Legal

Privacy Policy

Status: 05 Jan 2025

Back to home
This English translation is provided for convenience only. The German version is legally binding. German law applies.

1. Controller

Controller within the meaning of the GDPR (DSGVO): Internities UG (limited liability), Hansastraße 42, 20144 Hamburg, Germany

E-mail: hello@internities.de

Data Protection Officer (DPO): No Data Protection Officer has been appointed.

2. Overview: Which data we process

We process personal data when you use our website/platform, in particular:

  • Account data: name, e-mail, password hash, role (student/company)
  • Student profile data: education/university, skills, experience, preferences, uploaded documents (e.g., CV), links (e.g., LinkedIn/GitHub), verification status
  • Company profile data: company details, contact persons, internship listings, applicant pipeline notes
  • Usage/log data: IP address, timestamps, device/browser data, events (login, clicks, applications)
  • Communication data: support requests, messages within the platform
  • Application/matching data: application status, match scores/recommendations, feedback signals (e.g., interview/offer if provided)

2.1. Cost Calculator

We provide a cost calculator on our website. Information entered in the cost calculator is processed and stored exclusively in anonymized form. No assignment to a specific person or company occurs.

No personal data (e.g., name, e-mail address, contact person) are collected or stored in the cost calculator.

The anonymously collected data are used exclusively for statistical evaluation, product improvement, and internal market analysis.

No consolidation with other data sources takes place.

3. Purposes and legal bases

We process data for the following purposes:

  1. Provision of the platform / contract performance (registration, login, profiles, applications, matching) – legal basis: Art. 6(1)(b) GDPR (DSGVO).
  2. Security, abuse prevention, error analysis – legal basis: Art. 6(1)(f) GDPR (legitimate interest: a secure platform).
  3. Support & communication – Art. 6(1)(b) and/or (f) GDPR.
  4. Product improvement / analytics (only if enabled and depending on setup) – depending on the tool: Art. 6(1)(a) GDPR (consent) or Art. 6(1)(f) GDPR.
  5. Payment processing – Art. 6(1)(b) GDPR; and statutory obligations (Art. 6(1)(c) GDPR).

4. Matching, profiling, automated decisions

We may use profile and usage data to calculate match recommendations (profiling in a broader sense).

There are no solely automated decisions with legal effect within the meaning of Art. 22 GDPR about hiring/rejection: companies make the decision.

You may object to processing based on legitimate interests (see 'Your rights').

5. Website, cookies, consents (TDDDG/GDPR)

We use technically necessary cookies/local storage (e.g., session, security). Legal basis: Art. 6(1)(f) GDPR; access to end-user devices is governed by Section 25 TDDDG (for necessary purposes generally without consent).

Optional cookies/trackers (analytics/marketing) are set only with consent via a consent banner, if enabled. Legal basis: Art. 6(1)(a) GDPR and Section 25 TDDDG (consent).

6. Recipients / processors

We use service providers as processors within the meaning of Art. 28 GDPR, e.g.:

  • Hosting/Infrastructure: Vercel
  • E-mail / transactional messaging: Resend
  • Database/monitoring: Supabase

We conclude the required data processing agreements (DPAs/AVV) with our service providers.

7. International transfers

If service providers process data outside the EEA (e.g., in the USA), this occurs only with appropriate safeguards (e.g., EU Standard Contractual Clauses and/or an adequacy decision, depending on the provider).

8. Storage periods

  • Account and profile data: for as long as the account is active.
  • After deletion: deletion/anonymisation within a reasonable period unless statutory retention obligations apply.
  • Contract/invoicing data: retained according to statutory periods under commercial/tax law.
  • Log data: typically a few weeks/months (security purposes).

9. Your rights

  • Right of access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18)
  • Right to data portability (Art. 20)
  • Right to object (Art. 21) to processing based on Art. 6(1)(f)
  • Right to withdraw consent (Art. 7(3)) at any time with effect for the future
  • Right to lodge a complaint with a supervisory authority (Art. 77), e.g., at the seat of our company

Contact for data protection requests: hello@internities.de

10. Data security

We implement appropriate technical and organisational measures (e.g., TLS encryption, access controls, role-based permissions, backups) to protect data.

11. Changes to this Privacy Policy

We update this Privacy Policy when the platform or legal requirements change. The current version published on the website applies.