Data protection

Privacy Info

STAND 13.02.2024

Data protection statement

General extent of data processing 

Data protection is very important to our company.  We comply with the General Data Protection Regulation (GDPR), which uniformly regulates processing of personal data for the whole European Union, and other national data protection laws of the Member States, and further statutory data protection directions. In principle, we collect, process and use personal data only insofar as that is necessary for the provision of a well-functioning website and the presentation of our offers and the performance of our services.

In principle, you, the user, can visit our web pages without giving any personal details relating to your person. Personal data are collected and used only to the extent that they are necessary for the provision of a well-functioning website and our contents and services. In general, we collect and use your personal data only after asking for your consent. Exceptions apply to such cases in which actual causes prevent obtaining your consent or legal regulations permit data collection and processing.

For security reasons, we use a SSL certificate on our website to provide safe connections by encrypting the whole incoming and outgoing data traffic. You recognize the encryption by the lock symbol in your browser line and the display of „https://“.
Name and address of the controller

Responsible in the sense of the GDPR is:

Innosicos GmbH
Kiebitzweg 2
22869 Schenefeld
eMail: info@innosicos.com
Internet: www.innosicos.com

Definitions

The terms used in this data protection statement correspond to those under article 4 GDPR. In the sense of this regulation, the meaning of the terms is:

  • „personal data“ - any information relating to an identified or identifiable natural person (hereinafter 'data subject'). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • „data subject“ – each identified or identifiable natural person whose personal data are processed by the controller.
  • „processing“ – any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
  • „restriction of processing“ – marking any stored personal data with the aim of limiting their processing in the future;
  • „profiling“ – any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
  • „controller“ – the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
  • „recipient“ –  a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
  • „third party“ – a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data;
  • „consent“ – any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

General legal basis of processing personal data 

Insofar that we ask for consent by the data subject for processing personal data, the legal basis of processing personal data is Art. 6 Par. 1 lit. a EU General Data Protection Regulation (GDPR). The legal basis for processing personal data required for the fulfilment of a contract in which the data subject is the contracting party is Art. 6 Par. 1 lit. b GDPR. That also applies to processing procedures required for carrying out measures of the provisional agreement. Insofar that processing of personal data is required for the fulfilment of a legal obligation, we have to comply with, the legal basis is Art. 6 Par. 1 lit. c GDPR. For the case that vital interests of the data subject or other natural persons require processing personal data, the legal basis is Art. 6 Par. 1 lit. d GDPR. In the case that required processing is important for the protection of our or a third party’s legitimate interests and those interests do not outweigh the interests, basic rights and fundamental freedoms of the data subject, the legal basis of processing is Art. 6 Par. 1 lit. f GDPR.

Data erasure and storage period

Your personal data are erased or blocked as soon as the purpose of the storage is finished. In addition, data storage is possible in case the storage is intended by the European or national legislation in EU law regulations, stipulations or other directives the controller has to fulfil. Data are blocked or erased also when a storage period stipulated by the mentioned norms expires, except that the continued storage of the data is required due to the completion or the fulfilment of a contract.

Collection of technical access data, server log files
When you call up our web pages, our web server automatically collects data and information of the computer system of the retrieving computer you use. The recorded data in detail:

  • Browser name and version used
  • Operating system used
  • IP address
  • Date and time of access
  • Website that linked you to our website (referrer URL)
  • Name and URL of the files retrieved via our website

The data are stored temporarily in the log files of the web server we use. These data are not stored together with other data pertaining to your person. We cannot classify your data as belonging to certain persons. We use these technical log data only for statistical purposes and optimization of our website and its safety. The legal basis of the temporary storage of the data and the log files is Art. 6 Par. 1 lit. f GDPR.

The temporary storage of the IP address by our web server is necessary to enable the delivery of the called-up web pages to your computer. For that purpose, it is necessary that the IP address of the calling-up computer remains stored for the duration of the session. The storage in log files ensures the functionality of the website. Moreover, the data are necessary to optimize the website and ensure the safety of our information technology systems. The data are not analyzed for marketing purposes. The purposes mentioned above comply with our legitimate interest in data processing in accordance with Art. 6 Par. 1 lit. f GDPR.

The stored data are erased as soon as they are no longer required to fulfil the purpose of their collection. The collection of the data for the provision of the website and the storage of the data in log files is imperative for the operation of the website. Consequently, you do not have the possibility to object or claim erasure.

Use of cookies
Wir verwenden auf unserer Website nur technisch notwendige „Cookies“. Bei „Cookies“ handelt es sich um Textdateien, die im Internetbrowser bzw. vom Internetbrowser auf dem aufrufenden Computersystem gespeichert werden. Rufen Sie eine Website auf, so kann ein Cookie auf dem Betriebssystem des von Ihnen verwendeten Computers gespeichert werden. Dieser Cookie enthält eine charakteristische Zeichenfolge, die eine eindeutige Identifizierung des Browsers beim erneuten Aufrufen der Website ermöglicht.
The purpose of cookies is to simplify the use of the website for you. Some functions of our website cannot be provided without the use of cookies. They make special requirement to recognize the browser after changing from one page to another, e.g. log-in information, content of the shopping cart, adoption of language setting, remembering search terms. User data collected by cookies necessary due to technical reasons are not used to create user profiles. Data processed by cookies are necessary for the mentioned purposes to protect our legitimate interests in the creation of a customer-friendly website in accordance with 6 Par. 1 S. 1 lit. f GDPR.

We inform you about the use of cookies when you visit our website or app the first time. Cookies are stored on your computer and transferred by it to our website. That means that you, the user, have control of the use of cookies. By changing the setting in your internet browser you can deactivate or restrict the transfer of cookies. Already stored cookies can be erased at any time. Dependent on the browser, that possibly can be done in an automated way. Ask the provider of your browser for more information.
In case cookies for our website are deactivated, it is possible that you cannot use all functions of the website to full extent.

Change Cookie-Settings
Contact form and e-mail contact 

Tools zur Webanalyse - Pirsch Analytics

Für die Webanalyse setzen wir Pirsch Analytics ein. Bei Pirsch Analytics handelt es sich um eine cookiefreie Webanalysesoftware, die nach dem Grundsatz Privacy by Design entwickelt wurde. Zur Analyse der Besucherströme generiert Pirsch Analytics bei Erhalt des Seitenaufrufs mit Hilfe eines Hashing-Algorithmus eine 16-stellige Zahl als Besucher-ID. Als Eingabewerte dienen die IP-Adresse, der User Agent, das Datum und ein Salt.

Die IP-Adresse des Besuchers wird weder vollständig noch in Teilen persistiert und durch den Hash vollständig und nicht reversierbar anonymisiert. Durch die Einbindung des Datums und der Verwendung von einem Salt pro Webseite ist gewährleistet, dass Webseitenbesucher nicht länger als 24 Stunden wiederzuerkennen sind und nicht über mehrere Webseiten hinweg getrackt werden können. Über eine lokal eingebundene Datenbank wird eine grobe Lokalisierung vorgenommen (Land/Stadt).

Contact form and e-mail contact 
In case there is a contact form on our website, which you can use for electronic contacting, the following applies: If you use that feature, the data entered in the input screen are transferred to us and stored. The data are necessary for processing the contact: your first name and surname, your
e-mail address, your telephone number, reference, message box. Minimum mandatory fields are marked. With the point in time of sending the message, in addition, the IP address of the retrieving computer, the date and time of the registration are stored to prevent the misuse of the contact form and to ensure the security of our information technology systems. The before-mentioned purposes correspond with our legitimate interest in data processing in accordance with Art. 6 Par. 1 lit. f GDPR.

We ask for your consent to data processing before sending and simultaneously refer to this data protection statement. You have the alternative of contacting us per e-mail. In that case, for processing the contact we store only the personal data you transferred per e-mail. Under no circumstances, your data will be passed on to a third party. Your data are used exclusively for the intended communication. The legal basis of data processing, after having received your consent, is Art. 6 Par. 1 lit. a GDPR. The legal basis of processing personal data you have transferred per e-mail is Art. 6 Par. 1 lit. f GDPR. In case the e-mail contact aims at the completion of a contract, the additional legal basis for data processing is Art. 6 Par. 1 lit. b GDPR.

The data are erased as soon as they are no longer required for the purpose of collection. With regard to the personal data in the input screen of the contact form and the personal data given per e-mail, that is the point of time when the communication with you is finished. The conversation is completed when the circumstances allow concluding that the relevant facts are finally settled.

You have the opportunity to revoke your consent to processing of personal data at any time. In case you have contacted us per e-mail, you can revoke the storage of your personal data at any time. You can send your revocation e.g. per e-mail or letter to the contact address given in the imprint. All personal data stored within the context of the contact will be erased.

 

Rights of the data subject 
In case personal data belonging to you are processed, you are the data subject (in the sense of GDPR)  and you have the following rights against the controller:

Right of access (Art. 15 GDPR) – You have the right to obtain from us, the controller, a confirmation whether we process personal data concerning your person.
In case of processing you have the right to obtain the following information from us: the purposes for which the personal data are processed; the categories of personal data which are processed; the recipients or categories of recipients to whom the personal data relating to your person were or have been disclosed; the planned period of storage of personal data relating to your person or, in case concrete details cannot be given, criteria for the determination of the storage period; the existence of a right to rectification or erasure of personal data relating to your person, a right to restriction of processing by the controller, or a right to opposition against personal data processing; the existence of a right to appeal with a supervisory authority; all available information about the origin of the data in case the personal data were not collected from the data subject; the existence of automated  decision making inclusive of profiling in accordance with Art. 22 Par. 1 and 4 GDPR; and – at least in those cases – convincing information about the logic involved and the consequences and the intended effects of such processing for the data subject. You also have the right to know whether the personal data relating to your person are transferred to a third country or an international organization. In that context: you can demand information about the relevant guarantees in accordance with Art. 46 GDPR referring to the transfer.

Right to rectification (Art. 16 GDPR) – You have the right to prompt rectification and/or completion against the controller in case the processed personal data relating to your person are incorrect or incomplete.

Right to erase (be forgotten) (Art. 17 GDPR) – You have the right to demand that we, the controller, erase personal data relating to your person without delay. In that case we are obliged to erase the data without delay, if one of the following reasons applies: (1) The personal data relating to your person are no longer required for the purposes for which they were collected or processed in any way. (2) You revoke your consent which was the base of processing in accordance with Art. 6 Par. 1 lit. a or Art. 9 Par. 2 lit. a GDPR, and there is no other legal basis of processing.
(3) You make an objection against processing in accordance with Art. 21 Par. 1 GDPR, and there are no priority legitimate reasons of processing, or you make an objection against processing in accordance with Art. 21 Par. 2 GDPR. (4) The personal data relating to your person were processed unlawfully. (5) The erasure of the personal data relating to your person is required to fulfil a statutory obligation in accordance with Union or Member State law the controller is bound to. (6) The personal data relating to your person were collected with regard to services provided by the information company in accordance with Art. 8 Par. 1 GDPR.

In case we have made public the personal data relating to your person and are obliged to their erasure in accordance with Art. 17 Par. 1 GDPR, we take suitable steps – in consideration of the available technologies and the costs of implementation –, technical measures included, to inform the controller processing personal data that you as the data subject have demanded that we make sure that all links to these personal data or copies or replications of these personal data are erased.

The right to erasure is not applicable if processing is required (1) to execute the right to freedom of expression and information; (2) to fulfil a statutory obligation that requires processing in accordance with Union or Member State law the controller is bound to, or to perform a mission in the public interest or to exercise official authority devolved on the controller; (3) for reasons of public interest in the field of public health in accordance with Art. 9 Par. 2 lit. h and i and Art. 9 Par. 3 GDPR; (4) for archives purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 Par. 1 GDPR, provided the right mentioned under section a) probably will prevent or seriously hinder the implementation of the goals of processing; or (5) for the assertion, execution or defence of legal entitlements.

Right to restriction of processing (Art. 18 GDPR) – You can require the restriction of processing of the personal data relating to your person under the following conditions: When you reject the accuracy of the personal data relating to your person for a period that allows the controller to verify the accuracy of your personal data; when processing is unlawful and you reject the erasure of your personal data and instead demand the restriction of the use of your personal data; when the controller does not require your personal data for the purpose of processing any longer, whereas you need them for the assertion, exercise and defence of legal rights; or when you have made an objection against processing in accordance with Art. 21 Par. 1 GDPR and it has not yet been clarified whether the legitimate reason of the controller outweigh your reasons.
In case processing of the personal data relating to your person has been restricted, processing these data – except for their storage – is permitted only with your agreement or to assert, exercise or defend legal rights or to protect the rights of another natural or legal person or due to reasons of an important public interest of the European Union or a Member State. In case processing has been restricted under the conditions mentioned before, you will be informed by the controller prior to lifting the restriction.

Right to information (Art. 19 GDPR) – When you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to inform all recipients, to whom the personal data relating to your person were disclosed, about the rectification or erasure of the data or the restriction of processing, provided that is not infeasible or the expenditure is not extremely excessive. You have the right against the controller to be informed about the recipients.

Right to data portability (Art. 29 GDPR) – You have the right to receive the personal data relating to your person that you have made available to the controller in a structured, conventional and machine-readable format. In addition you have the right to transfer these data to another controller without hindrance by the controller you have provided with your personal data, if (1) processing is based on an agreement in accordance with Art. 6 Par. 1 lit. a GDPR or Art. 9 Par. 2 lit. a GDPR or is based on a contract in accordance with Art. 6 Par. 1 lit. b GDPR and processing is made with an automated procedure.
With the exercise of this right, you further have the right to achieve that the personal data relating to your person are directly transferred by a controller to another controller, provided that is technically feasible. It is not permitted to restrict the freedom and rights of other persons by that procedure. The right to data portability does not apply to processing of personal data required for fulfilling missions which are in the public interest or for the exercise of official authority devolved on the controller.

Right to opposition 
You have the right, for reasons resulting from your particular situation, at any time, to make an objection against processing the personal data relating to your person and made on the basis of Art. 6 Par. 1 lit. e or f GDPR; that also applies to a profiling on the basis of these terms.
In case you exercise your right to opposition, we stop processing the personal data relating to your person, unless we can establish proof of compelling reasons worthy of protection for processing that outweigh your interests, rights and freedom, or processing is important for the assertion, exercise or defence of legal rights.

In case your personal data are used for direct advertising, you have the right at any time to make an objection against processing the personal data relating to your person for the purpose of such advertising; that also applies to profiling as far as it is connected with such advertising. In case you object to processing for purposes of direct advertising, the personal data relating to your person will no longer be processed for those purposes.

In the context of the use of services of the information company, you have the possibility to exercise your right to opposition by means of automated procedures applying technical specification – despite the directive 2002/58/EC.

Right to revoke the data protection consent declaration
You have the right to revoke your data protection consent declaration at any time. The revocation of the consent does not affect the legitimacy of processing made on the basis of the consent until the revocation.

Automated decision in the individual case inclusive of profiling
You have the right not to be bound to a decision exclusively based on automated processing – inclusive of profiling - that subjects you to legal effects or restricts you considerably. That does not apply (1) when the decision is required for the completion or the fulfilment of a contract between you and the controller, (2) when it is admissible due to statutory provisions of the European Union or the Member States the controller is subject to and these statutory provisions include appropriate measures to protect your rights and freedoms and your legitimate interests, or (3) when it is based on your explicit consent.

However, it is not permitted that such decisions are based on special categories of personal data in accordance with Art. 9 Par. 1  GDPR, unless Art. 9 Par. 2 lit. a or g does apply and appropriate measures for the protection of the rights and freedoms and your legitimate interests were taken. With regard to the cases mentioned in (1) and (3), the controller takes suitable steps to protect the rights and freedoms and your legitimate interests which at least includes the right to obtain the intervention by a person on behalf of the controller, the explanation of the own point of view and  contesting the decision.

Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or legal remedy, you have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your residence, your workplace or the location of the presumed breach if you are of the opinion that your personal data are processed in a manner violating the GDPR. The supervisory authority with which the complaint has been lodged will inform the complainant about the state and the results of the complaint inclusive of the possibility of legal remedies in accordance with Art. 78 GDPR.

Further data protection information 

In case you have further questions concerning data protection, do not hesitate to contact us. You find our contact data under numeral 2 of this data protection statement and in our imprint.
Diese Datenschutzerklärung wird zur Verfügung gestellt von RA Kai Harzheim, Hamburg – www.harzheim.eu

Auskunftsrecht
Sie haben ein Recht auf unentgeltliche Auskunft über Ihre gespeicherten Daten sowie gegebenenfalls ein Recht auf Berichtigung, Sperrung oder Löschung dieser Daten.
Wir dürfen Sie bitten, sich mit entsprechenden Anfragen an die im Impressum angegebene Adresse zu wenden. Sofern die bei uns zu Ihrer Person gespeicherten personenbezogenen Daten unrichtig sind, werden die Daten auf Ihren Hinweis selbstverständlich berichtigt.

Sie haben ferner das Recht, Ihre Einwilligung zur Speicherung personenbezogener Daten jederzeit mit Wirkung für die Zukunft zu widerrufen. Im Falle einer entsprechenden Mitteilung werden die zu Ihrer Person gespeicherten personenbezogenen Daten gelöscht, es sei denn, die betreffenden Daten werden zur Erfüllung unserer Pflichten aus dem Vertragsverhältnis noch benötigt oder gesetzliche Regelungen stehen einer Löschung entgegen. In diesem Fall tritt an die Stelle einer Löschung eine Sperrung der betreffenden personenbezogenen Daten.

Links auf Webseiten Dritter
Die von uns veröffentlichten Links werden sorgfältig recherchiert und zusammengestellt. Auf unseren Webseiten enthaltene Links zu anderen Webseiten, deren Inhalte nicht durch uns verwaltet bzw. beeinflusst werden können, machen wir uns nicht zu Eigen. Bei den Links handelt es sich lediglich um Hinweise auf andere Anbieter, die für ihren Internetauftritt selbst verantwortlich sind. Wir sind weder für die Richtigkeit und den Inhalt dieser Webseiten haftbar noch für die Inhalte, die über diese Webseiten bezogen werden können. Die verlinkte Seite der jeweiligen Webseite wurde zum Zeitpunkt der Verlinkung auf mögliche Rechtsverstöße überprüft. Eine permanente inhaltliche Kontrolle der verlinkten Seiten ist jedoch ohne konkrete Anhaltspunkte einer Rechtsverletzung nicht möglich oder zumutbar. Für fremde Inhalte sind wir nur dann verantwortlich, wenn wir davon positive Kenntnis haben und es technisch möglich und zumutbar ist, die Nutzung zu verhindern.

Verantwortlicher Ansprechpartner
Mit sämtlichen datenschutzrechtlichen Anfragen wenden Sie sich bitte an:

Rainer Kröpke
Innosicos GmbH
Kiebitzweg 2
22869 Schenefeld
Tel.: 0151-724637222
Fax: 040-840 555 28
eMail: rk@Innosicos.com