Data Privacy Statement

1. General Remarks

Protecting the individual’s privacy on the Internet is crucial to the future of Internet-based business and the move toward a true Internet economy. ISO Software Systeme GmbH has created this privacy statement to demonstrate our firm commitment to secure and trustworthy Internet commerce and the individual’s right to privacy.

2. Data collection at our website

2.1 How can I reach you if I have questions regarding data privacy? Is there perhaps a concrete person to contact?

2.1.1 Responsible for data processing is:

Data processing at this website is undertaken by the website operator. For the operator’s contact data please refer to the legal notice of this website.

2.1.2 You can reach our data protection officer at:

If you have any questions regarding the processing of your personal data you can call on our group data protection officer who will, together with his team, be available to you also in cases of request for information, suggestions, or complaints.

Contact address:

2.2 Are any of my personal data processed, and if so, how?

ISO is distinctly aware of the importance of your personal data. We take this responsibility seriously and consider it one of our most important tasks to ensure the confidentiality of your data.

With this document we would like to meet our duties to inform in accordance with the General Data Protection Regulation and inform you about what kind of information we are collecting, how we are processing it, and how we are treating it.

Your data are collected at the one hand by you disclosing the same to us. This for example can be data that you enter into a contact form.

Other date are collected by our IT systems automatically during your visit at our website. These are first of all technical data (e.g. Internet browser, operating system, or time of the day of your page view). Collection of such data happens automatically as soon as you enter our website.

2.3 Why are you processing my data?

ISO utilizes your data for the following purposes:

Some data are gathered to guarantee a correct provision of the website. Other data may be used to analyze your user behavior.

2.4 Do I have rights, and if so, what are they?

You are basically entitled to the rights to information by ISO about the personal data relating to you as well as to correction and deletion of data, or limitation of their processing and to revocation against processing as well as to data transferability. For details, please refer to our data privacy statement under the headings “3.3 Data subject rights” and “3.4 Right of objection”.

Is the processing of your data based upon article 6 I, lit. a) of the GDPR, we would like to point out to the fundamental existence of your right to revoke your consent at any time without affecting the rightfulness of processing performed until revocation based on such consent.

Regarding this as well as any other questions on the subject of data protection you may at any time refer to .

When you believe that processing of your data is violating data protection law, or your claims under data protection law have been infringed in any other way, you can appeal to supervisory authority.

2.5 Analytics tools and tools of third-party suppliers

During visiting our website your surf behavior can be statistically evaluated. This happens primarily by cookies and so-called analytics programs. Analyzing of your surf behavior normally takes place in anonymized form; the surf behavior cannot be traced back to your person. You can object against such evaluation, or prevent it by not using certain tools. For details, please refer to our data privacy statement under the headings « 5. Analytics tools and advertisement » and « 6. Plugins and tools”.

You can object against such evaluation. In this data privacy statement we inform you about your ways of revocation.

3. General and mandatory information

3.1 Data protection

ISO as the operator of this website is attaching great importance to the protection of your personal data. We treat your personal data as confidential and in accordance with the applicable data protection legislation and this data privacy statement.

When you use this website various personal data are collected. Personal data are data by which you can be personally identified. The present data privacy statement explains what data we are gathering, and for what we are using them. It also explains how and for what purpose this happens.

Please note that data transmission via the Internet (e.g. communication by e-mail) may exhibit security gaps. Therefore a gapless protection of data against access by third parties is not possible.

3.2 Reference to responsible entity

Contact data you can find under the legal notice to this website.

3.3 Data Subject Rights

You have the right:

  • in accordance with Art. 15 GDPR to request information about your personal data processed by us. In particular, you may request information about the purposes of the processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right of rectification, deletion, limitation of processing or opposition, the existence of a right of appeal, the origin of your data if it has not been collected from us, as well as the existence of an automated decision making process including profiling and, if applicable, meaningful information on its details;
  • in accordance with Art. 16 GDPR to immediately demand the correction of incorrect or incomplete personal data stored by us;
  • in accordance with Art. 17 GDPR to demand the deletion of your personal data stored by us, unless processing is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims;
  • in accordance with Art. 18 GDPR to demand the restriction of the processing of your personal data insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you refuse its deletion and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have lodged an objection against the processing in accordance with Art. 21 GDPR;
  • in accordance with Art. 20 GDPR, to receive your personal data which you have provided to us in a structured, common and machine-readable format or to request transmission to another responsible person;
  • in accordance with Art. 7 Para. 3 GDPR to revoke your consent to us at any time. The consequence of this is that we may not continue the data processing based on this consent for the future, and
  • in accordance with Art. 77 GDPR to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or of our registered office.

3.4 Right of objection

If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 Para. 1 lit. f) GDPR, you have the right, in accordance with Art. 21 GDPR, to object to the processing of your personal data if there are reasons for doing so which arise from your particular situation or which are directed against direct advertising. In the latter case, you have a general right of objection, which will be implemented by us without stating a particular situation. If you wish to make use of your right of revocation or objection, simply send an e-mail to

3.5 Right to data transferability

You have the right to have data we are processing automated on the basis of your consent or in performance of a contract delivered to you or to a third party in an established machine-readable format. Insofar as you require direct transmission of data to another responsible entity it will happen only as far as it is technically feasible.

3.6 Information, correction, deletion, limitation, revocation

Within the scope of the applicable statutory regulations you have at any time the right to information free of charge about your stored personal data, their origin and recipient, and the purpose of data processing etc. and – as the case may be – a right to correction, deletion, limitation of such data as well as to revocation.

Regarding this as well as any other questions on the subject of data protection you may at any time refer to .

3.7 Objection against advertisement e-mails

The utilization of contact data published within the scope of the general information requirements of the e-commerce regulations for sending of not expressly requested advertisement and information materials is herewith opted out. ISO expressly reserves the right to take legal action in case of advertisement information, perhaps by spam e-mails received.

4. Data collection at our website

4.1 Cookies

Some of the Internet pages use so-called cookies. Cookies do not cause any damage to your computer and do not contain any viruses. Cookies serve the purpose of making our offer more user-friendly, effective, and safer. Cookies are small text files that are stored on your computer and memorized by your browser.

Most of the cookies used by us are so-called “session cookies”. They are automatically deleted after your visit has ended. Other cookies remain stored on your terminal device until you delete them. These cookies enable us to re-recognize your browser at your next visit.

You can set your browser so that you are getting informed about the setting of cookies and so that cookies will be allowed only in the individual case, so that the acceptance of cookies is excluded in certain cases or in general, and so that automated deletion of cookies is activated when the browser is closed. When cookies are deactivated the functionality of this website may be restricted.

Cookies that are required for the performance of the electronic communication process, or for the provision of certain functions wanted by you, are stored on the legal basis of article. 6, section 1, lit. f, GDPR. The website operator has a rightful interest in the storage of cookies for the technically faultless and optimized provision of its services. As far as other cookies (e.g. cookies for analyzing your surf behavior) are stored, they will be treated separately in this data privacy statement.

4.2 Server log files

The provider of the pages collects and stores information automatically in so-called server log files, which your browser transmits to us automatically. These are:

  • Browser type and browser version
  • Applied operating system
  • Referrer URL
  • Hostname of the accessing computer
  • Time of the server request
  • IP address

Any merging of these data with other data does not take place.

Legal basis for data processing is article 6, section 1, lit. b, GDPR that allows the processing of data for the performance of a contract or pre-contractual measures.

4.3 Contact form

When you send us inquiries per contact form your information provided via the contact form including your contact data you stated there are stored by us for the purpose of processing your inquiry and for the event of follow-up questions. We will not disclose such date without your consent.

Therefore processing of data entered into the contact form takes place exclusively on the basis of your consent (article 6, section 1, lit. a, GDPR). You can revoke such consent at any time. For this purpose an informal note per e-mail to us will be sufficient. The rightfulness of data processing operations performed until revocation remains unaffected by the revocation.

The data you entered into the contact form remain with us until you request us to delete the same, revoke your consent to the storage, or the purpose of data storage is no longer required (e.g. after completion of processing your inquiry). Statutory legal requirements – particularly retention periods – remain unaffected.

4.4 Processing of customer and contract data

We collect, process, and use personal data only insofar as they are required for the creation, arrangement of contents, or change of the legal relationship (inventory data). This happens on the basis of article 6, section 1, lit. b, GDPR, that allows the processing of data for the performance of a contract or pre-contractual measures. We collect, process, and use personal data about the utilization of our Internet pages (usage data) only as far as it is necessary to enable the user to utilize the service and to invoice the user.

Collected customer data will be deleted after completion of the order, or upon termination of the business relationship. Legal retention periods remain unaffected.

4.5 Logon and SupportDB

User logon: Enter your e-mail address and your password to log on.

SupportDB: The system for collection and pursuit of change requests.

5. Analytics tools and advertisement

5.1 Google Analytics

This website uses functions of the web analyzer service Google Analytics. Provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics uses so-called “cookies”. These are text files that are stored on your computer that enable to analyze the utilization of the website by you. Information about the use of this website generated by the cookie are normally transferred to a server at Google in the USA and stored there.

Storage of Google Analytics cookies takes place on the basis of article 6, section 1, lit. f, GDPR. The website operator has a rightful interest in analyzing the user behavior in order to optimize its web offer as well as its advertisement.

Browser plugin:
You can prevent the storage of cookies by corresponding settings of your browser software. However we would like to point out that in that case you will possibly not be able to use all functions of our website to the full extent. In addition you can prevent the collection of data relating to your usage of the website (including your IP address) generated by the cookie and the processing of such data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

Objection against data collection:
You can prevent the collection of your data by Google Analytics by clicking at the following link. An opt-out cookie is set that prevents the collection of your data during future visits of this website: Deactivate Google Analytics.

More information on the handling of user data at Google Analytics you will find in the data privacy statement of Google: https://support.google.com/analytics/answer/6004245?hl=en.

Demographic characteristics at Google Analytics:
This website uses the function “demographic characteristics” of Google Analytics. Thereby reports can be generated that include statements on age, sex, and interests of the page visitors. Such data arise from interest-related advertisement of Google as well as from visitors’ data of third-party providers. The data cannot be allocated to a particular person. You can deactivate this function at any time via the advertisement settings in your Google account, or prohibit the collection of your data by Google Analytics in general as described under the point “Objection against data collection”.

5.2 HubSpot

When contacting us (per contact form or per e-mail) information provided by the user will be processed to deal with the contact inquiry and the execution of such inquiry in accordance with article 6, section 1, lit. a or b, GDPR.

Information provided by users can be stored in our customer relationship management system and marketing automation platform (“CRM & marketing system”) or in another comparable inquiry organizing system.

We utilize among others the CRM, registration and marketing automation system “HubSpot” by the provider HubSpot Inc. (25 First Street, 2nd Floor, Cambridge, MA 02141, USA) with subsidiaries in Ireland (One Dockland Central, Dublin 1, Ireland) and in Germany (Unter den Linden 26, 10117 Berlin) on the basis of a consent by the recipient according to article 6, section 1, lit. a, GDPR, or in the course of performance of pre-contractual measures upon request by the data subject according to article 6, section 1, lit. b, GDPR, respectively. For that purpose, we have entered into a contract with HubSpot that includes so-called standard contract clauses under which HubSpot commit themselves to the processing of user data only in compliance with our instructions and the adherence to the EU data protection level. HubSpot is furthermore certified under the privacy shield agreement and thereby is providing an additional guarantee to adhere to the European data protection law (https://www.privacyshield.gov/list). Further information on the HubSpot privacy policy you will find at: https://legal.hubspot.com/de/privacy-policy

Our registration service enables users of our website to learn more about our company, to download contents, and to provide their contact information as well as other demographic information. Such information is stored on the servers of our software partner HubSpot. These data can be used by us to get in contact with visitors of our website and to determine what services of our company are of interest to them. All information gathered by us is subject to the data protection regulations. We use all gathered information exclusively for the optimization of our marketing.

We delete inquiries if they are no longer necessary. Inquiries by customers having a customer account with us are stored permanently and for deletion we refer to the particulars on the processing of customer and contract data under 4.4. In the case of compulsory archiving deletion takes place upon its expiry (legal retention period under commercial law ending after 6 years, and under fiscal law after 10 years).

HubSpot uses so-called “cookies”. These are text files that are stored on your computer and are used on the one hand to enable analyzing your behaviour on our website, on the other hand to provide extended functionality and personalization such as for videos for example. Such information generated by cookies is transferred to a server at HubSpot in the USA and is stored there.

The storage of HubSpot cookies takes place on the basis of article 6, section 1, lit. f, GDPR. The website operator has a rightful interest in analyzing the user’s behaviour as well as in providing extended functionality and personalization in order to optimize its website and also its advertisement.

Browser plugin:
You can prevent the storage of cookies by corresponding settings of your browser software. However, we have to point out that in such case you may not be able to use all functions of this website to the full extent.

5.3 Other cookies

At our website we also use our own cookies (the functionality corresponds to the one described under 4.1 and 5.1), which are also serving the purpose of analyzing your user behavior at the website. A data transmission to third countries or international organizations however does not take place.

That process starts at first with the anonymous capture of your user behavior and serves for the later allocatibility to your person and prepares the later collection and use of such data. As soon as you have filled in a contact form with us and declared your consent to “being contacted by staff members of the-Group regarding IT products and services per e-mail”, the system interlinks the data collected in the cookie with the personal data you have manually transmitted.

Once you have registered at our website the movement profiles will be stored and the respective sales organization receives a message telling that you are currently informing yourself at our website.

Storage of our cookies takes place on the basis of article 6, section 1, lit. f, GDPR. The website operator has a rightful interest in analyzing the user behavior in order to optimize its customer advice.

Browser plugin:
You can prevent the storage of cookies by corresponding settings of your browser software. However we would like to point out that in this way an optimum customer advise cannot be provided.

6. Facebook-Fanpage

Our Facebook-Fanpage uses functions of “Facebook Insight”, that allows us to obtain anonymized statistical data regarding the visitors of our page. Provider is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.

ISO can request -in particular- demographic information from Facebook. Thereby reports can be generated that include statements on age, sex, lifestyle and interests and geographic information of the page visitors.

To collect this information Facebook uses so-called “cookies”. Cookies are small pieces of text used to store information on web browsers. Cookies are used to store and receive identifiers and other information on computers, phones, and other devices. So every cookie contains a specific user´s code. This code that can be connected with login credentials of Facebook users, is collected and processed that moment you visit our fanpage.

Facebook uses those cookies if you have a Facebook account, use the Facebook Products, including our website and apps, or visit other websites and apps that use the Facebook Products (including the Like button or other Facebook Technologies). Cookies enable Facebook to offer the Facebook Products to you and to understand the information they receive about you, including information about your use of other websites and apps, whether or not you are registered or logged in.

Storage of Facebook-Cookies takes place on the basis of article 6, section 1, lit. f, GDPR. The website operator has a rightful interest in analyzing the user behavior in order to optimize its web offer as well as its advertisement.

You can possibly prevent the storage of cookies by corresponding settings in your Facebook Account or other applications. However we would like to point out that in that case you will possibly not be able to use all functions of our website to the full extent. In addition you can possibly prevent the collection of data relating to your usage of the website (including your IP address) generated by the cookie and the processing of such data by Facebook.

This information about how you can control Facebook´s use of cookies to show you ads, you can find in the Data Policy of Facebook with the following link: https://www.facebook.com/policies/cookies/

7. Is ISO at all allowed to do that, and what are the consequences?

Data processing takes place on the basis of the statutory regulations, primarily of article 6, section 1, lit. a) (= consent) and/or of article 6 I, lit. b) (= performance of a contract concluded with you, or performance of pre-contractual measures at request), article 6, section 1, lit. c) (= compliance with a legal obligation), or lit. f) (= prevailing rightful interest of ISO) of the GDPR. The legal basis for the respective processing of your data is mainly determined as follows:

  • Consent on your part to the processing of the relevant data for the purposes mentioned under 2.3 As far as no consent by you is on hand:
  • Necessity of processing for the performance of legal obligations (in particular legal minimum retention periods)
  • Necessity of data processing for the performance of contract conclusions described under item 4.4 and/or for the performance of pre-contractual measures taking place in consequence of your inquiry, as well as
  • After termination of the contractual relationships: Necessity of processing for the protection of the rightful interests of ISO
    • For the supervision of post-contractual rights and duties resulting from the terminated contractual relationship, and
    • For the maintenance of the contract history for possible future business relationships with the respective entities. In that case personal data will only be processed restricted to your official functions at the respective entity
    In both of these cases the interests of ISO are prevailing over your interests or fundamental rights and fundamental freedoms requiring the protection of personal data.

7.1 What types of my personal data are you processing?

Affected groups of persons

Contractual partners, persons to contact, and other persons required for the initiation and processing of contracts, particularly at

  • Customers, typically contact persons
  • Interested parties
  • Suppliers
  • Partners
  • Subcontractors

Categories of personal data

Regarding user logon:

  • E-mail
  • Password

Regarding registering for ISO-News (newsletter), additionally:

  • Sex (salutation)
  • First name and surname
  • Phone number
  • Interests for product segments

Regarding contact, additionally:

  • Company name
  • Country
  • Rights and duties resulting from the existence and termination of contractual relationships (as far as contractual partner is a natural person)
  • Other personal data, which you are providing to us (e.g. via the window “messages”)

Regarding SupportDB:

  • Company abbreviations
  • Employee abbreviations
  • Password
  • Language

Other data categories processed in analytics tools and third-party modules are directly disclosed in the context of the respective headlines of this data privacy statement.

7.2 Do you pass on such data to others?

Your data will be forwarded to the sales department for the purpose of sales (internally), and can be passed on to other member companies of the ISO Group for the purpose of centralized administration, as long as they have their registered office within the European Union and therefore, are subject to the same provisions under data protection law as our corporation.

Such groups of recipients are bound to treat those data in accordance with the pertinent data protection laws.

7.3 For how long will you be processing my data?

As far as legal minimum periods for the retention of certain data categories exist, deletion will not take place until the respective periods have elapsed at the earliest.

As far as the processing takes place within the scope of a contractual relationship, deletion will take place upon expiration of the limitation period regulated under § 199, German Civil Code (BGB), calculated from the day of termination of the respective contractual relationship. Notwithstanding the aforesaid deletion will take place upon expiration of the limitation period regulated under § 197, calculated from the day of termination of the respective contractual relationship as far as personal data are processed limited to official functions only at an entity mentioned under chapter 8.1.

As far as data processing takes place exclusively on the basis of your consent, data will be deleted insofar as you revoke your consent towards us.

Duty to Inform in Terms of Data Protection Law

Processing – External, ISO Professional Services GmbH

1. Are any of my personal data processed, and if so, how?

ISO is distinctly aware of the importance of your personal data. We take this responsibility seriously and consider it one of our most important tasks to ensure the confidentiality of your data.

With this document we would like to meet our duties to inform in accordance with the General Data Protection Regulation and inform you about what kind of information we are collecting, how we are processing it, and how we are treating it.

2. Why are you processing my data?

ISO utilizes your data for the purposes of

  • Communication
  • Initiation and performance of contractual relationships with the entities mentioned in chapter 4 in conformity with the law

In each case only to the necessary extent.

3. Is ISO allowed to do that at all?

Data processing takes place on the basis of the statutory regulations, primarily of article 6, section 1, lit. a) (= consent) and/or of article 6 I, lit. b) (= performance of a contract concluded with you), article 6, section 1, lit. c) (= compliance with a legal obligation), or lit. f) (= prevailing rightful interest of ISO) of the GDPR. The legal basis for the respective processing of your data is mainly determined as follows:

  • Consent on your part to the processing of the relevant data for the purposes mentioned under 2. As far as no consent by you is on hand:
  • Necessity of processing for the performance of legal obligations (in particular legal minimum retention periods)
  • Necessity of data processing for the performance of contracts concluded with entities mentioned under item 4 respectively for the performance of pre-contractual measures taking place in consequence of your inquiry, as well as
  • After termination of the contractual relationships: Necessity of processing for the protection of the rightful interests of ISO
    • For the supervision of post-contractual rights and duties resulting from the terminated contractual relationship, and
    • For the maintenance of the contract history for possible future business relationships with the respective entities. In that case personal data will only be processed restricted to your official functions at the respective entity
    In both of these cases the interests of ISO are prevailing over your interests or fundamental rights and fundamental freedoms requiring the protection of personal data.

4. What types of my personal data are you processing?

Affected groups of persons

Contractual partners, persons to contact, and other persons required for the initiation and processing of contracts, particularly at

  • Customers
  • Interested parties
  • Suppliers
  • Partners
  • Subcontractors

Categories of personal data

  • First name and surname (including signature)
  • Contact data (place of work as well as office phone number and office e-mail addresses)
  • Job designation
  • Rights and duties resulting from the existence and termination of contractual relationships (if contractual partner is a natural person)
  • Other personal data you have made available to us
  • Other personal data that are available about you in publically accessible social networks and from other public sources

5. Do you pass on such data to others?

Your data can be passed on to other member companies of the ISO Group for the purpose of centralized administration, as long as they have their registered office within the European Union and therefore, are subject to the same provisions under data protection law as our corporation.

Customers and interested parties receive data regarding your person as a potential subcontractor (or contact person, or other person required for the initiation and processing of contracts at the subcontractor), to which a contractual relationship is initiated that includes some previous communication, or which is concluded.

Partner companies will receive data regarding you as a subcontractor that are required for the performance of obligations to partners (e.g. time tracking data).

Such groups of recipients are bound to treat those data in accordance with the pertinent data protection laws.

6. For how long will you be processing my data?

As far as legal minimum periods for the retention of certain data categories exist, deletion of data will not take place until the respective periods have elapsed at the earliest.

As far as the processing takes place within the scope of a contractual relationship, deletion will take place upon expiration of the limitation period regulated under § 199, German Civil Code (BGB), calculated from the day of termination of the respective contractual relationship. Notwithstanding the aforesaid deletion will take place upon expiration of the limitation period regulated under § 197, calculated from the day of termination of the respective contractual relationship as far as personal data are processed limited to official functions only at an entity mentioned under chapter 4.

As far as data processing takes place exclusively on the basis of your consent, data will be deleted insofar as you revoke your consent towards us.

7. From where did you actually get my data?

As far as the data are not provided by yourself, we obtain these either from public sources (e.g. XING, Facebook, Linkedin, Twitter), or the data are provided to us by third parties.

As far as we obtain your data from public sources, or receive them from third parties, we will inform you about the concrete source in the course of the initial contact at the latest.

8. Do I have rights, and if so, what are they?

8.1 Data Subject Rights

You have the right:

  • in accordance with Art. 15 GDPR to request information about your personal data processed by us. In particular, you may request information about the purposes of the processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right of rectification, deletion, limitation of processing or opposition, the existence of a right of appeal, the origin of your data if it has not been collected from us, as well as the existence of an automated decision making process including profiling and, if applicable, meaningful information on its details;
  • in accordance with Art. 16 GDPR to immediately demand the correction of incorrect or incomplete personal data stored by us;
  • in accordance with Art. 17 GDPR to demand the deletion of your personal data stored by us, unless processing is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims;
  • in accordance with Art. 18 GDPR to demand the restriction of the processing of your personal data insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you refuse its deletion and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have lodged an objection against the processing in accordance with Art. 21 GDPR;
  • in accordance with Art. 20 GDPR, to receive your personal data which you have provided to us in a structured, common and machine-readable format or to request transmission to another responsible person;
  • in accordance with Art. 7 Para. 3 GDPR to revoke your consent to us at any time. The consequence of this is that we may not continue the data processing based on this consent for the future, and
  • in accordance with Art. 77 GDPR to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or of our registered office.

8.2 Right of objection

If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 Para. 1 lit. f) GDPR, you have the right, in accordance with Art. 21 GDPR, to object to the processing of your personal data if there are reasons for doing so which arise from your particular situation or which are directed against direct advertising. In the latter case, you have a general right of objection, which will be implemented by us without stating a particular situation. If you wish to make use of your right of revocation or objection, simply send an e-mail to

9. How can I reach you if I have questions regarding data privacy? Is there perhaps a concrete person to contact?

9.1 Responsible for data processing is:

ISO Professional Services GmbH

Eichendorffstraße 33
90491 Nuremberg / Germany

Legal representative: Harald Goeb

Phone.: +49 911 – 99 594-0
Fax: +49 911 – 99 594-129

9.2 You can reach our data protection officer at:

If you have any questions regarding the processing of your personal data you can call on our group data protection officer who will, together with his team, be available to you also in cases of request for information, suggestions, or complaints.

Contact address:

Duty to Inform in Terms of Data Protection Law

Processing – Job Applicants, ISO Professional Services GmbH

1. Are any of my personal data processed, and if so, how?

ISO is distinctly aware of the importance of your personal data. We take this responsibility seriously and consider it one of our most important tasks to ensure the confidentiality of your data.

With this document we would like to meet our duties to inform in accordance with the General Data Protection Regulation and inform you about what kind of information we are collecting, how we are processing it, and how we are treating it.

2. Why are you processing my data?

ISO utilizes your data for the purposes of

  • Communication
  • Initiation of employment relationships in conformity with the law

In each case only to the necessary extent.

3. Is ISO allowed to do that at all?

Data processing takes place on the basis of the statutory regulations, primarily of article 6, section 1, lit. a) (= consent) and/or of article 6 I, lit. b) (= performance of pre-contractual measures at request), The legal basis for the respective processing of your data is mainly determined as follows:

  • Consent on your part to the processing of the relevant data for the purposes mentioned under 2. As far as no consent by you is on hand:
  • Necessity of data processing for the performance of pre-contractual measures taking place in consequence of your inquiry
  • After termination of the respective application procedure by negative reply: Necessity of processing for the protection of the rightful interests of ISO (= Storage for the handling of possibly asserted claims of the affected persons based on the General Equal Treatment Act (AGG). or other regulations). In this case the interests of ISO are prevailing over the interests or fundamental rights and fundamental freedoms of the affected persons requiring the protection of personal data.

4. What types of my personal data are you processing?

Affected groups of persons

Job applicants / persons suitable for the job

Categories of personal data

  • First name and surname (including signature)
  • Passport photograph
  • Contact data (private and office address, private and office phone numbers, private and office e-mail addresses)
  • Job designation
  • Nationality and residence title
  • Data concerning severely disabled property
  • Date of birth, place of birth
  • School graduation, education, title
  • Family status
  • Confession
  • Driver’s license
  • Type and period of further education
  • Project-related activities
  • Other personal data, as for example consultant’s profiles, self-assessments, certificates, references, etc.
  • Other information from application papers, such as cover letter, CV, and application-relevant evidences as, for example certificates, etc.

5. Do you pass on such data to others?

  • Department in question where the respective vacancy is to be filled
  • When job activity is designated to be at one of our customers, the customer receives data concerning job applicants / persons suitable for the job in order to be able to assess the aptitude for the intended position.

Such groups of recipients are bound to treat those data in accordance with the pertinent data protection laws.

6. For how long will you be processing my data?

Deletion takes place after 6 months have elapsed, calculated from the time of termination of the respective application procedure / staffing procedure by negative reply.

As far as data processing takes place exclusively on the basis of your consent, data will be deleted insofar as you revoke your consent towards us.

7. From where did you actually get my data?

As far as the data are not provided by yourself, we obtain these either from public sources (e.g. XING, Facebook, Linkedin, Twitter), or the data are provided to us by third parties.

As far as we obtain your data from public sources, or receive them from third parties, we will inform you about the concrete source in the course of the initial contact at the latest.

8. Do I have rights, and if so, what are they?

8.1 Data Subject Rights

You have the right:

  • in accordance with Art. 15 GDPR to request information about your personal data processed by us. In particular, you may request information about the purposes of the processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right of rectification, deletion, limitation of processing or opposition, the existence of a right of appeal, the origin of your data if it has not been collected from us, as well as the existence of an automated decision making process including profiling and, if applicable, meaningful information on its details;
  • in accordance with Art. 16 GDPR to immediately demand the correction of incorrect or incomplete personal data stored by us;
  • in accordance with Art. 17 GDPR to demand the deletion of your personal data stored by us, unless processing is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims;
  • in accordance with Art. 18 GDPR to demand the restriction of the processing of your personal data insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you refuse its deletion and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have lodged an objection against the processing in accordance with Art. 21 GDPR;
  • in accordance with Art. 20 GDPR, to receive your personal data which you have provided to us in a structured, common and machine-readable format or to request transmission to another responsible person;
  • in accordance with Art. 7 Para. 3 GDPR to revoke your consent to us at any time. The consequence of this is that we may not continue the data processing based on this consent for the future, and
  • in accordance with Art. 77 GDPR to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or of our registered office.

8.2 Right of objection

If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 Para. 1 lit. f) GDPR, you have the right, in accordance with Art. 21 GDPR, to object to the processing of your personal data if there are reasons for doing so which arise from your particular situation or which are directed against direct advertising. In the latter case, you have a general right of objection, which will be implemented by us without stating a particular situation. If you wish to make use of your right of revocation or objection, simply send an e-mail to

9. How can I reach you if I have questions regarding data privacy? Is there perhaps a concrete person to contact?

9.1 Responsible for data processing is:

ISO Professional Services GmbH

Eichendorffstraße 33
90491 Nuremberg / Germany

Legal representative: Harald Goeb

Phone: +49 911 – 99 594-0
Fax: +49 911 – 99 594-129

9.2 You can reach our data protection officer at:

If you have any questions regarding the processing of your personal data you can call on our group data protection officer who will, together with his team, be available to you also in cases of request for information, suggestions, or complaints.

Contact address:

Retour en haut