I. Name and address of the person responsible
The responsible party within the meaning of the EU General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations is:
Kim Brand-Esslinger / Herzog-Heinrich-Str. 15 / 80336 Munich
II. Privacy information about visiting our website
1. General information on data processing
1.1 Scope of the processing of personal data
As a matter of principle, we only process personal data of our users insofar as this is necessary for the provision of a functional website as well as our contents and services. The processing of personal data of our users is regularly only carried out with the consent of the user. An exception applies in those cases in which obtaining prior consent is not possible for actual reasons and the processing of the data is permitted by legal regulations.
1.2 Legal basis for the processing of personal data
Insofar as we obtain your consent for the processing of personal data, Art. 6 para. 1 lit. a DSGVO serves as the legal basis.
Insofar as the processing of personal data is necessary for the performance of a contract to which you are a party, Art. 6 (1) lit. b DSGVO serves as the legal basis. This also applies to processing operations that are carried out to implement pre-contractual measures in response to your request.
Insofar as the processing of personal data is necessary for the fulfilment of a legal obligation to which our company is subject, Art. 6 para. 1 lit. c DSGVO serves as the legal basis.
In the event that vital interests of the data subject or another natural person make it necessary to process personal data, Art. 6 (1) lit. d DSGVO serves as the legal basis.
If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1) lit. f DSGVO serves as the legal basis for the processing.
1.3 Data deletion and storage period
We store your data for as long as this is necessary for the provision of our online offer and the associated services or for the provision of our services or we have a legitimate interest in the continued storage. In all other cases, we delete your personal data with the exception of data that we must retain in order to comply with contractual or legal (e.g. tax or commercial) retention periods (e.g. invoices). Contractual retention periods may also result from contracts with third parties (e.g. holders of copyrights and ancillary copyrights). We block data that is subject to a retention period until the expiry of the period.
2. Disclosure of data to third parties; service providers
2.1 Disclosure of data to third parties
As a matter of principle, we will only disclose your personal data to third parties if this is necessary for the performance of the contract, if we or the third party have a legitimate interest in the disclosure or if we have your consent to do so. If data is transferred to third parties on the basis of a legitimate interest, this will be explained in these data protection provisions. In addition, data may be transferred to third parties if we are obliged to do so by law or by an enforceable official or court order.
2.2 Service provider
We reserve the right to use service providers for the collection and processing of data. Service providers only receive the personal data they require for their specific activities. For example, your email address may be passed on to a service provider so that they can deliver a newsletter that you have ordered. Service providers may also be commissioned to provide server capacity. Service providers are usually integrated as so-called order processors who may only process personal data of the users of this online offer according to our instructions.
2.3 Transfer of data to non-EEA countries
We also share personal data with third parties or processors located in non-EEA countries. In this case, we ensure before the transfer that either an adequate level of data protection exists at the recipient (e.g. through self-certification of the recipient for the EU-US Privacy Shield or the agreement of so-called EU standard contractual clauses of the European Union with the recipient) or that sufficient consent has been obtained from our users. You can obtain an overview of the recipients in third countries and a copy of the concretely agreed regulations to ensure the appropriate level of data protection from us. Please use the information in the Contact section for this purpose.
3. Use of the website
During the mere informational use of our website, i.e. if you do not register or otherwise transmit information to us, we only collect data that your browser transmits to our server (so-called "server log files"). When you call up our website, we collect the following data, which is technically necessary for us to display the website to you:
(1) Browser type and version
(2) Operating system used
(3) Referrer URL
(4) Host name of the accessing computer
(5) Time of the server request
(6) IP address
The data may also be stored in the log files of our system. This data is not stored together with other personal data of the user. The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 lit. f DSGVO. The temporary storage of the IP address by the system is necessary to enable delivery of the website to your computer. For this purpose, your IP address must remain stored for the duration of the session. The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. These purposes are also our legitimate interest in data processing according to Art. 6 para. 1 lit. f DSGVO.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.
Our internet pages use so-called "cookies". Cookies are small text files and do not cause any damage to your terminal device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or until they are automatically deleted by your web browser.
Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies are used to evaluate user behaviour or display advertising.
Cookies that are required to carry out the electronic communication process (necessary cookies) or to provide certain functions that you have requested (functional cookies, e.g. for the shopping basket function) or to optimise the website (e.g. cookies to measure the web audience) are stored on the basis of Art. 6 (1) lit. f DSGVO, unless another legal basis is specified. The website operator has a legitimate interest in storing cookies for the technically error-free and optimised provision of its services.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.
You have the option of subscribing to our newsletter, in which you will regularly receive free information about our services. You can revoke your corresponding consent at any time. For ordering our newsletters, we use the so-called double opt-in procedure, i.e. we will only send you newsletters by e-mail if you confirm in our notification e-mail by clicking on a link that you would like to receive our newsletters. If you confirm your wish to receive the newsletter, we will store your e-mail address, the time of registration and the IP address used for registration until you unsubscribe. The storage is solely for the purpose of sending you the newsletter and to be able to prove your registration. You can unsubscribe from the newsletter at any time. A corresponding unsubscribe link can be found in every newsletter. A message to the contact details given above or in the newsletter (e.g. by e-mail or letter) is of course also sufficient for this purpose. The legal basis for the aforementioned data processing is your consent pursuant to Art. 6 Para. 1 a) DSGVO.
Information on data protection regarding the processing of prospective customer data and customer data at Ideabay GmbH in accordance with Articles 13, 14 and 21 of the General Data Protection Regulation (DSGVO)
1. purposes and legal bases of processing
We process your personal data in accordance with the provisions of the European Data Protection Regulation (EU-DSGVO) and the German Federal Data Protection Act (BDSG), insofar as this is necessary for the establishment, implementation or performance of a contract or for the implementation of pre-contractual measures. Insofar as the provision of personal data is required for the initiation or implementation of a contractual relationship or in the context of the implementation of pre-contractual measures, processing is lawful pursuant to Art. 6 (1) lit. b DSGVO. If you give us express consent to process personal data for specific purposes (e.g., disclosure to third parties, evaluation for marketing purposes or promotional approaches), the lawfulness of this processing is based on your consent pursuant to Art. 6 (1) a DSGVO. Consent given can be revoked at any time, with effect for the future (see section 9 of this data protection information).
If necessary and legally permissible, we process your data beyond the actual contractual purposes for the fulfillment of legal obligations pursuant to Art. 6 para. 1 lit. c DSGVO. In addition, processing may be carried out to protect the legitimate interests of us or third parties in accordance with Art. 6 (1) f DSGVO. If necessary, we will inform you separately, stating the legitimate interest, insofar as this is required by law.
2. categories of personal data
We only process data that is necessary for the execution of the contract or for pre-contractual measures. This may be general data about you or persons in your company (name, address, contact details, etc.) as well as, if applicable, other data that you provide to us in the course of the initiation and establishment of the contractual relationship for its implementation.
3. sources of the data
We only process personal data that we have collected directly from you or that you have provided to us. Data collection via third parties does not take place.
4. recipients of the data
We only pass on your personal data within our company to those areas and persons who need this data to fulfill contractual and legal obligations or to implement our legitimate interests.
In addition, we use service providers in certain areas who process personal data on our behalf. In these cases, we ensure that the processing of personal data is carried out in accordance with the provisions of Article 28 DSGVO. Proper order processing contracts in accordance with Article 28 of the GDPR are in place with all processors.
This applies in particular to service providers for sales software and customer management systems and software (CRM) as well as project support applications.
Otherwise, data is only forwarded to recipients outside the company if this is required by law, if the forwarding is necessary for the processing and thus the fulfillment of the contract or, at your request, for the implementation of pre-contractual measures, if we have your consent or if we are authorized to provide information. Under these conditions, recipients of personal data may be, for example:
Public bodies and institutions (e.g. public prosecutor's office, police, supervisory authorities, tax office) if there is a legal or official obligation
Recipients to whom the disclosure is directly necessary for the purpose of establishing or fulfilling a contract
5. transmission to a third country
A transfer of personal data to countries outside the EEA (European Economic Area) or to an international organization only takes place to the extent that this is necessary for the processing and thus the fulfillment of the contract or, at your request, for the implementation of pre-contractual measures, the transfer is required by law or you have given us consent. In these cases, the recipients may include specific development platforms.
6. duration of data storage
As far as necessary, we process and store your personal data for the duration of our business relationship or for the fulfillment of contractual purposes. This includes, among other things, the initiation and execution of a contract. If a contract is not concluded with you, we delete your data after a period of 6 months following the end of the contractual negotiations.
In addition, we are subject to various storage and documentation obligations, which result, among other things, from the German Commercial Code (HGB) and the German Fiscal Code (AO). The periods prescribed there for storage or documentation are two to ten years.
Finally, the storage period is also based on the statutory limitation periods, which, for example, according to §§ 195 et seq. of the German Civil Code (BGB), are generally three years, but in certain cases can be up to thirty years. This is based on our legitimate interest in pursuing or defending legal claims.
7. Necessities of the provision of personal data
As a rule, the provision of personal data for the purpose of establishing, implementing or fulfilling a contract or for the performance of pre-contractual measures is not required by law or contract. You are therefore not obliged to provide personal data. Please note, however, that these are usually required for the decision on the conclusion of a contract, the performance of the contract or for pre-contractual measures. If you do not provide us with personal data, we may not be able to make a decision within the scope of contractual measures. We recommend that you only ever provide personal data that is required for the conclusion of the contract, the fulfillment of the contract or for pre-contractual measures.
IV. Rights of the data subject
The applicable data protection law grants you comprehensive data subject rights (rights of access and intervention) vis-à-vis the controller with regard to the processing of your personal data, which we inform you about below:
1. Right to information pursuant to Art. 15 DSGVO
In particular, you have the right to obtain information about your personal data processed by us, the purposes of processing, the categories of personal data processed, the recipients or categories of recipients to whom your data have been or will be disclosed, the planned storage period or criteria for determining the storage period, the existence of a right to rectification, erasure, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data if it is not processed by us. the criteria for determining the storage period, the existence of a right to rectification, erasure, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data if it has not been collected from you by us, the existence of automated decision-making including profiling and, if applicable, meaningful information about the logic involved and the scope and intended effects of such processing concerning you, as well as your right to be informed about which guarantees exist in accordance with Art. 46 of the GDPR if your data is transferred to third countries;
2. Right to rectification pursuant to Art. 16 DSGVO
You have the right to have any incorrect data relating to you corrected without delay and/or to have any incomplete data stored by us completed;
3. Right to erasure pursuant to Art. 17 DSGVO
You have the right to request the deletion of your personal data if the conditions of Art. 17 (1) DSGVO apply. However, this right does not exist in particular if the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;
4. Right to restriction of processing pursuant to Art. 18 DSGVO
You have the right to request the restriction of the processing of your personal data as long as the accuracy of your data that you dispute is being verified, if you refuse the deletion of your data due to unlawful data processing and instead request the restriction of the processing of your data, if you require your data for the assertion, exercise or defence of legal claims after we no longer need this data after the purpose has been achieved or if you have lodged an objection on the grounds of your particular situation as long as it has not yet been determined whether our legitimate grounds prevail;
5. Right to information pursuant to Art. 19 of the GDPR
If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients.
6. Right to data portability pursuant to Art. 20 DSGVO
You have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format or to request that it be transferred to another controller, insofar as this is technically feasible;
7. Right to revoke consent granted pursuant to Art. 7 (3) DSGVO
You have the right to revoke your consent to the processing of data at any time with effect for the future. In the event of revocation, we will immediately delete the data concerned unless further processing can be based on a legal basis for processing without consent. The revocation of consent shall not affect the lawfulness of the processing carried out on the basis of the consent until the revocation;
8. Right to lodge a complaint pursuant to Art. 77 GDPR
If you believe that the processing of personal data concerning you violates the GDPR, you have the right - without prejudice to any other administrative or judicial remedy - to lodge a complaint with the supervisory authority responsible for us. Alternatively, you can contact the data protection authority in your place of residence, which will then forward your concern to the competent authority.
The supervisory authority responsible for Munich is:
Bavarian State Office for Data Protection Supervision (BayLDA), Promenade 27, D-91522 Ansbach
9. RIGHT OF OBJECTION TO THE COLLECTION OF DATA IN SPECIFIC CASES AND TO DIRECT MARKETING (ART. 21 GDPR)
IF WE PROCESS YOUR PERSONAL DATA WITHIN THE FRAMEWORK OF A BALANCING OF INTERESTS ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE AT ANY TIME ON GROUNDS ARISING FROM YOUR PARTICULAR SITUATION.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO CONTINUE PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR PROCESSING THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING IS FOR THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS.
IF WE PROCESS YOUR PERSONAL DATA FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH MARKETING. YOU CAN EXERCISE THE OBJECTION AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.
V. Further information and contacts
If you have any further questions on the subject of data protection, please contact us via the contact address given above under point I above.