At PPI AG, we take the protection of your privacy very seriously when collecting, processing and using your data.
The following explanation provides an overview of how we guarantee data protection and what kind of data is collected for which purpose.
The data is under the control of
PPI AG, Moorfuhrtweg 13, 22301 Hamburg, Germany
Telephone: +49 40 227433-0
Fax: +49 40 227433-1333
E-mail: info(at)ppi.de
Internet: www.ppi.de
Data protection officer
If you have further questions regarding the processing of your personal data, you can contact our data protection officer directly. Our data protection officer is also available to you should you wish to request information, request that an action be taken or make a complaint:
PPI AG
Data protection officer
[Moorfuhrtweg 13]
22301 Hamburg, Germany
E-mail: datenschutz(at)ppi.de
If you or your organisation have a business relationship with us (in particular customers, prospective customers, partners, service providers and suppliers), we retain the relevant data about you.
The data processed by us includes all the data provided by you or collected by PPI, insofar as this is necessary within the framework of the business relationship (Article 6, subparagraph 1, point (b) of the GDPR) or the processing of your data is legally necessary, for example, to comply with tax and commercial retention periods (Article 6, subparagraph 1, point (c) of the GDPR).
The respective data processed especially includes the contact data, such as your name, company, address, telephone number, e-mail address, as well as information about the respective business relationship, such as the contractual relationship and its processing (current and completed orders, invoices, payments). We retain this data for the duration of the respective business relationship and thereafter for the duration of the respectively applicable legal retention periods. Insofar as the data is retained solely for the purpose of complying with a legal obligation to retain it, we block access to it for other purposes.
By means of the contact details provided to us, we will regularly inform you by telephone, e-mail, fax or post about our products, services, newsletters (such as Basel III) and themed events (such as seminars and conferences).
You will only receive this information if you have consented to your data being processed for the purpose of receiving advertising (Article 6, subparagraph 1, point (a) of the GDPR).
The processing of your data for the purpose of advertising, insofar as this is permitted without your consent, would then be in terms of our interest to provide you with the requested information (for example, about our products and services and themed events) and to give you the best possible support (Article 6, subparagraph 1, point (f) of the GDPR).
The electronic transmission of advertising and information will be carried out by the distribution service provider CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany. The privacy policy of the distribution service provider can be viewed at: https://www.cleverreach.com/en/privacy-policy/.The distribution service provider is engaged in terms of a processing contract in accordance with Article 28, subsection 3, first sentence of the GDPR.
The postal dispatch of advertising material and information is carried out by various service providers based in the European Union. This includes in particular the postal dispatch of Christmas greetings and other brochures, diagrams and promotional gifts. The distribution service providers are engaged in terms of a processing contract in accordance with the first sentence of subsection 3 of Article 28 of the GDPR.
Your data will be retained in the systems until you request the deletion of your data, the purpose of the data processing ceases or PPI becomes aware that the data for the purpose of communication is no longer valid.
If you use our website to submit your application online via our career portal, (www.ppi.de/karriere), your data will be securely transmitted to us.
Irrespective of whether you use the online application service or send us your application documents by post, your data will be stored in our application system in terms of your consent in accordance with Article 6, subparagraph 1, point (b) of the GDPR.
We collect different types of information in this regard. In particular, this includes your personal information with your contact details as well as a description of your education, work experience and skills. You also have the option of providing us with electronically saved documents, such as references or your covering letter.
The data is transmitted to us for a contract of employment is saved in compliance with the statutory requirements for the purpose of entering into an employment relationship. Should we be unable to offer you employment within the scope of the application process, we will delete your data six months after the conclusion of the application process. This storage period is required for us to be able to defend ourselves, if necessary, against claims in terms of the German General Act on Equal Treatment.
If you would like to be included in our pool of applicants, you thereby consent to your data being retained by us beyond this period in order for us to be able to contact you for vacancies in the future.
When you visit our websites, our web servers automatically save the following data:
Information about the browser type and version used
The data is saved to ensure the functionality of the website. The data is also used to optimise the website and to safeguard the security of our IT systems. We also process this data to detect and track misuse. In this regard, the legal basis is Article 6, subparagraph 1, point (f) of the General Data Protection Regulation (GDPR). Our legitimate interest in processing the data is to ensure that our website functions properly and to safeguard the transactions processed by means thereof.
The data is stored in the log files of our servers for four weeks and then deleted automatically.
In this regard, the data is not evaluated for marketing purposes.
Your personal data will however be processed if you provide it to us, for example, in the context of a request or placing an order for information or registering for a newsletter. This is based on the provisions of Article 6, subparagraph 1, point (b) of the GDPR.
On our website, you can subscribe to a free newsletter from PPI on relevant topics or sectors. On registration, your data is transmitted to us from the input mask (title, first name, surname, company, e-mail address).
The newsletter is sent to you on the basis of your registration on our website and your consent in terms of Article 6, subparagraph 1, point (a) of the GDPR. Your e-mail address is collected for the purpose of providing you with the newsletter. The collection of other personal data in the context of the registration process serves to prevent the misuse of the services or the e-mail address used. In addition, reference is made to this data protection policy within the context of the registration. The only direct advertising sent via the newsletter is for PPI’s own services. The data will only be used by us for the purpose of sending the newsletter.
The newsletters are sent by the distribution service provider CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany. The privacy policy of the distribution service provider can be viewed at: https://www.cleverreach.com/en/privacy-policy/.The distribution service provider is engaged in terms of a processing contract in accordance with the first sentence of subsection 3 of Article 28 of the GDPR.
Your data will be retained in the systems until you unsubscribe from the newsletter or you request the deletion of your data.
If you contact us (e.g. by contact form, e-mail, telephone or via social media), the information of the inquiring persons is processed. As a matter of course, we will use the personal data transmitted to us in this way exclusively for the purpose you provide it for when contacting us.
The answering of contact requests in the context of contractual or pre-contractual relationships is carried out to fulfil our contractual obligations or to answer (pre-)contractual requests (Article 6 section 1 p. 1 lit. b. GDPR) and otherwise on the basis of legitimate interest in answering the requests (Article 6 section 1 p. 1 lit. f. GDPR).
PPI AG will only transfer data relating to the use of the electronic services to third parties in accordance with the applicable statutory provisions if there is a legal obligation to do so (such as disclosures to public authorities) or if this is necessary for the enforcement of our rights (such as claims arising from a contractual relationship).
In addition, we will only disclose data to external service providers in such instances where this is necessary for the provision of products and services and a contractual agreement has been concluded. These instruction-bound service providers or processors will only use the data in terms of a contract for the purpose of performing their obligations.
Under no circumstances will the collected data be sold. Our employees are obliged to maintain and safeguard the confidentiality of the personal data provided to us.
We protect your data by means of technical and organisational security measures to prevent the accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Our security measures, such as data encryption, are regularly improved in accordance with the development of the technology.
This website uses the following types of cookies, the scope and function of which are explained below:
b) Transient cookies are automatically deleted when you close the browser. In particular, these include session cookies. They save a session ID with which the various requests from your browser can be assigned to the joint session. This allows your computer to be recognised when you return to our website. Session cookies are deleted when you log out or close the browser.
c) Persistent cookies are automatically deleted after a specified period, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
You can configure your browser settings in accordance with your wishes, for example, to accept third-party cookies or to reject all cookies. In this event, please note that you may not be able to use all the features of the site.
We use cookies to identify you when you return to the site, if you have an account with us. Otherwise, you would need to log in again every time you return to the site.
Insofar as you have given your consent, this website uses Google Analytics Universal and Google Analytics 4, a web analytics service provided by Google LLC. The responsible entity for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").
Scope of processing
Google Analytics uses cookies that enable an analysis of your use of our websites. The information collected with cookie about your use of our website is generally transferred to a Google server in the USA and stored there.
We use Google Signals. This allows Google Analytics to capture additional information about users who have activated personalised ads (interests and demographics) and ads can be delivered to these users in cross-device remarketing campaigns. If you do not wish to use Google Signals, please deactivate the "ad personalisation" option in your Google account settings.
In Google Analytics 4 and Google Analyctis Universal the anonymisation of IP addresses is activated by default. Due to the IP anonymisation, within member states of the European Union or in other states that are parties to the agreement on the European Economic Area your IP address will be truncated by Google. The full IP address will only be transferred to a Google server in the USA and truncated there in exceptional cases. According to Google, the IP address transferred by your browser as part of Google Analytics will not be associated with the other data in Google’s possession.
During your visit to the website your user behaviour is recorded in the form of "events". Events can be:
Page views, first visit to the website, start of the session,your "click path", interaction with the website, scrolls (whenever a user scrolls to the bottom of the page (90%)), clicks on external links, internal searches, interaction with videos, file downloads, ads seen / clicked on and language settings.
In addition, the following is recorded:
Your approximate location (region), your IP address (in abbreviated form), technical information about your browser and the end devices you use (for example, language setting, screen resolution), your Internet provider and the referrer URL (via which website/advertising medium you came to our website).
Purposes of the processing
On behalf of the operator of this website, Google will use this information for the purpose of evaluating the use of the website and compiling reports on the website activity. The reports provided by Google Analytics are used to analyse the performance of our website.
Recipient
Recipients of the data are/could be:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor according to Art. 28 GDPR) and Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA as well as Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.
It cannot be ruled out that US authorities will access the data stored by Google.
Third country transfer
Insofar as data is processed outside the EU/EEA and there is no level of data protection that corresponds to the European standard, we have concluded standard EU contractual clauses with the service provider in order to establish an appropriate level of data protection.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.
The parent company of Google Ireland, Google LLC, is based in California, USA. A transmission of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to legal remedies against access by authorities.
Legal basis of your consent pursuant to of Article 6, subparagraph 1, point (a) of the EU GDPR
You can decide whether you wish to participate in the tracking procedure via the Cookie settings. The lawfulness of the data processing carried out on the basis of your consent prior to the revocation is not affected by this.
Users can refuse cookies by making the appropriate adjustments to the settings of their browser. In addition, users can also prevent the transmission of the data generated by the cookie to Google and their use of the online content as well as the processing of such data by Google by downloading and installing the browser plug-in that is available at the following link: tools.google.com/dlpage/gaoptout.
For more information on the use of data by Google, the setting options and opportunities to raise objections, please read Google’s Privacy Policy (https://policies.google.com/technologies/ads) as well as the settings for the insertion of ads by Google (https://adssettings.google.com/authenticated).
The personal data of users will be deleted or anonymised after 14 months.
This website uses SalesViewer® technology from SalesViewer® GmbH on the basis of the website operator’s legitimate interests (Section 6 paragraph 1 lit.f GDPR) in order to collect and save data on marketing, market research and optimisation purposes.
In order to do this, a javascript based code, which serves to capture company-related data and according website usage. The data captured using this technology are encrypted in a non-retrievable one-way function (so-called hashing). The data is immediately pseudonymised and is not used to identify website visitors personally
The data stored by Salesviewer will be deleted as soon as they are no longer required for their intended purpose and there are no legal obligations to retain them.
The data recording and storage can be repealed at any time with immediate effect for the future, by clicking on www.salesviewer.com/opt-out in order to prevent SalesViewer® from recording your data. In this case, an opt-out cookie for this website is saved on your device. If you delete the cookies in the browser, you will need to click on this link again.
We maintain an online presence within social networks and platforms in order to communicate with customers, prospective customers and users who are active there and to be able to inform them about our services. When using the respective networks and platforms, the terms and conditions and the data processing policies of the respective providers apply.
Unless otherwise specified in our data protection policy, we process the data of users if they communicate with us on social networks and platforms, for example, if they post contributions to our online presence or send us messages.
The blogs we run:
https://ppiag-digitalisierung-versicherungen.blogspot.com/
https://www.banking-experts.blog/
are based on the “Blogger” blog system provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. In particular, the processed data may include the IP addresses and location data of users but which are not collected without the user’s consent (usually carried out when setting up their mobile devices). The data may be processed in the USA. Privacy policy: www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.
This content uses social plugins (“plugins”) from the social network facebook.com, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). The plugins are identifiable by one of the Facebook logos (a white “f” on a blue tile or a “thumbs up” sign) or are marked by the addition of “Facebook Social Plugin”. The list and appearance of the Facebook social plugins can be viewed here: https://developers.facebook.com/docs/plugins/.
When a user makes use of this content by visiting a web page that contains such a plugin, the user’s browser establishes a direct connection to the Facebook servers. The content of the plugin is transmitted by Facebook directly to your browser which incorporates it into the website. Consequently, the provider has no influence on the amount of data that Facebook collects with the assistance of this plugin and therefore informs users to the extent of its knowledge:
By embedding the plugins, Facebook receives the information that a user has accessed the relevant page of the content offered. If the user is logged into Facebook, Facebook can assign the visit to the user’s Facebook account. If users interact with plugins, for example, by clicking a Like button or leaving a comment, the corresponding information is transmitted from your browser directly to Facebook and stored there. If a user does not have a Facebook account, Facebook may nevertheless be able to collect and save the user’s IP address. According to Facebook, only an anonymised IP address is stored for users in Germany.
The purpose and scope of the collection of the data and the further processing and use of the data by Facebook, as well as the related rights and setting options to protect the privacy of users, can be found in Facebook’s privacy policy: https://www.facebook.com/about/privacy/.
If a user has a Facebook account and does not want Facebook to collect data about the user via the content offered and associate it with the user’s account data stored on Facebook, the user needs to log out of Facebook before visiting the website.
Facebook social plugins can also be blocked by means of add-ons for your browser.
To optimise the security of our forms, we use the "Friendly Captcha" service (www.friendlycaptcha.com) of Friendly Captcha GmbH, Am Anger 3-5, 82237 Wörthsee, Germany. The function of the tool is to distinguish whether the data entered in the contact form was entered by a natural person or whether there has been misuse by a machine and automated processing. By using Friendly Captcha, we can block automated software. For this purpose, Friendly Captcha processes the following information:
The service does not set or read any cookies on your end device. If personal data is stored, this data is deleted within 30 days. The legal basis for the processing is our legitimate interest in protecting our website against abusive access by bots, spam protection and protection against attacks (e.g. mass requests), Article 6 para. 1 lit. (f) GDPR. More information on data protection when using Friendly Captcha can be found at https://friendlycaptcha.com/legal/privacy-end-users/.
We include maps from the Google Maps service provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. In particular, the processed data may include the IP addresses and location data of users but which are not collected without the user’s consent (usually carried out when setting up their mobile devices). The data may be processed in the USA. Privacy policy: www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.
The content we provide online may include certain functions and content of the Instagram service provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. This may include content such as images, videos or text, and buttons that users can use to express their approval of the content, the authors of the content or subscribe to our posts. If the users have an Instagram account, Instagram may assign the use of the above-mentioned content and functions to the profiles of their users. Instagram’s privacy policy: http://instagram.com/about/legal/privacy/.
The content we provide online may include certain functions and content of the LinkedIn service provided by LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland. This may include content such as images, videos or text, and buttons that users can use to express their approval of the content, the authors of the content or subscribe to our posts. If the users have a LinkedIn account, LinkedIn may assign the use of the above-mentioned content and functions to the profiles of their users. LinkedIn’s privacy policy: www.linkedin.com/legal/privacy-policy. LinkedIn is certified under the Privacy Shield Frameworks and thereby guarantees that it complies with the European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active). Privacy policy: www.linkedin.com/legal/privacy-policy, opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
To make an online appointment, we use the Microsoft Bookings service as part of Microsoft Office 365 provided by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P521 (hereinafter "Microsoft"). The software allows you to book an appointment with one of our employees, for example, for consulting on our services and products.
The connection to the service is only established if you access the online booking function via a link or button on our website, in an e-mail or in the newsletter. To make an appointment, your entries in the form will be sent to Microsoft. For more information on the handling of your data, see Microsoft's privacy statement at: https://privacy.microsoft.com/en-gb/privacystatement.
In principle, data processing outside the European Union (EU) is not performed, as we have restricted our storage location to data centres within the European Union. However, we cannot rule out the possibility that data will be transmitted to Microsoft Corp. in the USA in this context. Microsoft can also perform remote maintenance access from other third countries. That is why we have concluded the standard data protection clauses of the European Commission with Microsoft Corp.
The legal basis for the processing of your data in relation to the "Microsoft Bookings" service is Article 6, subparagraph 1, point (f) of the GDPR (legitimate interest in data processing). The legitimate interest arises from our claim to offer you a user-friendly website with a wide range of functions and to give you the opportunity to make an appointment quickly and easily if necessary. Please note that you are not required to use Microsoft Bookings to make an appointment. If you do not wish to use the service, please use another of the available contact options for arranging appointments.
To conduct surveys, we use the Microsoft Forms service as part of Microsoft Office 365 provided by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P521 (hereinafter "Microsoft").
In the course of conducting surveys, personal data can be processed and stored on Microsoft's European cloud servers. There is the possibility of an anonymous survey or a confidential survey. An anonymous survey does not store contact information and cannot be traced back to you. In the case of confidential surveys, it is possible for the survey owner to attribute the answers to you. In addition, it is possible that personal data is requested within a survey. This data can also only be viewed and evaluated by the owner of the survey.
The processed data is not used for automated decisions, including profiling.
The legal basis for the processing of your data in relation to the "Microsoft Forms" service is Article 6, subparagraph 1, point (a) of the GDPR (presence of consent). Participation in the surveys is voluntary. Unless there is a legitimate interest in long-term storage, the owner will delete all responses within two years after the completion of the survey. As a respondent, you can ask the owner how long your answers will be stored in Forms.
In principle, data processing outside the European Union (EU) is not performed, as we have restricted our storage location to data centres within the European Union. However, we cannot rule out the possibility that data will be transmitted to Microsoft Corp. in the USA in this context. Microsoft can also perform remote maintenance access from other third countries. That is why we have concluded the standard data protection clauses of the European Commission with Microsoft Corp.
We use Shariff buttons for the protection of privacy. Shariff was developed to provide greater privacy on the Internet and to replace the usual “share” buttons of social networks. Here it is not the user’s browser but the server on which the online content is located that establishes a connection to the server of the respective social media platform and requests, for example, the number of likes, etc. The user thus remains anonymous. For more information about the Shariff project, refer to the developers at c't magazine: www.ct.de.
The content we provide online may include certain functions and content of the Twitter service provided by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. This may include content such as images, videos or text, and buttons that users can use to express their approval of the content, the authors of the content or subscribe to our posts. If the users have a Twitter account, Twitter may assign the use of the above-mentioned content and functions to the profiles of their users. Twitter is certified under the Privacy Shield Frameworks and thereby guarantees that it complies with the European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active). Privacy policy: twitter.com/de/privacy, Opt-Out: https://twitter.com/personalization.
The online content that we provide may include certain functions and content of the Xing service provided by XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany. This may include content such as images, videos or text, and buttons that users can use to express their approval of the content, the authors of the content or subscribe to our posts. If the users have a Xing account, Xing may assign the use of the above-mentioned content and functions to the profiles of their users. Xing’s data protection policy: https://www.xing.com/app/share?op=data_protection.
We embed certain videos from the YouTube platform of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Privacy policy: www.google.com/policies/privacy/, opt-out: adssettings.google.com/authenticated.
In terms of Article 15 the GDPR, you always have the right receive information about the origin, recipient, purpose and duration of data processing of the data retained by us in respect of you. You can submit a request by post or e-mail to the addresses provided below.
You have the right to demand the rectification of your personal data without undue delay if it is inaccurate (Article 16 of the GDPR). In this regard, please make use of the contact addresses set out below.
You have a right to the erasure (“right to be forgotten”) of your personal data without undue delay if one of the legal grounds in terms of Article 17 of the GDPR applies. Such grounds apply:
In order to assert your right to erasure, please make use of the contact addresses provided below.
You have the right to restrict processing if one of the conditions applies in accordance with the provisions of Article 18 of the GDPR. Thereafter, the restriction of processing may be required, in particular, if the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of the use of the personal data instead or if the data subject objects to the processing pursuant to Article 21, subparagraph 1 of the GDPR pending verification of whether our legitimate grounds override your rights. In order to assert your above-mentioned right, please make use of the contact addresses provided below.
You have the right to restrict processing if one of the conditions applies in accordance with the provisions of Article 18 of the GDPR. Thereafter, the restriction of processing may be required, in particular, if the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of the use of the personal data instead or if the data subject objects to the processing pursuant to Article 21, subparagraph 1 of the GDPR pending verification of whether our legitimate grounds override your rights. In order to assert your above-mentioned right, please make use of the contact addresses provided below.
You have the right to object, at any time, in terms of Article 21 of the GDPR on grounds relating to your particular situation to the processing of your personal data which is based, inter alia, on point (e) or (f) of subparagraph 1 of Article 6 of the GDPR. In which event, we will no longer process your personal data, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing is for the purpose of asserting, pursuing or defending a legal claim. In order to assert your above-mentioned right, please make use of the contact addresses provided below.
You have the right to lodge a complaint in terms of Article 77 of the GDPR with the competent supervisory authority if you are of the opinion that the processing of your personal data is unlawful:
Free and Hanseatic City of Hamburg
The Hamburg Commissioner for Data Protection and Freedom of Information
Please note that we update this data protection policy from time to time so that it always complies with the most recent legal requirements and covers all our content. The latest version applies subject to the following update notice.
Your statutory rights to information, rectification, restriction, erasure and to raise an objection shall remain unaffected by any such amendment.
Last update: 15.02.2021
