ista has been a member of the German Society for Data Protection and Data Security (Gesellschaft für Datenschutz und Datensicherung e.V.(GDD)) since February 2002.
ista complies with the legal data protection regulations and does everything to keep your and your customer’s/tenant‘s data confidential. All personal data is collected, processed and used in accordance with the provisions of the General Data Protection Regulation (GDPR) and only for the purposes of contract processing, fulfilment of legal obligations or for safeguarding our own legitimate business interests with regard to the advice and support of the customers as well as the demand-oriented product design.
All service providers of ista dealing with the processing of personal data also comply with the provisions of the GDPR in accordance with Art. 28 GDPR. Compliance is monitored by our data protection officer.
Each time a user accesses the ista website and each time a file is accessed, data about that activity is stored in a log file. These data are not related to a person; so ista cannot trace back which user has retrieved which data.
In detail, the following data record is saved for each call:
Personal user profiles cannot be created.
The above-mentioned data are evaluated for statistical purposes only.
Personal data will only be collected if you give it to ista on your own - for example, when registering for a survey or conducting a contract. A transmission of your data to third parties does not take place, unless ista is legally obliged to do so. Insofar as external service providers come into contact with your personal data, ista has ensured that they comply with the provisions of data protection laws through legal, technical and organizational measures as well as regular checks.
Cookies:
ista uses so-called cookies on the ista website to recognize multiple use of the offer by the same user/internet connection owner. Cookies are small text files that your internet browser stores on your computer. They serve to optimize ista's internet presence and offers. The cookies are usually so-called "session cookies", which are deleted after the end of your visit.
In some cases, however, these cookies provide information in order to automatically recognize you. This recognition is based on the ID stored in the cookies. The information obtained in this way serves to optimize ista's offers and to make it easier for you to access the ista website.
You may refuse the use of cookies by selecting the appropriate settings in your browser; however, ista points out that in this case you may not be able to use the full functionality of the ista website.
We use the analysis software Piwik PRO Analytics Suite (piwikpro.de) to analyse and optimise this website. The data collected with this software can be used to create user profiles under a pseudonym.
Data processing purposes
This list contains the purposes for which data are collected and processed. Consent is valid only for the purposes specified. The data collected cannot be used or stored for purposes other than those listed below.
Technologies used
Data collected
This list contains all (personal) data that are collected during or through the use of the service.
Legal basis
The required legal basis for the processing of data is listed in the following:
Location of processing
Retention period
The retention period is the period of time during which the data collected are stored for processing. The data must be deleted as soon as they are no longer needed for the stated processing purposes. The data are stored for up to 25 months.
Data recipient
Data protection officer of the processing company
Below you will find the email address of the data protection officer of the processing company.
gdpr@piwik.pro
Consent to the collection and storage of data can be withdrawn at any time with immediate future effect.
Click here to read the privacy policy of the data processor https://piwik.pro/privacy-policy/
Click here to withdraw consent on all domains of the data processing company https://piwik.pro/opt-out/
This is a tag management system. Via Google Tag Manager, tags can be integrated centrally via a user interface. Tags are small sections of code that can track activities. Script codes of other tools are integrated via the Google Tag Manager. The Tag Manager allows to control when a particular tag is triggered.
Processing Company
Google Ireland Limited
Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
Data Protection Officer of Processing Company
Below you can find the email address of the data protection officer of the processing company.
https://support.google.com/policies/contact/general_privacy_form
Data Purposes
This list represents the purposes of the data collection and processing.
Technologies Used
This list represents all technologies this service uses to collect data. Typical technologies are Cookies and Pixels that are placed in the browser.
Data Collected
This list represents all (personal) data that is collected by or through the use of this service.
Legal Basis
In the following the required legal basis for the processing of data is listed.
Location of Processing
This is the primary location where the collected data is being processed. If the data is also processed in other countries, you are informed separately.
Retention Period
The retention period is the time span the collected data is saved for the processing purposes. The data needs to be deleted as soon as it is no longer needed for the stated processing purposes.
Transfer to Third Countries
This service may forward the collected data to a different country. Please note that this service might transfer the data to a country without the required data protection standards. Below you can find a list of countries to which the data is being transferred. For more information regarding safeguards please refer to the provider's privacy policy or contact the provider directly.
Data Recipients
In the following the recipients of the data collected are listed.
Click here to read the privacy policy of the data processor
https://business.safety.google/privacy/?hl=en
Click here to read the cookie policy of the data processor
This website uses the remarketing or "similar target group" function of Google Inc. (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; „Google“).
This feature allows you to view interest-based ads on Google Display Network web pages. For this purpose, a cookie is stored in your browser when you visit a website. This serves to recognize you as a visitor to the website and to determine visits and usage data.
According to Google's own information, server logs are stored in which parts of the IP address and cookie information are partially deleted after 9 to 18 months. For more information, please visit www.google.com/policies/technologies/ads/.
An example of a server log is provided by Google at the following link: https://www.google.com/intl/en/policies/privacy/key-terms/#toc-terms-server-logs.
There are several ways in which cookies can be deactivated in the browser to exclude your own browser from remarketing.
Google provides the option of downloading a browser plug-in that permanently deactivates these cookies under the following link: https://www.google.com/settings/ads/plugin
You can also make settings in your browser to deactivate the installation of cookies.
If you wish to object to tracking, you can do so by adjusting your browser settings regarding cookie installations. You can find information on this under the following links:
Firefox: https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox
Internet Explorer: https://support.microsoft.com/en-us/topic/delete-and-manage-cookies-168dab11-0753-043d-7c16-ede5947fc64d
Chrome: https://support.google.com/accounts/answer/32050?hl=en
Safari: https://support.apple.com/en-gb/guide/safari/sfri11471/mac
Third-party providers may also disable browser cookies. The Network Advertising Initiative (NAI) offers the possibility to implement an opt-out for your own browser. Information can be found on the following page: http://optout.networkadvertising.org.
This website uses the conversion tracking of "Google-Adwords", a Google service.
When you visit Google pages, Google stores cookies. You can deactivate or leave this storage activated. If the cookie is still activated and you visit certain websites on the website, Google and ista can recognize that you have clicked on an ad placed by ista and have thus been forwarded to an ista page.
The information collected is used by Google to generate statistics for Adwords customers. These statistics include information about the number of users who clicked on ads and were redirected to pages that were tagged with a conversion tracking tag.
You can find Google's privacy policy here: https://policies.google.com/privacy?gl=de&hl=en
Several contact and order forms are available for contacting ista. In this context, we ask for your address in order to process the request. To help you enter the address, we use the Google Address Autocomplete function of Google Inc. (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; "Google").
We use the Usercentrics Consent Management Platform for the collection and management of consents on this website.
Data processing purposes
This list contains the purposes for which data are collected and processed. Consent is valid only for the purposes specified. The data collected cannot be used or stored for purposes other than those listed below.
Technologies used
Data collected
This list contains all (personal) data that are collected during or through the use of the service.
Legal basis
The required legal basis for the processing of data is listed in the following:
Location of processing
European Union (consent database is located in Belgium)
Retention period
The retention period is the period of time during which the data collected are stored for processing. The data must be deleted as soon as they are no longer needed for the stated processing purposes.
The consent data (consent given and withdrawal of consent) are stored for three years. The data are then deleted immediately or given to the person responsible on request in the form of a data export.
Data recipient
Data protection officer of the processing company
Below you will find the email address of the data protection officer of the processing company.
datenschutz@usercentrics.com
Click here to read the privacy policy of the data processor: https://usercentrics.com/privacy-policy/
You can change your data privacy settings here
Description of Service
This is a remarketing service. With Remarketing, the user can display ads to users of the website based on their interests on other websites within the Google Displaying Network (e.g. in Google Search or on YouTube). For this purpose, the users' interactions are analyzed, e.g. regarding the products and services a user is interested in. This enables the user to display targeted advertising to the user on other websites even after the visit to the website.
Processing Company
Google Ireland Limited
Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
Data Protection Officer of Processing Company
Below you can find the email address of the data protection officer of the processing company.
https://support.google.com/policies/contact/general_privacy_form
Data Purposes
This list represents the purposes of the data collection and processing.
Remarketing
Advertisement
Tracking users' actions
Technologies Used
This list represents all technologies this service uses to collect data. Typical technologies are Cookies and Pixels that are placed in the browser.
Cookies
Tracking Pixel
Data Collected
This list represents all (personal) data that is collected by or through the use of this service.
Duration of visit
IP address
Pages visited
Content user is interested in
Website use
Referrer URL
Advertising identifier
Date and time of visit
Device information
Browser information
Legal Basis
In the following the required legal basis for the processing of data is listed.
Art. 6 para. 1 s. 1 lit. a GDPR
Location of Processing
This is the primary location where the collected data is being processed. If the data is also processed in other countries, you are informed separately.
European Union
Retention Period
The retention period is the time span the collected data is saved for the processing purposes. The data needs to be deleted as soon as it is no longer needed for the stated processing purposes.
The data will be deleted as soon as they are no longer needed for the processing purposes.
Transfer to Third Countries
This service may forward the collected data to a different country. Please note that this service might transfer the data to a country without the required data protection standards. Below you can find a list of countries to which the data is being transferred. For more information regarding safeguards please refer to the provider's privacy policy or contact the provider directly.
Singapore
Taiwan
Chile
United States of America
Data Recipients
In the following the recipients of the data collected are listed.
Google Ireland Limited
Google LLC
Alphabet Inc.
Click here to read the privacy policy of the data processor
Business Data Responsibility
Click here to read the cookie policy of the data processor
How Google uses cookies – Privacy & Terms – Google
Storage Information
Below you can see the longest potential duration for storage on a device, as set when using the cookie method of storage and if there are any other methods used.
Maximum age of cookie storage: 1 year
Non-cookie storage: no
In accordance with the GDPR, ista takes appropriate measures to provide the data subject with all information and communications relating to processing in a precise, transparent, comprehensible and easily accessible form in clear and simple language. The information shall be transmitted in writing or in any other form, including, where appropriate, electronically.
Since ista processes personal data automatically, ista informs you of the following information in accordance with Art. 13 GDPR:
Dr. Hagen Lessing, ista SE, Luxemburger Straße 1, 45131 Essen, is the person responsible for ista.
The contact details of ista's data protection officer are:
ista SE, data protection officer, Luxemburger Straße 1, 45131 Essen, Germany, e-mail: Datenschutz@ista.de
The purpose for which the personal data are to be processed and the legal basis for the processing are as follows: Optimization of customer satisfaction and the website, Art. 6 paragraph 1 f GDPR.
The legitimate interest in this is to be seen in particular in the pseudonymized processing for the optimization of the website.
Data deletion and duration of storage
The personal data of the data subjects will be deleted or blocked as soon as the purpose of storage ceases to apply. Furthermore, data may be stored if this has been provided for the European or national legislator in EU regulations, laws or other provisions to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.
Newsletter
ista offers you the option to subscribe to a newsletter on the ista webpage. From this newsletter you will receive information on ista topics and offers at regular intervals. To receive this newsletter, you need a valid e-mail address. Your entered e-mail address will be checked by ista for accuracy and completeness. Your login data as well as your official IP address, date and time will be stored. This serves as security to prevent your e-mail address from being misused by unauthorized third parties. No other data will be stored by ista. The data collected will only be used for the newsletter dispatch. ista undertakes not to transmit the data collected to other third parties. You have the option of cancelling the newsletter at any time without giving reasons and requesting information from the ista site. The details are marked in each newsletter.
Visitors to ista’s website are always informed if their information is transmitted to third parties. So you can decide whether you agree to a transfer of your personal information to third parties or not.
Social bookmarks from LinkedIn, Facebook, Twitter, kununu, Xing and YouTube are integrated on the ista website. Social Bookmarks are internet bookmarks that allow users of such services to collect links and news messages. These are only included on the website as a link to the corresponding services. After clicking on the integrated graphic you will be forwarded to the page of the respective provider, i.e. only then will user information be transferred to the respective provider. For information on the handling of your personal data when using these websites, please refer to the respective data protection regulations of the provider.
Important Notice: This data protection information applies exclusively to ista's internet service offering. The ista website contains links to other websites. Please note that ista is not responsible for the data protection or the content of these other internet services. We recommend all internet users to inform themselves about the respective data protection notices of other internet services when leaving ista's website.
In this Data Protection Policy we would like to inform you about the processing of personal data as part of the application and/or appointment procedure. In that respect information shall be made available to you about how we comply with the valid data protection provisions, in particular the EU General Data Protection Regulation (“GDPR”) and the German Federal Data Protection Act (“BDSG”). We also describe the rights you are entitled to in accordance with Articles 15 to 22 GDPR.
Where not stated to the contrary below, ista SE is the controller. Therefore, ista SE is deemed the sole point of contact for data subjects within the meaning of GDPR.
In the case of an application we process, in particular, the application data made available by you such as:
a) We process your data to initiate an employment relationship.
We use and store your application data for:
We conduct reviews on a case by case basis prior to the appointment. In this respect we may obtain information from your former employers or other relevant contact points within the framework of the relevant labour law requirements.
⇒The legal basis for the aforementioned processing is Section 26(1), Sentence 1, GDPR, (necessary for the decision on the establishment of an employment relationship or to honour the rights of works councils resulting from a law or a collective agreement or a company agreement).
b) We process your data to honour legal obligations.
We are subject to statutory obligations that specify the processing and in some cases also the disclosure of your data and which constitute an independent basis for the processing of your data. These are, in particular,
⇒ The legal basis for processing your application data for these purposes is Article 6(1), Point c), GDPR, in conjunction with special statutory facts (e.g. social data protection, storage obligations in accordance with Sections 257 HGB (German Commercial Code), 147 AO (German Tax Code)).
c) We process your data to safeguard legitimate interests.
We also process your personal data in individual cases to safeguard the following legitimate interest:
⇒ The legal basis for this processing is Article 6(1), Point f) GDPR.
Generally, we receive all applicant data directly from you or via external personnel service providers. When we conduct pre-employment checks, we also receive data from third parties such as previous employers or other references.
If you do not provide us with the above personal data, this will not have any negative consequences for you. However, incomplete or inaccurately completed applications cannot be considered.
If information is not required for the above-mentioned purposes in individual cases, you will be informed of this separately when the data are collected.
Your application will, where necessary, be forwarded directly to the ista company at which you have applied for a job. Your personal data will be forwarded there to the relevant personnel department, the appropriate specialist departments and, where necessary, the works council or the representative body for severely disabled persons. Furthermore, in the case of applicants who have been suggested by personnel service providers, those personnel service providers will be involved in the application process. In other respects, your personal data will only be transferred to other recipients if we legally undertake to do so (e.g. to authorities).
If you apply via the TalentLink application system, your applicant data will be processed by Lumesse GmbH, Flughafenstraße 103, D-40474 Düsseldorf, on our behalf.
Your applicant data will be stored for the duration of the review of your application. If this is unsuccessful or if you withdraw your application, your applicant data will be deleted in full 6 months following the rejection unless longer retention is permitted or required on the basis of another legal basis (e.g. to exercise our statutory rights or to comply with applicable law).
In the event of recruitment, the data will be transferred to the HR administration system and processed there as employee data. For more information, please see our privacy policy for employees.
Ista SE is solely responsible for the maintenance of the talent pool within the meaning of GDPR.
Following conclusion of an unsuccessful application process, we will store your applicant data in our talent pool at your request for the purpose of contacting you again and, where necessary, further process such data. In this case, we may also contact you in the future for suitable job descriptions that match your profile and invite you to other events that may serve to initiate an employment relationship.
We process your data on the basis of your consent. You may also withdraw your consent with effect for the future. To that end you can contact our data protection officer using the contact details below. Your data will then be deleted immediately.
⇒ The legal basis for this processing is Article 6(1), Point a), GDPR.
Your data originates from the application process (see Point 2). If you do not grant your consent to the inclusion of your applicant data in our talent pool, this will not result in any disadvantages for you in future application procedures.
In the event of inclusion in the talent pool, your applicant data will be processed via the TalentLink application system by Lumesse GmbH, Flughafenstraße 103, D-40474 Düsseldorf, on our behalf.
No, no such transfer takes place.
In the event of withdrawal of your consent, your data will be deleted immediately. Otherwise, your data will be deleted after 23 months at the latest.
As part of the selection process we use various test procedures to better assess your suitability for the position in question. In this context, in addition to the applicant data, we process, in particular, your answers to the questions of the test as well as the resulting conclusions about personality traits, skills, performance motivation and interests (“test data”).
⇒ The legal basis for this processing is Section 26(1), Sentence 1, GDPR (necessity for the decision on the establishment of an employment relationship).
You do not undertake to provide your personal data. However, without processing your personal data, it will not be possible to consider your application, or only to a limited extent.
We process your data by way of incorporating our processors Profiles GmbH (Solmsstraße 83, D-06486 Frankfurt a. M.), ELIGO Psychologische Personalsoftware GmbH (Universitätsstr. 142, D-44799 Bochum) and Aon Assessment GmbH (Großer Burstah 18-32, D-20457 Hamburg).
Data are only transferred to third countries (including the United States) in the case of data processing on the part of our order processor Aon Assessment GmbH. Protection of your data is ensured, in particular, by entering into standard contractual clauses.
Information about the storage of your applicant and test data can be found in Section 2.6, which applies (accordingly).
The respective social media platform is primarily responsible in accordance with data protection law for data processing when visiting our social media sites on Facebook, Instagram, YouTube, LinkedIn and Twitter. Information about data processing can be found in the respective data protection statements of the social media providers.
The ista company whose social media presence is involved in each case is jointly responsible with the operator of the social media platform for the following processing in accordance with data protection law:
a. Visiting our social media sites, user statistics
When you visit our social media sites, regardless of whether or not you are logged in, the respective social media provider collects personal data of the users (usage data), some of which is shared with us in the form of user statistics. However, we do not have full access to collected data or your profile data.
For example, the following information may be provided to us anonymously:
However, we cannot draw any conclusions about individual users from the usage data. Statistics are only used to improve the online offer on our social media sites and to better respond to user interests.
b. Interaction
If you interact with us via the social media sites, e.g. by sending us an application or other message or commenting on posts, the corresponding content of the interaction will be processed by Ista SE. In addition, it may be able to see the public information of your profile, which you can manage yourself.
⇒ In conjunction with job applications, the legal basis for this processing is normally Section 26(1), Sentence 1, GDPR, (necessity for decision about establishing an employment relationship).
⇒In other respects, Article 6(1), Point f, GDPR, (our justified interest, managing business correspondence or, e.g. to reply to enquiries directed to us as an employer) is the legal basis for the processing.
You do not undertake to provide your personal data. However, without processing your personal data, use of our social media sites in the context of your application will not possible or only possible to a limited extent.
Your data will only be used or forwarded by us internally by the persons responsible in each case. Please refer to the privacy policy of the respective social media network for information about who is involved in the processing of data at the respective social media provider.
We do not transfer your personal data to a third country or international organisation in conjunction with our social media sites.
It may be the case that an operator of social media platforms connects to servers in third countries (e.g. USA) as part of its services and forwards your personal data there. You will find information about this in the privacy policy of the respective social media provider.
As a matter of principle, we do not store any personal data in conjunction with our social media sites on the servers we use, except in the aforementioned cases in which we process your information internally (direct communication, e.g. applications). Section 2.6 applies in these cases.
We also regularly have access to the data stored by the respective social media platform. For more information on the storage of your personal data by the operator of the social media platform itself, please refer to the privacy policy of the respective social media provider.
The data protection declarations of the social media platforms we use and your rights in relation to the processing of your personal data can be found here:
Where we process your personal data, to an extent in accordance with GDPR you have a right to
Furthermore, you have the option of making objections
You can contact our data protection officer to exercise your legal rights and for questions regarding data processing. If you contact us with a data protection concern, we shall process your personal data on the basis of Article 6(1), Point f, GDPR, (legitimate interest). Our legitimate interest usually consists of responding to enquiries about data protection. Personal data shall be deleted if no longer required to process your enquiry and any statutory retention periods have expired.
ista reserves the right to amend this disclosures at any time in compliance with the applicable data protection regulations; current status is July 2024.
If you have any questions regarding the processing or security of your personal data, you can contact ista’s data protection officer/responsible directly.