Data protection

grow.inc Spaces GmbH (hereinafter referred to as "grow.inc") appreciates your interest in our enterprise and in our online appearance.

Data protection is of a particularly high priority for the management of grow.inc. The use of all Internet pages and social media appearances of grow.inc is generally possible without the indication of personal data that reveal your identity directly to us and in addition, certain information regarding your end devices or technical equipment are processed in the course of visiting web services which, although it does not allow any direct conclusions to be drawn about your identity, qualify as personal data by law or are protected by law for other legal reasons; however, if a data subject wants to use special services via our websites or our offerings on social media, processing of personal data may become necessary. If the processing of personal data is necessary and there is no statutory basis for such processing, we generally obtain consent from the data subject.

  1. Purpose of this Data Protection Notice

This Data Protection Notice generally applies to the online offerings and appearances of grow.inc, which can be accessed on the websites available under the URL "growinc.io" and further URLs, also including its presences on social media, wherever they are linked to this Data Protection Notice (hereinafter jointly referred to as "our website(s)" or as well our "web service(s)").

As a person affected by data processing through our websites, you are entitled to several rights concerning your personal data under the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection. In particular, you have the legal right to information on your processed personal data and by means of this Data Protection Notice, we would therefore like to inform you comprehensively about the processing of your personal data when using our websites.

Further, you may as well have the rights to deletion and correction of the personal data we may process and to objection against the processing of your personal data. With regard to all your rights and the exercise thereof, please refer to the following section "Rights of Data Subjects" within this Data Protection Notice.

This Data Protection Notice can be retrieved, downloaded and printed out at any time under the URL  https://growinc.io/en/legal/cookies.

We reserve the right to adapt this Data Protection Notice at any time so that it always meets the current legal requirements or to reflect changes in the application procedure or the like. Since changes in the law or changes in our internal processes may make it necessary to adapt, we ask you to read this Data Protection Notice regularly.

  1. Name and Address of the controllers

Generally responsible for the operation of our websites is KI group GmbH, Mittelstraße 12-14, 50672 Cologne (Germany). Unless indicated otherwise, KI group is therefore also the controller for the processing of personal data within these websites within the meaning of Article 4 No. 7 GDPR

For the full contact details of KI group, please refer to the imprint of this website at https://kigroup.de/en/imprint-group-205.

However, individual areas of our websites as well as, in particular, websites and offers that are specifically operated in the name of the whole KI group or individual of the companies of the KI group or under specific URLs that can be assigned to the whole KI group or the respective companies (named in the imprint on the particular websites) may, in addition, be subject to the (joint) data protection accountability of the KI group or respective named group or subsidiary companies, as a controller in the sense of Articles 4 No. 7 GDPR. Insofar as individual websites and the processing of personal data therein is carried out under the joint accountability of various companies of the KI group according to Articles 4 No. 7, 26 GDPR or individual companies as sole controllers according to Article 4 No. 7 GDPR, for the respective contact information on the controller(s), please refer to the imprint of the respective websites.

  1. Personal data

Personal data is information about personal or factual circumstances of a specific or identifiable natural person. This includes information such as your name, address, telephone number and date of birth, but also data about your specific career, etc., which can be assigned to a specific person with reasonable effort.

Information that is anonymized and not associated with your identity, however, is not personal data.

  1. Purposes of the processing of personal data

Some of the personal data and further information we may collect from you is necessary to enable us to provide you with the services you request, to fulfil our contracts with you, to comply with legal requirements or if we have a legitimate interest in the use of your information, for example, when we use your personal data to be able to offer you an extensive and interesting offer via our websites and our web services and to constantly improve these.

When we collect data directly from you, we may ask you for your consent and clearly mark mandatory information (e.g. with an asterisk (*)). You voluntarily provide us with any other information that is not marked.

We will generally collect, process and use the personal data you provide online only within the legal bases provided for within the applicable data protection legislation or within the borders of your consent and as well only for the purposes disclosed to you.

  1. General legal bases

The legal bases for the processing of your personal data may be the following:

  1. Which personal data is collected and processed?

You can generally browse our websites without providing us with personal data (e.g. name, address, telephone number or e-mail address) that reveal your identity directly to us, unless you make them available to us voluntarily (e.g. for registrations for events, enquiries or surveys) or you have consented to the intended use or otherwise the corresponding legal provisions on the protection of your data permit the specific use of your personal data according to the aforementioned legal bases for specific purposes.

Particularly, your personal data may be used as follows:

6.1 Applications and the application procedures

If you apply to us electronically, i.e. by e-mail or via our web form, we collect and process your personal data for the purpose of handling the application procedure and carrying out pre-contractual measures.

By submitting an application on our recruiting page and sending us your application documents, you express your interest in joining us to work for us and make your personal data available to grow.inc for the purpose of applying for a specific position advertised by us. In this context, you provide us with personal data which we use and store exclusively for the purpose of your job search/application.

In particular, the following data is collected:

The scope of personal data that you need to provide to us as part of your application depends on the scope and type of your application or the position advertised with us. You are generally free to decide which data you provide us with. However, we may not be able to consider your application without certain information that is required in the individual case or according to the job posting. If necessary, please refer to the job posting for which you wish to apply to find out whether certain information is required.

We clearly mark mandatory information there (e.g., with an asterisk (*)). In these cases, you provide us with all other information not marked with an asterisk voluntarily.

Note on special categories of personal data

We would like to point out that job applications, in particular resumes, references and other data you send us, may contain particularly sensitive information about your state of health, your racial or ethnic origin, your political opinions, your religious or philosophical beliefs, your memberships in a trade union or political party, or your sex life. However, we do not request such data from you and you provide us with such information voluntarily and on the basis of your consent. This consent also relates to the processing of all personal data of a special nature submitted as part of your application in accordance with the provisions of this data protection declaration.

In the further course of the application process, we may also collect more data from you and process them, together with the information you provided in the course of your application, for the purposes stated here. This may also include our assessment of whether you are qualified and suitable for filling vacancies in our company.

If you apply to us, any of your above mentioned personal data is stored and used exclusively for the purpose of filling the vacant position for which you have applied and to be able to contact you personally on the basis of your application and, if necessary, to initiate a possible employment relationship with you.

You will have to confirm that you have read our Data Protection Notice before submitting your application.

Only authorized employees from our personnel department or employees involved in the application process have access to your data. A transfer of your personal data to third parties or a use of your data for advertising purposes will not take place unless you have expressly consented to it. A use of your personal data beyond the uses mentioned in this Data Protection Notice does not take place.

6.1.1. Retention of your application data

Your data will generally be stored for a period of 180 days after the end of the application process. As a rule, this is done to fulfil legal obligations or to defend against any claims arising from legal regulations. We are then obliged to delete or anonymize your data. In this case, the data is only available to us as so-called metadata without direct personal reference for statistical evaluations (for example, proportion of applications regarding gender, number of applications per period, etc.).

The legal basis for this data processing is that of Article 6 para. 1 s. 1 lit. b GDPR (which permits the processing of data to fulfil a contract or pre-contractual measures), in this context directed towards the conclusion of an employment contract with you and Article 6 para. 1 s. 1 lit. f GDPR (which permits the processing of data to safeguard the data controller's legitimate interests), in this context, directed at our legitimate interest in being able to defend ourselves in the event of legal claims being brought against us on the basis of general equality legislation. With regard to the processing of (possibly special categories of) personal data provided in addition to the mandatory data, the legal basis is that of Article 6 para. 1 s. 1 lit. a GDPR (which permits data processing on the basis of your consent)

6.1.2. Prolonged retention ("Talent Pool")

In addition and only with your consent, we store your data for inclusion in the KI group's "Talent Pool" for 2 years after the end of the application process in order to identify any other interesting positions for you. This also applies, for example, to applications for training or internship positions.

In this case, we will continue to use all of the data collected from you as part of the application process in order to review your application in relation to vacancies at our company and other companies of the whole KI group and in order to be able to contact you personally on the basis of your application, as well as to initiate a possible employment relationship with you, if applicable.

In the event that we are currently unable to offer you a position in our company, you can already request to be included in the KI group's "Talent Pool" in the course of your application and give the corresponding consent to the extended processing period of your application data. To consent to the prolonged storage of your data and inclusion in the KI group's "Talent Pool", please activate the checkbox next to the following explanation:

In the event that my application cannot be considered at the moment, I expressly agree that the KI group may store and process the information I have provided in this application, as well as any other documents submitted in connection with my application, in its applicant database for a period of 2 years after the end of the application process, in order to be able to contact me in the future if a position matching my application profile becomes available.

I am aware that I can revoke my consent to the permanent storage of my application data at any time with effect for the future.

All information on revoking this consent can be found [here]{.ul}.

In the event of extended storage of your data within the the KI group's Talent Pool, the processing of your personal data is subject to joint controllership in accordance with Art. 26 GDPR. For all details in this context, please refer to the [Data Protection Notice]{.ul} on the joint website of the companies of the KI group.

You can revoke your consent to the use of your application data at any time with effect for the future. To do so, simply send an e-mail to the e-mail address [email protected]. Your data will then be deleted from our applicant database; if deletion is not possible, blocking will take the place of deletion. In this case, we can no longer consider your application.

Additional charges (beyond the regular transmission fees of your Internet or telephone provider) will not be incurred for the revocation.

You are not obliged to consent to an extended storage of your application data in our "Talent Pool". Without your consent, we are however unable to include you in the KI group's "Talent Pool" and must delete your application data in accordance with the requirements of Section 6.1.1. after completion of the initial application process.

The legal basis for this data processing is that of Article 6 para. 1 s. 1 lit. a GDPR (which permits data processing on the basis of your consent).

6.1.3. Data processing within the scope of the employment relationship

If you receive and accept an offer of employment with us as part of the application process, we will store the personal data collected during the application process at least for the duration of the employment relationship.

The legal basis for this data processing is that of Article 6 para. 1 s. 1 lit. b GDPR (which permits the processing of data to fulfil a contract or pre-contractual measures), in this context directed towards the conclusion of an employment contract with you and Article 6 para. 1 s. 1 lit. f GDPR (which permits the processing of data to safeguard the data controller's legitimate interests), in this context, we use your personal data mainly for the purpose of establishing, implementing and, if necessary, processing and terminating the employment relationship entered into with you. You will be informed in detail about the processing of your personal data and the legal bases thereof within the scope of the employment relationship entered into with the companies of the KI group when the employment contract is concluded.

6.2 Contact forms on our websites

For general inquiries and contact requests, please use our contact form at https://grow.inc.io or send us an e-mail at [email protected]

When you contact us via our contact form or via e-mail, we use your personal data exclusively to answer your inquiries according to your requests and to your satisfaction. To do so, we generally process your full name (name and last name) and also e-mail address to reply to your individual inquiry. Further, it is generally your free decision which data you provide to us. However, we may not be able to fulfil your contact request without certain details required in individual cases.

The legal basis for this data processing is that of Article 6 para. 1 s. 1 lit. b GDPR (which permits the processing of data to fulfil a contract or pre-contractual measures), Article 6 para. 1 s. 1 lit. f GDPR (which permits the processing of data to safeguard the data controller's legitimate interests) . Our legitimate interest within the meaning of the GDPR is the optimization and fulfilment of our online offers and our web services.

6.3 Server-Log files

Your visit to our websites is automatically logged by our web servers. In connection with the retrieval of the information you requested from our web services, data is collected for the provision of our various services or for evaluation and security purposes and, if necessary, stored in anonymized form (without personal reference). The web servers we use automatically store data about the retrieval of our web services in so-called server log files. These are the following data:

The processing of the above data is done for security purposes, for general fraud prevention and as a precaution against attacks on our web services. An automated combination of this data with data from other data sources does not take place.

If we also automatically log your IP address, this is automatically deleted after 30 days at the latest.

Furthermore, we store the URL accessed with the associated page title and optional information on the page content; information on the terminal device used, operating system and browser. This information is generally transmitted with each individual page request when using the Internet. However, unlike cookies and similar technologies, no information is read from the memory of the user's terminal device and no information is stored on this terminal device.

Since the privacy of our visitors is important to us, this data is processed without being merged with other data provided by you, such as your contact details, and furthermore, data that may allow a reference to an individual person, such as the IP address, login or device identifiers, are anonymized or pseudonymized immediately after collection by deleting the last number block. No other use, combination with other data or disclosure to third parties takes place.

This data processing is based on the legal basis of Article 6 para.1 s. 1 lit. f GDPR, which allows data processing based on our legitimate interest. Our legitimate interest within the meaning of the GDPR is the optimization and technical security of our online offers and our web services.

Apart from that, only general information is recorded, e.g. when which content from our offer is called up or which pages are visited most frequently, the names of the requested files as well as their call-up date and time. These data are evaluated to improve our offer and do not allow any conclusions about your person. We will not use this information for any other purpose.

The legal basis for the data processing is Art. 6 para. 1 p. 1 lit. f GDPR, which allows the processing of data to protect the legitimate interests of the data controller.

  1. Our social media appearances

We maintain publicly available profiles in social networks. The individual social networks we use can be found below.

7.1 Data processing through social networks

Social networks such as Facebook, Twitter etc. can generally analyze your user behavior comprehensively if you visit their website or a website with integrated social media content (e.g., like buttons or banner ads). When you visit our social media pages, numerous data protection-relevant processing operations are triggered. In detail:

If you are logged in to your social media account and visit our social media page, the operator of the social media portal can assign this visit to your user account. Under certain circumstances, your personal data may also be recorded if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies stored on your device or by recording your IP address.

Using the data collected in this way, the operators of the social media portals can create user profiles in which their preferences and interests are stored. This way you can see interest-based advertising inside and outside of your social media presence. If you have an account with the social network, interest-based advertising can be displayed on any device you are logged in to or have logged in to.

Please also note that we cannot retrace all processing operations on the social media portals. Depending on the provider, additional processing operations may therefore be carried out by the operators of the social media portals. Details can be found in the terms of use and privacy policy of the respective social media portals.

7.2 Legal bases

Our social media appearances should ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Article 6 para. 1 s. 1 lit. f GDPR. The analysis processes initiated by the social networks may be based on divergent legal bases to be specified by the operators of the social networks (e.g., consent within the meaning of Article 6 para. 1 s. 1 lit. a GDPR).

7.3 Responsibility and assertion of rights

If you visit one of our social media sites (e.g., Facebook), we, together with the operator of the social media platform, are responsible for the data processing operations triggered during this visit. You can in principle protect your rights (information, correction, deletion, limitation of processing, data portability and complaint) vis-à-vis us as well as vis-à-vis the operator of the respective social media portal (e.g., Facebook).

Please note that despite the shared responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are determined by the company policy of the respective provider.

7.4 Storage time

The data collected directly from us via the social media presence will be deleted from our systems as soon as you ask us to delete it, you revoke your consent to the storage or the purpose for the data storage lapses. Mandatory statutory provisions - in particular, retention periods - remain unaffected.

We have no control over the storage duration of your data that are stored by the social network operators for their own purposes. Particularly cookies and similar techniques stored on your device by the respective social media provider may remain until you delete them (please refer to the following section 8 for further information on the cookies that we use on our website). For details, please contact the social network operators directly (e.g., in their privacy policy, see below).

7.5 Our profiles on individual social networks

Specifically, we maintain profiles on the following social media platforms. For detailed information on the processing of your personal data by their providers, please refer to the respective information and links:

7.5.1 Instagram

We have a profile on Instagram. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendumhttps://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/566994660333381.

For details on how they handle your personal information, see the Instagram Privacy Policy: https://help.instagram.com/519522125107875.

  1. Anonymous usage evaluations and use of cookies and similar technologies

We do not create personal user profiles. In connection with the viewing of the information you have requested form our websites, data is only stored on our servers in anonymised form for the provision of our various services or for evaluation purposes. In this context, general information in accordance with section 6.3 of this Data Protection Notice is also logged in order to determine the frequency of use and the number of users of our web pages. In this way, we learn which area of our websites our users have visited.

However, this usage data does not contain personal data and does not allow any conclusions to be drawn about the identity of the individual user. All of this anonymised usage data is not combined with your personal data and is deleted immediately after the end of the statistical evaluation.

The legal basis for this data processing is that of Art. 6 para. 1 s. 1 lit. f GDPR (which permits the processing of data to protect the legitimate interests of the data controller).e.g. when which content from our offer is accessed or which pages are visited most frequently.

Our websites do not use cookies or similar technologies. We also do not use any similar technologies ourselves in our social media profiles mentioned in section 7 of this Data Protection Notice.

With regard to the use of such technologies by the respective providers of these social media platforms, we kindly ask you to inform yourself in this regard under the specified information sources supplied by the providers themselves.

  1. Period for which the personal data will be stored

We only store personal data that you provide to us for as long as they are needed to fulfil the purposes for which these data were provided or as long as this is required by law:

Generally, we delete or anonymize your personal data from our systems and records, so that you can no longer be identified, when they are no longer needed. We may retain certain personal data in order to comply with our legal and regulatory obligations and to enable us to administer our rights (e.g. to enforce our claims in court), or for statistical purposes (in anonymous form).

  1. With whom do we share Personal Data?

If these cases are not listed in this Data Protection Notice, we will not sell or market your personal data to third parties or forward them on for any other reason.

In addition to the other cases mentioned in this Data Protection Notice, your personal data will only be passed on without your express prior consent in the following cases:

  1. Who is involved in processing your Personal Data?

We process your personal data collected through the website and may also engage third parties to assist us according to our instructions and therefore, your personal data can also be processed on our behalf by our reliable, external service providers ("contract processors"). We solely rely on trusted and reliable contract processors who conduct a number of business processes on our behalf and only provide them with the information they need to provide their services to us. We make every effort to ensure that all contract providers with whom we work strictly protect your personal data and use them only for the purposes to which we assign them and on our behalf. For example, we can commission the following services for which the processing of your personal data is necessary to our contract processors or our contract processors may be

The legal basis for data transmission is Article 6 para. 1 s. 1 lit. b GDPR, which permits the processing of data in order to fulfil a contract or pre-contractual measures and Article 6 para. 1 s. 1 lit. f GDPR, which permits the processing of data in order to safeguard the data controller's legitimate interests.

We have concluded a contract with all our contract processors on the commissioned data processing on our behalf in accordance with Article 28 GDPR and fully implement the strict requirements of the German data protection authorities when using their services.

  1. Data transfers to "Third Countries"

If we process data in a Third Country (i.e., outside the European Union (EU), the European Economic Area (EEA), where the privacy laws may not be as protective as those in your location) or the processing takes place in the context of the use of third-party services or the disclosure or transfer of data to other persons, entities or companies, this is only done in accordance with the strict legal requirements of the EU and we ensure that your data is treated in accordance with the provisions of this Data Protection Notice.

Subject to express consent or contractually or legally required transfer, we only process or have the data processed in third countries with a recognized level of data protection, contractual obligation through the so-called standard protection clauses of the EU Commission (SCC), in the presence of certifications or binding internal data protection regulations according to Articles 44 to 49 GDPR; further information can be found on the websites of the EU Commission under the URL https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en. Where necessary, we and our contract processors will, where applicable, also take supplementary measures to ensure the protection of your privacy rights, the confidentiality of your personal data and compliance with the applicable laws and regulations of the EU.

  1. Data Security

We make every effort to take extensive technical and organisational security measures to protect your personal data against unintentional or unlawful deletion, alteration or loss and against unauthorised disclosure or access. All our employees are accordingly bound to secrecy and data protection. Insofar as it is within our sphere of influence, we use modern encryption techniques and a large number of other measures in particular to prevent unauthorised access by third parties. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL or TLS encryption exists, the data you exchange with us cannot be read by third parties.

Further, our security precautions are regularly checked and adapted to technological progress.

However, we would like to point out that due to the structure of the Internet, it is possible that the rules of data protection and the above-mentioned security measures may not be observed by other persons or institutions for which we are not responsible. In particular, unencrypted data can be accessed by third parties - particularly if this is done by e-mail. We have no technical influence on this. In such cases, it is the responsibility of the user to protect the data provided by him against misuse by encryption or in any other way.

  1. Rights of the data subject

If we process personal data as the data controller, you as the data subject have certain rights under Chapter III of the EU General Data Protection Regulation (GDPR), depending on the legal basis and purpose of the processing, in particular the right of access (Article 15 GDPR), the right to rectification (Article16 GDPR), the right to erasure ('right to be forgotten') (Article 17 GDPR), the right to restriction of processing (Article 18 GDPR), the right to data portability (Article 20 GDPR), the right to object (Article 21 GDPR). If the processing of personal data is based on your consent, you have the right to revoke this data protection consent in accordance with Article 7 para. 3 GDPR.

If you wish to exercise your above rights, please contact us using the contact details given in section 2.

Please note that we may require proof of identity and full details of your request before we can process your request.

  1. Right to lodge a complaint with the competent supervisory authorities

In the event of data protection violations on our part, you have a right of appeal to the responsible supervisory authority.

The supervisory authority responsible in data protection issues for the activities of KI group is The State Commissioner for Data Protection and Freedom of Information in North Rhine-Westphalia (LDI NRW), whose contact data can be found under the following URL: [https://www.ldi.nrw.de/metanavi_Kontakt/index.php]{.ul}.

The supervisory authority responsible in data protection issues for the activities of KI professionals GmbH / KI mobility GmbH is The State Commissioner for Data Protection and the Freedom of Information Baden-Württemberg (LfDI BW), whose contact data can be found under the following URL: https://www.baden-wuerttemberg.datenschutz.de/kontakt-aufnehmen/.

The supervisory authority responsible in data protection issues for the activities of KICHALLENGERS PORTUGAL / UNIPESSOAL LDA. / KIBER -- STRATEGY SERVICES IBERIA / UNIPESSOAL LDA. / xgeeks Portugal LDA. is the Comissão Nacional de Proteção de Dados (CNPD), whose contact data can be found under the following URL: http://www.cnpd.pt.

The supervisory authority responsible in data protection issues for the activities of KI group suisse AG is the Federal Data Protection and Public Information Commissioner (EDÖB), whose contact data can be found under the following URL: https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html.

  1. Name and Address of the Data Protection Officer

Within our companies, everyone is responsible for privacy and data protection issues. In addition, we have decided to appoint a data protection officer for each of our companies. To ensure the independence of the data protection officer, we have appointed an external data protection officer:

Mr Stephan Krämer, LL.-M. (Attorney at law, Germany)
KINAST Rechtsanwaltsgesellschaft mbH
Hohenzollernring 54
50672 Cologne

You can contact our data protection officer via his website at http://www.kinast.eu

  1. Hyperlinks to other websites

Our websites contain so-called hyperlinks to websites of other providers. When these hyperlinks are activated, you are redirected from our website directly to the websites of other providers. Despite careful control we assume no liability for the content of external links. The operators of the sites we link to are solely responsible for the content of linked pages and any processing of personal data on these websites.

Last updated: July 2022