PRIVACY POLICY
With this privacy policy, we inform you about our processing of your personal data. We process personal data in accordance with the European General Data Protection Regulation (“GDPR”) and the German Federal Data Protection Act (Bundesdatenschutzgesetz – “BDSG”).
1. Who is responsible for data processing and who can I contact?Controller within the meaning of Art. 4 (7) GDPR is:
Dr. Joerg Ibach
Architekt AKNW / Industrialdesigner
Meisenburgstr. 71, D-45133 Essen
joerg.ibach(at)ibach.info
phone +49.177.4045280
2. For what purpose and on what legal basis is your personal data processed?
a) Fulfilment of contractual and precontractual obligations (Art. 6 (1) (b) GDPR)
The processing of personal data (Art. 4 No. 2 GDPR) is carried out to provide this website and to provide our services, in particular to conclude and process contracts, to invoice, to carry out precontractual measures, to answer enquiries in connection with relationship to visitors of this website and for all activities necessary for the operation and adminsituation of ibach.info.
The purposes of the data processing depend primarily on the concrete product. Further details on the purpose of data processing within the framework of contracts can be found in the respective contract documents and terms and conditions.
b) In the context of balancing interests (Art. (1) (f) GDPR)
In addition, we process your data to protect legitimate interests of us or of third parties such as, in particular, in the following cases:
• replying to your inquiries outside of a contract or precontractual measures;
• assertion of legal claims and defence in legal disputes;
• guaranteeing our IT security and IT operations;
• measures for business management and further development of products.
c) Based on your consent (Art. 6 (1) (a) GDPR)
If you have given us permission to process personal data for certain purposes, the lawfulness of this processing is given on the basis of your consent. A given consent can be revoked at any time. Please note that the revocation will only take effect in the future. Processing that took place before the revocation is not affected by this.
d) On the basis of legal requirements (Art. 6 (1) (c) GDPR)
In addition, this website might be subject to various legal obligations, i.e. legal requirements, which require the processing of data.
3. Website
When you visit this website, information is automatically sent to the server of this website by your browser. This information is temporarily stored in a socalled log file. The following information is collected without your intervention and stored until it is automatically deleted: IP address of the inquiring computer, date and time of the access, name and URL of the retrieved file, website from which the access follows („referrer URL“), if applicable the search engine used by you, browser used and if applicable the operating system of your computer as well as the name of your access provider.
The legal basis for this type of data processing is Art. 6 (1) (f) GDPR. The legitimate interests are in particular:
• ensuring a smooth connection of the website,
• ensuring comfortable use of our website,
• evaluation of system safety and stability,
• for other administrative purposes.
Technically necessary cookies are used on this website. The legal basis is Art. 6 (1) (f) GDPR. Our legitimate interest for doing so is enabling you to use this website. The data will not be combined with other personal data. There is no use of cookies for advertising or analysis purposes.
4. Applications
When you use the contact form, the data you enter will be collected. These are usually your contact data (title, first name, surname, e-mail address) and the data from your message, which you provide to us.
If you provide additional data, the processing of this voluntary data is based on your consent; the legal basis is then § 26 (2) BDSG or § 26 (3) BDSG (insofar as in individual cases special categories of personal data within the meaning of Art. 9 Para. 1 GDPR are concerned).
5. Who receives my data?
Individuals that need your data in order to fulfil contractual and legal obligations will have access to it.
We pass on data to the following categories of recipients if this is necessary to fulfil an existing contractual relationship between you and us or to implement precontractual measures (Art. 6 (1) (b) GDPR) or to safeguard legitimate interests (Art. 6 (1) (f) GDPR).
• IT service provider
• logistics service provider
• financial institutions for payment purposes
Insofar as processing is necessary to safeguard legitimate interests, for example when using logistics and IT services, it is a legitimate interest to outsource functions.
In addition, your personal data will be forwarded or transmitted if this is required by law (Art. 6 (1) (c) GDPR) or if you have consented (Art. 6 (1) (a) GDPR).
6. How long will my data be stored?
If necessary, your personal data will be processed and stored for the duration of a contractual relationship.
Log and cookies files are generally deleted after the end of the respective browser session, at the latest after seven days, unless their further storage is exceptionally necessary and lawful.
7. Which data protection rights do I have?
You have the right of access (Art. 15 GDPR), the right to rectification (Art. 16 GDPR), the right to erasure (Art. 17 GDPR), the right to limitation of processing (Art. 18 GDPR) and the right to data portability (Art. 20 GDPR). The restrictions according to§ 34 and § 35 BDSG apply to the right of access and the right of cancellation. You also have the right to object to data processing by us (Art. 21 GDPR). If the processing of your personal data is based on consent (Art. 6 (1) (a) GDPR), you can withdraw this at any time; the legality of data processing based on the consent until withdrawal remains unaffected by this.
Regardless of this, you have the right to file a complaint with a supervisory authority – in particular in the EU Member State where you are staying, working or allegedly infringed – if you believe that the processing of personal data concerning you violates the GDPR or other applicable data protection laws (Art. 77 GDPR, § 19 BDSG).
8. Are data transferred to a third country or to an international organisation?
It is not usually done – if, in exceptional cases, data is transferred to third countries (countries outside the European Economic Area – EEA), this is only done on the basis of an adequasi decision of the Commission or on the basis of standard contractual clauses of the Commission (available at https://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:039:0005:0018:EN:PDF) or binding corporate rules.
9. Is there automated decisionmaking in individual cases?
It is not usually done – should such procedures be used in individual cases, we will inform you separately if this is required by law.