Legal & Imprint
Skincare Techclub is a non-profit platform to bring people and ideas together in the field of skin care, tech and digitalization. Although the individuals are each 100% committed to professions, jobs and employers, and of course super-enthusiastic about impacting the way we treat our skin, Skincare Techclub remains brand, tech and world view agnostic. Except for the obvious nonsense.
German and European law requires us to provide you the following legal information. Tldr; You can reach us anytime through firstname.lastname@example.org and we will resolve everything that needs to be resolved. Promised!
Information according to § 5 German tele media law
Skincare techclub is provided by
IONIQ Skincare GmbH & Co. KG
Personal Care Verwaltungs GmbH
• Dr. Valentin Langen
• Roland Frotscher
Phone: +49(0)7544 505-1831
Register court: Amtsgericht Freiburg i. Br. HRB 705920
Recorded on 28th March 2019
USt.-ID: / VAT: 87021 / 03838
The European Commission provides a platform for online dispute resolution (OS): https://ec.europa.eu/consumers/odr. Please find our email in the impressum/legal notice. We do not take part in online dispute resolutions at consumer arbitration boards.
Limitation of liability for internal content
All offers are non-binding. We reserve the right to change, supplement or delete parts of the pages or the entire offer without separate announcement or to stop the publication temporarily or permanently.
Limitation of liability for external links
Our website contains links to the websites of third parties (“external links”). While we strive to provide only quality links to useful and ethical websites, we have no control over the content and nature of these sites. These links to other websites do not imply a recommendation for all the content found on these sites. Site owners and content may change without notice and may occur before we have the opportunity to remove a link, which may have gone ‘bad’.
As the content of these websites is not under our control, we cannot assume any liability for such external content. In all cases, the provider of information of the linked websites is liable for the content and accuracy of the information provided. At the point in time when the links were placed, no infringements of the law were recognizable to us. As soon as an infringement of the law becomes known to us, we will immediately remove the link in question.
Copyright and Trademark
The content and works published on this website are governed by the copyright laws of Germany. Any duplication, processing, distribution or any form of utilization beyond the scope of copyright law shall require the prior written consent of the author or authors in question.
The author endeavors to observe the copyrights of the images, graphics, sound documents, video sequences and texts used in all publications, to use images, graphics, sound documents, video sequences and texts created by himself or to resort to license-free graphics, sound documents, video sequences and texts or to state the source otherwise.
All brand names and trademarks mentioned within the Internet offer and possibly protected by third parties are subject without restriction to the provisions of the applicable trademark law and the ownership rights of the respective registered owners. Just because of the mere mention is not to draw the conclusion that trademarks are not protected by rights of third parties!
The copyright for published objects created by the author remains solely with the author of the pages. Reproduction or use of such graphics, sound documents, video sequences and texts in other electronic or printed publications is not permitted without the express consent of the author.
- 1. AN OVERVIEW OF DATA PROTECTION
- 1.1. General
IONIQ Skincare GmbH & Co. KG (further legal information can be found in the Legal Information section) is the entity responsible for complying with data protection legislation relating to this website. We are delighted by your interest in our website, and we want you to feel secure and happy during your visit. IONIQ Skincare GmbH & Co. KG (hereinafter “IONIQ”) therefore takes the protection of your personal data very seriously. This data privacy statement is intended to inform you about which personal data we collect from you when you use our website, and for what purposes we process and use this data.
IONIQ reserves the right to modify its data privacy statement at any time to reflect changing legal provisions and requirements, or to make other updates as it sees fit. Please keep yourself up to date about changes to the data privacy statement by visiting the relevant link from our website to view it. If you have any general questions about our website, please get in touch with us:
Phone: +49(0)7544 505-1831
- 1.2. Data collection on our website
Who is responsible for the data collection on this website?
The data collected on this website are processed by the website operator. The operator’s contact details can be found in the website’s required legal notice.
How do we collect your data?
Some data are collected when you provide it to us. This could, for example, be data you enter on a contact form. Other data are collected automatically by our IT systems when you visit the website. These data are primarily technical data such as the browser and operating system you are using or when you accessed the page. These data are collected automatically as soon as you enter our website.
What do we use your data for?
Part of the data is collected to ensure the proper functioning of the website. Other data can be used to analyze how visitors use the site.
When do we share your information?
Your personal data will only be forwarded or transmitted to third parties or processors if this is necessary for the purpose of carrying out the processing purpose and if there is a corresponding requirement for such authorization.
What rights do you have regarding your data?
You always have the right to request information about your stored data, its origin, its recipients, and the purpose of its collection at no charge. You also have the right to request that it be corrected, blocked, or deleted. You can contact us at any time using the address given in the legal notice if you have further questions about the issue of privacy and data protection. You may also, of course, file a complaint with the competent regulatory authorities.
Log files of the web service
As soon as you access the pages of our website with your browser, the server automatically stores in log files the data necessary for the operation of a web service: the name of your browser, the name of your Internet service provider, the address of the page from which you are accessed our website, the name of your operating system, the websites you visit, as well as the date and time of your visit. This data is temporarily stored in the log files and then automatically deleted. The purpose of storage is to be able to carry out an analysis of the potentially disruptive activities in the event of a problem.
Analytics and third-party tools
When visiting our website, statistical analyses may be made of your surfing behaviour. This happens primarily using cookies and analytics. The analysis of your surfing behaviour is usually anonymous, i.e. we will not be able to identify you from this data. You can object to this analysis or prevent it by not using certain tools. Detailed information can be found in the following privacy notice. You can object to this analysis. We will inform you below about how to exercise your options in this regard.
- 1.1. General IONIQ Skincare GmbH & Co. KG (further legal information can be found in the Legal Information section) is the entity responsible for complying with data protection legislation relating to this website. We are delighted by your interest in our website, and we want you to feel secure and happy during your visit. IONIQ Skincare GmbH & Co. KG (hereinafter “IONIQ”) therefore takes the protection of your personal data very seriously. This data privacy statement is intended to inform you about which personal data we collect from you when you use our website, and for what purposes we process and use this data.
- 2. GENERAL INFORMATION AND MANDATORY INFORMATION
- 2.1. Data protection
If you use this website, various pieces of personal data will be collected. Personal information is any data with which you could be personally identified. This privacy notice explains what information we collect and what we use it for. It also explains how and for what purpose this happens. Please note that data transmitted via the internet (e. g. via email communication) may be subject to security breaches. Complete protection of your data from third-party access is not possible.
Notice concerning the party responsible for this website
The party responsible for processing data on this website is:
IONIQ Skincare GmbH & Co. KG
Phone: +49(0)7544 505-1831
The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (names, email addresses, etc.).
- 2.2. Information, blocking, deletion and correction
You have the right to find out about the personal details we have stored about you and also the right to block, delete and correct erroneous data. In such instances, please use the contact form so that we are able to attend to your request. If you would prefer to contact IONIQ’s Data Security Officer to exercise these rights rather than IONIQ itself, you are of course welcome to do so (email@example.com). (firstname.lastname@example.org).
- 2.3. Revocation of your consent to the processing of your data
Many data processing operations are only possible with your express consent. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
- 2.4. Right to file complaints with regulatory authorities
If there has been a breach of data protection legislation, the person affected may file a complaint with the competent regulatory authorities. The competent regulatory authority for matters related to data protection legislation is the data protection officer of the German state in which our company is headquartered.
- 2.5. Right to data portability
You have the right to have data which we process based on your consent or in fulfilment of a contract automatically delivered to yourself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible.
- 2.6. SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser’s address line when it changes from “http://” to “https://” and the lock icon is displayed in your browser’s address bar. If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties. Information, blocking, deletion
- 2.1. Data protection
- 3. DATA PROTECTION OFFICER
Statutory data protection officer We have appointed a data protection officer for our company. If you have any questions regarding the use of your personal data or the enforcement of your rights, please do not hesitate to contact them.
Phone: +49(0)7544 505-1831
IONIQ Skincare GmbH & Co. KG
- 4. DATA COLLECTION ON OUR WEBSITE
- 4.1. Contact forms
The reasons for processing the data collected in our contact forms are based on the purpose of your enquiry. Essentially, we process your information in order to respond to your query. Other reasons for processing this data are outlined below.
We collect your salutation, your name, your address and your postcode so that we know who is contacting us and for what purpose, and so that we can forward your request instantly to the correct person. The details of your email address are mandatory, since we will use it to process your request depending on the reason for you contacting us. It is not used for any other purpose. We want you to voluntarily provide your telephone number since we will use it to process your request depending on the reason for you contacting us. Your personal details are stored in our CRM system so that it can be used if you get in touch with us again. It is not used for any other purpose.
Support requests, complaints
The information you provide us about the product will be stored in the event of a support request along with your personal details in our CRM and SAP system.
Transfer of your details to authorised distributors
If your enquiry relates to a complaint, warranty claim or similar, we will also transfer this data together with your personal details to the distributor from which you purchased the device, or to another distributor near you so that your request can be dealt with.
- 4.2. Newsletter data
- 4.3. Processing of data (customer and contract data)
We collect, process, and use personal data only insofar as it is necessary to establish, or modify legal relationships with us (master data). This is done based on Art. 6 (1) (b) DSGVO, which allows the processing of data to fulfil a contract or for measures preliminary to a contract. In order to avoid bad debts, we can, on the basis of Art. 6 (1) (b) DSGVO, in accordance with our legitimate interest, after placing an order with Euler Hermes Forderungsmanagement GmbH, Risk Management Division, P.O. Box 50 07 40, 22707 Hamburg, Germany, to submit your credit assessment data. In a credit check, a so-called score value is calculated on the basis of a mathematical procedure, which makes statements about your solvency. This usually happens as soon as a credit limit of € 1,000 is exceeded. We would like to point out that Euler Hermes Forderungsmanagement GmbH continues to use the transmitted data for its own purposes. You can object to the transmission of this data to Euler Hermes Forderungsmanagement GmbH at any time, however, the execution of the purchase contract may then not be possible. Collected customer data shall be deleted after completion of the order or termination of the business relationship. Legal retention periods remain unaffected.
- 4.4. Cookies
The internet pages partly use so-called cookies. Cookies do not harm your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and stored by your browser. Most of the cookies we use are so-called “session cookies”. They are automatically deleted after your visit. Other cookies remain stored on your device until you delete them. These cookies allow us to recognize your browser the next time you visit. You can set your browser so that you are informed about the setting of cookies and allow cookies only in individual cases, the acceptance of cookies for certain cases or generally exclude and enable the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website. Cookies that are required to carry out the electronic communication process or to provide certain functions that you wish to use (e.g. shopping cart function) are processed on the basis of Art. 6 para. 1 lit. f DSGVO saved. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimized provision of its services. Insofar as other cookies (such as cookies for analyzing your surfing behavior) are stored, they will be treated separately in this privacy notice.
- 4.5. Server log files
The website provider automatically collects and stores information that your browser automatically transmits to us in “server log files”. These are: • Browser type and browser version • Operating system used • Referrer URL • Host name of the accessing computer • Time of the server request • IP address These data will not be combined with data from other sources. The basis for data processing is Art. 6 (1) (b) DSGVO, which allows the processing of data to fulfil a contract or for measures preliminary to a contract.
- 4.1. Contact forms
- 5. SOCIAL MEDIA, PLUGINS AND TOOLS
The content on our pages can be shared on other social networks like Facebook, Pinterest and Instagram. Our website contains links to social media (Facebook, YouTube). The buttons to these links are designed so that a connection between your PC and the respective network is only established if you follow the link by clicking it. You are then connected directly with the respective server of the selected social medium. The respective operators of social media networks are responsible for their own data privacy. This also applies to websites to which our portal links but which are operated by third-party providers. An example of such links would be videos on our main page that are retrieved from YouTube. Information about the data privacy policies of linked pages can be found in the respective providers’ data privacy statements. When the user actively clicks on one of these buttons, your browser establishes a direct connection to the respective servers. This tool does not automatically transfer user data to the operators of these platforms. If users are logged into one or more of the social networks, it will display an information window in which the user can edit the text before it is sent. Our users can share the content of this page on social networks without their providers creating profiles of users’ surfing behaviour
- 5.1. Facebook plugins
Our website includes plugins for the social network Facebook, Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. The Facebook plugins can be recognized by the Facebook logo or the Like button on our site. For an overview of Facebook plugins, see https://developers.facebook.com/docs/plugins/. When you visit our site, a direct connection between your browser and the Facebook server is established via the plugin. This enables Facebook to receive information that you have visited our site from your IP address. If you click on the Facebook “Like button” while you are logged into your Facebook account, you can link the content of our site to your Facebook profile. This allows Facebook to associate visits to our site with your user account. Please note that, as the operator of this site, we have no knowledge of the content of the data transmitted to Facebook or of how Facebook uses these data. For more information, please see Facebook’s privacy notice at https://de-de.facebook.com/policy.php. If you do not want Facebook to associate your visit to our site with your Facebook account, please log out of your Facebook account.
- 5.2. Pinterest plugin
Our website contains functions of the Pinterest social network, operated by Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA. When you visit a page containing the Pinterest social plugin, your browser establishes a direct connection to the Pinterest servers. The plugin transmits this log data to Pinterest servers in the United States. This log data may include your IP address, the address of the websites visited, which also includes Pinterest features, browser type and settings, the date and time of the request, how you use Pinterest, and cookies. More information about the purpose, scope and further processing and use of data by Pinterest, as well as your rights and options to protect your privacy, can be found in the privacy notices of Pinterest: https://about.pinterest.com/de/privacy-policy.
- 5.3. Instagram plugin
Our website contains functions of the Instagram service. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA. If you are logged into your Instagram account, you can click the Instagram button to link the content of our pages with your Instagram profile. This means that Instagram can associate visits to our pages with your user account. As the provider of this website, we expressly point out that we receive no information on the content of the transmitted data or its use by Instagram. For more information, see the Instagram privacy notice: https://instagram.com/about/legal/privacy/.
- 5.4. YouTube
Our website uses plugins from YouTube, which is operated by Google. The operator of the pages is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit one of our pages featuring a YouTube plugin, a connection to the YouTube servers is established. Here the YouTube server is informed about which of our pages you have visited. If you’re logged in to your YouTube account, YouTube allows you to associate your browsing behaviour directly with your personal profile. You can prevent this by logging out of your YouTube account. YouTube is used to help make our website appealing. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO. Further information about handling user data, can be found in the data protection declaration of YouTube under https://www.google.de/intl/de/policies/privacy.
- 5.5. Twitter plugin
- 5.1. Facebook plugins
- 6. ANALYTICS AND ADVERTISING
- 6.1. Google Analytics
This website uses Google Analytics, a web analytics service. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. Google Analytics cookies are stored based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in analysing user behaviour to optimize both its website and its advertising.
We have activated the IP anonymization feature on this website. Your IP address will be shortened by Google within the European Union or other parties to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases is the full IP address sent to a Google server in the US and shortened there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity, and to provide other services regarding website activity and Internet usage for the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.
You can prevent these cookies being stored by selecting the appropriate settings in your browser. However, we wish to point out that doing so may mean you will not be able to enjoy the full functionality of this website. You can also prevent the data generated by cookies about your use of the website (incl. your IP address) from being passed to Google, and the processing of these data by Google, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
Objecting to the collection of data
You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set to prevent your data from being collected on future visits to this site: Disable Google Analytics. For more information about how Google Analytics handles user data, see Google’s privacy notice: https://support.google.com/analytics/answer/6004245?hl=en.
Outsourced data processing
We have entered into an agreement with Google for the outsourcing of our data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
Demographic data collection by Google Analytics
This website uses Google Analytics’ demographic features. This allows reports to be generated containing statements about the age, gender, and interests of site visitors. This data comes from interest-based advertising from Google and third-party visitor data. This collected data cannot be attributed to any specific individual person. You can disable this feature at any time by adjusting the ads settings in your Google account or you can forbid the collection of your data by Google Analytics as described in the section “Refusal of data collection”.
- 6.2. Google Analytics Remarketing
Our websites use the features of Google Analytics Remarketing combined with the cross-device capabilities of Google AdWords and DoubleClick. This service is provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. This feature makes it possible to link target audiences for promotional marketing created with Google Analytics Remarketing to the cross-device capabilities of Google AdWords and Google DoubleClick. This allows advertising to be displayed based on your personal interests, identified based on your previous usage and surfing behaviour on one device (e.g. your mobile phone), on other devices (such as a tablet or computer). Once you have given your consent, Google will associate your web and app browsing history with your Google Account for this purpose. That way, any device that signs in to your Google Account can use the same personalized promotional messaging. To support this feature, Google Analytics collects Google-authenticated IDs of users that are temporarily linked to our Google Analytics data to define and create audiences for cross-device ad promotion. You can permanently opt out of cross-device remarketing/targeting by turning off personalized advertising in your Google Account; follow this link: https://www.google.com/settings/ads/onweb/. The aggregation of the data collected in your Google Account data is based solely on your consent, which you may give or withdraw from Google per Art. 6 (1) (a) DSGVO. For data collection operations not merged into your Google Account (for example, because you do not have a Google Account or have objected to the merge), the collection of data is based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in analysing anonymous user behaviour for promotional purposes. For more information and the Google privacy notice, go to: https://www.google.com/policies/technologies/ads/.
- 6.3. Google AdWords and Google Conversion Tracking
- 6.4. Google reCAPTCHA
We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on our websites. This service is provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”). reCAPTCHA is used to check whether the data entered on our website (such as on a contact form) has been entered by a human or by an automated program. To do this, reCAPTCHA analyses the behaviour of the website visitor based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e. g. IP address, how long the visitor has been on the website, or mouse movements made by the user). The data collected during the analysis will be forwarded to Google. The reCAPTCHA analyses take place completely in the background. Website visitors are not advised that such an analysis is taking place. Data processing is based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in protecting its site from abusive automated crawling and spam. For more information about Google reCAPTCHA and Google’s privacy notice, please visit the following links: https://www.google.com/intl/de/policies/privacy/ and https://www.google.com/recaptcha/intro/android.html.
- 6.5. Facebook Pixel
Within our online offer, due to our legitimate interests in the analysis, optimization and economic operation of our online offer and for these purposes the so-called “Facebook Pixel” of the social network Facebook, which is the Facebook Inc., 1 Hacker Way, Menlo Park, Ca 94025 USA, or, if you are located in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland operated wid (“Facebook”). With the help of the Facebook-PIxel Facebook is on the one hand possible to determine the visitors of our offer as a target group for the presentation of advertisements, so-called “Facebook-Ads”. Accordingly, we use the Facebook pixel, the Facebook Ads we have switched to such users now. To opt-out from Facebook’s interest-based ads follow these instructions from Facebook: https://www.facebook.com/help/568137493302217
- 6.1. Google Analytics
DUTY TO INFORM FOR DATA COLLECTION
Data protection notice for customers, suppliers, partners, clients, visitors and interested parties
With this data protection notice we inform you about how we process your personal data and which rights are granted to you by data protection law in this context. The individual personal data that are processed by you and the scope of the processing depends on the legal provisions and the content of the contractual business relationship that has been agreed with you. It may therefore be that not all parts of this data protection information are applicable to you.
I. Responsible for data processing
Responsible is the:
IONIQ Skincare GmbH & Co. KG
Phone: +49(0)7544 505-1831
You can contact our company data protection officer at:
Phone: +49(0)7544 505-1831
II. Data processed and their origin
First and foremost, we process the personal data that we receive or have collected from the data subjects within the scope of the business or customer relationship. We also process data provided on the basis of inquiries / visits / registrations (e.g. Internet shop), consents (e.g. newsletter dispatch) etc. within the legally permitted framework.
In addition, we also process personal data provided to us in the context of order processing and data from publicly accessible sources (e.g. press, Internet), insofar as this is necessary and permissible for the respective purposes. We also process personal data that are legally transmitted to us by other associated companies or by third parties (e.g. credit insurance, receivables management, indications of criminal acts).
The personal data processed by us in this context consist of personal data / identification data (name, address, contact data, user ID, etc.), data from the fulfillment of our contractual obligations (bank data, history, authorizations, etc.), data provided by us of consent (e.g. product test data from test takers who may also include health data such as responses to test products) and other data comparable to those categories.
III. PROCESSING PURPOSES AND LEGAL BASES
The personal data are processed by us in accordance with the regulations of the EU data protection basic regulation (DS-GVO) on the basis of the following legal bases:
1st a) For the performance of a contract (Art. 6 (1) lit. b DS-GVO)
The processing of personal data is necessary for the fulfilment of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the request of the data subject. If you make use of additional services, your data will be processed to the extent necessary to provide these additional services.
b) In the context of contract processing (Art. 28 DS-GVO)
The processing of personal data on behalf of the customer takes place exclusively in accordance with instructions and within the framework of legal regulations.
2nd In the context of a balance of interests (Art. 6(1)(f) DS-GVO)
Beyond the actual fulfilment of the contract with you, we process your data to the extent necessary to protect our legitimate interests or the legitimate interests of third parties, provided that your interests do not predominate. Examples are:
• Internal and external communication
• Internal and external monitoring (ICS controls or key figures)
• Internal and external investigations, safety reviews
• Measures for business management and further development of services and products
• Authorization management
• IT security measures
• Event Management
• Assertion / defence of legal claims, also in legal disputes
• Prevention and detection of criminal offences
• measures for building and system security (e.g. access controls)
• Measures to secure the domiciliary right
3. On the basis of your consent (Article 6 para. 1 lit. a DS-GVO)
If you have consented to certain processing of your personal data (e.g. newsletter dispatch, participation in advertising campaigns), your personal data will be processed lawfully on the basis of this consent. You can revoke your consent at any time with effect for the future. This also applies to declarations of consent that you have given us before the DS-GVO has entered into force, i.e. before May 25, 2018 Since the revocation of a consent is valid for the future, it does not affect the effectiveness of the processing until the time of the revocation.
4. Statutory or legal provisions (Article 6(1)© DS-GVO or in the public interest (Article 6(1)(e) DS-GVO)
In addition, we as a company have various legal obligations (e.g. tax laws, money laundering laws). These include identity checks, fraud and money laundering prevention, the fulfilment of tax control and reporting obligations as well as the assessment and control of risks in the company.
IV. PROCESSING PRINCIPLES
The company ensures the implementation of appropriate technical and organisational measures for data security by internal regulations and - if the data are processed by an external service provider - by corresponding contractual agreements, for example by using the EU standard contract clauses for data processing outside the European Union.
Please arrange for any necessary changes to your data in good time. You can contact the relevant departments or the data protection officer to clarify questions about your data and request both information and the correction / deletion of incorrect or no longer required data.
V. RECIPIENT OF THE DATA
In compliance with the statutory provisions and the existing internal regulations, the departments that require your data to fulfil our contractual and statutory obligations have access to it. Similarly, service providers and vicarious agents (e.g. IT service providers, logistics, telecommunications, debt collection, consulting, financial services, marketing agencies, insurance companies…) employed by us may access your data for these purposes, provided that you maintain the confidentiality and integrity of the data in particular.
We only pass on personal data to recipients outside our company if and insofar as this is necessary in compliance with the applicable data protection regulations. We may only disclose information about you if required to do so by law, if you have given your consent or if we are authorized to provide such information. Recipients of personal data may be, for example:
- For operational purposes
• To other associated companies
• To service providers / contractors
• To customers, suppliers, partners
- Obligations to report and provide information
• To authorities and other bodies (e.g. tax authorities, auditors)
- To clarify claims and accusations
• Lawyers, prosecution authorities, creditors or insolvency administrators
- For recipients that you have explicitly named
• To credit and financial services institutions
In addition, your personal data may be transferred to recipients for whom you have given us your consent. The same applies to bodies to which we may transfer personal data on the basis of a balance of interests.
VI. TRANSFER OF DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS
We transfer personal data to bodies in countries outside the European Union (so-called third countries) insofar as
• it is required by law (e.g. tax reporting obligations)
• you have consented or
• the transmission is necessary to protect our legitimate interests and your interests or fundamental rights and freedoms do not outweigh the protection of your personal data.
In addition, personal data will be transferred to bodies in third countries in the following cases:
• With the consent of the data subject or on the basis of legal regulations to combat money laundering, the financing of terrorism or other criminal acts and on the basis of a balance of interests, personal data will in individual cases be transmitted to the European Union in compliance with the data protection level.
VII. DURATION OF THE STORAGE OF PERSONAL DATA
Your personal data will only be stored or otherwise processed by us for as long as is necessary to achieve the respective purpose. Once the purpose of the processing has ceased to apply (e.g. legal transaction concluded), the corresponding personal data will be deleted. The deletion may be postponed in the following cases:
• Compliance with legal retention periods (e.g. German Commercial Code (HGB), German Banking Act (KWG), German Money Laundering Act (GwG). The storage periods mentioned there are generally 6 to 10 years.
• Fulfilment of justified retention periods (e.g. for customer service, inquiries, log files).
• Securing of evidence within the statutory statute of limitations. According to §§ 195 ff. of the German Civil Code (BGB), these limitation periods can be up to 30 years. The regular limitation period is 3 years.
If we or a third party process your data on the basis of the above-mentioned weighing of interests, we will delete your personal data as soon as our legitimate interest no longer exists. The above-mentioned exceptions also apply here.
Data deletion takes place within the deletion routines implemented by the process owners.
In the event of consent, the data will be deleted as soon as the consent is revoked for the future, unless one of the above-mentioned exceptions exists.
VIII. INTERNAL MONITORING AND INVESTIGATION
To protect against the various threats to our IT - e.g. by malware, hacker attacks, spam - and the intellectual property, different procedures are used in which the information exchanged is checked for viruses, for example, and the connection data for anomalies. When anomalies are discovered, the relevant documents and connection data can be analyzed.
In order to comply with existing supply and payment restrictions - for example on companies and persons listed on various government lists - a comparison can be made against this list.
In addition, in suspicious cases, in official investigations and to defend against claims against our company, an investigation and, if necessary, the surrender of data and documents on the persons concerned may be necessary. In all cases, our internal regulations, the legal requirements and the personal rights of those affected are observed.
IX. RIGHTS OF THE PERSON CONCERNED
Under Art. 15 of the DS-GVO, any person concerned has a right of access. According to Art. 16 of the DS-GVO, the data subject may request the rectification of inaccurate personal data. According to Art. 17 of the DS-GVO, the data subject has a right of cancellation or, according to Art. 18, a right of processing restriction. Similarly, under the conditions laid down in Article 21 DS-GVO, the data subject may object to the processing of personal data concerning him/her. According to Art. 20 of the DS-GVO, the data subject has a right to data transferability. To assert these rights, please contact the data protection officer or the relevant department:
In addition, pursuant to Art. 77 DS-GVO in conjunction with § 19 BDSG, you have a right of appeal to the responsible data protection supervisory authority. A given consent can be revoked at any time.
X. OBLIGATION TO PROVIDE PERSONAL DATA
Within the framework of the legal transaction to be carried out with you, you are obliged to provide the personal data required for the execution of the legal transaction and for the fulfilment of the associated contractual obligations or which we are legally obliged to collect.
If you do not provide certain personal data, you may suffer disadvantages or the legal transaction may not be concluded.
XI. AUTOMATED DECISION MAKING
According to Art. 22 of the DS-GVO, automated decisions can only be taken if they are necessary for the conclusion or fulfilment of a contract or if they are permitted by law or if they are legitimised by the express consent of the person concerned. If we use such procedures in individual cases, you will be informed about this and about your associated rights within the framework of legal requirements.
Some of your data will be processed automatically in order to evaluate certain personal aspects (profiling). For example, we are required by law and regulation to combat money laundering, terrorist financing and asset-polluting crimes. In this context, data analyses are also carried out.
XIII. INFORMATION ON YOUR RIGHT OF OBJECTION UNDER ART. 21 DS-GVO 1
1. Right of objection in individual cases
You have the right to object at any time for reasons arising from your particular situation to the processing of personal data concerning you, which is based on Art. 6 (1)(e) (data processing in the public interest) or (f) (data processing on the basis of a balance of interests); this also applies to profiling based on these provisions. If you object, we will no longer process your personal data. Anything to the contrary shall only apply if we can prove compelling legitimate reasons for the processing which outweigh your interests, rights and freedoms or if the processing serves to assert, exercise or defend legal claims.
2. Recipient of an opposition
The objection can be made form-free with the subject “objection” stating your name, address and, if applicable, contact data and should be addressed to the data protection officer.