Data Privacy
We take data protection seriously
The protection of your privacy when processing personal data is an important concern for us. When you visit our website, our web servers store the IP of your internet service provider, the website from which you visit us, the web pages you visit on our website and the date and duration of the visit as standard. This information is absolutely necessary for the technical transmission of the web pages and secure server operation. A personalised evaluation of this data does not take place.
If you send us data via the contact form, this data will be stored on our servers in the course of data backup. We will only use your data to process your request. Your data will be treated as strictly confidential. It will not be passed on to third parties.
Responsible:
ibi systems GmbH
Rudolf-Vogt-Str. 6
93053 Regensburg
E-mail: info@ibi-systems.de
Phone: +49 (0) 941 462939-0
Personal data
Personal data is data about your person. This includes your name, address and e-mail address. You also do not have to disclose any personal data in order to visit our website. In some cases, we need your name and address as well as other information in order to provide you with the requested service.
The same applies in the event that we supply you with information material on request or when we answer your enquiries. In these cases, we will always point this out to you. Furthermore, we only store the data that you have transmitted to us automatically or voluntarily.
When you use one of our services, we generally only collect the information that is necessary to provide you with our service. We may ask you for additional information, but this is voluntary. Whenever we process personal data, we do so in order to provide you with our service or to pursue our commercial objectives.
Contact
When contacting us (e.g. via contact form, email, telephone or via social media), the information of the inquiring persons is processed insofar as this is necessary to answer the contact requests and any requested measures.
The response to contact requests in the context of contractual or pre-contractual relationships is made in order to fulfil our contractual obligations or to respond to (pre)contractual requests and otherwise on the basis of the legitimate interests in responding to the requests.
- Types of data processed: inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. entries in online forms).
- Affected persons: Communication partner.
- Purposes of processing: contact requests and communication.
- Legal basis: Contract fulfilment and pre-contractual enquiries (Art. 6 para. 1 lit. b. DSGVO), Legitimate Interests (Art. 6 para. 1 lit. f. DSGVO).
Automatically stored data
Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
- Date and time of the request
- Name of the requested file
- Page from which the file was requested
- Access status (file transferred, file not found, etc.)
- Web browser and operating system used
- Complete IP address of the requesting computer
- data volume transferred
This data is not merged with other data sources. The processing is carried out in accordance with Art. 6 para. 1 lit. f DSGVO on the basis of our legitimate interest in improving the stability and functionality of our website.
For reasons of technical security, in particular to defend against attempted attacks on our web server, this data is stored by us for a short period of time. It is not possible for us to draw conclusions about individual persons on the basis of this data. After seven days at the latest, the data is anonymised by shortening the IP address at domain level, so that it is no longer possible to establish a link to the individual user. The data is also processed in anonymised form for statistical purposes; it is not compared with other data or passed on to third parties, not even in extracts.
Cookies
When you visit our website, we may store information on your computer in the form of cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters by which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored. This enables the visited Internet pages and servers to distinguish the individual browser of the data subject from other Internet browsers that contain other cookies. A specific internet browser can be recognised and identified via the unique cookie ID.
Through the use of session cookies, the controller can provide the users of this website with a user-friendly service that would not be possible without the setting of cookies. Without consent, we only use technically necessary cookies on the legal basis of legitimate interest pursuant to Art. 6 (1) lit. f DSGVO.
We only use personal cookies to improve our website or for marketing/advertising purposes with your consent. On your first visit, you can voluntarily agree to tracking or analysis by clicking on the cookie banner. Your data may be passed on to partners or third-party providers. These cookies are only stored if you explicitly agree to this; the legal basis is then your consent in accordance with Art. 6 Para. 1 lit. a DSGVO.
You can change your settings for the use of cookies here at any time:
Google Analytics
This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyse the behaviour of website visitors. In doing so, the website operator receives various usage data, such as page views, length of stay, operating systems used and the origin of the user. This data is assigned to the respective end device of the user. An assignment to a device ID does not take place.
Furthermore, we can use Google Analytics to track, among other things, your mouse and scroll movements and clicks.
record. Furthermore, Google Analytics uses various modelling approaches to augment the data sets it collects and employs machine learning technologies in its data analysis.
Google Analytics uses technologies that enable the recognition of the user for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there.
The use of this service is based on your consent according to Art. 6 para. 1 lit. a DSGVO and 25 para. 1 TTDSG. The consent can be revoked at any time. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
https://privacy.google.com/businesses/controllerterms/mccs/.
We use Google signals. When you visit our website, Google Analytics records, among other things, your
Location, search history and YouTube history as well as demographic data (visitor data). This data can be used for personalised advertising with the help of Google Signal. If you have a Google account, the visitor data from Google Signal is linked to your Google account and used for personalised advertising messages. The data is also used to create anonymised statistics on the user behaviour of our users.
We have concluded a contract on order processing (AV) in accordance with Art. 28 DSGVO with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
This website uses the “e-commerce measurement” function of Google Analytics. With the help of e-commerce measurement, the website operator can analyse the purchasing behaviour of website visitors to improve its online marketing campaigns. This involves recording information such as orders placed, average order values, shipping costs and the time from viewing to purchasing a product. This data can be summarised by Google under a transaction ID that is assigned to the respective user or their device.
Google Maps
This site uses the map service Google Maps. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
To use the functions of Google Maps, it is necessary to store your IP address. This
Information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission. If Google Maps is activated, Google may use Google Web Fonts for the purpose of uniform display of fonts. When you call up Google Maps, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.
As we have integrated Google Maps using the two-click solution, a corresponding consent is requested. The processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission.
Details can be found here:
https://privacy.google.com/businesses/gdprcontrollerterms/ and
https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.
More information on the handling of user data can be found in Google’s privacy policy: https://policies.google.com/privacy?hl=de.
Personio
Data transmitted as part of the application process is transmitted TLS-encrypted and stored in a database. This database is operated by Personio GmbH, which offers a personnel administration and applicant management software (https://www.personio.com/legal-notice/). In this context, Personio is our processor in accordance with Art. 28 GDPR. The basis for the processing is an order processing contract between us as the controller and Personio.
Processing of (personal) da in the application process
The applicant portal is provided by Personio SE & Co. KG. Personio is a company based in Germany that offers software for personnel administration and applicant management (https://www.personio.com/legal-notice/). Data transmitted as part of the application process is transmitted TLS-encrypted and stored in a database. ibi systems GmbH, which carries out the online application process, is solely responsible for this data within the meaning of Art. 24 GDPR. Personio is merely the technical service provider that provides the software for the applicant portal and is the data processor in accordance with Art. 28 GDPR. The basis for the processing is the contract for order processing between Personio and ibi systems GmbH. Personio SE & Co. KG processes further data, some of which may be personal data, in order to provide its services and the applicant portal. The provision of personal data in the application process is neither required by law nor are you contractually obliged to provide it.
Necessity in the application process
However, the provision is necessary for the application process and essential for the conclusion of the employment contract. If the data is not provided, the application process cannot be carried out.
The controller within the meaning of data protection law is:
Personio SE & Co. KG
Seidlstrasse 3
80335 Munich
Phone: +49 (89) 1250 1005
Data protection officer: privacy@personio.com
Booking appointments with Microsoft Bookings
We use the web-based booking calendar Bookings so that customers can book a meeting appointment flexibly.
Categories of personal data
When you use Microsoft Bookings, the following categories of personal data are processed:
- IP address
- Name
- Email address
- Telephone number
- Notes
- Date and time (of consent and appointment request)
Legal basis
The processing of personal data of external parties is based on consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR.
Recipients of the data
The employees of the department who have approved their calendar for booking appointments will receive your booking request.
The provider of Microsoft Teams Bookings (Microsoft Ireland Operations Limited, The Atrium Building, Block B, Carmanhall Road, Sandyford Business Estate, Dublin 18) receives knowledge of the above-mentioned data, insofar as this is provided for in our order processing contract with Microsoft Teams Bookings. When using Microsoft Teams Bookings, the storage locations are limited to data centers within the European Union. However, we cannot rule out the possibility that data may be transferred to a third country (e.g. Microsoft Corporation, One Microsoft Way, Redmont, Washington 98052, USA for the purpose of order processing and contract fulfillment and our own purposes).
Appropriate safeguards: Microsoft has submitted to the European Commission’s standard contractual clauses for the transfer of personal data to processors in third countries in accordance with the standard contractual clauses under Regulation (EU) 2016/679.
Further information on how Microsoft handles personal data can be found in the privacy policy at https://privacy.microsoft.com/en-us/privacystatement.
Storage period
Your personal data will be deleted as soon as it is no longer required for the purpose for which it was collected.
YouTube
This website embeds videos from YouTube. The operator of the pages is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
We use YouTube in extended data protection mode. According to YouTube, this mode causes
YouTube does not store any information about visitors to this website before they watch the video. The disclosure of data to YouTube partners, on the other hand, is not necessarily excluded by the extended data protection mode. Thus, YouTube establishes a connection to the Google DoubleClick network – regardless of whether you watch a video.
As soon as you start a YouTube video on this website, a connection is established to the servers of
YouTube is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.
Furthermore, after starting a video, YouTube may store various cookies on your end device or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve the user experience and prevent fraud attempts.
If applicable, further data processing operations may be carried out after the start of a YouTube video.
which we have no influence over. YouTube is used in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 (1) f DSGVO. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.
For more information about privacy at YouTube, please see their privacy policy at: https://policies.google.com/privacy?hl=de.
Security
We have implemented technical and administrative security measures to protect your personal data against loss, destruction, manipulation and unauthorised access. All our employees and service providers working for us are bound by the applicable data protection laws.
Whenever we collect and process personal data, it is encrypted before it is transmitted. This means that your data cannot be misused by third parties. Our security measures are subject to a continuous improvement process and our data protection statements are constantly being revised. Please ensure that you have the latest version.
What data is processed and from which sources does this data originate?
We process the data that we have received from you in the context of initiating or processing a contract, on the basis of consent or in the context of your application to us or in the context of your employment with us.
Personal data includes:
Your master/contact data, for customers this includes e.g. first and last name, address, contact data (e-mail address, telephone number, fax), bank data.
In the case of applicants and employees, this includes, for example, first name and surname, address, contact details (e-mail address, telephone number, fax), date of birth, data from CV and references, bank details, religious affiliation, photographs.
In the case of business partners, this includes, for example, the name of their legal representative, company name, trade register number, VAT number, company number, address, contact person contact data (e-mail address, telephone number, fax), bank data.
For visitors to our company, this includes name and signature.
For journalists, this includes first and last name, e-mail address, fax number.
We also process the following other personal data:
– Information on the nature and content of contract data, order data, turnover and receipt data, customer and supplier history and consultation records,
– advertising and sales data,
– information from your electronic traffic with us (e.g. IP address, log-in data),
– other data that we have received from you in the course of our business relationship (e.g. in customer meetings),
– Data that we generate ourselves from master data / contact data and other data, e.g. by means of customer demand and customer potential analyses,
– the documentation of your declaration of consent to receive e.g. newsletters.
– Photo shoots in the context of events.
For what purposes and on what legal basis are the data processed?
We process your data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act 2018, as amended:
- for the fulfilment of (pre-)contractual obligations (Art. 6 para. 1lit.b DS-GVO):
Your data is processed for the purpose of processing contracts online or in one of our branches, for the purpose of processing contracts for your employees in our company. The data is processed in particular when initiating business and when executing contracts with you.
- for the fulfilment of legal obligations (Art. 6 para. 1 lit.c DS-GVO):
Processing of your data is necessary for the purpose of fulfilling various legal obligations, e.g. from the German Commercial Code or the German Fiscal Code.
- to safeguard legitimate interests (Art. 6 para. 1 lit.f DS-GVO):
Based on a balancing of interests, data processing may take place beyond the actual fulfilment of the contract in order to protect the legitimate interests of us or third parties. Data processing for the protection of legitimate interests takes place, for example, in the following cases:
– advertising or marketing (see No. 4),
– measures for business management and further development of services and products;
– in the context of legal prosecution
– Sending of non-promotional information and press releases.
- within the scope of your consent (Art 6 para. 1lit.a DSGVO):
If you have given us consent to process your data, e.g. to publish photos, talent pool
Processing of personal data for advertising purposes
You can object to the use of your personal data for advertising purposes at any time, either in whole or for individual measures, without incurring any costs other than the transmission costs according to the basic rates.
We are entitled under the legal conditions of § 7 para.3 UWG (German Unfair Competition Act) to use the e-mail address you provided when concluding the contract for direct advertising for our own similar goods or services. You will receive these product recommendations from us regardless of whether you have subscribed to a newsletter.
If you do not wish to receive such recommendations from us by e-mail, you can object to the use of your address for this purpose at any time without incurring any costs other than the transmission costs according to the basic rates. A message in text form is sufficient for this purpose. Of course, an unsubscribe link is always included in every e-mail.
Who receives my data?
If we use a service provider in the sense of commissioned processing, we still remain responsible for the protection of your data. All commissioned processors are contractually obliged to treat your data confidentially and to process it only in the context of providing the service. The processors we commission receive your data insofar as they require the data to fulfil their respective service. These are, for example, IT service providers that we require for the operation and security of our IT system as well as advertising and address publishers for our own advertising campaigns.
In the event of a legal obligation and in the context of legal prosecution, authorities and courts as well as external auditors may be recipients of your data.
In addition, insurance companies, banks, credit agencies and service providers may be recipients of your data for the purpose of initiating and fulfilling contracts.
How long will my data be stored?
We process your data until the end of the business relationship or until the expiry of the applicable statutory retention periods (such as from the German Commercial Code, the German Fiscal Code or the German Working Hours Act); furthermore, until the end of any legal disputes in which the data is required as evidence.
Is personal data transferred to a third country?
In principle, we do not transfer any data to a third country. A transfer takes place in individual cases only on the basis of an adequacy decision of the European Commission, standard contractual clauses, appropriate guarantees or your express consent.
What data protection rights do I have?
You have a right to information, correction, deletion or restriction of the processing of your stored data at any time, a right to object to the processing as well as a right to data portability and to lodge a complaint in accordance with the requirements of data protection law.
Right to information:
You can request information from us as to whether and to what extent we process your data.
Right of rectification:
If we process your data that is incomplete or incorrect, you can request that we correct or complete it at any time.
Right to erasure:
You can demand that we delete your data if we process it unlawfully or if the processing disproportionately interferes with your legitimate interests in protection. Please note that there may be reasons that prevent immediate deletion, e.g. in the case of legally regulated retention obligations.
Irrespective of the exercise of your right to deletion, we will delete your data immediately and completely, insofar as there is no legal or statutory obligation to retain data in this respect.
Right to restriction of processing:
You can request us to restrict the processing of your data if
– You dispute the accuracy of the data for a period of time that allows us to verify the accuracy of the data.
– the processing of the data is unlawful, but you refuse erasure and instead request restriction of the use of the data,
– we no longer need the data for the intended purpose, but you still need this data to assert or defend legal claims, or
– You have objected to the processing of the data.
Right to data portability:
You may request that we provide you with the data you have provided to us in a structured, commonly used and machine-readable format and that you may transfer this data to another controller without hindrance from us, provided that
– we process that data on the basis of consent given by you, which may be revoked, or for the performance of a contract between us; and
– this processing is carried out with the aid of automated procedures.
If technically feasible, you can request us to transfer your data directly to another data controller.
Right to object:
If we process your data for legitimate interest, you can object to this data processing at any time; this would also apply to profiling based on these provisions. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims. You may object to the processing of your data for the purpose of direct marketing at any time without giving reasons.
Right of appeal:
If you are of the opinion that we are violating German or European data protection law when processing your data, please contact us so that we can clarify any questions. Of course, you also have the right to contact the supervisory authority responsible for you, the respective state office for data protection supervision.
If you wish to exercise any of these rights against us, please contact our data protection officer. In case of doubt, we may request additional information to confirm your identity.
Am I obliged to provide data?
The processing of your data is necessary for the conclusion or fulfilment of the contract you have entered into with us. If you do not provide us with this data, we will usually have to refuse to conclude the contract or will no longer be able to perform an existing contract and consequently have to terminate it. However, you are not obliged to give your consent to data processing with regard to data that is not relevant for the fulfilment of the contract or that is not required by law.
Changes to this privacy policy
We reserve the right to change our privacy policy should this be necessary due to new technologies. Please ensure that you have the latest version. If fundamental changes are made to this privacy policy, we will announce them on our website.
All interested parties and visitors to our website can contact us on data protection issues at:
Mr Christian Volkmer
Project 29 GmbH & Co KG
Ostengasse 14
93047 Regensburg
Phone: 0941 2986930
Fax: 0941 29869316
E-mail: anfragen@projekt29.de
Internet: www.projekt29.de