privacy policy
In the following, we inform you about the collection of personal data when using our website and when contacting us via a contact form, by email or by telephone. Personal data within the meaning of Art. 4 No. 1 of the EU General Data Protection Regulation (GDPR) is all information that can be related to you personally, such as name, address, email addresses, user behavior.
I. Name and contact details of the responsible persons and the data protection officer
Jointly responsible in accordance with Art. 4 No. 7, 26 GDPR for the processing of your data described below are the companies of the IGEPA group (“We” or individually “the respective company”),
1. Freytag & Petersen GmbH & Co. KG, Longericher Straße 215-221, 50739 Cologne, Telephone: 0221 / 1776-0, Fax: 0221 / 1776-500, E-Mail:freypeter_info@igepagroup.com ,
2. 2H GmbH & Co. KG, Dieselstraße 24, 85748 Garching near Munich, Telephone: 089 / 32950-0, Fax: 089 / 32950-100, E-Mail:2h-garching@igepagroup.com ,
3. vph GmbH & Co. KG, Gutenbergstraße 4, 30966 Hemmingen, Telephone: 0511 / 9428-0, Fax: 0511 / 9428-290, E-Mail:vp_info@igepagroup.com ,
4. E. Michaelis & Co. (GmbH & Co.) KG, Senefelder-Ring 14, 21465 Reinbek, Tel. 040 / 72777-0, Fax: 040 / 727 77-466, E-Mail:michaelis_info@igepagroup.com ,
5. Geiger GmbH & Co. KG, Schulze-Delitzsch-Straße 7, 73434 Aalen, Tel.: 07361 / 599-0, Fax: 07361 / 599-170, E-Mail:geiger_info@igepagroup.com ,
6. IGEPA Wholesale GmbH, Igepa-Ring 1, 06188 Landsberg / OT Queis, Tel.: 034602 / 61-600, Fax: 034602 / 61-899, Email:igepaqueis_info@igepagroup.com ,
7. HANSA GmbH & Co. KG Wholesale, Heinz-Kerneck-Straße 8, 28307 Bremen, Tel.: 0421 / 4862-0, Fax: 0421 / 4862-200, E-Mail:hansa_info@igepagroup.com ,
8. IGEPA group GmbH & Co. KG, Heidenkampsweg 74-76, 20097 Hamburg, Telephone: 040 / 727788-0, Fax: 040 / 72 77 88-50, E-Mail:info@igepagroup.com
You can contact the data protection officers of the respective companies as follows:
1. Freytag & Petersen GmbH & Co. KG: Post: Freytag & Petersen GmbH & Co. KG, “Data Protection Officer”, Longericher Straße 215-221, 50739 Cologne, Tel.: 0221 / 1776-0, E-Mail:datenschutz@freypeter.de ,
2. 2H GmbH & Co. KG: Post: 2H GmbH & Co. KG, “Data Protection Officer”, Dieselstraße 24, 85748 Garching near Munich, Tel: 089 / 32950-0, E-Mail:2h_datenschutz@igepagroup.com ,
3. vph GmbH & Co. KG: Post: vph GmbH & Co. KG, “Data Protection Officer”, Gutenbergstraße 4, 30966 Hemmingen, Tel: 0511 / 9428-0, E-Mail:datenschutz@vph-service.de ,
4. Michaelis & Co. (GmbH & Co.) KG: Post: E. Michaelis & Co. (GmbH & Co.) KG, “Data Protection Officer”, Senefelder-Ring 14, 21465 Reinbek, Tel.: 040 / 72777-0, E-Mail:michaelis_info@igepagroup.com ,
5. Geiger GmbH & Co. KG: Post: Geiger GmbH & Co. KG, “Data Protection Officer”, Schulze-Delitzsch-Straße 7, 73434 Aalen, Tel.: 07361 / 599-0, E-Mail:geiger_datenschutz@igepagroup.com ,
6. IGEPA Großhandel GmbH: Post: IGEPA Großhandel GmbH, “Data Protection Officer”, Igepa-Ring 1, 06188 Landsberg / OT Queis, Tel.: 034602 / 61-600, E-Mail:igepa_queis_datenschutz@igepagroup.com ,
7. HANSA GmbH & Co. KG Wholesale, Post: HANSA GmbH & Co. KG Wholesale, “Data Protection Officer”, Heinz-Kerneck-Straße 8, 28307 Bremen, Tel.: 0421 / 4862-141, E-Mail:datenschutz@hansa-grosshandel.de ,
8. IGEPA group GmbH & Co. KG: Post: IGEPA group GmbH & Co. KG, “Data Protection Officer”, Heidenkampsweg 74-76, 20097 Hamburg, Tel.: 040 / 727788-0, E-Mail:datenschutz@igepagroup.com.
II. General information on the collection, transfer and storage period of personal data
The primary purpose of data processing is to provide access to our website and to establish and fulfill a contractual relationship with you. When you contact us by email using a contact form or by telephone, the data you provide (e.g. your email address, possibly your name and your telephone number) will be stored by us in order to process your request. The primary legal basis for this is Art. 6 Para. 1 b) GDPR. In addition, your separate consent in accordance with Art. 6 Para. 1 a) GDPR may be used. We also process your data in order to be able to fulfill our legal obligations, particularly in the area of commercial and tax law. This is done on the basis of Art. 6 Para. 1 c) GDPR. If necessary, we also process your data on the basis of Art. 6 Para. 1 f) GDPR in order to protect the legitimate interests of us or third parties. These interests may arise, for example, for advertising, provided you have not objected to the use of your data, the assertion of legal claims and defense in legal disputes, the guarantee of the IT security of our company and for measures for business management and further development of services and products.
We will only pass on your personal data to third parties if you have given your consent to do so in accordance with Art. 6 Para. 1 a) GDPR, the transfer is necessary in accordance with Art. 6 Para. 1 f) GDPR to assert, exercise or defend legal claims or to protect our legitimate interests (e.g. affiliated companies of the IGEPA group, credit agencies, trade credit insurance, debt collection service providers, lawyers, courts, experts, external data centers, maintenance of telecommunications and IT systems or applications, archiving, document processing, data destruction, purchasing/procurement, advertising and marketing) and there is no reason to assume that you have an overriding legitimate interest in not passing on your data, in the event that there is a legal obligation to pass on the data in accordance with Art. 6 Para. 1 c) GDPR (e.g. tax authorities) and this is legally permissible and necessary in accordance with Art. 6 Para. 1 b) GDPR for the processing of contractual relationships with you (e.g. banks, logistics service providers, IT service providers).
Depending on which services you use on our website or enquire with us, your personal data may be transferred to a third country. If we transfer personal data to recipients outside the European Economic Area (EEA), the transfer will only take place if the EU Commission has confirmed that the third country has an adequate level of data protection, other appropriate data protection guarantees (e.g. binding internal company data protection regulations or EU standard contractual clauses) are in place or there is an exception for the transfer in accordance with Art. 49 GDPR.
We delete your personal data as soon as it is no longer required for the purposes stated in this data protection information. After termination of the contractual relationship, your personal data will be stored as long as we are legally obliged to do so. This usually results from legal proof and retention obligations, which are regulated in the Commercial Code and the Tax Code, among other things. The storage periods are then up to ten years. In addition, personal data may be stored for the period in which claims can be asserted against us (statutory limitation period of three or up to thirty years).
You only need to provide us with the personal data that is necessary for the provision and use of certain functions of our website or for the establishment and implementation of a contractual relationship and the fulfillment of the associated contractual obligations, or which we are legally obliged to collect. Without this data, we will not be able to provide the website and certain functions of the website and to conclude and implement a contract with you.
III. Collection and processing of personal data on our website
1. Visit our website
If you use the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server and that is technically necessary to display our website and to ensure stability and security. This is the IP address, the request from your browser and the time of this request. In addition, the status and the amount of data transferred are recorded as part of this request. We also collect product and version information about the browser used and the operating system of your system. We also record which website our site was accessed from.
The temporary storage of the IP address by the system is necessary to enable the website to be delivered to your browser. For this purpose, your IP address must be stored for the duration of the session. The remaining data is processed to ensure the functionality of the website. In addition, the data helps us to optimize the website and to ensure the stability and security of our systems. The legal basis is Art. 6 Para. 1 f) GDPR, based on a balancing of our legitimate and overriding interests mentioned above.
We transmit the collected data to external service providers (hosting providers, IT service providers, web agencies) who support us in data processing for the purposes stated above.
We have commissioned IGEPA Business- und IT-Services GmbH, Brückenstraße 5 a, 10179 Berlin, to operate a data center, maintain telecommunications and IT systems or applications, archiving, data destruction and other IT services, which processes data on our behalf within the meaning of Art. 28 GDPR.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. If the data is collected to provide the website, this is the case when the respective session has ended. Otherwise, it is deleted within 7 days of accessing the website at the latest.
2. Cookies
When you use our website, we may collect information through the use of cookies or similar technologies (“cookies”). Cookies are small text files that are stored by your browser on your device to store certain information. If you later visit our website again using the same device, the information stored in the cookie is then sent back either to our website or to another website to which the cookie belongs. The information stored and sent back enables the respective website to recognize that you have already accessed and visited it using the browser on your device. Only the cookie itself is identified on your device. We use cookies to improve our website, to store information about your preferred activities on the website and thus to tailor our website to your individual interests, and to fulfill legal requirements.
This website uses the following types of cookies, the scope and functionality of which are explained below:
Strictly Necessary Cookies
Functional Cookies
Performance Cookies
Marketing Cookies
Strictly Necessary Cookiesare cookies without which you would not be able to use our website as intended or without which we would not be able to make our website available to you. These include functions such as setting and saving your data protection settings, filling in and saving user input, and security functions. These cookies are used without your consent. However, you have the option of deactivating these cookies via your browser settings. The legal basis for the processing of personal data using absolutely necessary cookies is Art. 6 Para. 1 c) GDPR or Art. 6 Para. 1 f) GDPR, based on a balancing of our legitimate and overriding interests in the technically smooth provision of our website and the services offered through it.
Functional cookies enable us to save functions you have requested or information you have provided and, based on this, to offer you a better or more personalized use of our website. This includes, for example, certain functions of our website, the language selection or the selected region. The legal basis for the processing of personal data using functional cookies is your consent in accordance with Art. 6 Para. 1 a) GDPR.
performance cookies We use cookies to understand how visitors use our website, in particular which areas they visit and how much time they spend on the website. In addition, we collect information and register error messages with the aim of improving our website. The legal basis for the processing of personal data using performance cookies is your consent in accordance with Art. 6 Para. 1 a) GDPR.
We use marketing cookies to show you personalized advertising content and to measure the effectiveness of our marketing campaigns. To do this, we use third-party services and cookies. They may be used by these third parties to create a profile of your interests and show you relevant ads on other websites. When you visit another website, your browser's cookie is recognized by the website and selected ads are shown to you based on the information stored in this cookie. The legal basis for the processing of personal data using marketing cookies is your consent in accordance with Art. 6 Para. 1 a) GDPR.
You can use your browser to delete all cookies that have been set. You can also set your browser to prevent websites from saving and reading cookies. You can revoke your consent to the use of cookies, provided that they are not absolutely necessary, at any time with effect for the future. You can find the link to the cookie settings in the footer of our website.
3. Google Analytics with Signals
We use the web analysis service Google Analytics, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics uses cookies that are stored on your device and that enable an analysis of your use of the website. When data is collected in Google Analytics 4, no IP addresses are logged or stored. All IP addresses of users in the EU that are recorded via EU domains and servers are deleted before recording. Google does not collect precise location data. Instead, only general metadata such as "city", "continent", "country", "region" and "subcontinent" are derived from the IP addresses. This metadata is deleted immediately and is only used to analyze general geographical information. In addition to the above functions, we also use Google Signals on this website. Google Signals offers expanded options in Google Analytics by using aggregated data from users who have agreed to personalized advertising. With Google Signals, we can create more targeted remarketing audiences and create more precise advertising reports. This enables us to better understand the impact of our advertising on different devices and browsers, based on the preferences of users who have accepted personalized advertising. Google Signals also allows us to conduct a deeper analysis of the interests and demographic characteristics of our target groups. We use aggregated information from the DoubleClick cookie and device advertising IDs to understand these characteristics more precisely. Using Google Signals enables us to analyze the behavior of users who have accepted personalized advertising across different devices. This helps us to better understand user behavior throughout the conversion process and to adapt our services accordingly. All data collected by Google Signals is aggregated and anonymized. Individual users are not identified. Google Signals only uses information from users who have expressly consented to the use of personalized advertising. On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide the website operator with other services relating to website activity and internet usage. We use Google Analytics to analyze the use of our website and to regularly improve it. Using the statistics obtained, we can improve our offering and make it more interesting for you as a user. The legal basis for the use of Google Analytics is your consent in accordance with Art. 6 Para. 1 a) GDPR.In addition to the processing of the above-mentioned data by Google, we transmit the collected data to external service providers (e.g. platform, hosting, support and analysis service providers) for processing in accordance with the purposes stated above (implementation and support of web analysis). In the exceptional cases in which personal data is transferred from Google to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA under its own responsibility, these transfers are subject to the standard contractual clauses in accordance with Art. 46 GDPR and the EU-US Data Privacy Framework (DPF). The order data processing conditions for Google advertising products with reference to the standard contractual clauses are available here: https://business.safety.google/adsprocessorterms/. The personal data collected will be deleted as soon as it is no longer required for the processing purposes, which is usually the case after 14 months from the data collection.
4. Google Ads Conversion and Remarketing
We use the Google Ads advertising system of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google") to draw attention to our offer with the help of advertising (so-called Google Ads) on Google and other external websites. Google is responsible for the delivery of Google Ads and the associated data processing. Further information about Google Ads can be found at: https://ads.google.com/intl/de_DE/home/.
We use conversion tracking as part of the use of Google Ads. If you click on a Google ad, Google stores cookies on your device, which usually expire after 30 days, and records data on visits to our website, including URL, referrer URL, IP address, device and browser properties, and timestamps. Cookies make it possible to identify which of our offers you have viewed and subsequently used. Google provides us with statistical evaluations that show which parameters of the Google Ads are working and where there is a need for optimization.
We also use Google Ads Remarketing. Our Google ads are delivered on websites operated by third parties when these users or groups of users visit a Google website or a website in the Google advertising network. With Google Ads Remarketing, we analyze your usage behavior on our website, for example which of our offers you are interested in. Based on this, you can be shown targeted advertising on other websites even after you leave our website. Google stores cookies on your device for this purpose, which usually expire after 30 days. The cookies make it possible to recognize and analyze which of our offers you are interested in.
We use conversion tracking to determine how effectively clicks on Google ads lead to certain activities on our website, such as purchases, registrations or filling out forms. We use remarketing to address users or user groups who have already interacted with our website. The legal basis for the use of Google Ads Conversion and Remarketing is your consent in accordance with Art. 6 Para. 1 a) GDPR
In addition to the processing of the above-mentioned data by Google, we transmit the collected data to external service providers (e.g. platform, hosting, support and analysis service providers) for processing in accordance with the purposes stated above (implementation and support in targeted advertising and analysis of the impact and efficiency of this advertising).
In cases where personal data is transferred from Google to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, these transfers are subject to the standard contractual clauses pursuant to Art. 46 GDPR. These are available here: https://business.safety.google/adscontrollerterms/sccs/eu-c2c/.
You can prevent the use of the tracking methods mentioned above by (i) setting your browser software accordingly, (ii) by deactivating personalized advertising using the plug-in provided by Google under the following link: https://www.google.com/settings/ads/plugin, (iii) by deactivating the interest-based ads of the providers via the link http://www.aboutads.info/choices or (iv) by using your cookie settings on our website.
The personal data collected will be deleted as soon as they are no longer required for the processing purposes, which is usually the case after 6 months from the date the data was collected.
5. Newsletter
With your consent, you can subscribe to our newsletter, with which we inform you about our current interesting offers. The advertised goods and services are named in the declaration of consent.
We use the so-called double opt-in procedure to register for our newsletter. This means that after you register, we will send you an email to the email address you provided, asking you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store the IP addresses you use and the times of registration and confirmation. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data. The legal basis is Art. 6 Para. 1 a) and c), Art. 7 Para. 1 GDPR.
Mandatory information for sending the newsletter is your email address, your last name and your company. The newsletter is aimed exclusively at corporate customers, so the last name and company must be provided for verification. If you already have a customer number, you can voluntarily provide this to us so that we can compare your data. After you confirm, we will save the data you provide for the purpose of sending you the newsletter. The legal basis is Art. 6 Para. 1 a) GDPR. The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. The user's email address will therefore be stored as long as the newsletter subscription is active.
You can revoke your consent to the sending of the newsletter, to the transfer of your personal data to companies in the IGEPA Group and to the personal analysis of your usage behavior at any time and unsubscribe from the newsletter. You can revoke your consent by clicking on the link provided in each newsletter email or by sending a message to the contact details provided in the imprint.
The newsletter is sent by Inxmail GmbH, Wentzingerstraße 17, 79106 Freiburg ("Inxmail"). Your email address and other data for receiving the newsletter mentioned in this notice are stored on Inxmail's servers in Germany. Inxmail uses this information to send and evaluate the newsletter on our behalf. Furthermore, according to its own information, Inxmail can use this data to optimize or improve its own services, e.g. for the technical optimization of the sending and presentation of the newsletter or for commercial purposes in order to determine which countries the recipients come from. However, Inxmail does not use the data to write to them itself or to pass it on to third parties.
The newsletters contain a so-called web beacon, i.e. a pixel-sized file that is retrieved from the Inxmail GmbH server when the newsletter is opened. As part of this retrieval, technical information such as data about the browser and your system, as well as your IP address and the time of retrieval, are initially collected. This information is used to technically improve the services based on the technical data or the target groups and their reading behavior. The statistical surveys also include determining whether the newsletters were opened, when they were opened and which links were clicked. This information is not assigned to individual newsletter recipients, but only stored anonymously. The evaluations serve to recognize the reading habits of our users and to adapt our content to them. The newsletters from the Selection Blog are sent by Mailgun, 112 E Pecan St, #1135, San Antonio, TX, 78205. Your e-mail address and your other data for receiving the newsletter mentioned in these notes are stored on Mailgun's servers in Europe. Mailgun uses this information to send and evaluate the newsletter on our behalf. Furthermore, according to its own information, Mailgun can use this data to optimize or improve its own services, e.g. to technically optimize the sending and presentation of the newsletter or for commercial purposes to determine which countries the recipients come from. However, Mailgun does not use the data to write to them itself or to pass it on to third parties.
If you have consented, the aforementioned recipient reactions will be recorded and stored on a personal basis. This enables us to better tailor the content of the newsletter to your personal interests.
6. Use of our webshop, customer portal and EFax function
If you would like to order from our webshop, via our customer portal or via EFax, it is necessary for the conclusion of the contract that you provide your personal data, which we need to process your order. If you are already a customer of our company, no additional data collection is required, only activation to use the services. New customers must first register and enter personal data (name, address and contact details such as telephone, email address, tax number or VAT identification number). Mandatory information required to process the contracts is marked separately; further information is voluntary. The data you enter will be stored by us to assign a customer number and to activate the use of the webshop, the customer portal and the EFax function. The legal basis for the processing of this personal data is Art. 6 Para. 1 b) GDPR.
After the contract has been processed, your address, payment and order data will be stored for the duration of the tax and commercial retention obligations of ten years and then deleted unless you have consented to longer storage or the further processing of the data is necessary for the assertion, exercise or defense of legal claims. The legal basis for the processing of personal data for the purposes of fulfilling the statutory archiving and retention obligations is Art. 6 Para. 1 c) GDPR.
We process the data you provide to process your order. To do this, we may pass your data on to our house bank, our trade credit insurer, our credit agency, and to logistics and payment service providers selected by you. We are entitled to pass on this personal data in accordance with Art. 6 Paragraph 1 b) GDPR. Our service providers may only process or use your data for the purpose for which it was transmitted to them if necessary. If data is passed on to external service providers, we have taken technical and organizational measures to ensure that data protection regulations are observed.
You are not obliged to provide the aforementioned personal data. However, the data provided is necessary for the conclusion of a contract. Without the provision of the data, communication, conclusion or execution of a contract may not be possible.
7. Dealfront (Liidio Oy as part of Dealfront Group GmbH)
Our website uses technologies from Dealfront (Liidio Oy as part of Dealfront Group GmbH) to analyze visitor behavior.
In this process, a visitor’s IP address is processed.
The IP address is processed to help us understand which companies (B2B) visit our website. As part of the processing, the IP address is enriched with associated information such as the company name or industry code.
For this purpose, at the beginning of the session, the IP address of the website visitor and the corresponding session data are compared with an extensive whitelist of well-known companies.
To increase the privacy of our visitors, we have turned on "IP address anonymization" so that only shortened values are stored and shared with Dealfront instead of the actual IP addresses. When this feature is enabled, we do not store the actual IP address anywhere in our systems, including in the logs. This anonymization makes it impossible to later connect to external IP address information, preventing the identification of an individual person.
As part of this processing, so-called first-party cookies from Dealfront are used to analyze visitor behavior.
If we process personal data in this context, this is done on the basis of our legitimate interest (Art. 6 (1) lit. f GDPR) in optimizing our products, services, sales and marketing.
To prevent this processing, website visitors can install and configure appropriate ad blockers or use no-script plugins in their browser.
The data will be deleted as soon as it is no longer required for the intended purposes. However, statutory retention periods may lead to a longer retention period for the data in question.
We have entered into a data processing agreement with Dealfront to ensure compliance with applicable data protection standards.
8. Credit check when opening a customer account
When opening a customer account, we can carry out a credit risk assessment based on mathematical and statistical procedures at the credit agency Creditreform Berlin Brandenburg Wolfram GmbH & Co. KG (scoring). For this purpose, your personal data required for the credit check, company name, name and address, will be transferred to the credit agency.
The processing is carried out for the purpose of credit checks to avoid payment defaults, to classify your company as a company within the meaning of Section 14 Paragraph 1 of the German Civil Code (BGB) and to allocate prices, etc. on the basis of Art. 6 Paragraph 1 b) GDPR and Art. 6 Paragraph 1 f) GDPR. Our legitimate interest lies in avoiding the risk of payment defaults and any risk of insolvency. On the basis of this information, a statistical probability of a loan default and thus your ability to pay is calculated. If the credit check is positive, an order on account is possible. If the credit check is negative, you can only select one of the other payment methods. Our legitimate interest also lies in concluding the legal transactions to be concluded with you as commercial transactions within the meaning of Section 343 of the German Commercial Code (HGB), excluding consumer law provisions, and in ensuring the allocation of prices.
You can object to the transmission of this data to the credit agency at any time, but in this case it will no longer be possible to order on account via our website. The scope of the scoring is limited to whether an order can also be placed on account and as a commercial transaction.
In addition to the processing of the above-mentioned data by the credit agency, we forward the collected data for processing to external service providers (e.g. platform, hosting, support and analysis service providers) in accordance with the above-mentioned purposes (implementation and support in the credit check).
The personal data collected will be deleted as soon as they are no longer required for processing purposes, which is usually the case after the first order has been fully processed and processed.
IV Further information on data processing within and outside our website
1. Contact and communication
We collect your personal data as a customer, business partner, interested party or supplier when you provide it to us voluntarily by email, via a contact form on our website, by post or by telephone. We then record the information that comes about as part of the contact and/or collaboration. This includes in particular names and contact details provided, the date and reason for contact.
The personal data collected from you will be used for the purpose of providing you with the requested products or services and to correspond with you (legal basis Art. 6 Para. 1 b) GDPR), to fulfill legal obligations (legal basis Art. 6 Para. 1 c) GDPR) or on the basis of legitimate interests of ours or of third parties (legal basis Art. 6 Para. 1 f) GDPR), which are described in this data protection declaration.
You are not obliged to provide the aforementioned personal data. The data provided may be necessary for the conclusion of a contract. Without the provision of the data, communication, conclusion or execution of a contract may not be possible.
The data relevant in each individual case will be transmitted on the basis of the statutory provisions or a contractual agreement to public bodies if there are overriding legal provisions, to external service providers or other contractors and to other external bodies, provided that you have given your consent or transmission is permissible for overriding reasons.
We transmit the collected data to external service providers (IT service providers, e.g. Heyflow GmbH, Jungfernstieg 49, 20354 Hamburg) who support us in data processing for the purposes stated above.
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. If the data provided is subject to retention obligations under tax and commercial law, it will be stored for the duration of the retention obligation of ten years and then deleted unless you have consented to longer storage or further processing of the data is necessary for the assertion, exercise or defense of legal claims (statutory limitation period of three or up to thirty years).
2. Use of Microsoft Teams
To conduct video conferences and online meetings (“online meetings”), we use the “Microsoft Teams” service provided by Microsoft Ireland Operations Limited, The Atrium Building, Block B, Carmanhall Road, Sandyford Business Estate, Dublin 18, Ireland (“Teams”). The legal basis for data processing when conducting “online meetings” is Art. 6 Para. 1 b) GDPR, insofar as these are carried out within the framework of contractual relationships. Insofar as personal data is processed by our employees, Section 26 BDSG is the legal basis. If no contractual relationship exists or no processing is necessary to establish, carry out or terminate the employment relationship, the legal basis is Art. 6 Para. 1 f) GDPR. In these cases, our legitimate interest lies in the effective conduct of “online meetings”.
When using “Teams”, various types of data are processed. The scope of the data also depends on what information you provide before or when participating in an “online meeting”. If we want to record “online meetings”, we will inform you transparently in advance and – if necessary – ask for your consent. You will also be shown in the “Teams” app that a recording is taking place. If it is necessary for the purposes of logging the results of an online meeting, we will log the chat content. However, this will usually not be the case. In the case of webinars, we can also process the questions asked by webinar participants for the purposes of recording and following up on webinars. If you are registered as a user with “Teams”, reports on “online meetings” (meeting metadata, telephone dial-in data, questions and answers in webinars, poll function in webinars) can be stored in “Teams” for up to one month. The following personal data is processed: user information (first name, last name, telephone (optional), email address, password (if single sign-on is not used), profile picture (optional), department (optional)), meeting metadata (topic, description (optional), participant IP addresses, device/hardware information), recording data (optional) (MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat) when dialing in by telephone, telephone data (incoming and outgoing phone number, country name, start and end time. Other connection data such as the device’s IP address may be stored if necessary) and text, audio and video data. You may have the option of using the chat, question or survey functions in an “online meeting”. The text entries you make will be processed in order to display them in the “online meeting” and, if necessary, to log them. In order to enable the display of video and the playback of audio, the data from your device's microphone and any video camera on the device will be processed for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time using the "Teams" applications. To take part in an "online meeting" or enter the "meeting room", you must at least provide your name.
Personal data processed in connection with participation in "online meetings" is generally not passed on to third parties unless it is specifically intended for disclosure. Please note that content from "online meetings", as with personal meetings, is often used to communicate information with customers, interested parties or third parties and is therefore intended for disclosure. In addition to the processing of the above-mentioned data by Microsoft, we transmit the collected data to external service providers (e.g. platform, hosting, support and analysis service providers) for processing in accordance with the purposes stated above (support in the provision and implementation of "online meetings").
In cases where personal data is transferred from Microsoft Ireland Operations Limited to Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA, these transfers are subject to the standard contractual clauses pursuant to Art. 46 GDPR. The Microsoft Products and Services Data Protection Addendum (DPA) with reference to the standard contractual clauses is available here: https://www.aka.ms/dpa
We generally delete personal data if there is no need for further storage. A requirement may exist in particular if the data is still needed to fulfill contractual services, to check and grant or defend warranty and, if applicable, guarantee claims. In the case of statutory retention periods, deletion will only be considered after the respective retention period has expired.
3. Surveys with Microsoft Forms
We process your personal data to conduct internal and external surveys and queries as well as to evaluate them (“online surveys”). The legal basis for data processing when conducting online surveys is Art. 6 Para. 1 b) GDPR, insofar as these are carried out within the framework of contractual relationships. Insofar as personal data of our employees or applicants is processed, Section 26 BDSG is the legal basis. If there is no contractual relationship or if processing is not necessary to establish, carry out or terminate the employment relationship, the legal basis is Art. 6 Para. 1 f) GDPR. In these cases, our legitimate interest lies in the effective conduct of online surveys.
The extent of the data depends on the questions asked and answered, as well as any upload of additional files and on the data you provide when participating in online surveys. We will generally collect the following data: name, email address, preferred language, date and time the questionnaire was opened and date and time the response was sent.
To conduct the surveys, we use the survey tool Microsoft Forms, provided by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland ("Microsoft"). The use of Microsoft Forms is based on our legitimate interests in accordance with Art. 6 Para. 1 f) GDPR. Our interest is in using a user-friendly and secure survey tool that serves both our business interests and meets the expectations of users.
In addition to the processing of the above-mentioned data by Microsoft, we transmit the collected data for processing to external service providers (e.g. platform, hosting and support service providers) in accordance with the purposes stated above (conducting and supporting online surveys).
In cases where personal data is transferred from Microsoft Ireland Operations Limited to Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA, these transfers are subject to the standard contractual clauses pursuant to Art. 46 GDPR. The Microsoft Products and Services Data Protection Addendum (DPA) with reference to the standard contractual clauses is available here:https://www.aka.ms/dpa
We generally delete personal data if there is no need for further storage. A requirement may exist in particular if the data is still needed to fulfill contractual services, to check and grant or defend warranty and, if applicable, guarantee claims. In the case of statutory retention periods, deletion will only be considered after the respective retention period has expired.
4. Data protection information for applicants
The respective company to which an application is addressed only collects your personal data as an applicant if you provide it to us voluntarily by email, post or telephone. This applies to applications for job advertisements as well as unsolicited applications. We then record the information that was provided as part of the application. This includes in particular name, date of birth, contact details, interests, qualification data as well as school and professional backgrounds. The personal data collected from you will only be used for the purpose of carrying out the application process. The legal basis is Art. 6 Para. 1 a), b) and f) GDPR, Section 26 BDSG.
You are not obliged to provide the aforementioned personal data. The data provided may be required for a future contract after completion of the application process. Without the provision of the data, communication, implementation of the application process or conclusion of a contract may not be possible.
The data relevant in each individual case is transmitted on the basis of the legal provisions or a contractual agreement. Data is transmitted to employees in the human resources department, employees in the management and the respective department head. For the process of your application, we use an external service provider who collects and processes your data for the purpose of the application. We have concluded a contract for order data processing with this external service provider in accordance with Art. 28 GDPR. Your personal data will not be transmitted to third parties. There is no intention to transmit your data to a recipient in a third country (not a member state of the EU / EEA) or to an international organization.
We transmit the collected data to external service providers (IT service providers, e.g. Heyflow GmbH, Jungfernstieg 49, 20354 Hamburg) who support us in data processing for the purposes stated above.
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. Therefore, after completing the application process, if you are rejected, we will keep your data for six months after we notify you of the rejection decision. If you have consented to longer storage, the storage period is usually two years. After that, we will either delete your data or obtain your consent again. You have the option of revoking your consent to the processing of your personal data at any time.
5. Participation in competitions
We collect your personal data as a participant in competitions when you provide the information necessary for participation, e.g. in the form of contact details (name, address, email address, telephone number). The personal data you provide will only be used for the purpose of providing, conducting and processing competitions in accordance with the contract (legal basis Art. 6 Para. 1 b) GDPR) or if the processing serves our legitimate interests (legal basis Art. 6 Para. 1 f) GDPR). The legitimate interests considered here include ensuring the correct conduct of the competition through technical measures or presenting the winners. The latter takes place, for example, in the form of posts and photo galleries on our website, in our newsletters, in our social media presences and in our printed publications. In this respect, personal data may also be passed on to third parties. The participants' data will be deleted as soon as the respective competition has ended and the data is no longer required, for example to contact winners or participants or to present them as part of our PR and public relations work. Otherwise, participants' data will be deleted no later than 6 months after the end of a competition. Personal data of winners (first and second place winners, also in the respective category) is usually stored for up to 2 years, for example to answer queries about the prizes and to fulfill obligations arising from the contractual relationship. In addition to processing the data mentioned above, we transmit the data collected to external service providers (providers of tools for competitions) for processing in accordance with the purposes mentioned above (implementation of and support for competitions). The provision of personal data is neither legally nor contractually required, nor are you obliged to do so. Failure to provide this data will have no consequences for you.
6. Social Media
We also process your personal data when you visit us on our social media accounts. We maintain these social media accounts primarily to communicate with customers, interested parties and users, to increase our brand awareness and to advertise our products and services. The respective provider stores the data collected about you as usage profiles and uses them for the purposes of advertising, market research and/or needs-based design of its network. Such an evaluation is carried out in particular (also for users who are not logged in) to display needs-based advertising. For the respective data processing purposes and data categories, we refer to the individual social media accounts, which we explain in more detail below.
The legal basis for the use of these social media accounts is Art. 6 Para. 1 f) GDPR, as we have a legitimate interest in communicating and informing customers and interested parties via these accounts. If you wish to enter into a contractual relationship with us with your request, the legal basis for this processing is Art. 6 Para. 1 b) GDPR.
In addition to the processing of the above-mentioned data by the respective providers, we transmit the collected data to external service providers (e.g. platform, hosting, support and analysis service providers) for processing in accordance with the purposes mentioned above (implementation and support in communication and information as well as advertising). The personal data collected will be deleted as soon as they are no longer required for the processing purposes.
a) Facebook
We operate a social media account on Facebook ("fan page"), an online service of Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"). When you visit our fan page, Facebook processes your personal data in accordance with Facebook's privacy policy. You can find more information at: https://de-de.facebook.com/policy.php.
We process your personal data depending on your interaction with our fan page, including your Facebook user name, comments you have posted on our fan page and your activity on our fan page via the Facebook Page Insights service. Page Insights are aggregate statistics created based on certain events logged by Facebook servers when people interact with pages and the content associated with them, e.g. visits to our fan page, the amount of interactions, visits and the average duration of video playback, information about which countries and cities you come from and statistics on the general relationships of our visitors ("Events") and other information necessary to answer your potential requests. For more information about such events, see: https://www.facebook.com/legal/terms/page_controller_addendum. Facebook provides us with Page Insights so that we can gain insights into how visitors interact with our fan page and the content associated with them. We do not have access to the personal data processed during events, but only to the summarized page insights.
We are jointly responsible with Facebook within the meaning of Art. 26 GDPR for some of the processing of this personal data in events for page insights ("insights data") in connection with the fan page. The joint responsibility includes the creation of the events and their merging into page insights, which are then made available to us. We have concluded an agreement with Facebook for this purpose ("Page Insights Addendum", https://www.facebook.com/legal/terms/page_controller_addendum), which defines the respective responsibilities for fulfilling the obligations under the GDPR with regard to joint processing. Facebook makes the essentials of this Page Insights Addendum available to the data subjects (Art. 26 Para. 2 GDPR). This is currently done via the information on page insights data, which can be accessed here: https://www.facebook.com/legal/terms/information_about_page_insights_data. We are responsible for providing information on the joint processing of personal data. Facebook is responsible for ensuring that the rights of data subjects pursuant to Art. 15-20 GDPR with regard to the personal data stored by Facebook after joint processing are implemented. The contact details of the controller and Facebook's data protection officer can be found here: https://www.facebook.com/about/privacy.
In cases where personal data is transferred from Facebook to Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, these transfers are subject to the standard contractual clauses pursuant to Art. 46 GDPR. The Facebook EU data transfer addendum with reference to the standard contractual clauses is available here:https://www.facebook.com/legal/EU_data_transfer_addendum.
Facebook pixel conversion tracking, website custom audience, retargeting
We use the analysis tool Facebook Pixel, provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). Facebook Pixel uses JavaScript code and cookies to track the effectiveness of Facebook ads (“conversion tracking”), create target groups for future Facebook ads (“website custom audiences”) and be able to address users again later (“retargeting”). If you click on a Facebook ad, Facebook stores cookies on your device. The cookies make it possible to recognize which of our offers you have viewed and subsequently used. By integrating the Facebook pixel, Facebook receives the information that you have accessed the corresponding web page on our website or clicked on one of our ads. If you are registered with a Facebook service, Facebook can assign the visit to your account. Facebook provides us with statistical evaluations that show which parameters of the Facebook ads are working and where there is a need for optimization. Based on the Facebook pixel, we also create target groups (“Website Custom Audiences”) in order to only show Facebook ads to those users who are interested in our offers or similar offers. Using this data, Facebook can then only display the respective Facebook ads to those users who fall into the target group mentioned above. In doing so, we also use the option of addressing you again later with suitable advertising (“retargeting”). We use conversion tracking to determine how effectively clicks on Facebook ads lead to certain activities on our website, such as purchases, registrations or filling out forms. We use Website Custom Audiences and retargeting to efficiently and specifically address users or user groups who have already interacted with our website or our offers. The legal basis for the use of Facebook pixel is your consent in accordance with Art. 6 Para. 1 a) GDPR. We are jointly responsible with Facebook for some of the data processing carried out in connection with Facebook pixel within the meaning of Art. 26 GDPR. The joint responsibility includes the collection of such personal data (“event data”,https://www.facebook.com/legal/terms/businesstools_jointprocessing) using Facebook pixels and then transmitting them to Facebook for the purposes of (i) displaying suitable advertising based on user interests, (ii) delivering commercial and transaction-related messages and (iii) improving ad delivery and personalizing features and content. Facebook remains the sole controller for any processing of this data after it has been transmitted to Facebook. We have concluded an agreement with Facebook for this purpose ("Additional Data Controller",https://www.facebook.com/legal/controller_addendum), which sets out the respective responsibilities for fulfilling the obligations under the GDPR with regard to joint processing. According to this, we are responsible for providing information on the joint processing of personal data. Facebook is responsible for enabling the rights of data subjects under Art. 15-20 GDPR with regard to the personal data stored by Facebook after joint processing. The contact details of the controller and Facebook's data protection officer can be found here:https://www.facebook.com/about/privacyIn addition to the processing of the above-mentioned data by Facebook, we transmit the collected data for processing to external service providers (e.g. platform, hosting, support and analysis service providers) in accordance with the purposes stated above (implementation and support in targeted advertising and analysis of the impact and efficiency of this advertising). In cases where personal data is transferred from Facebook to Meta Platforms Inc., 1 Hacker Way, Menlo Park, CA 94025, USA under its own responsibility, these transfers are subject to the standard contractual clauses in accordance with Art. 46 GDPR. The Facebook EU data transfer addendum with reference to the standard contractual clauses is available here:https://www.facebook.com/legal/EU_data_transfer_addendumThe personal data collected will be deleted as soon as they are no longer required for the purposes of processing, which is usually the case after 6 months from the date of collection of the data.
b) Instagram
We operate a social media account on Instagram, an online service of Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Instagram"). When you visit our Instagram page, Instagram processes your personal data in accordance with Instagram's privacy policy. You can find more information at: https://www.instagram.com/legal/privacy/.
We process your personal data depending on your interaction with our Instagram page, including your Instagram username, comments you have posted on our Instagram page and your activity on our Instagram page through the Instagram "Insights" service. Insights are aggregate statistics created based on certain events logged by Instagram servers when people interact with pages and the content associated with them, e.g. visits to our Instagram page, the amount of interactions, visits and the average duration of video playback, information about which countries and cities you come from and statistics on the general relationships of our visitors and other information necessary to answer your potential requests. Instagram provides us with the insights so that we can gain insights into how visitors interact with our Instagram page and the content associated with them. We do not have access to the personal data, only to the aggregate insights.
In cases where personal data is transferred from Instagram to Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, these transfers are subject to the standard contractual clauses pursuant to Art. 46 GDPR. The Facebook EU data transfer addendum with reference to the standard contractual clauses is available here:https://www.facebook.com/legal/EU_data_transfer_addendum.
c) XING
We operate a social media account on XING, an online service of XING SE, Dammtorstraße 30, 20354 Hamburg, Germany ("XING"). When you visit our XING page, XING processes your personal data in accordance with XING's privacy policy. You can find more information at: https://privacy.xing.com/de.
We process your personal data depending on your interaction with us on our XING page, including your XING user name, comments you have published on our XING page and your activity on our XING page. We receive aggregated statistics that are created based on certain interactions when people interact with our XING page and the content associated with them, e.g. visits to our XING page, the volume of interactions, information about which countries and cities you come from and statistics about the field of work of our visitors and other information that is necessary to answer your potential inquiries. XING provides us with these statistics so that we can gain insights into how visitors interact with our XING page and the content associated with them. We do not have access to the personal data, only to the aggregated statistics.
d) LinkedIn
We operate a social media account on LinkedIn, an online service of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland ("LinkedIn"). When you visit our LinkedIn page, LinkedIn processes your personal data in accordance with LinkedIn's privacy policy. You can find more information at: https://www.linkedin.com/legal/privacy-policy.
We process your personal data depending on your interaction with us on our LinkedIn page, including your LinkedIn username, comments you have posted on our LinkedIn page and your activity on our LinkedIn page through the LinkedIn "Page Insights" service. "Page Insights" are aggregate statistics created based on certain interactions logged by LinkedIn servers when people interact with our LinkedIn page and the content associated with them, e.g. visits to our LinkedIn page, the volume of interactions, information about which countries and cities you come from and statistics on the field of work of our visitors and other information necessary to answer your potential inquiries. LinkedIn provides us with Page Insights so that we can gain insights into how visitors interact with our LinkedIn page and the content associated with them. We do not have access to the personal data, only to the aggregate statistics.
We are jointly responsible with LinkedIn for some of the processing of this personal data for Page Insights in connection with the LinkedIn page within the meaning of Art. 26 GDPR. The joint responsibility includes the processing of personal data to create Page Insights, which is then made available to us. We have concluded an agreement with LinkedIn for this purpose ("Page Insights Joint Controller Addendum", https://legal.linkedin.com/pages-joint-controller-addendum), which sets out the respective responsibilities for fulfilling the obligations under the GDPR with regard to joint processing. LinkedIn provides the data subjects with the essence of this Page Insights Joint Controller Addendum at the link above (Art. 26 Para. 2 GDPR). LinkedIn has subsequently committed to accepting responsibility under the GDPR for the provision of Page Insights and will comply with all applicable obligations under the GDPR with regard to the processing of Page Insights (including, but not limited to, Art. 12-22 and Art. 32-34 GDPR). This means that LinkedIn will, among other things, ensure that users are informed about the data processed and support members in their right to access and deletion. The contact details of the controller and LinkedIn's data protection officer can be found here: https://www.linkedin.com/legal/privacy-policy.
In cases where personal data is transferred from LinkedIn to LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA, these transfers are subject to the standard contractual clauses pursuant to Art. 46 GDPR. You can request a copy of these standard contractual clauses from LinkedIn at https://www.linkedin.com/legal/privacy-policy.
LinkedIn Ads Conversion, Remarketing and Lead Generation
We use the LinkedIn Ads advertising system of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”) to draw attention to our offer using advertising (so-called LinkedIn Ads) on LinkedIn. LinkedIn is responsible for the delivery of LinkedIn Ads and the associated data processing. You can find more information about LinkedIn Ads at:https://business.linkedin.com/marketing-solutions/adsandhttps://www.linkedin.com/help/linkedin/answer/a421454. As part of the use of LinkedIn Ads, we use conversion tracking. If you click on a LinkedIn ad, LinkedIn stores cookies on your device and records data about visits to our website, including URL, referrer URL, IP address, device and browser properties, timestamps and demographic data from LinkedIn if you are an active LinkedIn user. The IP addresses are shortened or (if they are used to reach members across devices) hashed. The direct identifiers of the members are removed within seven days in order to pseudonymize the data. This remaining pseudonymized data is then deleted within 180 days. LinkedIn does not share any personal data with us, but only offers reports and communications (in which you are not identified) about the website target group and ad performance. The cookies make it possible to recognize which of our offers you have viewed and subsequently used. We also use LinkedIn Ads Remarketing. Our LinkedIn ads are delivered on LinkedIn in a targeted manner when these users or groups of users visit LinkedIn. With LinkedIn Ads Remarketing, we analyze your usage behavior on our website, for example which of our offers you are interested in. This allows you to be shown targeted advertising on LinkedIn even after you leave our website. This makes it possible to recognize and analyze which of our offers you are interested in. In addition to using LinkedIn Ads Conversion and Remarketing, we use LinkedIn Lead Gen Forms. LinkedIn Lead Gen Forms are special forms that can be integrated directly into LinkedIn ads and enable users to express information or interest in our offers directly on LinkedIn without having to visit our website. When you fill out a LinkedIn Lead Gen form, LinkedIn collects certain personal data that you enter in the form, such as your name, contact information, company affiliation, job title, and other data requested in the form. We use LinkedIn Ads for advertising to determine how effectively clicks on LinkedIn ads lead to certain activities on our website, such as purchases, registrations, or form filling, and so that we can process your request and provide you with information or services according to your interest. The legal basis for the use of LinkedIn Ads Conversion is your consent in accordance with Art. 6 Paragraph 1 a) GDPR. In addition to the processing of the above-mentioned data by LinkedIn, we transmit the collected data to external service providers (e.g. platform, hosting,support and analysis service providers) in accordance with the purposes stated above (implementation and support in targeted advertising and analysis of the impact and efficiency of this advertising). In cases where personal data is transferred from LinkedIn to LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA under its own responsibility, these transfers are subject to the standard contractual clauses pursuant to Art. 46 GDPR and the EU-US Data Privacy Framework (DPF). The LinkedIn Data Processing Agreement with reference to the standard contractual clauses is available here:https://www.linkedin.com/legal/l/dpaThe personal data collected will be deleted as soon as they are no longer required for the purposes of processing, which is usually the case after 6 months from the date of collection of the data.
e) Twitter
We operate a social media account on Twitter, an online service of Twitter International Company, One Cumberland Place, Fenian Street Dublin 2, D02 AX07, Ireland ("Twitter"). When you visit us on Twitter, Twitter processes your personal data in accordance with Twitter's privacy policy. You can find more information at: https://twitter.com/de/privacy.
We process your personal data depending on your interaction with us on Twitter, including your Twitter username, comments you have posted on our tweets and your activity on our tweets via the Twitter "Analytics" service. "Analytics" are aggregate statistics created based on certain interactions logged by Twitter servers when people interact with tweets and the content associated with them, e.g. visits to Twitter, the volume of interactions, information about which countries and cities you come from and statistics on the general relationships of our visitors and other information necessary to answer your potential requests. Twitter provides us with the analytics so that we can gain insights into how visitors interact with our tweets and the content associated with them. We do not have access to the personal data, only to the aggregate statistics.
In cases where personal data is transferred from Twitter to Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, these transfers are subject to the standard contractual clauses pursuant to Art. 46 GDPR. You can request a copy of these standard contractual clauses from Twitter at https://twitter.com/de/privacy.
f) YouTube
We operate a social media account on YouTube, an online service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("YouTube"). When you visit us on our YouTube channel, YouTube processes your personal data in accordance with YouTube's privacy policy. You can find more information at: https://policies.google.com/privacy.
We process your personal data depending on your interaction with us on our YouTube channel, including your YouTube username, comments you have posted on our YouTube channel and your activity on our YouTube channel through the YouTube Analytics service. We receive aggregate statistics created based on certain interactions when people interact with our YouTube channel and the content associated with them, e.g. visits to our YouTube channel, the volume of interactions, visits and the average duration of video playback, information about which countries and cities you come from and statistics on the general relationships of our visitors and other information necessary to answer your potential requests. YouTube provides us with these statistics so that we can gain insights into how visitors interact with our YouTube channel and the content associated with them. We do not have access to the personal data, only to the aggregate statistics.
In cases where personal data is transferred from Google to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, these transfers are subject to the standard contractual clauses pursuant to Art. 46 GDPR. The YouTube data processing conditions with reference to the standard contractual clauses are available here:https://www.youtube.com/t/terms_dataprocessing
Objection or revocation against the processing of your data
If you have given your consent to the processing of your data, you can revoke it at any time. Such a revocation affects the legality of the processing of your personal data after you have expressed it to us.
If we base the processing of your personal data on the balance of interests, you can object to the processing. This is the case if the processing is not necessary to fulfill a contract with you, which we will explain in the description of the functions below. If you exercise such an objection, we ask you to explain the reasons why we should not process your personal data as we do. If your objection is justified, we will examine the situation and either stop or adapt the data processing or show you our compelling legitimate reasons on the basis of which we continue the processing.
Of course, you can object to the processing of your personal data for advertising and data analysis purposes at any time. You can inform us of your objection to advertising using the contact details provided under Section I.
VI. Your rights
In accordance with Art. 15 GDPR, you have the right to request information about your personal data processed by us. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected from us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information on its details.
According to Art. 16 GDPR, you can immediately request the correction of incorrect or incomplete personal data stored by us. According to Art. 17 GDPR, you have the right to request the deletion of your personal data stored by us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.
According to Art. 18 GDPR, you have the right to request the restriction of the processing of your personal data if you contest the accuracy of the data, the processing is unlawful but you refuse to delete it and we no longer need the data, but you require it to assert, exercise or defend legal claims or you have objected to the processing in accordance with Art. 21 GDPR.
According to Art. 20 GDPR, you have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transmitted to another controller.
According to Art. 7 Para. 3 GDPR, you have the right to revoke your consent at any time. This means that we may no longer continue the data processing based on this consent in the future.
In addition, pursuant to Art. 77 GDPR, you have the right to complain to a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, about our processing of your personal data if you consider that the processing of personal data concerning you violates the GDPR.
VII. Information on joint responsibility
We have concluded an agreement pursuant to Art. 26 GDPR to regulate the processing of personal data under joint responsibility. This agreement regulates the data protection rights and obligations of the contracting parties when carrying out the cooperation and, in particular, specifies the distribution and fulfillment of the data protection tasks and obligations.
The subject of the data processing is the joint operation of software systems for the central administration of address data as well as product, supplier and customer information for inventory and shipping control including tour planning, the operation of joint websites and web shops, joint marketing and advertising measures as well as the provision of goods deliveries and other services. For this purpose, the controllers jointly process personal data of customers, interested parties and suppliers. The contracting parties are equally responsible for this processing.
The fulfillment of data subject rights according to Art. 12 ff. GDPR and the processing of your corresponding requests have been divided between the companies of the IGEPA group as follows:
If you are a customer of the IGEPA group, your inquiries and data subject rights as well as the personal data will be processed by the responsible contractual party to which you are assigned. If a customer is assigned to several responsible parties, the contractual party in whose postal code area the respective data subject is based is responsible.
If you are a supplier of the IGEPA group, your enquiries and data subject rights as well as the personal data will be processed centrally by Igepa group GmbH & Co. KG, Heidenkampsweg 74-76, 20097 Hamburg. Enquiries and data subject rights as well as the personal data of other data subjects will be processed by the contracting party in whose postal code area the data subject is located.
