Website data protection statement and at the same time information for data subjects pursuant to Article 13 and Article 14 of the EU General Data Protection Regulation

General Information

Information about the controller

Company: IITR Datenschutz GmbH
Legal representative: Dr. Sebastian Kraska, Eckehard Kraska
Address: Eschenrieder Str. 62c, 82194 Gröbenzell
Office Munich: Marienplatz 2, 80331 München
Contact details: email@iitr.de

General data processing information

Affected data:
Personal data is only collected if you communicate it to us yourself. Apart from that, no personal data is collected. Any processing of your personal data that goes beyond the scope of the statuto-ry permission is only possible on the basis of your express consent.

Processing purpose: Contract execution.
Categories of recipients: Public authorities in the event of priority legislation.
External service providers or other contractors.
Other external bodies in so far as the data subject has given his consent or a transmission is permitted due to a prevailing interest.
Third-country transfers: As part of contractual execution, processors could also be used outside the European Union.
Duration of data storage: The duration of data storage depends on the statutory storage re-quirements and is usually 10 years.

Specific information about the website

Website Log Files
When you visit our websites, your browser transmits certain data to our web server for technical reasons. The following data are recorded during an ongoing connection for communication between your internet browser and our web server:

  • Date and time of your request
  • Name of the requested file
  • Page from which the file was requested
  • Access status (file transferred, file not found, etc.)
  • Type and version of the browser and the operating system you use
  • Full IP address of the requesting computer
  • Quantity of data transferred

For reasons of technical security, in particular to prevent attacks on our web server, we store these data for a short period of time. It is impossible to discern the identity of individual persons based on this data. After a short period of time, the data is anonymized by shortening the IP address at the domain level, so that it is no longer possible to establish any reference to the individual user. The anonymized data will also be processed for statistical purposes. We don’t compare any data to data in other databases or forward them to third parties.

Use of a newsletter
When registering for our newsletter, you provide us with your email address and, on an optional basis, other information. We use these data solely for the purpose of sending you the newsletter. We retain the data that you disclose in your newsletter application until you cancel your subscription to our newsletter. You can unsubscribe at any time via the link in the newsletter intended for this purpose, or by sending us the appropriate notification. By unsubscribing, you revoke the use of your email address.

Blog
In our blog, you have the option of adding a personal comment to various articles. In addition to the mandatory fields, we also collect and store the comment text itself.

Generator
When using the various data protection generators, we collect the e-mail address of the enquirer for technical reasons. This is only used to carry out and execute the generators.

Chatbot
Together with technical protection measures to prevent automatic data transfer, this website uses a chatbot, which is based on data processing systems by Google and Kommunicate.io. If you activate chatbot, what can happen is that you place cookies from this third-party provider on your device as well as transfer data about your visitor and communication behavior to the servers of Google and Kommunicate.io.
We also use a custom-built AI-based chatbot in our privacy management products, which we host on our own servers so that personal data cannot be shared with third parties. After aggregation or de-identification, we use the data first to analyse the results and then to improve and develop the chatbot.

YouTube
We use Google Ireland Limited's ("Google") YouTube video embedding feature on our website on an opt-in basis. The feature typically displays videos stored on YouTube in an iFrame on the website. The "Extended privacy mode" option is enabled. This means that YouTube does not store any information about visitors to the site. Only when you decide to watch a video is information about that video sent to YouTube and stored there. Your information may be transferred to the United States. - You can withdraw your consent at any time.

Friendly Captcha
This website uses the captcha tool from Friendly Captcha GmbH (“Friendly Captcha”) on the basis of legitimate interest to protect against abusive access or spam attacks. This tool is used to prevent automated and abusive requests by “bots” by checking whether the requesting party is a natural person by means of a query in the background.

Matomo
We use Matomo, a web analysis service, to optimally design our website. To evaluate and analyze the use of our website, usage information is transmitted to our servers and stored for analysis. Your IP address will be shortened during this process and thus anonymized. If you want to prevent your data from being processed for data analysis purposes, you can object at any time. In this case, an opt-out cookie that does not contain any usage data is stored in your browser. As a result, Matomo will not collect any data from your current visit to our website.

 

 

Information about other data processing procedures

Specific information about the application process

Affected data: Application information
Processing Purpose: Implementation of application process
Categories of recipients: Public authorities in the event of priority legislation.
External service providers or other contractors.
Other external bodies in so far as the data subject has given his consent or a transmission is permitted due to a prevailing interest.
Third-country transfers: We do not use processors outside of the European Union.
Duration of data storage: Application data will generally be deleted within four months after communication of the decision, unless consent has been given for a longer period of data storage.


Specific information for the processing of customer data/prospective parties’ data

Affected data: Data communicated for contract execution; if necessary, addition-al data for processing on the basis of your express consent.
Processing Purpose: Contract execution.
Categories of recipients: Public authorities in the event of priority legislation.
External service providers or other contractors.
Other external bodies in so far as the data subject has given his consent or a transmission is permitted due to a prevailing interest.
Third-country transfers: We do not use processors outside of the European Union.
Duration of data storage: The duration of data storage depends on the statutory storage re-quirements and is usually 10 years.


Specific information on the processing of employee data

Affected data: Data communicated for contract execution; if necessary, addition-al data for processing on the basis of your express consent.
Processing Purpose: Contract execution.
Categories of recipients: Public authorities in the event of priority legislation.
External service providers or other contractors.
Other external bodies in so far as the data subject has given his consent or a transmission is permitted due to a prevailing interest.
Third-country transfers: We do not use processors outside of the European Union.
Duration of data storage: The duration of data storage depends on the statutory storage re-quirements and is usually 10 years.


Specific information for the processing of supplier data

Affected data: Data communicated for contract execution; if necessary, addition-al data for processing on the basis of your express consent.
Processing Purpose: Contract execution.
Categories of recipients: Public authorities in the event of priority legislation.
External service providers or other contractors.
Other external bodies in so far as the data subject has given his consent or a transmission is permitted due to a prevailing interest.
Third-country transfers: We do not use processors outside of the European Union.
Duration of data storage: The duration of data storage depends on the statutory storage re-quirements and is usually 10 years.


Specific information on using video conference/webinar software

Affected data: Data communicated when using video conference software/webinar software (especially first name, last name, email address; optional: audio transmission data; optional: video transmission data; optional: use of chat function); the data your system is technically required to process in order to establish a connection with the provider of the conference software
Processing Purpose: Conducting video conferences/webinars.
Categories of recipients: Public agencies where priority legal provisions exist. External service providers or other contractors, e.g., for data processing and hosting. Other external bodies insofar as the data subject has given his or her consent or transmission is permitted due to a prevailing interest.
Third-country transfers: Contract processors outside the European Union are used (in this case: the United States of America); the appropriate standard contract clauses have been concluded with the service provider
Duration of data storage: Video conferences can only be recorded if participants have provided documented consent in advance. The technical data will be deleted if they are no longer required. The duration of data storage depends on the statutory storage requirements and is usually 10 years.

 

Further information and contacts
In addition, you may invoke your rights to correction or deletion at any time, to restrict pro-cessing, to object to processing, and to data portability. Here you will find the option to contact us by email or letter. You also have the right to contact the data protection supervisory authority for complaints.

Get advice now

Call-back service

 

Arrange a consultation