Data protection

iteratec GmbH’s data protection policy

We, iteratec GmbH, firmly believe that you should have control over your data and therefore take the protection of your personal data very seriously and strictly adhere to the data protection laws. The data protection policy set out below provides you with an overview of how we guarantee this level of protection, what kind of data we collect for what purpose and what your rights are with regard to your personal data.

If you have any questions regarding data protection, please do not hesitate to contact us.

Any changes we will make to "iteratec GmbH's data protection policy" in the future will be published on this page.

This data protection policy comes into force on 21/05/2018.

Responsible body

Company: iteratec GmbH
Road, No.: St.-Martin-Str. 114
Postal code, city: 81669 München
Commercial register number: HRB 113519

CEOs: Klaus Eberhardt, Mark Goerke, Michael Schulz

Telephone: +49 89 61 45 51 0
E-Mail: info@Do not

Data protection officer

You can contact our data protection officer via datenschutz@Do not

1. General information regarding data processing and legal basis

1.1. This data protection policy informs you about the type, scope and purpose of the processing of personal data as part of our websites, functions and contents (hereinafter jointly referred to as “website”). This data protection policy applies regardless of the domains, systems, platforms and devices (e.g. desktop or mobile) used and on which the online offer is executed.

1.2. The terms used, such as “personal data” or their “processing”, refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

1.3. The personal data of users processed within the scope of the online offer includes usage data (browser type and version, operating system used, URL of the page previously visited, IP address of the accessing computer as well as time of the request) and information regarding content (e.g. entries in an application form).

1.4. The term “user” covers all categories of data subjects. These include our business partners, customers, interested parties and other visitors of our online offers. The terms used, such as “user”, are to be understood as gender-neutral.

1.5. We process personal data of users only in compliance with the relevant data protection laws. This means that the users’ data will only be processed if there is a legal permission to do so, especially if the data processing is required by law, if the user has consented for us to do so, and also on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and the economic operation and security of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR, in particular for range measurements, the creation of profiles for advertising and marketing purposes as well as the collection of access data and the use of services offered by third parties).

1.6. We point out that the legal basis for the processing is either the relevant consent (to process the data in order to be able to provide our services and execute contractual measures, to process the data in order to fulfil our legal obligations), or to process the data in order to protect our legitimate interests (Art. 6 para. 1 lit. a. and Art. 7 GDPR).

1.7. What sources and data do we use? We process personal data of customers, suppliers, interested parties, applicants and employees. We process this data in the context of business relationships, application procedures or employment relationships. We also use data from publicly accessible sources that is allowed to be processed. The legal basis is the fulfilment of (pre-)contractual obligations, legitimate interest, a law or a consent provided by the person concerned.

2. Security measures

2.1. We take organisational, contractual and technical security measures in accordance with the current technical standards in order to ensure that all applicable data protection laws are adhered to and thereby to protect the data processed by us against any accidental or intentional manipulation, loss, destruction or access by unauthorised persons.

2.2. The security measures include in particular the encrypted transmission of data between your browser and our server.

Have you discovered a gap in our security? Then please write to us at security@Do not We will contact you as soon as possible. For encrypted contact, you can also use our certificate.

2.3. As your security team at iteratec, we are here to ensure your security on the Internet. If you have any complaints about any misuse of our or your network access or if you receive spam from any of our addresses, please contact us via e-mail at abuse@Do not

3. Disclosure of data to third parties and third party providers

3.1. Data will only be disclosed to third parties within the framework of the law. We only disclose user data to third parties if, for example, this is required for contractual purposes on the basis of Art. 6 para. 1 lit. b) GDPR or on the basis of legitimate interests regarding the economic and effective operation of our business operations pursuant to Art. 6 para. 1 lit. f. GDPR.

3.2. In case we use subcontractors to provide our services, we will take appropriate legal precautions as well as appropriate technical and organisational measures to ensure the protection of personal data in accordance with the relevant statutory provisions.

3.3. To the extent any content, tools or other means from other providers (hereinafter jointly referred to as "third party providers") are used in the context of this data protection policy, these will only be transferred to countries with an appropriate level of data protection and to countries within the scope of application of the GDPR.

4. Online applications

4.1. Application management: for our online application form and application management we use the platform of the service provider Talention (TFI GmbH, Delphiplatz 1, 42119 Wuppertal) based on our legitimate interest in ensuring a fast and secure recruitment of new employees. For this purpose, we have concluded a data processing agreement with the provider, which obliges the provider to comply with all data protection laws and to process the data only in accordance with our instructions and only for the relevant purpose. You can find further information at

4.2. If we receive proactive applications by post or e-mail, technical and organisational measures ensure that your personal data will be treated confidentially within the legal provisions. After the application process has concluded, your data will be deleted unless you agree to the data being saved for a longer period of time. The deletion takes place after four months (due to compliance with deadlines for possible lawsuits under the German Anti-Discrimination Act, AGG).

4.3. init(U) - Registration of applicants via app for recruiting events
The app can be used to collect data from interested parties to initiate an application process. This includes name, e-mail address, gender, photo, self-assessment of technical skills and, if necessary, application documents.

This data is 

  1. saved on an internal system and are only accessible to authorised persons.
  2. transferred to the application management system of our service provider Talention.

All data will be deleted after four months, unless the interested party explicitly agrees to the storage of the data for a longer period of time in order to be contacted at a later point in time. In this case, the data is saved for one year and is then deleted. 

5. Eventbrite

In order to simplify the process of booking tickets for some of our events, we use the service provider Eventbrite Inc, Delaware, 155 5th Street, Floor 7, San Francisco, CA 94103, USA. During the registration process for one of our events, you are asked to submit your first and last name, e-mail address and, if applicable, the company you work for, to the provider and make the necessary arrangements for the payment. Once you have completed the process, the provider will then send you an e-mail confirming your booking. As part of the registration process Eventbrite saves the above-mentioned data submitted by you as well as the selected event, including the planned appointment (date, time) as well as the time of registration (date, time).

There is no data processing agreement in place with Eventbrite, as currently only a data processing supplement (Datenverarbeitungsnachtrag, DVN) is offered for data processors and sub-processors (this can be viewed at:

An overview of Eventbrite’s corporate policies can be found at

6. Google Maps
Maps are provided by “Google Maps” from the third party service provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data protection policy:

7. Google Analytics

7.1. Based on our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR) we use Google Analytics, a web analysis service of Google Inc. (“Google”). Google uses cookies. The information generated by the cookie about the use of the online offer by users is generally transferred to a Google server in the USA and saved there.

7.2. Google is certified under the Privacy Shield Agreement and thereby offers a guarantee to comply with European data protection laws (

7.3. Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within this online offer and to provide us with further services connected with the use of this online offer and the use of the Internet. Pseudonymous user profiles may be created from the processed user data.

7.4. We use Google Analytics only with IP anonymisation enabled. This means that Google will shorten the IP address of users within member states of the European Union or in other states that are a party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

7.5. The IP address transmitted by the user's browser is not merged with other Google data. Users may reject the use of cookies by selecting the appropriate setting in their browser software; users may also prevent Google from collecting and processing data generated by the cookie that relates to their use of the website by downloading and installing the browser plug-in available via the following link:

7.6. You can also prevent Google Analytics from collecting your data by clicking on the following link:

7.7. Further information on data use by Google, options for settings and objections can be found on Google's websites: (“How Google uses data when you use our partners’ sites or apps”), (“How Google uses cookies in advertising”) , (“Managing information which Googles uses to show you advertisements”).

7.8. We use Google Tag Manager. Google Tag Manager is a solution that allows marketers to manage website tags through a single interface. The Tool Tag Manager itself (which implements the tags) is a cookie-less domain and does not collect any personal data. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, this will remain for all tracking tags implemented with Google Tag Manager.

8. Social Media

As part of its online offer, iteratec offers the possibility to follow its social media offers via so-called “follow buttons”. Online maps and videos are also provided by third parties. Below you will find further information regarding the respective services.

8.1. Twitter: As part of our online offer, Twitter functions can be integrated. These functions are provided by Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the "follow" function, the websites you visit are linked to your Twitter account and made known to other users. Data is also transmitted to Twitter in this process. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the data transmitted or how it is used by Twitter. You can find Twitter's data protection policy at You can amend your data protection settings in your Twitter account settings under

8.2. Facebook: Our pages include a "follow button" to the social network Facebook (Facebook Inc., 1601 Willow Road, Menlo Park, California, 94025, USA). 

When you visit our pages, the button establishes a direct connection between your browser and the Facebook server. This means that Facebook receives the information that you have visited our site with your IP address.

We would like to point out that, as the provider of the pages, we have no knowledge of the content of the data transmitted or how it is used by Facebook. For more information, please see Facebook's data protection policy at If you do not want Facebook to be able to link your visit to our pages with your Facebook account, please log out of your Facebook account.

8.3. XING: We use functions of the XING network. The provider is XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany. Every time you visit one of our pages that contains functions of Xing, a connection to Xing’s servers is established. To our knowledge, no personal data is saved. In particular, IP addresses are not saved nor is the usage behaviour evaluated. Data protection policy:

8.4. LinkedIn: Our online services use functions of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Every time you visit one of our pages that contains functions of LinkedIn, a connection to LinkedIn's servers is established. LinkedIn is informed that you have visited our website with your IP address. If you click on the "recommend button" in LinkedIn and are logged into your LinkedIn account, LinkedIn is able to assign your visit to our website with you and your user account. We point out that, as the provider of the pages, we have no knowledge of the content of the data transmitted or how it is used by LinkedIn. Data protection policy:, Opt-out:

8.5. Kununu: is operated by kununu GmbH, Fischhof 3 Top 7, A - 1010 Vienna. Your browser establishes a direct connection to the Kununu servers as soon as you click on the button. We have no influence on what data is collected by Kununu. The purpose and scope of the data collection and the further processing and use of the data by Kununu as well as your relevant rights and setting options to protect the privacy of your data can be found in Kununu's data protection information:

8.6. YouTube: embedded videos of the platform “YouTube” from the third party service provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data protection policy: Opt-out: If you click on a link to a video, we only enable you to establish a connection to the service offered by YouTube.

9. Data processing on our Facebook fan page

Visiting our Facebook page will result in certain information about you being processed. The sole controller regarding this processing of personal data is Facebook Ireland Ltd (Ireland/EU). Further information about the processing of personal data by Facebook can be obtained<; here.

9.1. Processing of Page Insights

For our Facebook page, Facebook provides us with anonymised statistics and insights which help us gain information about the type of actions people are performing on our page (so-called "Page Insights"). These Page Insights are created on the basis of certain information about persons who have visited our page. This processing of personal data is carried out by Facebook and us as joint controllers. The processing is done on the basis of our legitimate interest to analyse the types of actions performed on our page and to improve our page on the basis of this information. The legal basis for this processing is contained in Article 6 para. 1 letter f) GDPR. Under no circumstance will we link the information obtained through Page Insights to a specific Facebook profile via the "like" reference for our page.
We have entered into an agreement with Facebook as joint controllers which stipulates the allocation of data protection obligations among us. Details about the processing of personal data to create Page Insights as well as the agreement entered into with Facebook can be obtained<; here.

9.2. Processing of data submitted via our page

Additionally, we process information you have submitted via our Facebook page. Such information may be your Facebook name, contact details or a message to us. We only process this personal data if we have previously expressly requested you to submit this data to us. The processing is done by us as the sole processor.

To the extent your request relates to the conclusion or performance of a contract with us, the applicable legal basis for the data processing is contained in Article 6 para. 1 letter b) GDPR. Otherwise, we process the data on the basis of our legitimate interest to get in touch with people who have contacted us. In this case, the legal basis for the data processing is contained in Article 6 para. 1 letter f) GDPR.


10.1. GitHub

The offer on the website is hosted on the platform of the third-party service provider GitHub. There is a data processing agreement in place in accordance with the EUGDPR. Accordingly, the following terms and conditions of GitHub apply to all Enterprise Subscription customers:

10.2. MailChimp

Our online offer of includes the possibility to subscribe for a newsletter. 

Information regarding the securecodebox newsletter and consents

The following information is intended to inform you about the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedure as well as your rights of objection.

By subscribing to our newsletter, you agreed to its receipt as well as the procedure described below.

Content of the newsletter

We will only send newsletters, e-mails and other electronic notifications containing advertising information (hereinafter referred to as "newsletter") with the consent of the recipients or if we are legally allowed to do so. If the content of a newsletter is specifically described within the registration process, this is relevant for the extent of the user’s consent.

Double opt-in and record keeping

The registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registration you will receive an e-mail asking you to confirm your registration.

This confirmation is necessary so that no one can log in with another person’s e-mail address.

Subscriptions to the newsletter are logged to enable us to prove the registration process in accordance with legal requirements. This includes saving the time of the registration and confirmation as well as the IP address. Additionally, any changes of your data saved within MailChimp are logged.

Use of the “MailChimp” distribution service

The newsletter is sent via "MailChimp", a newsletter distribution platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. The e-mail addresses of our newsletter recipients as well as their other data as described in these notes are saved on the servers of MailChimp in the USA. MailChimp uses this information to send and evaluate the newsletter on our behalf. Furthermore, according to MailChimp, it can use this data to optimise or improve its own services, for example to technically optimise the distribution and depiction of the newsletter or for economic purposes to determine which countries the recipients are from. However, MailChimp does not use the data of our newsletter recipients to write to them or to pass their details on to third parties. We trust in MailChimp’s reliability as well as its IT and data security. MailChimp is certified under the US-EU data protection agreement "Privacy Shield" and thus undertakes to comply with EU data protection regulations.

Additionally, we have concluded a “data processing agreement” with MailChimp. This is a contract in which MailChimp undertakes to protect the data of our users, to process them on our behalf in accordance with their data protection regulations and, in particular, not to pass them on to third parties. You can read MailChimp’s data protection policy here.

Log-in data

In order to subscribe to the newsletter, you only need to enter your e-mail address. There is also the option to provide us with your first and last name. This information is only used to personalise the newsletter. It is also optional to enter your date of birth, gender and the industry in which you work. We only use this information to adapt the contents of the newsletter to the individual interests of our readers.

Statistical surveys and analyses

The newsletters contain a so-called “web-beacon”, i.e. a pixel-sized file that is retrieved from the MailChimp server when the newsletter is opened. Within the scope of this retrieval, technical information such as information about the browser and your system as well as your IP address and time of retrieval is initially collected. This information is used to technically improve the services using the technical data or the target groups and their reading behaviour on the basis of their retrieval locations (which can be determined with the help of the IP address) or their access times. The statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are followed. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our endeavour nor that of MailChimp to watch individual users. The evaluations are only intended to help us recognise the reading habits of our users and to adapt our contents to them or to distribute different contents according to the individual interests of our users.

Online access and data management

There are cases, in which we direct newsletter recipients to the MailChimp web pages. For example, our newsletters contain a link which newsletter recipients can follow to access the newsletter online (for example, in the event of display problems in the e-mail program). Additionally, newsletter recipients can retrospectively correct their data, such as their e-mail address. Further, MailChimp’s data protection policy is only available on their website. We already pointed out above that on the MailChimp websites use cookies which means that personal data is processed by MailChimp, its partners and any service providers used (for example Google Analytics). We have no influence on the collection of this data. You can find further information in Mail Chimp’s data protection policy. In addition, we would like to draw your attention to the possibilities of objecting to the collection of your data for advertising purposes on the websites and (for the European area).


You can cancel the receipt of our newsletter at any time, i.e. revoke your consent. You will find a link to cancel your newsletter subscription at the end of each newsletter. After you have cancelled your subscription, all your data will be deleted apart from your e-mail address. Your e-mail address is saved in a list of blocked e-mail addresses and is only used to ensure that we do not send any further e-mails to your e-mail address.

Legal basis General Data Protection Regulation

In accordance with the provisions of the General Data Protection Regulation (GDPR) which enters into force on 25 May 2018, we inform you that we obtain your consent to the distribution of e-mail addresses on the basis of Art. 6 para. 1 lit. a, 7 GDPR and Sec. 7 para. 2 no. 3 and para. 3 of Germany’s Act against Unfair Practices (UWG). The use of the distribution service provider MailChimp, the performance of statistical surveys and analyses as well as the logging of the registration procedure are carried out on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR. Our interest relates to the use of a user-friendly and secure newsletter system, which both serves our business interests as well as meets the expectations of the users. We would also like to point out that, in accordance with the legal requirements pursuant to Art. 21 GDPR, you can object to the future processing of your personal data at any time. The objection may be lodged in particular against the processing of your data for direct advertising.

11. Cookie

You can find more information about the cookies we use here:




The following overview applies to the domains and all subdomains.

Function cookies






We use MailChimp to manage all subscriptions to our mailing lists and to create and send emails to subscribers to these lists. MailChimp uses a session cookie to track users through the login process when they submit information via our registration form. 


12. Users‘ rights

12.1. Right to information: Users have the right to request and receive free of charge information about the personal data we have saved about them.

12.2. Right to correction: In addition, users have the following rights: to have inaccurate data corrected, to place limits on the processing of their personal data, to have their personal data deleted and, if applicable, to assert their rights to data portability.

12.3. Right of revocation: Users may also revoke their consent, with effect for the future. The revocation is to be addressed to the data protection officer

12.4. Right of appeal to a supervisory authority: In the case of violations of the GDPR, the data subject is entitled to a right of appeal to a supervisory authority. The right of appeal is without prejudice to any other administrative or judicial remedies.

13. Deletion of data

The data saved by us will be deleted as soon as it is no longer required for its intended purpose and there are no legal obligations to retain the data. If the user's data is not deleted because it is required for other and legally permissible purposes, its processing is restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to user data that must be retained for commercial or tax law reasons.

14. Right to revocation

Users can revoke their consent regarding any future processing of their personal data in accordance with legal requirements at any time. The revocation may be lodged in particular against the processing of the data for the purposes of direct advertising. The revocation must be addressed to the responsible body.

15. Changes to the data protection policy

We reserve the right to change this data protection policy in order to adapt it to changed legal requirements or in the event of changes to our services or to data processing. However, this only applies with regard to declarations on data processing. To the extent user consents are required or parts of the data protection policy contain provisions of a contractual relationship with the users, the changes will only be applied with the users' consent.

Users are asked to regularly inform themselves about the contents of the data protection policy.

Munich, 21/05/2018
Management board