Skip to content
Contact us

Privacy Policy

Data protection declaration / information according to Art. 13 GDPR of Virtual Identity AG

Status: 23/02/2023

Thank you for your interest in our website and our company.

The protection of your personal data when it is collected, processed and used when you visit our portal is very important to us. We have taken technical and organizational measures to ensure that the data protection regulations are observed both by us and by external service providers.

We would like to inform you about the type, scope and purpose of the collection and use of your personal data made available to us as well as about their processing and use.

1. Contact details
You can contact us as follows:
Virtual Identity AG
Grünwälderstraße 10-14
79098 Freiburg
t +49 761 20758-400
Board of Directors: Kirsten Heller, Ralf Heller, Timo Mayer, Dr. Benedikt Schulz
e-mail:

2. Processing of data
Personal data is information about your identity. This includes, for example, information such as name, address, telephone number, e-mail address.

In general, you can visit our website without leaving any personal data, e.g. if you just want to find out more about our products and call up the relevant pages. The accesses made to our homepage and each time a file stored on the homepage is called up are logged. The storage serves internal system-related and statistical purposes. The following are logged: browser type / version, operating system used, referrer URL (the previously visited page), host name of the accessing computer (IP address), time of the server request. However, no personal data is transmitted on your part and this information is stored separately from any personal data that may be transmitted. Additionally, the IP addresses of the requesting computers are logged.

In certain cases, however, we need your name and address as well as other information so that we can provide the requested services. This additional personal data is only recorded and stored if you provide this information voluntarily, for example in the context of an inquiry, registration, application as an employee or potential supplier or when placing orders and processing them.

3. Purposes and legal bases
If you provide us with personal data, we will only use it to answer your inquiries (the legal basis is Art. 6 Para. 1 lit. a, b or f GDPR) and to process projects (the legal basis is Art. 6 Para. 1 lit. a, b or f GDPR), in relation to advertising measures towards you (the legal basis for this is Art. 6 Para. 1 lit. a GDPR), in order to provide you with access to certain information or offers or to use information and communication systems (The legal basis here is Art. 6 Paragraph 1 lit. a, b or f GDPR) and within the framework of legal requirements (the legal basis here is Art. 6 Paragraph 1 lit. c GDPR).
In those cases in which Art. 6 Paragraph 1 lit.
We will only collect, process and use the personal data you provide online for the purposes that have been communicated to you. Your personal data will only be passed on to third parties or otherwise transmitted if this is necessary for the purpose of carrying out the activities mentioned here, e.g. if service providers are involved or if you have previously consented to the disclosure. These third parties are not allowed to use the data for any other purpose.
Of course, we respect it if you do not want to give us your personal data to support our customer relationship (especially for direct marketing or for market research purposes).
We only disclose personal data about customers or suppliers if we are legally obliged to do so (the legal basis is Art. 6 Para. 1 lit. c GDPR), or if we are obliged to do so by a court decision (the legal basis is Art. 6 para. 1 lit. c or f GDPR) or if the disclosure is necessary to enforce or protect our general terms and conditions or other agreements (the legal basis is Art. 6 para. 1 lit. c or f GDPR). This applies accordingly with regard to the processing of the data.
The data is not disclosed for economic purposes.
Our employees and the service companies commissioned by us are bound by us to secrecy and to comply with the provisions of the current data protection laws. Access to personal data by our employees is limited to those employees who need the respective data due to their professional tasks

4. Information We Collect
a. Data when using the website
Please note Sections 2 and 7-9 of this data protection declaration.
b. application
Information on your application can be found in point 5.
c. Use of our tools and add-ins
If you want to use our tools / add-ins, please note point 12 of this information on data protection.

5. Information on further data processing methods

Specific information on the application process

Affected data:
Application details

Processing purpose:
Implementation of the application process.

Categories of recipients:
Public bodies in the event of overriding legal provisions.
External service providers or other contractors, e.g. for data processing and hosting.
Other external bodies as far as the data subject has given his consent or a transmission is permitted due to a predominant interest, including customers and interested parties in the context of order acquisition.

Third country transfers:
As part of the execution of the contract, processors outside the European Union can also be used, including email providers.

Duration of data storage:
Application data are usually deleted within four months after notification of the decision, unless consent has been given to longer data storage in the context of inclusion in the pool of applicants.

Specific information on the processing of customer data / prospect data

Affected data:
Data communicated for the execution of the contract; Any additional data for processing on the basis of your express consent.

Categories of recipients:
Public bodies in the event of overriding legal provisions
External service providers or other contractors, e.g. for data processing and hosting, for shipping, transport and logistics, service providers for printing and sending information and call centers.
Other external bodies as far as the person concerned has given his consent or a transmission is permitted due to a predominant interest, e.g. for credit information when buying on account, for electronic dispatch of information, for quality assurance purposes.

Third country transfers:
As part of the execution of the contract, processors outside the European Union can also be used, including email providers.

Duration of data storage:
The duration of the data storage is based on the statutory retention requirements and is usually 10 years.

Specific information on the processing of employee data

Affected data:
Data communicated for the execution of the contract; Any additional data for processing on the basis of your express consent.

Processing purpose:
Execution of the contract in the context of the employment relationship.

Categories of recipients:
Public bodies if there are priority legal provisions, including tax office, social security agency, professional association.
External service providers or other contractors, among other things for data processing and hosting, for payroll accounting, for travel expense accounting, for insurance services, for vehicle use.
Other external bodies as far as the person concerned has given his consent or a transmission is permitted due to an overriding interest, e.g. for order acquisition, for insurance benefits.

Third country transfers:
As part of the execution of the contract, processors outside the European Union can also be used, including email providers.

Duration of data storage:
The duration of the data storage is based on the statutory retention requirements and is usually 10 years.

Specific information on the processing of supplier data

Affected data:
Data communicated for the execution of the contract; Any additional data for processing on the basis of your express consent.

Processing purpose:
Execution of contracts, including inquiries, purchasing, quality assurance.

Categories of recipients:
Public bodies if there are priority legal provisions, including tax office, customs.
External service providers or other contractors, e.g. for data processing and hosting, accounting, payment processing.
Other external bodies as far as the data subject has given his consent or a transmission is permitted due to an overriding interest.

Third country transfers:
As part of the execution of the contract, processors outside the European Union can also be used, including email providers.

Duration of data storage:
The duration of the data storage is based on the statutory retention requirements and is usually 10 years.

6. Transfer of data to third parties or to a third country
We do not pass on your data to third parties without a legal basis. We also do not pass on your data to a third country, unless you are in a third country yourself or the processing of contracts requires your data to be passed on to a third country.

7. Cookies
a) General
In order to make visiting our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your device. Some of the cookies we use are deleted again after the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your device and enable us or our partner companies to recognize your browser on your next visit (persistent cookies). We use cookies to personalize content and advertisements and to analyze access to our website. We also share information about your use of our website with our partners for social media, advertising and analysis. You can find details on this, for example, at: http://www.google.com/intl/de/policies/privacy/partners/.
b) Legal basis
The legal basis for the use of cookies is your consent. We only use one or more cookies if you have consented to the use of cookies in the cookie pop-up that appears when you visit our website. The legal basis is then Art. 6 Paragraph 6 1 lit. You can revoke your consent at any time with effect for the future.

8. Google Tag Manager
This website uses the Google Tag Manager. This service allows website tags to be managed via an interface. The Google Tool Manager only implements tags. This means: no cookies are used and no personal data is recorded. The Google Tool Manager triggers other tags, which in turn may collect data. However, the Google Tag Manager does not access this data. If a deactivation has been carried out at the domain or cookie level, it will remain in effect for all tracking tags, insofar as they are implemented with the Google Tag Manager.
Click here to be excluded from data collection via Google Tag Manager.
You can find more information about the Google Tag Manager at:
http://www.google.de/tagmanager/faq.html
http://www.google.de/tagmanager/use-policy.html

9. Facebook
We use the “Website Custom Audiences” pixel of Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, on our website. Here, the so-called Facebook pixels are integrated on our pages. The integration of the Facebook pixel enables us to place and optimize targeted campaigns and to measure the reach of our marketing measures. This represents a legitimate interest in accordance with Article 6 Paragraph 1 lit. As a result, Facebook receives the information that our website has been visited from your IP address.
If you are a Facebook member, Facebook can link this information to your Facebook profile and use it for the targeted display of Facebook ads, provided you have not objected to this in the data protection settings of your Facebook profile.
We would like to point out that, as the provider of this website, we have no knowledge of the content of the transmitted data or their use by Facebook. We can only select which segments of Facebook users (such as age, interests) our advertising should be displayed. We use one of two Custom Audiences working methods in which no data records, in particular no e-mail addresses of our users – neither encrypted nor unencrypted – are transmitted to Facebook. You can find more information on this in Facebook’s data protection declaration at https://www.facebook.com/about/privacy/.

If you would like to object to the use of the Facebook Custom Audiences website, you can do so at https://www.facebook.com/ads/website_custom_audiences/.

10. LinkedIn Insight Tag
The LinkedIn Insight Tag creates a unique LinkedIn browser cookie in a visitor’s browser and enables the following data to be recorded for this cookie: metadata such as IP address, time stamp and page events (e.g. page views). The provider is the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Every time you access one of our pages that contains the functions of LinkedIn, a connection to a LinkedIn server is established.
If you are registered with LinkedIn, it is possible for LinkedIn to link your interaction with our online services with your user account. LinkedIn is certified according to the Privacy Shield Agreement and thus guarantees compliance with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active). Further information from LinkedIn on data protection: https://www.linkedin.com/legal/privacy-policy, You can find an opt-out option here: https://www.linkedin.com/psettings/guest-controls/retargeting -opt-out)
You can find more information about the LinkedIn Insight Tag at: https://www.linkedin.com/help/linkedin/answer/65521

11. Tools / Add-Ins
a. Gallery
When you use our add-in for MS Teams “Gallery”, we do not process any of your personal data. When the add-in is downloaded, the usual technical data mentioned in section 2, such as the requesting IP address, etc. processed.

b. Segment
We use Segment (provided by Twilio Ireland Limited, a company registered in the Republic of Ireland, whose registered address is 3 Dublin Landings, North Wall Quay, Dublin 1, Ireland) on the basis of your consent in accordance to Art. 6 (1)(a) GDPR. Data is collected and stored, from which usage profiles are created using pseudonyms. These usage profiles are used to analyze visitor behavior, are evaluated to improve our offer, and to run online campaigns. Cookies can be used for this purpose, which enable recognition when our website is visited again. The pseudonymized usage profiles are not combined with personal data about the carrier of the pseudonym without a separate, express consent.Please note that Segment may transfer data to a third country that does not provide an appropriate level of data protection that is comparable to the requirements of the GDPR. If the data is transferred to the USA, there is the risk that your data may be processed by US authorities for control and monitoring purposes, possibly without you being entitled to any legal remedies.Further information regarding Segment’s privacy policy can be found here: https://segment.com/docs/legal/privacy/

c. Tealium
Through our service provider Tealium Inc, 11095 Torreyana Road, San Diego, CA, 92121 USA, we use Tealium iQ Tag Management and Tealium AudienceStream, on the basis of your consent in accordance to Art. 6 (1)(a) GDPR. With iQ, we assign tags to our website and manage them. The tag manager uses the tags to specifically apply analysis and tracking tools for us. The tag management system as such does not store any personal data about you. With AudienceStream, data is collected and stored, from which usage profiles are created using pseudonyms. These usage profiles are used to analyze visitor behavior, are evaluated to improve our offer, and to run online campaigns. Cookies can be used for this purpose, which enable recognition when our website is visited again. The pseudonymized usage profiles are not combined with personal data about the carrier of the pseudonym without a separate, express consent.Please note that Tealium may transfer data to a third country that does not provide an appropriate level of data protection that is comparable to the requirements of the GDPR. If the data is transferred to the USA, there is the risk that your data may be processed by US authorities for control and monitoring purposes, possibly without you being entitled to any legal remedies.Further information regarding Tealium’s privacy policy can be found here: https://tealium.com/privacy/ 

d. Piwik Pro
We use Piwik PRO as our website analytics software. We collect data about website visitors based on cookies. The collected information may include a visitor’s IP address, operating system, browser ID, browsing activity and other information. See the scope of data collected by Piwik PRO.We calculate metrics like bounce rate, page views, sessions and the like to understand how our website/app is used. We may also create visitors’ profiles based on browsing history to analyze visitor behavior, show personalized content and run online campaigns.We host our solution on Microsoft Azure in Germany/Netherlands/Sweden, and the data is stored for 14 months.The purpose of data processing: analytics and conversion tracking based on consent. Legal basis: Art. 6 (1)(a) GDPR.Piwik PRO does not send the data about you to any other sub-processors or third parties and does not use it for its own purposes. For more, read Piwik PRO’s privacy policy.

12. Your rights
In particular, you can obtain information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing or objection, the existence of a Right of appeal, the origin of your data, if we have not collected it, as well as the existence of automated decision-making including profiling and, if necessary, meaningful information on their details.
If your data is not correct with us, you can of course also request a correction or completion of your data.
You can also request the deletion of your data, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims. We will comply with this request for deletion immediately, but of course we must observe any applicable statutory retention requirements.

Change Privacy Settings

You can also request that the processing of your personal data be restricted if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need it for assertion, exercise or defense of legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR.
If you have given your consent to the use of data, you can revoke this at any time with effect for the future.
You also have the right to data portability. We will provide you with your data in a machine-readable format if you request this.
If your personal data are processed on the basis of legitimate interests in accordance with Art. 6 Para. 1 S. 1 lit.f GDPR, you have the right to object to the processing of your personal data in accordance with Art. which arise from your particular situation or the objection is directed against direct mail. In the latter case, you have a general right of objection, which we will implement without specifying a particular situation.
Please address all information requests, requests for information, requests for deletion, etc. or objections to data processing to the contact details of our data protection officer given below.
If you do not agree to our data processing, you also have the right to complain to the data protection supervisory authority responsible for us.
The competent supervisory authority for data protection for us is:
The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg
P.O. Box 10 29 32
70025 Stuttgart
However, we would be pleased if you would speak to us first so that we can clarify possible ambiguities or uncertainties together.

13. Data security
We maintain current technical measures to ensure data security, in particular to protect your personal data from the dangers of data transfers and from third parties gaining knowledge. These are adapted to the current state of the art.

14. Changes to our data protection regulations
We reserve the right to change our security and data protection measures insofar as this becomes necessary due to technical or legal developments or if there are justified legitimate interests. In these cases, we will also adapt our information on data protection accordingly. Please therefore note the current version of our data protection declaration.

15. Deletion
Stored personal data will be deleted if you revoke your consent to storage, if knowledge of it is no longer required to fulfill the purpose for which it was stored, or if its storage is not permitted for other legal reasons, unless statutory retention requirements speak against deletion , the data will then be blocked instead of being deleted.

16. Automated decision-making including profiling
There is no automated decision-making including profiling.

17. Contact person for questions about data protection
If you have any further questions about the collection, processing and use of your personal data, please contact our data protection officer:

DataCo GmbH
Nymphenburger Str. 86
80636 München

E-mail:
Phone: +49 (0) 89 7400 45840
Website: www.dataguard.de