Data Protection

Alliance for Cybersecurity

Since May 2019, we have been a participant in the Alliance for Cyber Security.

The Alliance for Cyber Security, founded in 2012 by the German Federal Office for Information Security (BSI), aims to strengthen Germany’s resilience to cyber attacks. Companies, associations, authorities and organizations are thus provided with a platform through which information on current threat situations and practical cyber security measures can be exchanged. Participants benefit from the know-how as well as the numerous committed partners and can thus significantly improve the protection of their own IT infrastructure.

Privacy policy

The responsible party within the meaning of the data protection laws, in particular the EU General Data Protection Regulation (GDPR), is:

d.vinci HR-Systems GmbH
Nagelsweg 37-39, 20097 Hamburg
+ 49 (0) 40 37 47 99-70
+ 49 (0) 40 37 47 99 99
Management: Nina Rahn, Tobias Tiedgen
Registered office of the company: Hamburg
Registry court: Amtsgericht Hamburg
Registration number: HRB 93221
VAT ID according to §27a UStG DE 243027247

Your data subject rights

You can exercise the following rights at any time using the contact details provided by our data protection officer:

  • Information about your data stored by us and its processing,
  • Correction of incorrect personal data,
  • Deletion of your data stored by us,
  • Restriction of data processing, if we are not yet allowed to delete your data due to legal obligations,
  • Objection to the processing of your data by us and
  • Data portability, provided that you have consented to the data processing or have concluded a contract with us.

If you have given us consent, you can revoke this at any time with effect for the future.

You can file a complaint with the supervisory authority responsible for you at any time. Your competent supervisory authority depends on the federal state of your residence, your work or the alleged violation. A list of supervisory authorities (for the non-public sector) with address can be found at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links- node.html.

Purposes of data processing by the controller and third parties

We process your personal data only for the purposes stated in this Privacy Policy. We do not transfer your personal data to third parties for purposes other than those stated. We will only share your personal data with third parties if:

  • you have given your express consent to this,
  • the processing is necessary for the performance of a contract with you,
  • the processing is necessary for compliance with a legal obligation,

the processing is necessary to protect legitimate interests and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data.

Deletion or blocking of data

We adhere to the principles of data avoidance and data economy. We therefore only store your personal data for as long as is necessary to achieve the purposes stated here or as stipulated by the various storage periods provided for by law. After the respective purpose has ceased to exist or these periods have expired, the corresponding data is routinely blocked or deleted in accordance with the statutory provisions.

Collection of general information when visiting our website

When you access our website, information of a general nature is automatically collected by means of a cookie. This information (server log files) includes, for example, the type of web browser, the operating system used, the domain name of your Internet service provider and the like. This is exclusively information that does not allow any conclusions to be drawn about your person.

This information is technically necessary in order to correctly deliver the content of web pages requested by you and is mandatory when using the Internet. In particular, it is processed for the following purposes:

  • Ensuring a smooth connection of the website,
  • Ensuring a smooth use of our website,
  • evaluating system security and stability, and for other administrative purposes.

The processing of your personal data is based on our legitimate interest from the aforementioned purposes for data collection. We do not use your data to draw conclusions about your person. Recipients of the data are only the responsible body and, if applicable, order processors.

Anonymous information of this kind is statistically evaluated by us, if necessary, in order to optimize our Internet presence and the technology behind it.


Of course, you can also view our website without cookies. Internet browsers are regularly set to accept cookies. In general, you can deactivate the use of cookies at any time via your browser settings. Please use the help functions of your internet browser to find out how to change these settings. Please note that individual functions of our website may not work if you have deactivated the use of cookies.

If you have consented, you can see a list of permitted cookies here:


SSL encryption

To protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g. SSL) via HTTPS.

Comment function

When users leave comments on our website, in addition to this information, the time of their creation and the user name previously selected by the website visitor are also stored. This serves our security, as we can be prosecuted for illegal content on our website, even if it was created by users.

CRM system

We use the CRM system of salesforce.com Germany GmbH, Erikaann-Straße, 80636 Munich, Germany, on the basis of our legitimate interests (i.e. interest in the optimization and economic operation of our products and services within the meaning of Art. 6 para. 1 lit. f. GDPR) we use the CRM system of salesforce.com Germany GmbH, Erika-Mann-Straße 31, 80636 Munich. Salesforce specializes primarily in customer relationship management (CRM) for companies. To use Salesforce, at least one valid Email address must be provided. The other data, such as the first and last name, can become important for the processing of customer transactions and are therefore collected.

The user data is only used by Salesforce for the technical processing of the requests and is not passed on to third parties. We have entered into a “Data Processing Agreement” with Salesforce. This is a contract in which Salesforce undertakes to protect the data of our users, to process it on our behalf in accordance with its data protection provisions and, in particular, not to pass it on to third parties. Information on the type, scope and purpose of data processing can be found in Salesforce’s privacy policy.

Our Internet presence contains links to social networks such as Instagram, WhatsApp, Facebook, Twitter, TikTok, Youtube, Linkedin and Xing. When calling up the parts of our internet presence that contain such links, no personal data is transmitted to the operators of these social networks. Only when you click on the link and thereby visit the relevant social network, the operator of the visited network receives the relevant personal data. For more information about the data processing that takes place when you visit a social network and the person responsible for this within the meaning of Art. 4 No. 7 DSGVO, please refer to the website of the respective social network.


We use the analysis tool Pardot of salesforce.com Inc, The Landmark at One Market, Suite 300, San Francisco, CA 94105, USA on the basis of your expressly granted consent (within the meaning of Art. 6 para. 1 lit a. GDPR). Pardot is a Salesforce software module. It provides special software for recording and evaluating the use of a website by website visitors. Based on your consent, we will regularly send you our newsletter or similar information by email to your specified email address.

To receive the newsletter, it is sufficient to provide your Email address. Subscribers may also be informed by email about circumstances relevant to the service or registration (for example, changes to the newsletter offer or technical circumstances).

For an effective registration we need a valid Email address. In order to verify that a registration is actually made by the owner of an email address, we use the “double-opt-in” procedure. For this purpose, we log the order of the newsletter, the sending of a confirmation e-mail and the receipt of the response requested herewith.

We would like to point out that we evaluate your user behavior when sending the newsletter. We use the analysis tool Pardot for this purpose. For these purposes, cookies are used that allow your browser to be recognized. By agreeing to the so-called cookie banner when using the dvinci website, you also agree to the use of cookies by Pardot. When you visit our website, Pardot records your click path and uses it to create an individual usage profile using a pseudonym. In addition, Pardot recognizes which terms the user entered in the search engines to ultimately reach our website.

For technical reasons, this information can be assigned to individual newsletter recipients. However, the evaluations only serve us to recognize the reading habits of our users and to adapt our content to the users or to send different content according to the interests of our users.

You can object to the evaluation of your user behavior at any time by clicking on the unsubscribe link provided in every newsletter email or by informing us by email to kontakt@dvinci.de or via another contact channel. The information will be stored for as long as you are subscribed to the newsletter. After unsubscribing, we store the data purely statistically and anonymously.

In addition, you can deactivate the creation of pseudonymized usage profiles at any time by configuring your Internet browser so that cookies from the domain “pardot.com” are not accepted.

We only work with service providers who offer sufficient guarantees that appropriate technical and organizational measures are taken to ensure adequate protection of your rights. We have entered into a “Data Processing Agreement” with Salesforce. This is a contract in which Salesforce undertakes to protect the data of our users, to process it on our behalf in accordance with its data protection provisions and, in particular, not to pass it on to third parties. Information on the type, scope and purpose of data processing can be found in Salesforce’s privacy policy.

Use of Freshdesk

We use the service of the provider Freshworks Inc., Bayhill Drive Suite 315, San Bruno, CA 94066, USA, on the basis of our legitimate interests (i.e. interest in the optimization and economic operation of our customer support within the meaning of Art. 6 (1) lit. f. GDPR), we use the service of the provider Freshworks Inc, 1250 Bayhill Drive, Suite 315, San Bruno, CA 94066, USA. The location of the data center of our Freshdesk domain is Frankfurt am Main. Freshdesk’s services allow us to organize and efficiently respond to customer inquiries to ensure the smoothest possible customer support. Freshdesk is a ticketing system of the American Freshworks Inc. Information about the type, scope and purpose of data processing can be found in the privacy policy of Freshworks.

Use of the live chat software from Userlike

We use the live chat software of Userlike on the basis of our legitimate interests (i.e. interest in the optimization and economic operation of our products and services within the meaning of Art. 6 para. 1 lit. f. GDPR), we use the live chat software of the company Userlike UG (limited liability), Probsteigasse 44-46, 50670 Cologne, Germany.

The live chat provides an additional customer service for visitors to our website and users of our demo systems to contact our staff directly. Userlike uses cookies, which are stored on the visitors’ computer and enable a personal conversation in the form of a real-time chat on the website and in the demo systems. Information about the type, scope and purpose of data processing can be found in the privacy policy of Userlike UG (limited liability):

Use of Feature Upvote

We use the Feature Upvote service of the provider Barbary Software SL, Carr. Marina 0800 Barcelona, Spain, on the basis of our legitimate interests (i.e. interest in the optimization and economic operation of our products and services within the meaning of Art. 6 para. 1 lit. f. GDPR) the service Feature Upvote of the provider Barbary Software SL, Carrer Marina 60, 08005 Barcelona, Spain. The services of Feature Upvote allow us to collect feedback from customers in order to further improve our products. Feature Upvote allows our customers to suggest new features for our products and vote on the suggestions. Feature Upvote is a product feedback system developed by the Spanish company Barbary Software SL. Information about the nature, scope and purpose of data processing can be found in Feature Upvote’s privacy policy.

Use of Google Analytics

This website uses Google Analytics, a web analytics service provided by Google, Inc. (hereinafter: Google). The legal basis for this processing of personal data is Art. 6 (1) lit. f GDPR. Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, due to the activation of IP anonymization on these web pages, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.

The purposes of data processing are to evaluate the use of the website and to compile reports on website activities. Based on the use of the website and the Internet, other related services shall then be provided. The processing is based on the legitimate interest of the website operator.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: Browser Add On to disable Google Analytics.

In addition or as an alternative to the browser add-on, you can prevent tracking by Google Analytics on our pages by clicking this link. This will install an opt-out cookie on your device. This will prevent the collection by Google Analytics for this website and for this browser in the future, as long as the cookie remains installed in your browser.

Browser notifications

If browser notifications are activated by you for this website through the “signalize” service, a function of your Internet browser is used to provide the notifications for you. Only anonymous or pseudonymous data is transmitted for sending messages. Depending on the configuration of the website, this can be:

  • Identification value: a randomly generated, anonymous or pseudonymous value (example: 108bf9a85547edb1108bf9a85547edb1), which is stored in a tracking cookie ID and makes it possible to identify and retrieve the calling browser and the settings made in it for the notifications.
  • Pseudonymized identification numbers to identify the device or the user.

This data is processed only to deliver the notifications you have subscribed to and to make notification-related settings. We ask for your consent to store this data. The legal basis for data processing in this case is Art. 6 (1) lit. a GDPR. You can object to receiving notifications at any time via your browser settings. Information about opting out for web push notifications for the respective browsers can be found here: Google Chrome, Mozilla Firefox, Opera & Microsoft Edge.
In order to make the browser notifications meaningful for you in terms of content, we use the preferences collected on the basis of a pseudonymous user profile by means of tracking pixels and merge your notification ID with the user profile of the website solely for the purpose of personalized messaging. Tracking technology is also used to statistically analyze notifications on our behalf. This makes it possible to determine whether a notification was delivered and, if so, whether it was clicked on. The data thus generated is processed and stored on our behalf by etracker GmbH exclusively in Germany and is thus subject to strict German and European data protection laws and standards. etracker has been independently audited and certified in this regard and is permitted to bear the ePrivacyseal data protection seal of approval.

Data processing for statistical analysis of the notifications as well as to better adapt future notifications to the interests of the recipients is based on our legitimate interest in personalized direct advertising pursuant to Art. 6 (1) lit. f GDPR. Since the privacy of our visitors is very important to us, the data that may allow a reference to an individual person, such as the IP address, login or device identifiers, are anonymized or pseudonymized as soon as possible. A direct reference to a person is thereby excluded. No other use or disclosure to third parties will take place.

You can object to the aforementioned data processing at any time.

Use of script libraries (Google Webfonts)

In order to display our content correctly and graphically appealing across browsers, we use script libraries and font libraries such as Google Webfonts (https://www.google.com/webfonts/) on this website. Google Web Fonts are transferred to your browser’s cache to avoid multiple loading. If the browser does not support Google Web Fonts or prevents access, content is displayed in a standard font.

Calling up script libraries or font libraries automatically triggers a connection to the operator of the library. It is theoretically possible – although it is currently also unclear whether and, if so, for what purposes – that operators of corresponding libraries collect data.

The privacy policy of the library operator Google can be found here: https://www.google.com/policies/privacy/.

Embedded YouTube videos

On some of our websites, we embed YouTube videos. The operator of the corresponding plugins is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. When you visit a page with the YouTube plugin, a connection to YouTube servers is established. This tells Youtube which pages you are visiting. If you are logged into your Youtube account, Youtube can assign your surfing behavior to you personally. You can prevent this by logging out of your Youtube account beforehand.

If a Youtube video is started, the provider uses cookies that collect information about user behavior.

If you have deactivated the saving of cookies for the Google Ad program, you will not have to deal with such cookies when watching Youtube videos. However, Youtube also stores non-personal usage information in other cookies. If you would like to prevent this, you must block the storage of cookies in the browser.

Further information on data protection at “Youtube” can be found in the provider’s privacy policy at: https://www.google.de/intl/de/policies/privacy/

Google AdWords

Our website uses Google conversion tracking. If you have reached our website via an advertisement placed by Google, a cookie is set on your computer by Google Adwords. The conversion tracking cookie is set when a user clicks on an advertisement placed by Google. These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of our website and the cookie has not yet expired, we and Google can recognize that the user clicked on the advertisement and was redirected to this page. Each Google AdWords customer receives a different cookie. Cookies can therefore not be tracked across AdWords customers’ websites. The information obtained using the conversion cookie is used to create conversion statistics for AdWords customers who have opted for conversion tracking. Customers learn the total number of users who clicked on their advertisement and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.

If you do not wish to participate in the tracking, you can refuse the setting of a cookie required for this – for example, by means of a browser setting that generally deactivates the automatic setting of cookies or by setting your browser so that cookies from the domain “googleleadservices.com” are blocked.

Please note that you may not delete the opt-out cookies as long as you do not want any measurement data to be recorded. If you have deleted all your cookies in the browser, you must set the respective opt-out cookie again.

Use of Google Remarketing

This website uses the remarketing function of Google Inc. The function is used to present website visitors with interest-based advertisements within the Google advertising network. A so-called “cookie” is stored in the browser of the website visitor, which makes it possible to recognize the visitor when he or she visits websites that belong to the Google advertising network. On these pages, the visitor can be presented with advertisements that relate to content that the visitor has previously accessed on websites that use Google’s remarketing function.

According to its own information, Google does not collect any personal data during this process. If you nevertheless do not wish to use Google’s remarketing function, you can generally deactivate it by making the appropriate settings at http://www.google.com/settings/ads. Alternatively, you can deactivate the use of cookies for interest-based advertising via the advertising network initiative by following the instructions at http://www.networkadvertising.org/managing/opt_out.asp.

d.vinci Multiposting Module

We have integrated the data protection seal of Mein-Datenschutzbeauftragter.de on our website. The seal is integrated on our site via a JavaScript snippet. The image file of the seal is stored on the servers of Mein-Datenschutzbeauftragter.de. As soon as you call up our website, the snippet is loaded and the image file is downloaded from the servers of Mein-Datenschutzbeauftragter.de and displayed on our website. In order to make the retrieval technically possible and to display the advertisement in your browser accordingly, your IP address in particular will be transmitted to Mein-Datenschutzbeauftragter.de and stored in the server logs of Mein-Datenschutzbeauftragter.de. The image is provided with a link that leads to the website of Mein-Datenschutzbeauftragter.de for further information on the seal. In this regard, the explanations on linking in this privacy policy apply . No user profiles are created or other tracking measures are carried out by the seal. The integration is carried out according to the legal basis of Art. 6 para. 1 lit. f GDPR due to our legitimate interest in informing you about the data protection compliant design of our website with a seal that is always up-to-date.

Changes to our data protection policy

We reserve the right to adapt this privacy policy so that it always complies with the current legal requirements or to implement changes to our services in the privacy policy, e.g. when introducing new services. The new data protection statement will then apply to your next visit.

Questions to the data protection officer

If you have any questions about data protection, please write us an Email or contact directly the person responsible for data protection in our organization:

Mister Frank Gundlach

GCS – Geno Corporate Services
Türkenstraße 22
80333 München

or via Email to fgundlach@gv-bayern.de

The data protection declaration was created with the data protection declaration generator of activeMind AG.

Status April 2023