top of page

Data protection

Indicium Technologies GmbH

The protection of personal data and the responsible handling of information that you entrust to us are important and particularly important to us. In this privacy policy we inform you about the processing of personal data by the Indicium Group.

1. Persons responsible

If you have concluded a contract with Indicium Technologies GmbH or have given your consent to this company, the person responsible for data protection is

Indicium Technologies GmbH
Middleway 110
D-20149 Hamburg.


In all other cases in which you use the services of the Indicium Group directly and not through your employer or client, in particular when using the website www.indicium.ag in general, the person responsible for data protection is

Indicium Technologies AG
Rothusstrasse 21
CH-6331 Hünenberg.

(hereinafter both referred to as “Indicium”).


We also operate the Indicium Digital Analyst (IDA) software (“Software”) on behalf of companies that use the functionality of the software to conduct background checks. If you use the software as an employee or service provider of these companies, your employer or client is responsible for data protection. In this case, please inform yourself about the processing of your
personal data from your employer or client.

2. Data Protection Officer

You can reach Indicium’s data protection officer, Mr. Dipl.-Kfm. Marc Althaus
(DS EXTERN GmbH Bredkamp 53a, D-22589 Hamburg) at www.dsextern.de/anfragen.

3. Rights of data subjects

As a data subject of data processing by Indicium, you have the following rights under the respective legal requirements:


  • The right to confirmation as to whether we process personal data concerning you

  • (Article 15 GDPR).

  • The right to information about your personal data processed by us

  • Data and a data copy (Art. 15 GDPR)

  • The right to rectification in case your personal data is inaccurate (Art. 16 GDPR).

  • The right to erasure of your personal data (Article 17 GDPR).

  • The right to restrict (block) your personal data (Art. 18 GDPR).

  • The right to data portability (Article 20 GDPR).

In the event that your personal data is processed on the basis of Art. 6 (1) (e) or (f) GDPR, you can also object to the processing in question under the conditions of Art. 21 (1) GDPR. You can object to the processing of your personal data for direct marketing purposes at any time and without giving reasons with effect for the future.
object (Art. 21 Para. 2 GDPR). If the processing is based on your consent (Art. 6 Para. 1 Letter a GDPR, Art. 9 Para. 2 Letter a GDPR), you can withdraw your consent at any time with effect for the future (Art. 7 Para. 3 GDPR). You also have the right to contact the responsible data protection supervisory authority (Art. 77 GDPR). If you have any questions or complaints about data protection at Indicium or would like to exercise one of your rights as a data subject, you can contact our data protection officer at any time using the contact details provided above.

4. Storage period and deletion of your personal data

We delete your personal data,

  • ​as soon as their processing is no longer necessary for the purposes explained in this privacy policy;

  • if, in the event of your objection, there are no compelling legitimate reasons on Indicium’s part that prevent the deletion
    (Article 21 paragraph 1 GDPR),

  • or in the event of withdrawal of consent there is no other legal basis for the processing.


If and as long as legal retention obligations prevent deletion, we limit the processing of your data to this archiving purpose (so-called data blocking) and delete your data when the retention period expires. Typical retention periods under German commercial and tax law are six years at the end of the year for business letters (including emails) and ten years at the end of the year for accounting-related data.

5. Recipients of personal data

We may transfer your personal data for the purposes explained in this privacy policy to service providers whom we commission to carry out specific, purpose-specific data processing (e.g. hosting, IT support) on the basis of order processing agreements (Art. 28 GDPR).

6. Data transfers to third countries

We may transfer your personal data to recipients in countries outside the European Union and the European Economic Area, in particular to Switzerland and the USA. There are adequacy decisions for Switzerland and the USA (EU-US Data Privacy Framework (DPF)) (Art. 45 GDPR). If there is no adequacy decision or an adequacy decision does not apply (in the USA, for example, due to a lack of certification of the data importer), we will agree the standard contractual clauses (SCC) with the recipient in the third country and, if necessary, additional measures required to ensure an appropriate level of data protection.

7. Data processing during general use of our website

When you access the Indicium website, we collect and process internet connection data (see a)) as well as certain telemedia and usage data stored in the browser of your device (see b)).

a. Internet connection data


When you visit the Indicium websites, we process the internet connection data that your browser automatically transmits to our server. This data includes your IP address and other usage data (e.g. date and time of access,
Name of the page accessed, amount of data transferred and the requesting provider). We need this information to enable you to use our website, for example by adapting the website to the technical requirements of your device.


This internet connection data may also be personal data. The legal basis for this data processing is our legitimate interest in ensuring the security and usability of our website (Art. 6 Para. 1 Letter f GDPR).


b. Cookies


We use cookies on the Indicium website. Cookies are text files that are stored by the browser on your device. User-related pseudonymous data can be stored in these files. This data can then be read out. In certain cases, the storage of information on your device or access to data already stored on your device
The information stored on our website is absolutely necessary so that we can provide you with the software on our website for use (“Necessary Cookies”).


In these cases, access to your device takes place within the scope of the German TTDSG on the basis of Section 25 Paragraph 2 Number 2 TTDSG. Insofar as this information is personally identifiable and is stored by us in our IT systems
are further processed, the legal basis for this data processing is our legitimate interest in providing our website and ensuring data security (Art. 6 Para. 1 Letter f GDPR). If you are already registered on one of our websites and the data processing serves to fulfill a contract, the legal basis is Art. 6 Para. 1 Letter b GDPR. Further information on the
The cookies we use, along with their purpose and storage period, can be found in the Cookie Policy.

8. “Self-Check” Indicium Digital Analyst (IDA) Software

As a user, you can test the Indicium Digital Analyst (IDA) software (“Software”) as part of a “self-check” for commercial purposes using your own data. The software is an open source intelligence tool (OSINT). The software is used to conduct background checks on the user. For this purpose, the user provides his/her name, date of birth and possibly
further data from his CV into the software. The software searches worldwide sources on the Internet based on the user data entered and makes the findings available to the user in a consolidated report. The sources searched can include in particular:


  • Results from a general internet search (e.g. using Google or Bing);

  • press releases;

  • Credit reporting agencies (e.g. LexisNexis)

  • Public registers (e.g. commercial and insolvency registers);

  • State sanctions lists of the EU, EU Member States and those of third countries (e.g. the USA);

  • Professional social platforms (e.g. LinkedIn, Xing)

  • Private social platforms (e.g. Facebook, Instagram)


In principle, the subject of data processing in the “Self Check” can be any personal data of the user. In particular, it cannot be ruled out that special categories of personal data within the meaning of Art. 9 Para. 1 of the General Data Protection Regulation (e.g. with regard to political opinions, religious or ideological beliefs or the
union membership) and made available to the user via the report, provided that the user has published this information on the Internet.


If you want to carry out the self-check, you must register. We first collect your email address and send you a confirmation email with a confirmation link that you must click to complete the registration; a 2-factor authentication mechanism must also be stored.


The legal basis for the “self-check” is your consent as a user (Art. 6 Para. 1 Letter a GDPR, Art. 9 Para. 2 Letter a GDPR). You can revoke your consent at any time with effect for the future (Art. 7 Para. 3 GDPR).

9. Registration user account

As part of your registration for a user account, we collect and process your name, your company data and email address as mandatory information, as well as the password you have set yourself. If a contract exists with the user, the legal basis for this data processing is the initiation and fulfillment of the user contract concluded with the user (Art. 6 Para. 1 Letter b GDPR). If you are registering as a representative, contact person or employee of a company that is our customer or other business partner, the legal basis for the processing in this case is our legitimate interest in the initiation or
Implementation of the respective contractual relationship (Art. 6 Para. 1 lit. f GDPR).

10. Newsletter and email advertising

If you would like to receive our newsletter and register for it, we will first collect your email address and send you a confirmation email with a confirmation link that you must click to subscribe to our newsletter. We will then use the newsletter to inform you about products and services of the Indicium Group, in particular the Indicium Digital Analyst (IDA) software.


We only process your data for this purpose based on your consent (Art. 6 Para. 1 Letter a GDPR). You can revoke your consent to the newsletter at any time with effect for the future. You will find a link to declare your revocation of your consent to receive the newsletter in every email. You will also find contact details for declaring your revocation in section 1.

11. Contact

When you contact us (e.g. via the contact form on the website or by email), personal data, in particular your name, first name, email address, telephone number, company and position, will be processed exclusively for the purpose of processing and answering your request and only to the extent necessary for this purpose. The legal basis for the processing of this data is our legitimate interest in answering your request (Art. 6 Para. 1 lit. f GDPR).

12. No automated individual decision

We do not make any decisions that are based solely on automated processing of your data and that have legal consequences for you or significantly affect you in a similar way (Article 22 GDPR).

13. Changes to the Privacy Policy

New legal requirements, business decisions or technical developments may require changes to this privacy statement. The privacy statement will then be adjusted accordingly. You can always find the current version on our website.

bottom of page