Legal Information
Privacy
The protection of personal data and the responsible handling of information you entrust to us are very important to us. In this privacy policy, we inform you about the processing of personal data by the Indicium Group.
1. Controller
If you have entered into a contract with Indicium Technolgies GmbH or have given this company your consent, the controller under data protection law is
Indicium Technologies GmbH
Große Johannisstraße 7
D-20095 Hamburg.
Contact: 040 / 5936173019
In all other cases, in which you use services of the Indicium Group directly and not via your employer or client, especially when generally using the website www.indicium.ag, the controller under data protection law is
Indicium Technologies AG
Rothusstraße 21
CH-6331 Hünenberg.
(hereinafter both referred to as “Indicium”).
We also operate the Indicium Digital Analyst (IDA) software (“Software”) on behalf of companies that use the software’s functionalities to carry out background checks. If you use the software as an employee or contractor of this company, your employer or client is the controller under data protection law. In this case, please inform yourself about the processing of your personal data by your employer or client.
2. Data Protection Officer
The Data Protection Officer of Indicium is Mr. Nabil el Berr.
3. Data subject rights
As a data subject affected by data processing by Indicium, you have the following rights under the respective statutory requirements:
The right to confirmation as to whether we process your personal data (Art. 15 GDPR).
The right to access your personal data processed by us
and to a copy of that data (Art. 15 GDPR).
The right to rectification if your personal data is inaccurate (Art. 16 GDPR).
The right to erasure of your personal data (Art. 17 GDPR).
The right to restriction (blocking) of your personal data (Art. 18 GDPR).
The right to data portability (Art. 20 GDPR).
In the event of processing your personal data on the basis of Art. 6(1)(e) or (f) GDPR, you may also object to the processing in question under the conditions of Art. 21(1) GDPR. You may object to the processing of your personal data for direct marketing purposes at any time and without giving reasons, with effect for the future (Art. 21(2) GDPR). If processing is based on your consent (Art. 6(1)(a) GDPR, Art. 9(2)(a) GDPR), you may withdraw your consent at any time with effect for the future (Art. 7(3) GDPR). You also have the right to lodge a complaint with the competent data protection supervisory authority (Art. 77 GDPR). If you have any questions or complaints about data protection at Indicium or would like to exercise one of your data subject rights, you can contact our Data Protection Officer at any time using the contact details provided above.
4. Storage period and deletion of your personal data
We delete your personal data as soon as its processing is no longer necessary for the purposes explained in this privacy policy; if, in the event of your objection, there are no overriding legitimate grounds for deletion on the part of Indicium (Art. 21(1) GDPR), or in the event of a withdrawal of consent, there is no other legal basis for the processing.
If and for as long as statutory retention obligations prevent deletion, we restrict the processing of your data to this archiving purpose (so-called data blocking) and delete your data once the retention period has expired. Typical retention periods under German commercial and tax law are six years to the end of the year for business letters (including emails) and ten years to the end of the year for accounting-relevant data.
5. Recipients of personal data
We may transfer your personal data to service providers for the purposes described in this privacy policy, whom we engage on the basis of data processing agreements (Art. 28 GDPR) to carry out specific, purpose-bound data processing activities (e.g. hosting, IT support).
6. Data transfers to third countries
We may transfer your personal data to recipients in countries outside the European Union and the European Economic Area, in particular in Switzerland and the USA. Adequacy decisions exist for Switzerland and the USA (EU-US Data Privacy Framework (DPF)) (Art. 45 GDPR). If there is no adequacy decision or an adequacy decision does not apply (in the USA, for example, due to the data importer lacking certification), we agree with the recipient in the third country on the Standard Contractual Clauses (SCC) and, where necessary, additional measures to ensure an adequate level of data protection.
7. Data processing when using our website generally
When you access the Indicium website, we collect and process internet connection data (see a) below) as well as certain telemedia and usage data stored in the browser of your device (see b) below).
a. Internet connection data
When you access the Indicium websites, we process the internet connection data automatically transmitted by your browser to our server. This data includes your IP address and other usage data (e.g. date and time of access,
name of the page accessed, amount of data transmitted and the requesting provider). We need this information to enable you to use our website, for example by adapting the website to the technical requirements of your device.
This internet connection data may also constitute personal data. The legal basis for this data processing is our legitimate interest in ensuring the security and usability of our website (Art. 6(1)(f) GDPR).
b. Cookies
We use cookies on the Indicium website. Cookies are text files stored by the browser on your device. User-related pseudonymous data may be stored in these files. This data can then be read again. In certain cases, information is stored on your device or access is gained to information already stored on your device. These are strictly necessary so that we can make the software on our website available for you to use (“Necessary Cookies”).
In these cases, access to your device takes place within the scope of the German TTDSG on the basis of § 25(2) no. 2 TTDSG. To the extent that this information has a personal reference and is further processed by us in our IT systems, the legal basis for this data processing is our legitimate interest in providing our website and ensuring data security (Art. 6(1)(f) GDPR). If you are already registered on one of our websites and the data processing serves the performance of a contract, the legal basis is Art. 6(1)(b) GDPR.
In addition, provided you have given your express consent, we use cookies and tracking technologies for analysis and marketing purposes (e.g. to measure the success of advertisements or for technical integration via Google Tag Manager). In these cases, your data is processed on the basis of Art. 6(1)(a) GDPR and § 25(1) TTDSG. You may withdraw your consent at any time with effect for the future in the cookie settings.
Use of Microsoft Clarity
We work with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website. For this purpose, behavioral metrics, heatmaps and session replays are used to improve and market our products and services.
Website usage data is collected using cookies (first- and third-party) and other tracking technologies to determine the popularity of products/services and online activities. We also use this information for website optimization, fraud/security purposes and advertising.
Legal basis: Your data is processed solely on the basis of your consent in accordance with Art. 6(1)(a) GDPR. You can withdraw your consent in the cookie settings at any time.
For more information as well as the purpose and storage period of our cookies, please refer to the Cookie Policy.
8. “Self-test” software Indicium Digital Analyst (IDA).
As a user, you can test the Indicium Digital Analyst (IDA) software (“Software”) for commercial purposes with your own data as part of a “Self-Check”. The software is an Open Source Intelligence tool (OSINT). The software is used to carry out background checks (“Backgroundchecks”) on the user. For this purpose, the user enters their name, date of birth and, where applicable,
additional data from their CV into the software. Based on the user data entered, the software searches worldwide sources on the Internet and provides the findings in a consolidated report to the user. The sources searched may include in particular:
Results from a general Internet search (e.g. via Google or Bing); press publications; credit agencies (e.g. LexisNexis); public registers (e.g. commercial and insolvency registers); official sanctions lists of the EU, EU Member States and third countries (e.g. the USA); professional social platforms (e.g. LinkedIn, Xing); private social platforms (e.g. Facebook, Instagram)
In principle, any personal data of the user may be the subject of data processing in the “Self Check”. In particular, it cannot be ruled out that special categories of personal data within the meaning of Art. 9(1) of the General Data Protection Regulation (e.g. with regard to political opinions, religious or philosophical beliefs or
trade union membership) could be collected and made available to the user via the report, provided the user has published this information on the Internet.
If you would like to carry out the Self-Check, you must register. We first collect your email address and send you a confirmation email with a confirmation link that you must click to complete the registration; a two-factor authentication mechanism must also be stored.
The legal basis for the “Self-Check” is your consent as a user (Art. 6(1)(a) GDPR, Art. 9(2)(a) GDPR). You can withdraw your consent at any time with effect for the future (Art. 7(3) GDPR).
9. User account registration
As part of your registration for a user account, we collect and process, as required, your name, your company details and email address, as well as the password you choose yourself. If there is a contract with the user, the legal basis for this data processing is the initiation and performance of the usage agreement concluded with the user (Art. 6(1)(b) GDPR). If you register as a representative, contact person or employee of a company that is our customer or other business partner, the legal basis for the processing in this case is our legitimate interest in initiating or performing the respective contractual relationship (Art. 6(1)(f) GDPR).
10. Newsletter and email marketing
If you would like to receive our newsletter and register for it, we first collect your email address and send you a confirmation email with a confirmation link that you must click in order to subscribe to our newsletter. We will then keep you informed in the newsletter about products and services of the Indicium Group, in particular the Indicium Digital Analyst (IDA) software.
We process your data for this purpose only on the basis of your consent (Art. 6(1)(a) GDPR). You may withdraw your consent to the newsletter at any time with effect for the future. A link for declaring your withdrawal of consent to receive the newsletter can be found in every email. The contact details for declaring withdrawal can also be found in section 1.
11. Contact / contact form
When contacting us (e.g. via the contact form on the website or by email), personal data is processed solely for the purpose of handling and responding to your inquiry and only to the extent necessary for this purpose, in particular name, first name, email, telephone number, company and position. The legal basis for processing this data is our legitimate interest in responding to your request and assessing whether it is a professional inquiry. (Art. 6(1)(f) GDPR).
12. No automated individual decision-making
We do not make any decisions based exclusively on automated processing of your data that produce legal effects concerning you or similarly significantly affect you (Art. 22 GDPR).
13. Changes to the privacy policy
New legal requirements, business decisions or technical developments may require changes to this privacy policy. The privacy policy will then be adjusted accordingly. You can always find the current version on our website.