DATA PROTECTION POLICY
IGEPA group attaches great importance to the protection and the lawful collection, processing and use of your data and the safeguarding of your privacy. In order to ensure the confidentiality of your data under the applicable statutory provisions of data protection law, we have taken technical and organisational measures to protect your data from manipulation, loss, destruction or access from unauthorised persons.
In the following, we shall inform you of the collection and processing of your personal data at IGEPA group GmbH & Co. KG and the rights to which you are entitled in accordance with data protection law.
I. Name and contact details of the data controller and data protection officer
- The data controller as defined by the General Data Protection Regulation (GDPR) and other national data protection legislation is
- IGEPA group GmbH & Co. KG
- Heidenkampsweg 74-76
- 20097 Hamburg
- Telephone: +49 40 72 77 88 0
- Fax: +49 40 72 77 88 50
- Email: firstname.lastname@example.org
- The data controller as defined by the General Data Protection Regulation (GDPR) and other national data protection legislation is
- You can contact our data protection officer at email@example.com, our address, adding ‘Data protection officer’, or at the telephone number stated under 1.
II. General information on data collection and purposes and legal bases of data processing
- We process your personal data in line with the provisions of the GDPR, the German Federal Data Protection Act (BDSG) and all other applicable legislation.
- We only process personal data as a rule if this is required to provide our services and a functioning web page. The individual data processed and how this is used are based on the commissioned or agreed services or the object of the intended, ongoing or concluded contractual relationship.
- The primary purpose of data processing is to establish and fulfil a contractual relationship with you. If you make contact with us via a contact form, by phone, email or post, or by other means, we store the data you disclose in order to fulfil, for instance, goods deliveries or other services and associated activities, and to be able to communicate with you. The overriding legal basis for this is Article 6, para. 1 b) GDPR. Your separate consent, in accordance with Article 6, para. 1 a), 7 GDPR, may also be called upon as a permission provision under data protection law. We also process your data in order to be able to fulfil our legal obligations, particularly in the realm of commercial and tax law. The basis for this is Article 6, para. 1 c) GDPR. If necessary, we also process your data on the basis of Article 6, para. 1 f) GDPR, in order to safeguard our legitimate interests or those of third parties.
III. Categories of personal data and duration of storage
- Relevant personal data categories may include, in particular:
- Personal details (title, first name, surname, profession/industry and similar)
- Address/contact details (address, email address, telephone number and similar)
- Contract details (date and occasion for contact being made, contact partners’ contact details, content of contracts, bank details, customer history and similar)
- Information on your financial situation (payment behaviour, credit information, i.e. data for assessing financial risk)
- Data regarding your use of the media we provide (e.g. time of accessing our web pages, apps or newsletter, clicked pages/links of ours or entries and similar)
- We delete your personal data as soon as the purpose of storage lapses. Once the contractual relationship has come to an end, your personal data shall be stored for as long as we are legally obliged to do so. This occurs regularly due to legal obligations to provide evidence and retain information which are set out in the German Commercial Code and Fiscal Code, among others. The storage periods are accordingly up to ten years. As part of this process, personal data may also be retained for the period in which claims may be asserted against us (statutory limitation period of three or up to thirty years).
IV. Transmission of data to third parties
- Within our company, your personal data shall only be obtained by those persons and entities requiring said data to fulfil our contractual and legal obligations or as part of handling and implementing our legitimate interest. Your data is also transmitted to certain companies within our group which take care of central data processing tasks (e.g. marketing, IT support). Corresponding contract processing agreements have been concluded with these companies and compliance with statutory data protection provisions has been ensured.
- Your personal data is only transmitted to third parties
- if you have given us your explicit consent to said transmission in accordance with Article 6, para. 1 a) GDPR,
- according to Article 6, para. 1 b) GDPR, insofar as this is required to perform the contractual relationship with you (e.g. logistics service providers),
- for the purposes of fulfilling legal stipulations, according to which we are obliged to disclose, report or pass on data (e.g. financial authorities) or the passing on of data is in the public interest (Article 6, para. 1 c) GDPR),
- insofar as external service providers process data on our behalf as processors or contractors (e.g. external IT centres, maintenance of telecommunications and IT facilities and/or applications, archiving, document processing, data destruction, purchasing/acquisition, advertising and marketing),
- on the basis of our legitimate interest or the legitimate interest of a third party in accordance with Article 6, para. 1 f) GDPR and insofar as there is no reason to assume that you have an overwhelming interest worthy of protection in your data not being passed on (e.g. credit agencies, commercial credit insurance, collection service providers, lawyers, courts, experts).
V. Collection of personal data on our website
- Visiting our website
- Each time our web page is accessed, our system automatically records data and information which your browser transmits to our server (known as ‘server log files’). When you wish to view our web page, we collect data which is technically required for us to display our web page to you and ensure stability and security. The data is also stored in our system’s log files. This data includes the IP address, date and time of the request, the content of the request (specific page), access status/HTTP status code, the amount of data transferred, the web page the request comes from, browser, operating system and its interface and language and version of the browser software. This data is not stored together with the user’s other personal data. However, we reserve the right to retrospectively examine the server log files if there are specific indications of unlawful use.
- The legal basis for the temporary storage of data and log files is Article 6, para. 1 f) GDPR. The temporary storage of the IP address by the system is required to enable the web page to be delivered to your browser. Your IP address must be stored for the duration of the session for this purpose. Storage in log files occurs in order to ensure the functionality of the web page. The data also helps us optimise the web page and ensure the security of our IT systems. These objectives are also the source of our legitimate interest in data processing in accordance with Article 6, para. 1 f) GDPR. The data is not evaluated for marketing purposes in this context.
- The data is erased as soon as it is no longer required to achieve the purpose of its collection. In the event that data is recorded to provide the web page, this is the case when the relevant session comes to an end. Log files are erased within 7 days of accessing the web page.
- The collection of the data when visiting the web page and the storage of the data in log files is crucial for the operation of the web page. Accordingly, you do not have the option to object.
- As well as the use of our website for purely informational purposes, we offer various services which you may use if interested. In order to do so, you usually need to provide additional personal data which we use to provide the relevant service and for which the above principles of data processing apply.
- We sometimes use external service providers to process your data. They have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored. If our service providers or partners have their headquarters in a state outside of the European Economic Area (EEA), we shall inform you of the consequences of this circumstance in the description of the relevant service.
- We may also pass on your personal data to third parties if participation in promotions, competitions, conclusion of contracts or similar services are offered by us together with partners. You will receive more detailed information in this regard when providing your personal data or below in the description of the relevant service.
- When you use our web page, cookies are stored on your computer system. Cookies are text files which are stored in the Internet browser or by the Internet browser on your computer system. If you access a web page, a cookie can be stored on your operating system. This cookie contains a characteristic string enabling clear identification of the browser when you access the web page again.
- This web page uses the following types of cookies, whose scope and function are explained below:
- Transient cookies (temporary use)
- Persistent cookies (time-limited use)
- Third-party cookies (from third-party providers according to separate information).
- Persistent cookies are only used in conjunction with the web analytics services we use and are only used for as long as is required for this purpose; they have a maximum lifespan of two years. You may delete the cookies in the security settings of your browser at any time. In that event, the functions and user-friendliness of the service may be limited. The legal basis for processing personal data using persistent cookies is Article 6, para. 1 f) GDPR. Analytics cookies are used for the purposes of improving the quality of our web page and its content. These analytics cookies help us learn how the web page is used and allow us to constantly improve our service. These objectives are also the source of our legitimate interest in processing personal data in accordance with Article 6, para. 1 f) GDPR.
- Use of contact forms / registration
- We collect your personal data if you provide this to us of your own accord via our contact forms. We then record the relevant information which materialises in conjunction with contact being made. This includes, in particular, names and contact details provided and the date and occasion of contact being made. The personal data recorded concerning you is only used for the purpose of providing you with the desired products or services and to correspond with you. Data processing occurs on the basis of Article 6, para. 1 b) GDPR.
- The data is erased as soon as it is no longer required to achieve the purpose of its collection. For the personal data from the entry form in the contact form, this is the case when the relevant conversation with you has come to an end.
The conversation has come to an end if it can be gathered from the circumstances that the relevant matter has been dealt with conclusively. If the data disclosed is subject to retention obligations set out in tax and commercial law, it is stored for the duration of the retention obligations of ten years and then erased, unless you have consented to storage beyond this or further processing of the data is required for the assertion, exercise or defence of legal claims (statutory limitation period of three or up to thirty years).
- With your consent, you may subscribe to our newsletter, which we use to inform you of our latest great offers. The goods and services advertised are stated in the declaration of consent.
- We use what is known as the ‘double opt-in process’ for newsletter sign-up. This means we send an email after sign-up to the email address you provided requesting confirmation that you wish to receive the newsletter. If you do not confirm sign-up within 24 hours, your information will be blocked and automatically erased after one month. We also store the IP addresses you use and the sign-up and confirmation times. The aim of the process is to verify that you have signed up and shed light on any potential misuse of your personal data. The legal basis for this is Article 6, para. 1 a) and c), Article 7, para. 1 GDPR.
- The mandatory details required to send the newsletter are your e-mail address, your surname and your company name. The newsletter is aimed exclusively at business clients, so the surname and company name must be supplied for verification. If you already have a customer number, you may supply this to us at your own discretion for comparison of your data. Once you have confirmed sign-up, we will store the details you provided for the purposes of sending the newsletter. The legal basis for this is Article 6, para. 1 a) GDPR. The data is erased when it is no longer required for the purpose of its collection. The user’s email address is therefore stored as long as the newsletter subscription is active.
- You may withdraw your consent to receiving the newsletter, to your personal data being supplied to companies in the IGEPA group and to the person-related analysis of your usage behaviour and unsubscribe from the newsletter at any time. You may withdraw your consent by clicking on the link provided in every newsletter email or by sending a message to the contact details provided in the legal notice.
- The newsletter is delivered by Inxmail GmbH, Wentzingerstr. 17, 79106 Freiburg (‘Inxmail’). Your email address and other data indicated in this policy for newsletter receipt are stored on the Inxmail servers in Germany. Inxmail uses this information to deliver and analyse the newsletter on our behalf. Furthermore, based on its own information, Inxmail may use this data to optimise or improve its own services, e.g. for the purposes of technical optimisation of the delivery and presentation of the newsletter or for commercial purposes, in order to establish which countries recipients come from. However, Inxmail does not use the data to write to them itself or to pass on to third parties.
- The newsletters contain what is known as a ‘web beacon’, i.e. a pixel-sized file that is retrieved when opening the newsletter from the Inxmail GmbH server. When this file is retrieved, technical information, such as data regarding your browser and system, as well as your IP address and the time of retrieval, are collected in the first instance. This information is used for the technical improvement of services based on the technical data or the target audiences and their reading behaviour. Statistics collected also include whether or not newsletters were opened, when they were opened, and which links were clicked. This information is not assigned to individual newsletter recipients, but only stored in anonymised form. The analyses are intended to recognise our users’ reading habits and adapt our content to them. If you have given your consent, the above recipient reactions are collected and stored in connection to your person. This allows us to better match the content of the newsletter to your personal interests.
- You may object to this tracking at any time by contacting us. The information is stored for as long as you are signed up to the newsletter. If you unsubscribe, we shall then erase your data. This type of tracking is also not possible if you have deactivated the display of images as standard in your email application. In that case, the newsletter shall not be displayed to you in full and you may not be able to use all of its functions. If you display the images manually, the above tracking shall take place.
- The use of the provider Inxmail GmbH, the collection of statistics and analyses and the logging of the sign-up process are carried out based on our legitimate interests in accordance with Article 6, para. 1 f) GDPR. Our interest is in the implementation of a userfriendly and secure newsletter system that serves our commercial interests while also meeting the expectations of our users.
- Embedding Google Fonts
- We use the Google Fonts service on our web page. We use this service in the interest of displaying our web page in a uniform and appealing way. When accessing a page, your browser loads the required web fonts in your browser cache in order to correctly display texts and typefaces. If your browser does not support web fonts, a standard typeface from your computer is used. The legal basis for the use of Google Fonts is Article 6, para. 1 f) GDPR.
- When you visit the web page, Google receives the information that you have accessed the relevant sub-page of our web page. This occurs irrespective of whether Google provides a user account that you are logged into or whether there is no user account. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish it to be assigned to your Google profile, you must log out before activating the button. Google stores your data as a usage profile and uses it for the purposes of advertising, market research and/or appropriate design of their website. This evaluation takes place in particular (even for users who are not logged in) to provide appropriate advertising and to inform other users on the social network of your activities on our website. You have the right to object to the creation of these user profiles. To exercise this right, you must contact Google.
- You can find more information on the purpose and scope of data collection and its processing by this provider in the provider's data protection policies. There, you will also find more information on your rights and setting options for the protection of your privacy: http://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has signed up to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. Opt-out: https://adssettings.google.com/authenticated
- Use of eTracker
- This website uses etracker, a web analytics service from etracker GmbH, Hamburg. In this context, cookies are used to permit statistical analysis of the use of this website by its visitors and the display of usage-related content or advertising. Cookies are small text files which are stored by the Internet browser on the user’s end device. etracker cookies do not contain any information which permits identification of a user. The IP address is anonymised as soon as possible and login or device identifiers are converted into a code which is unique but cannot be attributed to a person. No other use, combination with other data or transfer to third parties takes place through etracker.
- Data processing takes place on the legal basis of Article 6, para. 1 f) GDPR. Our legitimate interest lies in optimising our online service and web presence. The data collected is not combined with other data or otherwise used for personalised data evaluation.
- The data collected using etracker is exclusively processed and stored on behalf of the provider of this website by etracker in Germany and is therefore subject to stringent German and European data protection legislation and standards. In this respect, etracker has been independently audited, certified and awarded the data protection seal of quality https://www.eprivacy.eu/en/customers/awarded-seals/company/etracker-gmbh/. More information on data protection at etracker can be found at https://www.etracker.com/en/data-privacy/.
- Using our online shop
- If you would like to make an order in our online shop, you must provide the personal data we require to process your order to conclude the contract. If you are already a customer of our company, you do not need to record any additional data. All that is required is activation for use of the online shop. New customers must register first of all and provide personal data (name, address and contact data (telephone, email address)). Obligatory details required for the processing of contracts are marked separately. Additional details are voluntary. We store the data you provide for the purposes of issuing a customer number and activation for use of the online shop. The legal basis for the processing of this personal data is Article 6, para. 1 b) GDPR.
- Following performance of the contract, your address, payment and order data is stored for the duration of retention obligations set out in tax and commercial law of ten years and are then erased, unless you have consented to storage beyond this or additional processing of the data is required for the assertion, exercise or defence of legal claims. The legal basis of the processing of personal data for the purpose of fulfilling legal archiving and retention obligations is Article 6, para. 1 c) GDPR.
- We process the data you provide in order to process your order. Accordingly, we may provide your data to our bank, commercial credit insurers, logistics service providers and your chosen payment providers. We are entitled to pass on this personal data in accordance with Article 6, para. 1 b) GDPR. Our service providers may only process or use your data for the purpose for whose fulfilment it was transmitted to you if necessary. Insofar as data is passed on to external service providers, we have ensured through technical and organisational measures that the data protection provisions are taken into account.
- You are not obliged to provide the above personal data. However, the data disclosed is required to conclude a contract. If the data is not provided, it is possible that communication or the conclusion or processing of a contract may not occur.
- Data security
- Within the web page visit, we use the common SSL (secure socket layer) procedure in conjunction with the highest level of encryption supported by your browser. This is usually 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page on our web presence is communicated in an encrypted form from the closed display of the key or castle symbol in the lower status bar of your browser.
- We also use suitable technical and organisational security measures to protect your data from accidental or malicious manipulations, partial or total loss, destruction, or unauthorised access from third parties. Our security measures are subject to ongoing improvement in line with technological advances.
VI. Your rights
- The applicable data protection law guarantees you comprehensive subjects’ rights with regard to the processing of your personal data (rights to disclosure and intervention), as follows:
- In accordance with Article 15 GDPR, you have the right to request access to the personal data processed by us concerning you. In particular, you may request access to the purposes of the processing, the category of personal data, the categories of recipient to whom your personal data has been or will be disclosed, the envisaged storage period, the existence of the right to rectification, erasure, restriction of processing or to object, the right to lodge a complaint, the data source, if it has not been collected by us, and the existence of automated decision-making, including profiling, as well a any meaningful information about the particularities.
- In accordance with Article 16 GDPR, you may request the rectification without undue delay of inaccurate personal data stored by us concerning you or the completion of said data. In accordance with Article 17 GDPR, you have the right to request the erasure of the personal data stored by us concerning you, unless process is required for the exercise of the right to freedom of speech and information, the fulfilment of a legal obligation, on grounds of public interest or for the assertion, exercise or defence of legal claims.
- In accordance with Article 18 GDPR, you have the right to request the restriction of processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, you nevertheless refuse its erasure and we no longer require the data, you nevertheless require this for the assertion, exercise or defence of legal claims, or you have lodged an objection to the processing in accordance with Article 21.
- In accordance with Article 20 GDPR, you have the right to receive your personal data, which you provided to us, in a structured, commonly used and machine-readable format or request its transmission to another controller.
- In accordance with Article 7, para. 3 GDPR, you have the right to withdraw consent you have previously given to the processing of your data from us at any time. Any such withdrawal influences the permissibility of processing your personal data once you have declared it to us. If our processing of your personal data is based on the weighing up of interests, you can lodge an objection to processing. This occurs, in particular, if processing is not required for the fulfilment of a contract with you, which is outlined by us in each case for the previously described functions. If any such objection is exercised, we ask for an explanation of the reasons why we should not process your personal data as we have done. In the event of your justified objection, we assess the situation and shall either cease or modify data processing or indicate to you our mandatory grounds worth protecting for continued processing.
You may naturally object to the processing of your personal data for the purposes of marketing and data analysis at any time. In order to do this, you may use the link available in every newsletter or inform us of your objection to marketing using the following contact details:
IGEPA group GmbH & Co. KG
Tel.: 040 / 72 77 88 - 0
- In accordance with Article 77 GDPR, you also have the right to lodge a complaint with a supervisory authority regarding our processing of your personal data, namely to the state officer for data protection and freedom of information responsible for us in Hamburg, Klosterwall 6, 20095 Hamburg, telephone: 040 / 428544040, email: firstname.lastname@example.org.
VII. Applicability of and changes to this data protection policy
- This data protection policy is currently valid as of July 2018.
- As a result of the further development of our website and services thereupon or due to changed legal or official provisions, it may be necessary to amend this data protection policy. You may access and print the current data protection policy at any time at https://www.igepa.de/cms/igepa-group/footer/datenschutzerklaerung/.