Data protection

iteratec GmbH’s data protection policy

We, iteratec GmbH, firmly believe that you should have control over your data and therefore take the protection of your personal data very seriously and strictly adhere to the data protection laws. On this website, personal data is collected only to the extent technically necessary. The data protection policy set out below provides you with an overview of how we guarantee this level of protection, what kind of data we collect for what purpose and what your rights are with regard to your personal data.

If you have any questions regarding data protection, please do not hesitate to contact us.

Any changes we will make to "iteratec GmbH's data protection policy" in the future will be published on this page.

This data protection policy comes into force on 21/05/2018.

Responsible body

Company: iteratec GmbH
Road, No.: St.-Martin-Str. 114
Postal code, city: 81669 München
Commercial register number: HRB 113519

CEOs: Klaus Eberhardt, Mark Goerke, Michael Schulz

Telephone: +49 89 61 45 51 0
E-Mail: info@Do not

Data protection officer

You can contact our data protection officer via datenschutz@Do not

1. General information regarding data processing and legal basis

1.1. This data protection policy informs you about the type, scope and purpose of the processing of personal data as part of our websites, functions and contents (hereinafter jointly referred to as “website”). This data protection policy applies regardless of the domains, systems, platforms and devices (e.g. desktop or mobile) used and on which the online offer is executed.

1.2. The terms used, such as “personal data” or their “processing”, refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

1.3. The personal data of users processed within the scope of the online offer includes usage data (browser type and version, operating system used, URL of the page previously visited, IP address of the accessing computer as well as time of the request) and information regarding content (e.g. entries in an application form).

1.4. The term “user” covers all categories of data subjects. These include our business partners, customers, interested parties and other visitors of our online offers. The terms used, such as “user”, are to be understood as gender-neutral.

1.5. We process personal data of users only in compliance with the relevant data protection laws. This means that the users’ data will only be processed if there is a legal permission to do so, especially if the data processing is required by law, if the user has consented for us to do so, and also on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and the economic operation and security of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR, in particular for range measurements, the creation of profiles for advertising and marketing purposes as well as the collection of access data and the use of services offered by third parties).

1.6. We point out that the legal basis for the processing is either the relevant consent (to process the data in order to be able to provide our services and execute contractual measures, to process the data in order to fulfil our legal obligations), or to process the data in order to protect our legitimate interests (Art. 6 para. 1 lit. a. and Art. 7 GDPR).

1.7. What sources and data do we use? We process personal data of customers, suppliers, interested parties, applicants and employees. We process this data in the context of business relationships, application procedures or employment relationships. We also use data from publicly accessible sources that is allowed to be processed. The legal basis is the fulfilment of (pre-)contractual obligations, legitimate interest, a law or a consent provided by the person concerned.

2. Security measures

2.1. We take organisational, contractual and technical security measures in accordance with the current technical standards in order to ensure that all applicable data protection laws are adhered to and thereby to protect the data processed by us against any accidental or intentional manipulation, loss, destruction or access by unauthorised persons.

2.2. The security measures include in particular the encrypted transmission of data between your browser and our server.

Have you discovered a gap in our security? Then please write to us at security@Do not We will contact you as soon as possible. For encrypted contact, you can also use our certificate.

2.3. As your security team at iteratec, we are here to ensure your security on the Internet. If you have any complaints about any misuse of our or your network access or if you receive spam from any of our addresses, please contact us via e-mail at abuse@Do not

3. Disclosure of data to third parties and third party providers

3.1. Data will only be disclosed to third parties within the framework of the law. We only disclose user data to third parties if, for example, this is required for contractual purposes on the basis of Art. 6 para. 1 lit. b) GDPR or on the basis of legitimate interests regarding the economic and effective operation of our business operations pursuant to Art. 6 para. 1 lit. f. GDPR.

3.2. In case we use subcontractors to provide our services, we will take appropriate legal precautions as well as appropriate technical and organisational measures to ensure the protection of personal data in accordance with the relevant statutory provisions.

3.3. To the extent any content, tools or other means from other providers (hereinafter jointly referred to as "third party providers") are used in the context of this data protection policy, these will only be transferred to countries with an appropriate level of data protection and to countries within the scope of application of the GDPR.

4. Online applications

4.1. Application management: for our online application form and application management we use the platform of the service provider Talention (TFI GmbH, Delphiplatz 1, 42119 Wuppertal) based on our legitimate interest in ensuring a fast and secure recruitment of new employees. For this purpose, we have concluded a data processing agreement with the provider, which obliges the provider to comply with all data protection laws and to process the data only in accordance with our instructions and only for the relevant purpose. You can find further information at

4.2. If we receive proactive applications by post or e-mail, technical and organisational measures ensure that your personal data will be treated confidentially within the legal provisions. After the application process has concluded, your data will be deleted unless you agree to the data being saved for a longer period of time. The deletion takes place after four months (due to compliance with deadlines for possible lawsuits under the German Anti-Discrimination Act, AGG).

4.3. init(U)

Registration of applicants via app for recruiting events

The app can be used to collect data from interested parties to initiate an application process:

This includes name, e-mail address, gender, photo, self-assessment of technical skills and, if necessary, application documents.

This data is 

  1. saved on an internal system and are only accessible to authorised persons.

  2. Transferred to the application management system of our service provider Talention.

All data will be deleted after four months, unless the interested party explicitly agrees to the storage of the data for a longer period of time in order to be contacted at a later point in time. In this case, the data is saved for one year and is then deleted. 

4.4. secureCodeBox

The offer on the website is hosted on the platform of the third-party service provider GitHub. There is a data processing agreement in place in accordance with the EUGDPR. Accordingly, the following terms and conditions of GitHub apply to all Enterprise Subscription customers:

4.5. Eventbrite

In order to simplify the process of booking tickets for some of our events, we use the service provider Eventbrite Inc, Delaware, 155 5th Street, Floor 7, San Francisco, CA 94103, USA. During the registration process for one of our events, you are asked to submit your first and last name, e-mail address and, if applicable, the company you work for, to the provider and make the necessary arrangements for the payment. Once you have completed the process, the provider will then send you an e-mail confirming your booking. As part of the registration process Eventbrite saves the above-mentioned data submitted by you as well as the selected event, including the planned appointment (date, time) as well as the time of registration (date, time).

There is no data processing agreement in place with Eventbrite, as currently only a data processing supplement (Datenverarbeitungsnachtrag, DVN) is offered for data processors and sub-processors (this can be viewed at:

An overview of Eventbrite’s corporate policies can be found at

5. Cookies

5.1. Cookies are small text files used by websites to make the user experience more efficient.

By law, we are allowed to save cookies on your device if they are absolutely necessary for the operation of this site. For all other cookie types we need your permission.

The iteratec web pages use different cookie types. Some of the cookies appearing on our web sites are placed by third parties.

5.2. How can I reject and delete cookies?

In most Internet browsers you will find information in the "Help" menu item on how you can prevent your browser from accepting cookies, with which setting your browser informs you about the placement of a new cookie and how you can generally reject the use of cookies. Please note that some functions of the website may no longer be available if cookies are deactivated.

For more information about deleting or blocking cookies, please visit:

5.3. What types of cookies are there?

Necessary cookies 

Necessary cookies help to make a website usable by enabling basic functions such as page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

Function cookies

These cookies are not absolutely necessary, but they increase the usability of a website. For example, the location once entered is saved so that when the page is called up again, this location is immediately displayed for the respective user. Similarly, data entered on forms, the size of the font or other types of information, can also be saved.

Statistics cookies 

Statistics cookies help website owners understand how visitors interact with websites by collecting and reporting information anonymously.

Marketing cookies 

Marketing cookies are used to follow visitors to websites. The intention is to show advertisements that are relevant and attractive to individual users and are therefore more valuable to publishers and third party advertisers.

5.4. What cookies does iteratec use on its websites?

The following overview applies to the domains,,,,,,, and and all subdomains.

Necessary cookies 







Saves the consent status of the user for cookies on the current domain.

1 year



Storage of the selection that you do not want any Google-Analytics cookies


Statistics cookies 







Google Analytics: This cookie is used by the “analytics.js” library in order to obtain a unique assignment (client ID). This is a randomly generated number. After the cookie has been generated, it contains every message sent to Google Analytics. Google Analytics itself uses this ID to manage users, sessions and campaigns.

2 years



Google Analytics: Registers a unique ID that is used to generate statistical data about how the user uses the website (IP address is anonymised).

1 day



Google Analytics: Registers a unique ID that is used to generate statistical data about how the user uses the website (IP address is anonymised).

10 minutes

Marketing cookies 






Registers a unique ID to retain statistics of videos on YouTube that were watched by the user.



Registers a unique ID that is used by Google to retain statistics about how the user uses YouTube vides on different websites.

2 years


Tries to estimate the user bandwidth on websites with integrates YouTube videos.

8 months


Used by Google DoubleClick to register and report the user's actions on the website after viewing or clicking on any of the provider's advertisements with the aim of measuring the effectiveness of an advertisement and displaying targeted advertising to the user.

2 years


Used by Google DoubleClick to check if the user’s browser supports cookies.

15 minutes


The following overview applies to the domains, and as well as all subdomains.

Function cookies







TYPO3: Each author of a blog comment receives an AuthorIdent, which is saved in comments and votes. If the user is logged in, it contains the user ID of the frontend user. Otherwise, it contains a randomly generated character sequence. For users who are not logged in, this character sequence is saved as a cookie with the key tx_pwcomments_ahash.

1 year



TYPO3: Frontend session cookie


Statistics cookies 







Anonymised session ID to distinguish between the number of visits or returning visitors and new visitors.

1 hour



Anonymised visitor ID to distinguish between different visitors.

1 year

updated with every visit of the site



Note of the site first used for the session and the HTTP referrer to analyse the effectiveness of advertising measures and channels.

1 hour



Google Analytics: This cookie contains information about when the visitor was on the site for the first time, how often and when it was last visited.




Google Analytics: This cookie contains a timestamp of when the visitor visited the site. Together with __utmc, this cookie can provide information about how long the visitor spent on a particular site.




Google Analytics: This cookie contains a time stamp when the visitor left the site. Together with __utmb, this cookie can provide information about how long the visitor spent on a particular site.

30 minutes



Google Analytics: Shows what type of request was made. (Can be an event, transaction, item or custom variable. If no information is provided, it is a simple page view.

6 months



Google Analytics: This cookie contains information about where the visitor came from before calling up the page to be analysed. For example, it may contain information about search engines and the search terms entered there, or where on earth the visitor’s IP address is located. 

6 months 



The following overview applies to the domains, and as well as all subdomains.

Function cookies


JSESSIONID is a platform session cookie and is sued by websites with JavaServer Pages (JSP). 



The following overview applies to the domains and all subdomains.

Function cookies






We use MailChimp to manage all subscriptions to our mailing lists and to create and send emails to subscribers to these lists. MailChimp uses a session cookie to track users through the login process when they submit information via our registration form. 



6. Google Analytics

6.1. Based on our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR) we use Google Analytics, a web analysis service of Google Inc. (“Google”). Google uses cookies. The information generated by the cookie about the use of the online offer by users is generally transferred to a Google server in the USA and saved there.

6.2. Google is certified under the Privacy Shield Agreement and thereby offers a guarantee to comply with European data protection laws (

6.3. Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within this online offer and to provide us with further services connected with the use of this online offer and the use of the Internet. Pseudonymous user profiles may be created from the processed user data.

6.4. We use Google Analytics only with IP anonymisation enabled. This means that Google will shorten the IP address of users within member states of the European Union or in other states that are a party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

6.5. The IP address transmitted by the user's browser is not merged with other Google data. Users may reject the use of cookies by selecting the appropriate setting in their browser software; users may also prevent Google from collecting and processing data generated by the cookie that relates to their use of the website by downloading and installing the browser plug-in available via the following link:

6.6. You can also prevent Google Analytics from collecting your data by clicking on the following link. This will set an opt-out cookie which prevents the collection of your data on future visits to this website:


Disable Google Analytics

6.7. Further information on data use by Google, options for settings and objections can be found on Google's websites: (“How Google uses data when you use our partners’ sites or apps”), (“How Google uses cookies in advertising”) , (“Managing information which Googles uses to show you advertisements”).

6.8. We use Google Tag Manager. Google Tag Manager is a solution that allows marketers to manage website tags through a single interface. The Tool Tag Manager itself (which implements the tags) is a cookie-less domain and does not collect any personal data. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, this will remain for all tracking tags implemented with Google Tag Manager.

7. Services of third party service providers

As part of its online offer, iteratec offers the possibility to follow its social media offers via so-called “follow buttons”. Online maps and videos are also provided by third parties. Below you will find further information regarding the respective services.

7.1. Twitter: As part of our online offer, Twitter functions can be integrated. These functions are provided by Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the "follow" function, the websites you visit are linked to your Twitter account and made known to other users. Data is also transmitted to Twitter in this process. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the data transmitted or how it is used by Twitter. You can find Twitter's data protection policy at You can amend your data protection settings in your Twitter account settings under

7.2. Facebook: Our pages include a "follow button" to the social network Facebook (Facebook Inc., 1601 Willow Road, Menlo Park, California, 94025, USA). 

When you visit our pages, the button establishes a direct connection between your browser and the Facebook server. This means that Facebook receives the information that you have visited our site with your IP address.

We would like to point out that, as the provider of the pages, we have no knowledge of the content of the data transmitted or how it is used by Facebook. For more information, please see Facebook's data protection policy at If you do not want Facebook to be able to link your visit to our pages with your Facebook account, please log out of your Facebook account.

7.3. XING: We use functions of the XING network. The provider is XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany. Every time you visit one of our pages that contains functions of Xing, a connection to Xing’s servers is established. To our knowledge, no personal data is saved. In particular, IP addresses are not saved nor is the usage behaviour evaluated. Data protection policy:

7.4. LinkedIn: Our online services use functions of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Every time you visit one of our pages that contains functions of LinkedIn, a connection to LinkedIn's servers is established. LinkedIn is informed that you have visited our website with your IP address. If you click on the "recommend button" in LinkedIn and are logged into your LinkedIn account, LinkedIn is able to assign your visit to our website with you and your user account. We point out that, as the provider of the pages, we have no knowledge of the content of the data transmitted or how it is used by LinkedIn. Data protection policy:, Opt-out:

7.5. Kununu: is operated by kununu GmbH, Fischhof 3 Top 7, A - 1010 Vienna. Your browser establishes a direct connection to the Kununu servers as soon as you click on the button. We have no influence on what data is collected by Kununu. The purpose and scope of the data collection and the further processing and use of the data by Kununu as well as your relevant rights and setting options to protect the privacy of your data can be found in Kununu's data protection information:

7.6. YouTube: embedded videos of the platform “YouTube” from the third party service provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data protection policy: Opt-out: If you click on a link to a video, we only enable you to establish a connection to the service offered by YouTube.

7.7. Google Maps: Maps are provided by “Google Maps” from the third party service provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data protection policy: Opt-out:

7.8. MailChimp

Our online offer of and includes the possibility to subscribe for a newsletter. 

Information regarding the iteraplan and securecodebox newsletter and consents

The following information is intended to inform you about the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedure as well as your rights of objection.

By subscribing to our newsletter, you agreed to its receipt as well as the procedure described below.

Content of the newsletter

We will only send newsletters, e-mails and other electronic notifications containing advertising information (hereinafter referred to as "newsletter") with the consent of the recipients or if we are legally allowed to do so. If the content of a newsletter is specifically described within the registration process, this is relevant for the extent of the user’s consent.

Double opt-in and record keeping

The registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registration you will receive an e-mail asking you to confirm your registration.

This confirmation is necessary so that no one can log in with another person’s e-mail address.

Subscriptions to the newsletter are logged to enable us to prove the registration process in accordance with legal requirements. This includes saving the time of the registration and confirmation as well as the IP address. Additionally, any changes of your data saved within MailChimp are logged.

Use of the “MailChimp” distribution service

The newsletter is sent via "MailChimp", a newsletter distribution platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. The e-mail addresses of our newsletter recipients as well as their other data as described in these notes are saved on the servers of MailChimp in the USA. MailChimp uses this information to send and evaluate the newsletter on our behalf. Furthermore, according to MailChimp, it can use this data to optimise or improve its own services, for example to technically optimise the distribution and depiction of the newsletter or for economic purposes to determine which countries the recipients are from. However, MailChimp does not use the data of our newsletter recipients to write to them or to pass their details on to third parties. We trust in MailChimp’s reliability as well as its IT and data security. MailChimp is certified under the US-EU data protection agreement "Privacy Shield" and thus undertakes to comply with EU data protection regulations.

Additionally, we have concluded a “data processing agreement” with MailChimp. This is a contract in which MailChimp undertakes to protect the data of our users, to process them on our behalf in accordance with their data protection regulations and, in particular, not to pass them on to third parties. You can read MailChimp’s data protection policy here.

Log-in data

In order to subscribe to the newsletter, you only need to enter your e-mail address. There is also the option to provide us with your first and last name. This information is only used to personalise the newsletter. It is also optional to enter your date of birth, gender and the industry in which you work. We only use this information to adapt the contents of the newsletter to the individual interests of our readers.

Statistical surveys and analyses

The newsletters contain a so-called “web-beacon”, i.e. a pixel-sized file that is retrieved from the MailChimp server when the newsletter is opened. Within the scope of this retrieval, technical information such as information about the browser and your system as well as your IP address and time of retrieval is initially collected. This information is used to technically improve the services using the technical data or the target groups and their reading behaviour on the basis of their retrieval locations (which can be determined with the help of the IP address) or their access times. The statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are followed. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our endeavour nor that of MailChimp to watch individual users. The evaluations are only intended to help us recognise the reading habits of our users and to adapt our contents to them or to distribute different contents according to the individual interests of our users.

Online access and data management

There are cases, in which we direct newsletter recipients to the MailChimp web pages. For example, our newsletters contain a link which newsletter recipients can follow to access the newsletter online (for example, in the event of display problems in the e-mail program). Additionally, newsletter recipients can retrospectively correct their data, such as their e-mail address. Further, MailChimp’s data protection policy is only available on their website. We already pointed out above that on the MailChimp websites use cookies which means that personal data is processed by MailChimp, its partners and any service providers used (for example Google Analytics). We have no influence on the collection of this data. You can find further information in Mail Chimp’s data protection policy. In addition, we would like to draw your attention to the possibilities of objecting to the collection of your data for advertising purposes on the websites and (for the European area).


You can cancel the receipt of our newsletter at any time, i.e. revoke your consent. You will find a link to cancel your newsletter subscription at the end of each newsletter. After you have cancelled your subscription, all your data will be deleted apart from your e-mail address. Your e-mail address is saved in a list of blocked e-mail addresses and is only used to ensure that we do not send any further e-mails to your e-mail address.

Legal basis General Data Protection Regulation

In accordance with the provisions of the General Data Protection Regulation (GDPR) which enters into force on 25 May 2018, we inform you that we obtain your consent to the distribution of e-mail addresses on the basis of Art. 6 para. 1 lit. a, 7 GDPR and Sec. 7 para. 2 no. 3 and para. 3 of Germany’s Act against Unfair Practices (UWG). The use of the distribution service provider MailChimp, the performance of statistical surveys and analyses as well as the logging of the registration procedure are carried out on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR. Our interest relates to the use of a user-friendly and secure newsletter system, which both serves our business interests as well as meets the expectations of the users. We would also like to point out that, in accordance with the legal requirements pursuant to Art. 21 GDPR, you can object to the future processing of your personal data at any time. The objection may be lodged in particular against the processing of your data for direct advertising.

8.Users‘ rights

8.1. Right to information: Users have the right to request and receive free of charge information about the personal data we have saved about them.

8.2. Right to correction: In addition, users have the following rights: to have inaccurate data corrected, to place limits on the processing of their personal data, to have their personal data deleted and, if applicable, to assert their rights to data portability and, if they believe unlawful data processing has taken place, to lodge a complaint with the competent supervisory authority.

8.3. Users may also revoke their consent, with effect for the future. The revocation is to be addressed to the data protection officer

9. Deletion of data

The data saved by us will be deleted as soon as it is no longer required for its intended purpose and there are no legal obligations to retain the data. If the user's data is not deleted because it is required for other and legally permissible purposes, its processing is restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to user data that must be retained for commercial or tax law reasons.

10. Right to revocation

Users can revoke their consent regarding any future processing of their personal data in accordance with legal requirements at any time. The revocation may be lodged in particular against the processing of the data for the purposes of direct advertising. The revocation must be addressed to the responsible body.

11. Changes to the data protection policy

We reserve the right to change this data protection policy in order to adapt it to changed legal requirements or in the event of changes to our services or to data processing. However, this only applies with regard to declarations on data processing. To the extent user consents are required or parts of the data protection policy contain provisions of a contractual relationship with the users, the changes will only be applied with the users' consent.

Users are asked to regularly inform themselves about the contents of the data protection policy.

Munich, 21/05/2018
Management board