Data protection information from iteratec GmbH

We, iteratec GmbH, are certain that you should have absolute control over your data. We therefore take the protection of your personal data very seriously and adhere strictly to all data protection laws. The following data protection declaration gives an overview of how we ensure this protection, what kind of data we collect (and for what purpose) and what your rights are with regard to your personal data.

Should you have any questions regarding data protection, feel free to contact us at any time.

Any changes that we make in future to the “Data Protection Declaration of iteratec GmbH” will be posted on this page.

This data protection declaration came into force on 18.05.2018.

Responsible entity

iteratec GmbH

Street, building no.:
St.-Martin-Str. 114

Post code, city:
81669 Munich

Commercial register number:
HRB 113519

Klaus Eberhardt, Mark Goerke, Michael Schulz

Telephone number:
+49 89 61 45 51 0

E-mail address:

Data protection officer

You can contact our data protection officer via the e-mail address

1. Essential information on data processing and its legal basis

1.1. This data protection declaration explains the nature, scope and purpose of the processing of personal data within the scope of our web pages, functions and contents (hereinafter jointly referred to as the “website”). This data protection declaration applies irrespective of the domains, systems, platforms and devices (e.g. desktop or mobile) on which the online offer is executed.

1.2. The terms used, such as “personal data” or their “processing”, refer to the definitions contained in Art. 4 General Data Protection Regulation (GDPR).

1.3. The personal data of users processed within the framework of the online offer includes usage data (browser type and version, operating system used, the URL of the previously visited site, the IP address of the accessing computer and the time of the enquiry), as well as the content details (e.g. entries made on the application form).

1.4. The term “user” covers all categories of the data subjects. These include our business partners, customers, interested parties and other browsers of our online offer. The terms used, such as “user”, should be understood as being gender-neutral.

1.5. We process users' personal data exclusively in compliance with the relevant data protection regulations. This means that user data will be processed only if legal permission has been granted, in particular if data processing is required by law, if user consent has been obtained, and also on the basis of our legitimate interests (i.e. an interest in the analysis, optimisation and efficient operation and security of our online service as defined in Art. 6(1)(f) GDPR, in particular, when measuring reach, creating profiles for advertising and marketing purposes, and when collecting access data and using the services of third parties).

1.6. We would like to point out that a legal basis is established either by consent, by the need for processing in order to render our services and implement our contractual measures, by the need for processing in order to fulfil our legal obligations, or by the need for processing in order to protect our legitimate interests (Art. 6(1)(a) and Art. 7 GDPR). 

1.7. Which sources and data do we use? We process the personal data of customers, suppliers, interested parties, applicants and employees. We process this data in the context of business relations, application procedures or employment relationships. We also use data from publicly accessible sources, the processing of which is permissible. The legal basis is the fulfilment of (pre-)contractual obligations, a legitimate interest, a legal provision or an existing consent as provided by the person concerned.

2. Security measures

2.1. We take organisational, contractual and technical security measures in line with state-of-the-art technological standards, in order to ensure that the regulations set out under data protection laws are observed and thus to protect the data processed by us against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. 

2.2. The security measures include, in particular, the encrypted transmission of data between your browser and our server. 

You’ve discovered a gap in our security? Please write to us at We will contact you as soon as possible. For encrypted contact, you can also use our certificate.

2.3. As the security team at iteratec, we take care of your online security. If you have any complaints about the misuse of our (or your) network access, or if you receive spam from one of our addresses, please get in touch by e-mail via

3. Transfer of data to third parties and third-party providers

3.1. Data will be passed on to third parties only within the scope of statutory requirements. We will pass on user data to third parties only if this is deemed necessary for contractual purposes, e.g. on the basis of Art. 6(1)(b) GDPR or on the basis of a justified interest in accordance with Art. 6 (1)(f) GDPR, and the efficient and effective operation of our business operations.

3.2. If we use subcontractors to render our services, we take appropriate legal precautions, as well as appropriate technical and organisational measures, to ensure that personal data are protected in accordance with the relevant statutory provisions.

3.3. If contents, tools or other resources from other providers (hereinafter referred to jointly as “third-party providers”) are used within the scope of this data protection declaration, these are transferred only to countries with an appropriate level of data protection and to countries that fall within the scope of the GDPR.

4. Online application

4.1. Applicant management: for our online application form and applicant management, we use the platform from the service provider Talention (TFI GmbH, Delphiplatz 1, 42119 Wuppertal, Germany) to ensure fast and secure processing when recruiting new employees. For this purpose, we have concluded a contract processing agreement with the provider in which the provider undertakes to comply with all data protection regulations and to process the data only in accordance with our instructions and only for the corresponding purpose. Further information can be found here

4.2. With regard to applicant data that we receive (by post, e-mail or online), our technical and organisational measures ensure that your personal data is treated confidentially and in line with statutory requirements. Following the completion of the application procedure, your data will be deleted, unless you agree to its storage over a longer period of time. Deletion takes place after four months (due to compliance with deadlines for possible legal action as per the General Equal Treatment Act [AGG]).

4.3. init(U) – Application entry via app for recruiting events
The app can be used to collect data from interested parties, in order to initiate an application process. This includes a person’s name, e-mail address, gender, photo, a self-assessment of technical skills and, if appropriate, application documents. 

This data is 
(a) stored on an internal system and remains accessible only to authorised persons.
b) transferred to the Applicant Management System of our service provider, Talention.

All data will be deleted after four months, unless the interested party explicitly consents to its storage for a longer time for the purpose of establishing contact at a later date. In this case, the data is stored for one year and then deleted.

5. Eventbrite

To facilitate the booking of tickets for some of our events, we use Eventbrite Inc., Delaware, 155 5th Street, Floor 7, San Francisco, CA 94103, USA. When you register for one of our events, you transmit your first and last name, e-mail address and, if applicable, the company you work for to the provider and arrange payment. The provider will then send you an e-mail to confirm your booking. Upon registration, and in addition to the above-mentioned data, Eventbrite will save the selected event, including the scheduled event time (date, time) and the time of registration (date, time).

There is no contract for commissioned data processing with Eventbrite, due to the fact that, at present, only a Data Processing Addendum (DPA) is offered for commissioned and subcontracted data processors (can be viewed at:

An overview of Eventbrite's corporate policies can be found at

6. Google Maps

The maps are from “Google Maps”, from the third-party provider Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data protection declaration:

7. Google Analytics

7.1. On the basis of our legitimate interests (i.e. an interest in the analysis, optimisation and efficient operation of our online offer within the meaning of Art. 6(1)(f) GDPR, we use Google Analytics, a web analysis service from Google Inc. (“Google”). Google uses cookies. The information generated by the cookie about the use of our online offer by the user is usually transferred to a Google server in the USA and stored there.

7.2. Google is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection laws (

7.3. Google will use this information on our behalf to evaluate the use of our website by users, to compile reports on the activities within this website and to provide us with additional services associated with the use of this website and the Internet. Pseudonymous user profiles of the users can be created from the processed data.

7.4. We use Google Analytics only with activated IP anonymisation. This means that the IP address of users is truncated by Google within Member States of the European Union or in other Contracting States to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there.

7.5. The IP address transmitted by the user's browser is not merged with other data from Google. Users can prevent the storage of cookies by setting their browser software accordingly; users can also prevent the collection of data generated by the cookie – and relating to their use of the online offer – as well as its transmission to (and processing by) Google, by downloading and installing the browser plugin available via the following link:

7.6. You can also prevent the collection of your data by Google Analytics by clicking on the following link.

7.7. You can find further information on the use of data by Google, as well as the settings and objection options available, on the websites of Google: (“Data use by Google when you use websites or apps of our partners”), (“Data use for advertising purposes”), (“Manage information that Google uses to serve ads to you”).

7.8. We use Google Tag Manager. Google Tag Manager is a solution that allows marketers to manage website tags through one interface. The Tag Manager tool itself (which implements the tags) is a cookie-less domain and does not collect personal information. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If deactivation has occurred at domain- or cookie level, it will persist for all tracking tags implemented with Google Tag Manager.

8. Social Media

In its online offer, iteratec provides the option of following its social media offers via so-called “Follow Buttons”. Online maps and videos are also provided by third-parties. In the following, you will find explanations of the individual services.

8.1. Twitter: The functions of the service Twitter can be integrated within our online offer. These functions are provided by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the “Follow” function, the websites you visit are linked to your Twitter account and made public to other users. Data is also transmitted to Twitter. We would like to point out that, as the provider of these pages, we have no knowledge of the content of the transmitted data or of its use by Twitter. Twitter’s privacy policy can be found at You can change your privacy settings on Twitter via the Account Settings under

8.2. Facebook: A “Follow Button” from the social network Facebook (Facebook Inc., 1601 Willow Road, Menlo Park, California, 94025, USA) is integrated into our pages. 

When you visit our pages, the button establishes a direct connection between your browser and the Facebook server. In doing so, Facebook receives the information that you have visited our site from your IP address. 

We would like to point out that, as the provider of these pages, we have no knowledge of the content of the transmitted data or of its use by Facebook. Further information can be found in the Facebook privacy policy available at If you do not want Facebook to be able to link your visits to our webpages with your Facebook user account, please log out of your Facebook user account.

8.3. XING: We use features of the professional network XING. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. Every time one of our pages containing the functions provided by Xing is accessed, a connection to the Xing servers is established. To the best of our knowledge, no personal data is stored. In particular, no IP addresses are stored or user behaviour evaluated. Data protection declaration: 

8.4. LinkedIn: Our online offer uses functions of the professional network LinkedIn. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Every time one of our pages containing the functions provided by LinkedIn is accessed, a connection to the LinkedIn servers is established. LinkedIn is informed that you have visited our website from your IP address. If you click on LinkedIn's “Recommend Button” and are logged into your LinkedIn account, LinkedIn will be able to associate your visit to our website with you and your account. We would like to point out that, as the provider of these pages, we have no knowledge of the content of the transmitted data or of its use by LinkedIn. Data protection declaration:

8.5. Kununu: Kununu is operated by kununu GmbH, Fischhof 3 Top 7, A - 1010 Vienna. Your browser will establish a direct connection to the Kununu servers as soon as you click the button. We have no control over the data that is then collected by Kununu. For information pertaining to the purpose and scope of data collection, its further processing and use by Kununu, as well as your rights and setting options to protect your privacy, please refer to the information contained in the Kununu data protection declaration: 

8.6. YouTube: Embedded videos from the “YouTube” platform from the third-party provider Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data protection declaration: Opt-out: When you click on a link to a video, we allow you only to connect to YouTube services.

9. Data processing on our Facebook fan page

When you visit our Facebook page, certain information about you is processed. Facebook Ireland Ltd (Ireland/EU) is solely responsible for this processing of personal data. Further information on the processing of personal data by Facebook can be found here.

9.1. Processing of Page Insights
Facebook provides us with statistics and insights for our Facebook page in anonymous form, which enable us to develop an understanding of the types of actions that people take on our page (so-called “page insights”). These page views are created on the basis of certain information about people who have visited our site. This processing of personal data is carried out by Facebook and us as jointly responsible data controllers. This processing serves our legitimate interest in evaluating the types of actions performed on our site and improving our site based on the insight gleaned. The legal basis for this processing is Article 6(1)(f) GDPR. We will never associate the information obtained through Page Insights with a particular Facebook profile by drawing on “Like” information for our Page.
We have reached an agreement with Facebook on processing as joint data controllers, which defines the distribution of data protection obligations between us and Facebook. You can view the details pertaining to the processing of personal data to create Page Insights and the agreement concluded between us and Facebook here.

9.2. Processing of data communicated to us through our website
We also process information that you have made available to us via our Facebook page. Such information can include the Facebook name, contact details or a message sent to us. We process this personal data only if we have expressly requested you to provide us with this data beforehand. This processing by us takes place with us acting as sole data controller.
If your enquiry is directed at the conclusion or execution of a contract with us, Art. 6(1)(b) GDPR constitutes the legal basis for data processing. Otherwise, we will process data on the basis of our legitimate interest in establishing contact with those individuals submitting an enquiry. The legal basis for data processing in this context is Art. 6(1)(f) GDPR.


10.1. GitHub

The offer on the website is hosted on the third-party platform GitHub. A Data Processing Agreement in line with the GDPR has been concluded. Accordingly, the Terms and Conditions of GitHub apply to Enterprise Subscription customers:

10.2. MailChimp

It is possible to register for a newsletter for to discover more about our online offers. 

Information about the newsletter for securecodebox and consent

With the following information, we would like to inform you about the contents of our newsletter, as well as the registration, dispatch and statistical evaluation procedures and your right of objection. 

By subscribing to our newsletter, you agree to receive it and to the procedures described.

Content of the newsletter

We send out newsletters, e-mails and other electronic notifications containing advertising information (hereinafter referred to as “newsletters”) only with the consent of the recipients or with permission under statutory regulations. Insofar as the newsletter contents are specifically described as part of a newsletter subscription, this is key for the consent of the users.

Double-opt-in and logging

The registration for our newsletter takes place via a so-called double opt-in procedure. This means that, after registration, you will receive an e-mail asking you to confirm your registration.

This confirmation is necessary to ensure no one can register with an e-mail address other than their own.

Newsletter registrations are logged to be able to prove the registration process proceeded in accordance with statutory requirements. This includes saving both the login and confirmation time and the IP address. Any changes to your data stored with MailChimp are also logged.

Use of the dispatch service provider “MailChimp”

The newsletters are sent via “MailChimp”, a newsletter dispatch platform by the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. The e-mail addresses of our newsletter recipients, as well as their other data described in this notice, are stored on the servers of MailChimp in the USA. MailChimp uses this information to send and evaluate the newsletter on our behalf. Furthermore, and in accordance with its own information, MailChimp may use this data to optimise or improve its own services – for example, to facilitate the technical optimisation of sending and presenting newsletters, or for economic purposes, in order to determine from which countries the recipients originate. However, MailChimp does not use the data of our newsletter recipients to approach them itself or to forward them to third parties. We trust in the reliability and in the IT- and data security of MailChimp. MailChimp is certified under the US-EU “Privacy Shield” Privacy Agreement and is thus committed to complying with EU data protection standards. We have also concluded a “Data Processing Agreement” with MailChimp. This is a contract, in which MailChimp commits itself to protect the data of our users, to process it according to its data protection regulations on our behalf and, in particular, not to pass this data on to third parties. You can view the privacy policy of MailChimp here.

Registration data

To subscribe to the newsletter, all you have to do is enter your e-mail address. Optionally, we ask you to enter your first and last name. This information is used only to personalise the newsletter. In addition, we also ask you to optionally enter your date of birth, gender and industry. We will use this information only to adapt the contents of our newsletter to the interests of our readers.

Statistical survey and analyses

The newsletters contain a so-called “web beacon”, i.e. a pixel-sized file which is retrieved from the server of MailChimp when the newsletter is opened. As part of this retrieval, technical information – such as information about your browser and system, your IP address and time of retrieval – are initially collected. This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behaviour according to their retrieval locations (which can be determined by means of the IP address) or the access times. The statistical surveys also include determining whether newsletters are opened, when they are opened, and which links are clicked on. For technical reasons, this information can be assigned to individual newsletter recipients. However, it is neither our ambition nor that of MailChimp to monitor individual users. Rather, the evaluations serve to allow us to recognise the reading habits of our users and to adapt our contents to them, or to send different contents according to the interests of our users.

Online access and data management

There are instances where we direct the newsletter recipients to the websites of MailChimp. For example, our newsletters contain a link with which the newsletter recipients can retrieve the newsletters online (for example, in the event of display problems affecting the user’s e-mail programme). Furthermore, newsletter recipients can subsequently correct their data, such as their e-mail address. Likewise, the privacy policy of MailChimp is only available on their website. In this context, we would like to point out that cookies are used on the websites of MailChimp and, therefore, personal data is processed by MailChimp, its partners and dedicated service providers (for example, Google Analytics). We have no influence on this data collection. Further information can be found in the privacy policy of MailChimp. We would also like to draw your attention to the possibility of registering an objection to the collection of data for advertising purposes on the websites and (for Europe).


You may cancel your subscription to our newsletter at any time, i.e. revoke your consent. A link to cancel the newsletter can be found at the end of each newsletter. After cancelling, your data will be deleted, with the exception of the e-mail address. The e-mail address is stored in a blacklist (a CRL) and is used only to ensure that we do not send any further e-mails to it.

Legal bases – General Data Protection Regulation

In accordance with the provisions of the General Data Protection Regulation (GDPR) in force since 25 May 2018, we would hereby like to inform you that consent to the sending of e-mails to e-mail addresses is obtained on the basis of Art. 6(1)(a), 7 GDPR and Art. 7 (2) No. 3 or (3) Unfair Competition Act (UWG). The use of the dispatch service provider MailChimp, the execution of statistical surveys and analyses, as well as the logging of the registration procedure, are based on our legitimate interests in accordance with Art. 6 (1)(f) GDPR. Our interest lies in the utilisation of a user-friendly and secure newsletter system that serves our business interests and meets the expectations of users. We would also like to point out that you can object at any time to the future processing of your personal data in accordance with the statutory requirements under Art. 21 GDPR. This objection may be made, in particular, against processing for direct marketing purposes.

11. Cookiebot (Cookie Consent Tool)

Our website uses the Cookie Consent Tool “Cookiebot” to obtain your consent to the storage of certain cookies in your browser and to document these in accordance with data protection regulations. Cookiebot is operated by Cybot A/S, 1058 Copenhagen, Denmark.

When you enter our website, a Cookiebot cookie is stored in your browser, in which the consents you have issued (or your revocation thereof) are stored.

The Cookiebot-Consent-Technology is used to obtain the legally required consent for the use of cookies. Data processing is carried out in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in providing a cookie consent management service for website visitors.

For more information on the handling of the transferred data, please refer to the data protection declaration from

Important information on cookies:
You will find further information on, among other things, how cookies work, the purpose, scope and legal basis of data processing and the possibility of revocation here.


12. HubSpot

We use HubSpot on our website for marketing activities. We use this integrated software solution for our own marketing, for lead generation and for customer service purposes. These include e-mail marketing, which regulates the dispatch of newsletters and automated mailings, social media publishing and reporting, contact management – such as user segmentation and CRM – landing pages and contact forms.

HubSpot uses cookies, which are small text files, that are stored locally in the cache of your web browser on your device and allow us to analyse your use of the website. The information collected (e.g. your IP address, geographic location, browser type, length of visit and pages viewed) is analysed by HubSpot on our behalf so that we can generate reports about the visit and the pages viewed. Information collected via HubSpot and the content of our website is stored on servers of HubSpot's service providers. If you have provided your consent in accordance with Art. 6(1)(1)(a) GDPR, processing on this website will be for the purpose of website analysis.

HubSpot is a software company from the USA with a subsidiary in Ireland.
Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Telephone: +353 1 5187500.

HubSpot participates in the EU-US Privacy Shield Agreement and the Swiss-U.S. Privacy Shield and is certified as compliant herewith. For more information on Privacy Shields, please consult the Privacy Shield List on the U.S. Department of Commerce website at

Learn more about Hubspot Cookie Security & Privacy.

13. Cookies

Further information about the cookies we use can be found here:




The following overview applies to the domain and all subdomains.

Functional cookies:

  • Provider:
  • Purpose: We use MailChimp to manage all subscriptions to our mailing lists and to manage the creation and sending of e-mails to subscribers of these lists. Mailchimp uses a session cookie to track users through the registration process when they submit information via our registration form.
  • Procedure: Session

14. User rights

14.1. Right to the disclosure of information: Users have the right to request the disclosure, free of charge, of information on the personal data we have stored on them.

14.2. Right of rectification: In addition, users have the right to correct inaccurate data, to restrict the processing and deletion of their personal data and, where applicable, to exercise their rights to data portability.

14.3. Right of revocation: Users may also revoke their consent, in principle with effect for the future. This revocation must be sent to the data protection officer. 

14.4. Right of appeal: In the event of a violation of the GDPR, those affected have a right of appeal vis-a-vis the competent supervisory authority. The right of appeal is without prejudice to other administrative or judicial remedies.

15. Deletion of data

The data stored with us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory storage obligations. To the extent that user data is not deleted because it is required for other (and legally permissible) purposes, its processing is restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to user data that must be retained for commercial or tax-related reasons.

16. Right of objection

Users can object at any time, in accordance with statutory requirements, to the future processing of their personal data. This objection may be made, in particular, against processing for direct marketing purposes. Any objection should be directed to the responsible data controller.

17. Changes to the data protection declaration

We reserve the right to amend this data protection declaration to align with changes in legislation, or should there be any changes to our service and the associated data processing. However, this applies only with regard to declarations on data processing. To the extent that user consent is required, or if components of the data protection declaration contain provisions of a contractual relationship with the users, changes will be made only with the consent of users.

Users are asked to update their understanding regarding the content of this data protection regulation at regular intervals.

Munich, 18.05.2018
Executive Management