We inform you below about how we process your personal data, and about your rights under data protection laws.
This privacy notice explains the nature, scope, purpose, and duration of the processing of personal data on our websites — www.insglueck.ch and www.insglueck.de (collectively referred to as “Websites”). It applies regardless of which domain or device (e.g. desktop, mobile) you use, but not to our social media channels.
“Personal data” refers to any information relating to an identified or identifiable natural person (e.g. name, address, email address, usage behavior). What data are processed and how largely depend on the services you use.
We process your personal data in accordance with applicable laws. Depending on how your data are handled and which services you use, the European General Data Protection Regulation (GDPR, Regulation (EU) 2016/679) and the German Federal Data Protection Act (BDSG) may apply—or in Switzerland, the Swiss Federal Act on Data Protection (FADP, from 25 September 2020, SR 235.1) and relevant local data protection rules.
In particular, Swiss law applies when personal data are processed while you are located in Switzerland, even if using our EU or CH websites.
We use terms in line with the GDPR. Where Swiss law defines equivalent terms identically, they are to be interpreted as the same. This applies to terms such as personal data, processing, restriction of processing, profiling (including high‑risk profiling), data subject, pseudonymization, controller, processor, recipient, third party, consent, supervisory authority, and international organization (see Articles 4 GDPR / 5 FADP for definitions).
insglück Gesellschaft für Markeninszenierung mbH
Bülowstr. 66
10783 Berlin
Germany
Tel: +49 (0) 30 4000 6860
Fax: +49 (0) 30 4000 6899
Email: info@insglueck.de
mip Consult GmbH
Attorney Asmus Eggert
Wilhelm‑Kabus‑Strasse 9
10829 Berlin
Tel: +49 (0) 30 20 88 999 0
Email: datenschutz@insglueck.de
insglück Gesellschaft für Markeninszenierung mbH, Berlin, Zweigniederlassung Zürich/ Schweiz
c/o Westhive AG
Seestrasse 353
8038 Zürich
Tel: +41 79 464 58 33
Email: hi@insglueck.ch
We process personal data that we obtain when you use our Website or contact us in business relations.
If you only browse the website informatively (without registering or submitting data), we collect only the personal data your browser transmits to our server (and cookies per section 5.3). These access logs include your IP address, request date and time, time zone offset from GMT, URL requested, HTTP status code, amount of data transferred, referrer URL, browser type/version, operating system, interface, browser language/version, and confirmation of successful access.
Log data are stored for a maximum of 4 weeks, then deleted—unless needed longer to clarify misuse or fraud. This processing is technical and necessary to operate the Website.
We use cookies and similar technologies that are essential to provide the website to you—based on § 25 (2) No. 2 TDDDG and Art. 45c lit. a FMG, or Art. 6 (1) lit. f GDPR. On first visit, you are asked for consent to non-essential cookies and tracking technologies—pursuant to § 25 (1) TDDDG or Art. 45c lit. b FMG and Art. 6 (1) lit. a GDPR.
If cookies include processing of personal data, this is based on our legitimate interest (Art. 6 (1) lit. f GDPR) or your consent (Art. 6 (1) lit. a GDPR).
We present a cookie banner (“Cookiebot”) on first visit, using the consent-management service Usercentrics GmbH (Munich). They process opt‑in/out data, referrer URL, user agent, consent ID, IP, time and type of consent, and settings, kept for 3 years. This lets you manage and revoke consent in future visits. This is required for legal compliance (TDDDG, FMG, GDPR).
We use services from Google Ireland Ltd., which typically transmit data to servers in the USA.
Used to integrate third‑party services (e.g. Google Ads, Analytics). It does not set cookies itself but Google receives your IP. Processing is based on our legitimate interest under Art. 6 (1) lit. f GDPR.
Processing occurs in Ireland and potentially transferred to Google LLC in the USA under EU‑U.S. and Swiss‑U.S. Data Privacy Framework.
Used for web fonts. Your browser connects to Google servers and downloads fonts, transmitting your IP. Based on legitimate interest (Art. 6 (1) lit. f GDPR). Data processed in Ireland or transferred to Google LLC in the USA under Data Privacy Framework.
Used to detect human vs. bot activity. Google sets cookies and collects IP, device/browser info, date, dwell time, timezone, referrer, mouse movements, keystroke intervals (but not actual form inputs). Data processed under Art. 6 (1) lit. f GDPR. Stored by Google for up to 6 months.
Used based on your consent (Art. 6 (1) lit. a GDPR). Collects masked IP, location, browser/device info, referrer URL, usage behavior, and anonymous user profiles. EU‑based traffic is processed within the EU before transmitting to Analytics servers in the USA, under EU‑U.S. Data Privacy Framework. Event data stored for 2 months; user data for 14 months.
We embed content (e.g., videos via Vimeo LLC, New York, or other third parties) that may use web pixels or cookies, transmitting your IP and device info for analytics or marketing. Vimeo processes such data in the USA and retains it up to 2 years, under Data Privacy Framework compliance.
If you contact us via form or email (e.g., for inquiries or job applications), we collect contact details (name, address, email, phone, company, profession) and message content.
We use “Contact Forms” plugin (by Pixel & Tonic, Inc.) on Craft CMS (US-based). This processing is based on our legitimate interest (Art. 6 (1) lit. f GDPR). Data may be transferred to and processed in the USA under Standard Contractual Clauses. Stored only as long as needed to handle your request or as required by law.
You can apply via contact form or via XING/LinkedIn profiles:
We process contact info, application documents (CV, cover letter, certificates), info entered on the form, and optionally your XING profile data (if you enable “Leverage your application”).
Processors: New Work SE (XING) and LinkedIn Ireland Unlimited Company. Processing based on pre‑contractual measures (Art. 6 (1) lit. b GDPR) and legitimate interests (Art. 6 (1) lit. f GDPR). Data may be transferred to the USA under Data Privacy Framework or EU standard contractual clauses.
Application data kept during process; if rejected, they are deleted after 6 months. If you opt into a candidate pool, your data are retained until withdrawal or up to 5 years.
Freelance data stored up to 5 years after last engagement.
Data communicated via XING/LinkedIn may remain for 1 year unless longer legal retention obligations apply.
We send newsletters based on your consent (double opt‑in), or where legally allowed. Intended content includes product info, offers, and company news.
We record registration & confirmation timestamp, email, IP, name; track opens, clicks, browser/OS info. This is for consent proof and content optimization. Storage of consent records is based on our legitimate interests (Art. 6 (1) lit. f GDPR).
You can unsubscribe anytime. After unsubscribe, your email is blocked and deleted in about 12 days unless legal retention applies. We may blacklist your email (Art. 6 (1) lit. f GDPR) to prevent future mailings.
Service provider: MailChimp (Rocket Science Group, LLC, USA), and parent Intuit Inc. Data stored in USA under Data Privacy Framework.
We maintain company profiles on Facebook, Instagram (Meta Ireland), LinkedIn, XING, Vimeo, etc. We only link/icon them—not embed plugins.
• If you click through to those platforms while logged in, the platform may link your visit to your account.
• Platforms may process your data outside the EU; we have no control. They may use data for marketing/research, build usage profiles, and place targeted ads.
• We receive aggregate usage stats (views, interactions, demographics).
• When users transmit personal data to us via these platforms, we act as controller and you may exercise your rights against us.
• Where platforms process data independently (e.g. insights), they act as joint controllers per Art. 26 GDPR.
Processing basis: your consent (Art. 6 (1) lit. a GDPR), pre‑contract processing (Art. 6 (1) lit. b GDPR), or our legitimate interest in communication (Art. 6 (1) lit. f GDPR).
Facebook and Instagram store data until you object. LinkedIn retains data while account exists. XING retains as per user account duration plus any legal retention.
We provide an internal whistleblowing channel for employees, partners, or third parties to report irregularities anonymously. Run by WTS Legal. Communications are encrypted and pseudonymous by default; revealing your identity is voluntary.
We process information about suspected wrongdoing, location, time, persons involved. We request reporters avoid sharing sensitive personal data unless needed. We may process sensitive categories per Art. 9 GDPR if voluntarily provided.
Based on mandatory compliance (Art. 6 (1) lit. c GDPR) under the EU Whistleblower Protection Act and on legitimate interest (Art. 6 (1) lit. f GDPR). If you voluntarily supply personal data, consent applies and can be withdrawn.
If you exercise your rights (per section 10 below), we keep the related personal data for the legal statute of limitations—typically 3 years in Germany (OWiG, BDSG, GDPR), or 10 years under Swiss law or Art. 127 OR. This may be extended if interrupted by legal processes.
Departments in Germany or Switzerland may access your data if needed for contractual or legal obligations.
We work with processors (Art. 28 GDPR) in areas like IT, logistics, printing, telecommunications, consulting, sales, and marketing. We use contractual, technical, and organizational measures to protect your data in compliance with applicable law.
We only share your data with third parties as required by law or when you have consented or it is necessary for contract performance.
Personal data may be processed within the EU and in the USA. Transfers to USA are done only if recipients are certified under the EU‑U.S. or Swiss‑U.S. Data Privacy Framework or subject to EU Standard Contractual Clauses. Additional safeguards are employed to ensure adequate protection. You may request a copy of the Standard Contractual Clauses using our contact details.
We generally do not use fully automated decision-making or profiling per Art. 22 GDPR. Should we use such methods in exceptional cases, we will inform you as required. We currently do not process your data to assess personal aspects via automated profiling.
We follow retention laws such as the German Commercial Code (HGB), Swiss Code of Obligations, tax law, etc.—typically from 3 to 10 years, in some cases up to 30. Specific retention durations are given in section 5 earlier.
Every data subject has:
• Right of access (Art. 15 GDPR / Art. 25 FADP) — to know what data we have about you.
• Right to rectification (Art. 16 GDPR / Art. 32 FADP).
• Right to erase (“right to be forgotten”) (Art. 17 GDPR / Art. 32 (2)(c) FADP) and to restrict processing (Art. 18 GDPR / Art. 32 (2)(a) FADP).
• Right to data portability (Art. 20 GDPR / Art. 28 FADP).
• Right to withdraw consent at any time (Art. 7(3) GDPR / Art. 30 (2)(b) FADP).
• Right to object to processing based on legitimate interests (Art. 21 GDPR). For direct marketing, you have a general right of objection to profiling. Processing ceases unless we can present compelling legitimate grounds.
• Right to lodge a complaint with a supervisory authority (Art. 77 GDPR). For Germany, see the Federal Commissioner (BfDI); for Switzerland, the Federal Data Protection and Information Commissioner in Bern.
Please contact us first if you have any concerns before approaching the supervisory authority.
We reserve the right to amend this privacy notice at any time or adapt it to new processing methods.