IntegrityNext Data Privacy Policy
Integrity Next GmbH (hereinafter "IntegrityNext") aims to treat your data as securely and confidentially as possible, while providing you with an excellent User experience. For this reason, the services of IntegrityNext are subject to the following data protection regulations. Only the regulations in normal print form part of the data protection provisions; Sections in italics and headings in bold are for explanation and illustration purposes only and have no regulatory content of their own.
Below you will find our data protection regulations for the use of our IntegrityNext-Platform. You will find the legal provisions in normal print and explanations in italics for a better understanding of our data protection provisions. It is very important to us that our data protection regulations are fair for you and for us.
Scope of the data privacy policy
This privacy policy applies when IntegrityNext processes personal data as a data controller or processor. This includes personal data that is collected when you use our platform or are or wish to become a customer of IntegrityNext.
Explanation: This Privacy Policy applies to all processing of personal data associated with the use of the IntegrityNext platform. The data protection provisions of our website and all associated services of IntegrityNext can be found at https://www.integritynext.com/data-privacy-website.
Who is responsible according to the General Data Protection Regulation (GDPR)?
Responsible for compliance with data protection regulations is Integrity Next GmbH, Schillerstraße 23A, 80336 Munich, Germany, Register court: District Court of Munich, HRB 228797, email: data-privacy@integritynext.com. Reference is made to the IntegrityNext Terms and Conditions for the terminology used in these provisions. All of the data processed by IntegrityNext is hereinafter referred to as "User Data".
Explanation: According to the provisions of the GDPR, IntegrityNext is responsible for the protection of your personal data. For all topics relating to the protection of your personal data, you are welcome to contact us at data-privacy@integritynext.com.
What personal data does the Platform process?
If the IntegrityNext Platform is visited without logging in, IntegrityNext only processes the User's personal data that the User's browser transmits to the IntegrityNext server and that is technically necessary to display the website and to ensure stability and security. These are: IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page), access status/HTTP status code, amount of data transferred in each case, website from which the request comes, browser, Operating system and its interface, language and version of the browser software.
In order to create a User profile, IntegrityNext processes the name, company, position in the company, telephone number and email address of the User in addition to the data mentioned above. IntegrityNext deletes the data arising in this context after the storage is no longer necessary; if there are statutory retention requirements , IntegrityNext restricts the processing accordingly. IntegrityNext processes the User Data exclusively for the purpose of determining the Results, i.e. to fulfill the contract for the use of the IntegrityNext Platform (Art. 6 Para. 1 S. 1 lit. b DS-GVO). IntegrityNext processes User Data on servers within the European Union. IntegrityNext is committed to protecting User privacy and ensures that User Data is processed in accordance with European data protection laws. IntegrityNext will commit its employees accordingly.
Explanation: IntegrityNext is committed to the principle of data economy and tries to avoid the processing of personal data to the greatest possible extent. However, insofar as we process personal data when you visit our Platform, this is done solely to make our website as User-friendly as possible for you. If you create a User profile, IntegrityNext requires some personal data from you. This data is technically necessary so that you can use the Platform. The GDPR also recognizes that such processing of personal data may be necessary and explicitly permits this processing.
What rights do I have regarding my personal data?
With regard to any personal data processed by IntegrityNext within the meaning of the so-called General Data Protection Regulation (GDPR), the user has the right to access (Art. 15 GDPR), correction (Art. 16 GDPR), deletion (Art. 17 GDPR), restriction of processing (Art. 18 GDPR), objection (Art. 21 GDPR) against the processing and data portability (Art. 20 GDPR); these rights are to be exercised by sending a message by post to Integrity Next GmbH, Schillerstraße 23A, 80336 Munich, Germany or by e-mail to data-privacy@integritynext.com. Furthermore, the user has the right to complain to a data protection supervisory authority about the processing of their personal data by IntegrityNext.
Explanation: The General Data Protection Regulation grants the data subject (i.e. you) many rights. Of course, IntegrityNext respects the European data protection laws. If you would like to exercise your corresponding rights, it is best to simply send us an email to data-privacy@integritynext.com.
What should be considered when inviting or being invited to the platform?
An employee of an IntegrityNext customer ("Customer User") may invite third parties to create a User Profile on the IntegrityNext Platform. IntegrityNext processes the data collected on behalf of the Customer User exclusively for registration on the IntegrityNext Platform and to determine the Results and does not use it for any other purpose. The third party invited by the Customer User is shown the name, company, position in the company, telephone number and email address of the Customer User. The Customer User who invites a third party to create a User Profile via the IntegrityNext Platform expressly assures that they have a business relationship with this third party, that the third party is interested in the services offered by IntegrityNext, and that IntegrityNext may contact this third party on the basis of the aforementioned circumstances.
Explanation: Inviting suppliers, or being invited, is a core part of the IntegrityNext platform. The personal data processed here is necessary for the fulfillment of IntegrityNext's contractual obligations. Please note that you can object to the invitation under our terms and conditions, available at https://www.integritynext.com/terms-and-conditions#terms-conditions-suppliers.
What additional tools does IntegrityNext use?
IntegrityNext uses programs from Salesforce.com, Inc., The Landmark at One Market, Suite 300, San Francisco, CA 94105, USA, represented in Germany by Salesforce.com Germany GmbH, Erika-Mann-Str. 63, 80636 Munich, Germany (collectively "Salesforce"), including "Salesforce Sales Cloud". The Salesforce data protection regulations apply to the use of Salesforce programs: https://www.salesforce.com/company/legal/privacy/#privacy-statement. IntegrityNext uses Salesforce to provide a better User experience of the IntegrityNext-Platform. IntegrityNext is committed to protecting personal data, has carefully selected the services of Salesforce, and has concluded a data processing agreement with Salesforce in accordance with Art. 28 GDPR.
Explanation: IntegrityNext uses Salesforce's tools to manage customer and supplier data and the licenses underlying the contracts.
IntegrityNext uses HubSpot, a service provided by HubSpot Germany GmbH, Am Postbahnhof 17, 10243 Berlin, for marketing activities, email communication, and contact management. Within the IntegrityNext Platform, HubSpot is used on the one hand for marketing purposes (e.g. sending newsletters and product information), and on the other hand in connection with our learning platform (LearnWorlds) to support communication related to training content. IntegrityNext has concluded a data processing agreement with HubSpot in which HubSpot commits to protecting users’ data and not disclosing it to third parties. HubSpot’s privacy policy can be viewed here: https://legal.hubspot.com/privacy-policy.
Depending on the use case, processing is carried out either on the basis of the user’s explicit consent pursuant to Art. 6 para. 1 lit. a GDPR (e.g. for newsletters and training communication) or on the basis of legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR (e.g. contact management and CRM processes). Users may withdraw their consent at any time by clicking “Unsubscribe” at the end of an email. The lawfulness of the data processing carried out prior to withdrawal remains unaffected.
Explanation: We use HubSpot for our marketing activities and product mailings to provide you with an optimal user experience and to only deliver information that matches your interests. We have thoroughly reviewed HubSpot's services with a strict focus on protecting your data.
IntegrityNext uses the services of Zendesk, Inc., 989 Market Street #300, San Francisco, CA 94102, USA ("Zendesk") to provide user support. Within the IntegrityNext Platform, Zendesk is used in two ways. Users can communicate with the IntegrityNext support team via a live chat function available at certain times, or they can submit questions at any time via a web widget. This can be done anonymously or by providing an email address. If an email address is provided, it will be processed together with the chat content by Zendesk. In addition, the IntegrityNext support team can be contacted by email. If a user sends an email to support@integritynext.com (for users of the IntegrityNext platform) or customersupport@integritynext.com (for IntegrityNext customers only), the contact details, the content of the email, and any attachments will be processed by Zendesk.
The processing of this data is necessary to respond to user inquiries and is based on Art. 6 para. 1 lit. b GDPR (performance of a contract) or Art. 6 para. 1 lit. f GDPR (legitimate interest in providing customer support). Zendesk hosts the data for IntegrityNext in data centers located in Frankfurt, Germany. IntegrityNext has concluded a data processing agreement with Zendesk in accordance with Art. 28 GDPR. As Zendesk is headquartered in the United States, access from a third country may occur in exceptional cases. Such transfers are based on the EU Standard Contractual Clauses and supplemented by additional technical and organizational measures to ensure an adequate level of data protection. Further information about Zendesk's data protection can be found here: https://www.zendesk.de/company/agreements-and-terms/privacy-policy/.
Explanation: Zendesk enables IntegrityNext to process support requests both via the Platform (chat and widget) and by email. Depending on the chosen communication method, only the information necessary to handle your request is collected (e.g. your email address, if provided, as well as the content of your message). By hosting the data in Frankfurt am Main, a high level of data security is ensured.
Amazon Web Services ("AWS") service of Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg to host the Platform. The data is stored exclusively in data centers in the European Union (Frankfurt am Main, Germany and Dublin, Ireland), which are certified according to ISO 27001, 27017 and 2018 as well as PCI DSS Level 1. Of course, IntegrityNext has very limited access rights to AWS and the data is automatically encrypted. As a company, AWS has submitted to the EU Standard Contractual Clauses. You can find more information about AWS and data protection at https://aws.amazon.com/de/compliance/gdpr-center/ and at https://aws.amazon.com/de/privacy/.
Explanation: We want to offer our customers maximum security and availability when operating the Platform. Therefore, we use AWS for our complete server operation. We have chosen AWS based on the security of personal data as well as other data.
IntegrityNext uses the services of LearnWorlds Ltd., Gladstonos 120, Foloune Building, 2nd Floor, B1, Limassol, 3032, Cyprus ("LearnWorlds") for hosting and providing the IntegrityNext Academy. LearnWorlds is primarily used to train users in the use of the IntegrityNext platform and to provide content on compliance and sustainability topics. For this purpose, personal data such as name, email address and learning progress are processed. The processing is carried out exclusively for the implementation of training measures and is based on Art. 6 para. 1 lit. b GDPR (performance of a contract) and, where applicable, Art. 6 para. 1 lit. f GDPR. IntegrityNext has concluded a data processing agreement with LearnWorlds in accordance with Art. 28 GDPR, which ensures the security and confidentiality of the data. The processing takes place within the European Union. Learnworlds' privacy policy can be found here: https://www.learnworlds.com/privacy-policy/. For the operation of the IntegrityNext Academy provided via LearnWorlds, IntegrityNext uses cookies and similar technologies. These are used for the technical provision of the service and – subject to the Users consent – also for analytics and marketing functions. Further information can be found in the Cookie Policy and in the privacy settings in the LearnWorlds User profile.
Explanation: LearnWorlds is a learning management system used by IntegrityNext to provide you with practical training, both on the use of the platform and on topics such as compliance and sustainability. In this context, your contact details and learning progress are processed to enable you to participate effectively in the training. As LearnWorlds is based in the EU, no transfer of data to a third country is required. Of course, we have ensured compliance with data protection requirements by concluding a data processing agreement.
IntegrityNext uses the services of DeepL SE, Maarweg 165, 50825 Cologne, Germany ("DeepL") to support translations. DeepL is primarily used to translate content such as texts, documentation, or communication into different languages, thereby ensuring smooth use of the IntegrityNext Platform and efficient communication with users and customers. Personal data may be processed if it is contained in the texts to be translated.
The processing is carried out exclusively for the purpose of translation and is based on Art. 6 para. 1 lit. f GDPR (legitimate interest in providing the platform and communication in multiple languages). IntegrityNext has concluded a data processing agreement with DeepL in accordance with Art. 28 GDPR, which ensures the security and confidentiality of the data. DeepL processes the data exclusively in data centers located within the European Union. IntegrityNext uses the DeepL API Pro license, which ensures that the transmitted content is not used for training DeepL’s systems. Further information on DeepL's data protection can be found here: https://www.deepl.com/privacy
Explanation: DeepL supports IntegrityNext in translating content into different languages. This allows users to better understand and use the platform and the content provided. If personal data is included in the texts to be translated, it will also be processed by DeepL. By using the DeepL API Pro license, it is ensured that the data is used exclusively for translation and not for training DeepL’s systems. The processing takes place exclusively within the EU and is secured by a data processing agreement.
IntegrityNext uses services provided by Microsoft Ireland Operations Ltd., One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland ("Microsoft"), in particular for communication with customers (e.g. via email through Microsoft Outlook or via Microsoft Teams) as well as for the storage of documents in Microsoft SharePoint. In this context, personal data such as contact details, communication content, and any shared files are processed. For data storage in SharePoint, IntegrityNext has chosen the data center locations Amsterdam (Netherlands) and Dublin (Ireland) within the European Union. IntegrityNext has concluded a data processing agreement with Microsoft in accordance with Art. 28 GDPR, which ensures the security and confidentiality of the data. Further information on Microsoft’s privacy practices can be found here: https://privacy.microsoft.com/en-us/privacystatement.
Explanation: IntegrityNext uses Microsoft services to support communication and collaboration with customers as well as to securely store documents in SharePoint. In this context, necessary contact details, messages, and shared documents are processed. By choosing the data centers in Amsterdam and Dublin, it is ensured that the data is stored exclusively within the EU. The data processing agreement with Microsoft further guarantees that the processing of personal data is carried out in compliance with the GDPR.
Thank you for your trust and for using IntegrityNext!
Martin Berr-Sorokin
(CEO IntegrityNext)