proper functioning of our web services if you have not previously accepted this. Before storing cookies, you must agree to this by selecting the types of cookies you want or accept and clicking on "Accept" on the banner, which contains the reference to the storage of cookies. Further information on the types of cookies we use in detail and how you can set the use of individual types of cookies and agree and object to their use can be found in our cookie settings.

The legal basis for this data processing is that of Art. 6 para. 1 lit. f GDPR (which permits the processing of data to safeguard the data controller's legitimate interests) and Art. 6 para. 1 lit. a DSGVO (which permits data processing on the basis of your consent).

Most browsers are pre-set to automatically accept cookies. However, you can deactivate the storage of cookies or set your browser so that it informs you before cookies are stored. Users who do not accept cookies may not be able to access certain areas of our websites.

6.4. Matomo (before Piwik)

This website uses the open source web analysis service Matomo. Matomo uses so-called "cookies". These are text files that are stored on your mobile device. If you have agreed to the storage of corresponding cookies on your terminal device, these cookies enable an analysis of your use of our website. For this purpose, the information generated by the cookie about the use of this website is stored on our server. The IP address is made anonymous before it is saved.

Matomo cookies remain on your device until you delete them.

Matomo cookies are stored on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in anonymised analysis of user behaviour in order to optimise both his website and his advertising.

The information generated by the cookie about the use of this website will not be passed on to third parties. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

If you no longer agree to the storage and use of your data, you can deactivate the storage and use by clicking on the link below. In this case, an opt-out cookie is stored in your browser which prevents Matomo from saving usage data. If you delete your cookies, the Matomo Opt-Out cookie will also be deleted. The opt-out must be reactivated the next time you visit our site.

https://piwik.feinbier.systems/index.php?module=CoreAdminHome&action=optOut&language=de&backgroundColor=&fontColor=&fontSize=&fontFamily=arial

6.5. Data protection provisions about the application and use of Google Analytics (with anonymization function)

On this website, the controller has integrated the component of Google Analytics (with the anonymizer function). Google Analytics is a web analytics service. Web analytics is the collection, gathering, and analysis of data about the behavior of visitors to websites. A web analysis service collects, inter alia, data about the website from which a person has come (the so-called referrer), which sub-pages were visited, or how often and for what duration a sub-page was viewed. Web analytics are mainly used for the optimization of a website and in order to carry out a cost-benefit analysis of Internet advertising.

The operator of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States.

For the web analytics through Google Analytics the controller uses the application "_gat. _anonymizeIp". By means of this application the IP address of the Internet connection of the data subject is abridged by Google and anonymised when accessing our websites from a Member State of the European Union or another Contracting State to the Agreement on the European Economic Area.

The purpose of the Google Analytics component is to analyze the traffic on our website. Google uses the collected data and information, inter alia, to evaluate the use of our website and to provide online reports, which show the activities on our websites, and to provide other services concerning the use of our Internet site for us.

Google Analytics places a cookie on the information technology system of the data subject. The definition of cookies is explained above. With the setting of the cookie, Google is enabled to analyze the use of our website. With each call-up to one of the individual pages of this Internet site, which is operated by the controller and into which a Google Analytics component was integrated, the Internet browser on the information technology system of the data subject will automatically submit data through the Google Analytics component for the purpose of online advertising and the settlement of commissions to Google. During the course of this technical procedure, the enterprise Google gains knowledge of personal information, such as the IP address of the data subject, which serves Google, inter alia, to understand the origin of visitors and clicks, and subsequently create commission settlements.

The cookie is used to store personal information, such as the access time, the location from which the access was made, and the frequency of visits of our website by the data subject. With each visit to our Internet site, such personal data, including the IP address of the Internet access used by the data subject, will be transmitted to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may pass these personal data collected through the technical procedure to third parties.

The data subject may, as stated above, prevent the setting of cookies through our website at any time by means of a corresponding adjustment of the web browser used and thus permanently deny the setting of cookies. Such an adjustment to the Internet browser used would also prevent Google Analytics from setting a cookie on the information technology system of the data subject. In addition, cookies already in use by Google Analytics may be deleted at any time via a web browser or other software programs.

In addition, the data subject has the possibility of objecting to a collection of data that are generated by Google Analytics, which is related to the use of this website, as well as the processing of this data by Google and the chance to preclude any such. For this purpose, the data subject must download a browser add-on under the link https://tools.google.com/dlpage/gaoptout and install it. This browser add-on tells Google Analytics through a JavaScript, that any data and information about the visits of Internet pages may not be transmitted to Google Analytics. The installation of the browser add-ons is considered an objection by Google. If the information technology system of the data subject is later deleted, formatted, or newly installed, then the data subject must reinstall the browser add-ons to disable Google Analytics. If the browser add-on was uninstalled by the data subject or any other person who is attributable to their sphere of competence, or is disabled, it is possible to execute the reinstallation or reactivation of the browser add-ons.

Further information and the applicable data protection provisions of Google may be retrieved under https://www.google.com/intl/en/policies/privacy/ and under http://www.google.com/analytics/terms/us.html. Google Analytics is further explained under the following Link https://www.google.com/analytics/.

6.6. Data Protection Compliant Content Sharing via Social Media Plugins (2-Click Solution/Shariff Solution)

On our websites are plug-ins of the social networks mentioned in detail below. These plugins are identified within the framework of our online presence by the respective button belonging to the service. The plugins allow users to share, post or recommend links to the relevant websites on social networks such as Facebook, Twitter, Google+ and Instagram. By your active interaction with these plugins, e.g. by clicking the respective button or leaving a comment, this corresponding information is transmitted directly to the respective service and stored there.

When you visit one of our websites, which contains such an activated plugin, your browser establishes a connection to the servers of the respective service, which in turn transmits the content of the plugin to your browser and integrates it into the displayed page. Thus the information about the visit of our web pages is passed on to the respective service. We do not collect personal data ourselves using the social plugins or about their use and have no influence on which data an activated plugin collects and how these are used by the provider. It must be assumed that at least the IP address and device-related information is recorded and used. It is also possible that the service providers try to save cookies on the computer used. If you are logged in to the respective service simultaneously via your personal user account during your visit to our website (e.g. via another browser session), the service provider can assign the visit to our website to your account.

The usual social media plugins transfer the above-mentioned user data to the respective operator of the social network each time a page is accessed. You do not need to be logged in or a member of the network. In order to prevent the unconscious and unwanted collection and transfer of personal data to the respective service providers, we use a so-called "2-click solution" on our websites: In order to activate a desired plug-in, it must first be activated by clicking on the corresponding button. Only this activation of the plugin triggers the collection of information and its transmission to the service provider. Without activating the plugins, which only happens at your own request, you can therefore surf our web pages in compliance with data protection regulations without transmitting personal data to the operators of social networks.

The usual social media plugins transfer the above-mentioned user data to the respective operator of the social network each time a page is accessed. You do not need to be logged in or a member of the network. However, in order to prevent such unconscious and unintentional collection and transfer of personal data to the respective service providers, we use the so-called "Shariff solution" on our websites to protect your personal data: The respective social plug-in is only activated by clicking on the corresponding button and the collection of information and its transfer to the service provider is only triggered by clicking on the button. In doing so, we take into account the data protection interests of our visitors as far as possible in accordance with the current state of the art. So users can post our content on social networks without getting full information about their surfing behavior. The "Shariff Project" is an initiative of the computer magazine c't (www.ct.de). Further information and technical details on the "c't Shariff Project" can be found under the following link: http://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html

The legal basis for this data processing is that of Art. 6 para. 1 lit. a GDPR (which allows data processing on the basis of your consent).

6.6.1. Data protection provisions about the application and use of Facebook

On this website, the controller has integrated components of the enterprise Facebook. Facebook is a social network.

The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, United States. If a person lives outside of the United States or Canada, the controller is the Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

With each call-up to one of the individual pages of this Internet website, which is operated by the controller and into which a Facebook component (Facebook plug-ins) was integrated, the web browser on the information technology system of the data subject is automatically prompted to download display of the corresponding Facebook component from Facebook through the Facebook component. An overview of all the Facebook Plug-ins may be accessed under https://developers.facebook.com/docs/plugins/.

When you activate the plugin, it establishes a connection between your browser and the Facebook server. Facebook receives the information that you have visited our site with your IP address and can thus assign your visit to our web pages to your Facebook user account, especially if you are logged in at the same time as your Facebook user account.

We do not collect personally identifiable information through the plugins or their use and have no control over what information an activated plugin collects and how it is used by Facebook. Which personal data is processed in addition to the above-mentioned information may depend on the settings you have chosen within your Facebook profile. Please see Facebook's Privacy Policy for more information: https://de-de.facebook.com/about/privacy/ and https://www.facebook.com/legal/terms/

6.6.2. Data protection provisions about the application and use of Twitter

On this website, the controller has integrated components of Twitter. Twitter is a multilingual, publicly-accessible microblogging service. The operating company of Twitter is Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, UNITED STATES.

If you activate the plugin, a connection is established between your browser and the Twitter server. Twitter receives the information that you have visited our site with your IP address and can thus assign your visit to our websites to your Twitter user account, especially if you are logged in at the same time as your Twitter user account.

By using the implemented features of Twitter, your browser connects to the Twitter server and the websites you visit are linked to your Twitter account and made known to other users. Personal data is also transmitted to Twitter. We do not collect personal data ourselves using the plugins or about their use and have no influence on which data an activated plugin collects and how it is used by Twitter. Which personal data is processed beyond the above-mentioned information may depend on the settings you have chosen within your Twitter profile. Please refer to the Twitter privacy policy: https://twitter.com/privacy.

6.6.3. Data protection provisions about the application and use of Google+

On this website, the controller has integrated the Google+ button as a component. The operating company of Google+ is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, UNITED STATES.

When you activate the plugin, it connects your browser to the Google server. Google receives the information that you have visited our site with your IP address and can thus assign your visit to our website to your Google+ user account, especially if you are logged in at the same time as your Google+ user account.

The Google+ button allows you to share information from our web pages within your network in Google+. In these operations, Google stores the information that you gave +1 for a content as well as information about the page on which you clicked. These interactions, along with other information from your Google+ profile, such as your profile name and photo, may be visible to other users on Google services, such as search results or your Google profile, or elsewhere on websites and ads on the Internet.

Google stores information about your +1 interactions to improve Google services for you and others. Your Google profile may be visible to other users who know your email address or have other identifying information about you. Google may also compile and publish statistics on users' +1 interactions or share them with users and partners, such as publishers, advertisers or related websites.

We do not collect personal data ourselves using the plugins or about their use and have no influence on which data an activated plugin collects and how it is used by Google. Which personal data is processed beyond the above information may depend on the settings you have chosen within your Google+ profile. Please refer to Google's privacy policy: http://www.google.com/intl/de/+/policy/+1button.html.

6.6.4. Data protection provisions about the application and use of Xing

The "XING Share Button" is used on this website. The operating company of XING is XING SE, Dammtorstraße 30, 20354 Hamburg, Germany.

If you activate the plugin, a connection is established between your browser and the XING server via which the "XING Share Button" functions (in particular the calculation/display of the counter value) are performed.

We have no knowledge of the type and extent of the data transmitted. According to Xing, this applies to the following: XING states that it does not store any personal data about you when you access this website. In particular, XING does not store any IP addresses. There is also no evaluation of your usage behaviour via the use of cookies in connection with the "XING Share Button".

However, we would like to point out that these notes are based on information provided by XING. We cannot check whether these are true. The official data protection information on the "XING Share Button" and additional information can be found on this website: https://www.xing.com/app/share?op=data_protection.

6.6.5. Data protection provisions about the application and use of LinkedIn

The controller has integrated components of the LinkedIn Corporation on this website. The operating company of LinkedIn is LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, UNITED STATES. For privacy matters outside of the UNITED STATES LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland, is responsible.

You can recognize the LinkedIn plugins by the LinkedIn logo or the "Share" button on this website.

If you activate the plugin, a direct connection between your browser and the LinkedIn server is established via this. LinkedIn receives the information that you have visited this website with your IP address. If you click the LinkedIn "Share-Button" while logged into your LinkedIn account, you can link the contents of this website on your LinkedIn profile. This allows LinkedIn to associate your visit to this website with your user account. We would like to point out that we, as the provider of the pages, are not aware of the content of the transmitted data or its use by LinkedIn.

Details on data collection (purpose, scope, further processing, use) as well as your rights and setting options can be found in LinkedIn's official data protection information. You can find these notes at http://www.linkedin.com/static?key=privacy_policy&trk=hb_ft_priv.

6.6.6. Data protection provisions about the application and use of YouTube

On this website, the controller has integrated components of YouTube. The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, UNITED STATES. The YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, UNITED STATES.

If you visit one of our pages equipped with a YouTube plugin, a connection to the YouTube servers is established. The YouTube server is informed which of our pages you have visited.

If you are logged into your YouTube account, you allow YouTube to associate your surfing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.

The use of YouTube is in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

For more information on how we handle user data, please see YouTube's privacy policy at: https://www.google.de/intl/de/policies/privacy.

6.7. Google Maps

Within our websites we may use the map service Google Maps via an API. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

To use the functions of Google Maps it is necessary to save your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.

The use of Google Maps is in the interest of an appealing representation of our online offers and at an easy findability of the places indicated by us on the website. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO.

You can find more information on the handling of user data in Google's data protection declaration: https://www.google.de/intl/de/policies/privacy/.

6.8. Server-Log files

Your visit to our websites is automatically logged by our web servers.

In connection with the retrieval of the information requested by you from our web services, data for the provision of our various services or for evaluation and security purposes are collected and, if necessary, stored in anonymous form (without personal reference). The web servers we use automatically store data about the retrieval of our web services in so-called server log files. This is the following data:

  • IP address
  • Referrer URL (the page from which you are visiting us)
  • Time of the server request
  • Host name of the accessing device (the name of your Internet service provider)
  • Browser type and browser version
  • the operating system used and its settings

The processing of the above mentioned data is done for security purposes, for general fraud prevention and as a precaution against attacks on our web services. This data is not automatically combined with data from other data sources.

If your IP address is also automatically logged, it will be automatically deleted after 7 days at the latest.

Furthermore, only general information is recorded, e.g. when which content is called up from our offer or which pages are visited most frequently, the names of the requested files as well as their retrieval date and time. These data are evaluated for the improvement of our offer and do not allow any conclusions about your person.

We will not use this information for any other purpose.

The legal basis for data processing is Art. 6 para. 1 lit. f GDPR, which permits the processing of data to protect the data controller's legitimate interests.

7. Period for which the personal data will be stored

We only store personal data that you provide us for as long as it is needed to fulfil the purposes for which this data was provided or as long as this is required by law:

  • If you conclude contracts with us, we store and process your personal data for the duration of your contractual relationship and also for the fulfilment of post-contractual obligations and matters and for the duration of the statutory retention periods (maximum 10 years);
  • If you apply through us for vacant positions with us, we will delete your application data at the latest 180 days after completion of the application procedure, unless you have given us your consent to permanently store your data for future job vacancies;
  • If you send us an inquiry, we process your personal data for the duration of processing your inquiry.

When we no longer need your personal data, we delete it from our systems and records or make it anonymous so that you can no longer be identified.

We may retain certain personal information in order to comply with our legal and regulatory obligations and to enable us to administer our rights (e.g. to enforce our claims in court), or for statistical purposes (in anonymous form).

8. Data Security

For a secure transmission of your personal data we use a so-called SSL encryption. According to the current state of knowledge, this form of transmission is recognised as a secure form of data transmission. We make every effort to take technical and organisational security measures to protect your personal data against unintentional or unlawful deletion, alteration or loss and against unauthorised disclosure or access. Our employees are accordingly bound to secrecy and data protection.

In order to prevent the loss or misuse of data stored by us, we take extensive technical and organisational security precautions which are regularly checked and adapted to technological progress. Insofar as it is within our sphere of influence, we use modern encryption techniques and a large number of other measures in particular to prevent unauthorised access by third parties. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL or TLS encryption exists, the data you exchange with us cannot be read by third parties.

However, we would like to point out that due to the structure of the Internet, it is possible that the rules of data protection and the above-mentioned security measures may not be observed by other persons or institutions for which we are not responsible. In particular, unencrypted data can be read by third parties - even if this is done by e-mail. We have no technical influence on this. In such cases, it is the responsibility of the user to protect the data provided by him against misuse by encryption or in any other way.

9. Transmission of data

If these cases are not listed in this privacy statement, we will not sell or market your personal data to third parties or pass them on for any other reason.

In addition to the other cases mentioned in this data protection declaration, your personal data will only be passed on without your express prior consent in the following cases:

  • If it is necessary for the clarification of an illegal or abusive of our web pages or for the prosecution, personal data are passed on to the prosecution authorities as well as if necessary to damaged third parties. However, this only happens if there are concrete indications of illegal or abusive behaviour. We are also legally obliged to provide information to certain public authorities upon request. These are law enforcement authorities, authorities that prosecute fined offences and the tax authorities.
  • A disclosure to third parties bound to professional secrecy can take place if this is necessary to enforce the contractual conditions or other agreements as well as our claims arising from contracts that you have concluded with us.

The legal basis for data transmission is Art. 6 para. 1 lit. b GDPR, which permits the processing of data in order to fulfil a contract or pre-contractual measures and Art. 6 para. 1 lit. f GDPR, which permits the processing of data in order to safeguard the data controller's legitimate interests.

As our business develops, the structure of our company may change as its legal form changes, subsidiaries, parts of companies or components are established, purchased or sold. In such transactions, customer information will be shared with the part of the company to be transferred with your consent. Whenever personal data is passed on to third parties to the extent described above, we will ensure that it is used in accordance with this data protection declaration and the relevant data protection laws and ask you for your consent.

However, your personal data can also be processed on our behalf by our reliable, external service providers ("contract processors").

We rely on reliable, external service providers who conduct a number of business processes on our behalf and only provide them with the information they need to provide the services and we do not require them to use your personal information for any other purpose. We make every effort to ensure that all contractors with whom we work protect your personal data. For example, we can commission the following companies with services for which the processing of your personal data is necessary:

  • The data transmitted in the context of your application will be transmitted via TLS encryption and stored in a database. This database is operated by Personio GmbH, which offers personnel administration and application management software (https://www.personio.de/impressum/). Personio is our contract processor according to Art. 28 GDPR. The basis for the processing is a contract for order processing between us as responsible body and personio.
  • Third parties who support and help us to provide digital and e-commerce services, including CRM, web analytics and search engine and user content maintenance tools;
  • Advertising, marketing, digital and social media agencies to assist us with advertising, marketing and campaign activities, to analyse their effectiveness and to manage your contact requests and questions;
  • Third parties who assist us in providing IT services, including platform providers, hosting services, maintenance and support for our databases, and our software and applications that contain information about you (in some cases, such services simply include access to your data to perform the desired task);

The legal basis for data transmission is Art. 6 para. 1 lit. b GDPR, which permits the processing of data in order to fulfil a contract or pre-contractual measures and Art. 6 para. 1 lit. f GDPR, which permits the processing of data in order to safeguard the data controller's legitimate interests.

We have concluded a contract with all our order processors for order processing in accordance with Art. 28 GDPR and fully implement the strict requirements of the German data protection authorities when using these services.

10. Rights of the data subject

If we process personal data as the data controller, you as the data subject have certain rights under Chapter III of the EU General Data Protection Regulation (GDPR), depending on the legal basis and purpose of the processing, in particular the right of access (Art.15 GDPR), the right to rectification (Art.16 GDPR), the right to erasure (‘right to be forgotten’) (Art. 17 GDPR), the right to restriction of processing (Art. 18 GDPR), the right to data portability (Art. 20 GDPR), the right to object (Art. 21 GDPR). If the processing of personal data is based on your consent, you have the right to revoke this data protection consent in accordance with Art. 7 III GDPR.

If you wish to exercise your above rights, please contact us using the contact details given in the "Responsible Party" section.

Please note that we may require proof of identity and full details of your request before we can process your request.

11. Right of appeal to the competent supervisory authority

In the event of data protection violations on our part, you have a right of appeal to the responsible supervisory authority. The supervisory authority responsible for the activities of KI labs GmbH in data protection issues is the State Commissioner for Data Protection and Freedom of Information in North Rhine-Westphalia (LDI NRW), whose contact data can be found under the following link: https://www.ldi.nrw.de/metanavi_Kontakt/index.php t2.

12. Name and Address of the Data Protection Officer

As required by law, we have appointed a data protection officer for our company:

Mister Stephan Krämer
KINAST Rechtsanwaltsgesellschaft mbH
Hohenzollernring 54
50672 Cologne
Germany
Website: http://www.kinast-partner.de

You can contact our data protection officer via his website at http://www.kinast-partner.de

13. Hyperlinks to other websites

Our website contains so-called hyperlinks to websites of other providers. When these hyperlinks are activated, they are redirected from our website directly to the websites of other providers. With these links to external companies and other third parties, KI labs GmbH is not responsible for the data protection requirements or the content of these websites.

14. Concluding provisions

This data protection declaration can be called up, saved and printed out at any time under the URL https://ki-labs.com/data-protection/ Since changes in the law or changes in our internal processes may make it necessary to adapt this data protection declaration, we ask you to read this data protection declaration regularly.

We reserve the right to adapt this data protection declaration at any time so that it always meets the current legal requirements or to reflect changes in the application procedure or the like. If you visit the recruiting page again or apply again, the new data protection declaration will apply.

Last updated: May 2018