I. Name and address of the person responsible
The responsible party within the meaning of the EU General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations is the:
Ideabay GmbH / Widenmayerstraße 10 / 80538 Munich
Phone: +49 89 21544639 / E-Mail: [email protected]
Data protection officer: Dr. Christian Szidzek
II. General information on data processing
1. Scope of the processing of personal data
As a matter of principle, we only process personal data of our users insofar as this is necessary for the provision of a functional website as well as our contents and services. The processing of personal data of our users is regularly only carried out with the consent of the user. An exception applies in those cases in which obtaining prior consent is not possible for actual reasons and the processing of the data is permitted by legal regulations.
2. Legal basis for the processing of personal data
Insofar as we obtain your consent for the processing of personal data, Art. 6 para. 1 lit. a DSGVO serves as the legal basis.
Insofar as the processing of personal data is necessary for the performance of a contract to which you are a party, Art. 6 (1) lit. b DSGVO serves as the legal basis. This also applies to processing operations that are carried out to implement pre-contractual measures in response to your request.
Insofar as the processing of personal data is necessary for the fulfilment of a legal obligation to which our company is subject, Art. 6 para. 1 lit. c DSGVO serves as the legal basis.
In the event that vital interests of the data subject or another natural person make it necessary to process personal data, Art. 6 (1) lit. d DSGVO serves as the legal basis.
If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1) lit. f DSGVO serves as the legal basis for the processing.
3. Data deletion and storage period
We store your data for as long as this is necessary for the provision of our online offer and the associated services or for the provision of our services or we have a legitimate interest in the continued storage. In all other cases, we delete your personal data with the exception of data that we must retain in order to comply with contractual or legal (e.g. tax or commercial) retention periods (e.g. invoices). Contractual retention periods may also result from contracts with third parties (e.g. holders of copyrights and ancillary copyrights). We block data that is subject to a retention period until the expiry of the period.
III. Disclosure of data to third parties; service providers
1. Disclosure of data to third parties
As a matter of principle, we will only disclose your personal data to third parties if this is necessary for the performance of the contract, if we or the third party have a legitimate interest in the disclosure or if we have your consent to do so. If data is transferred to third parties on the basis of a legitimate interest, this will be explained in these data protection provisions. In addition, data may be transferred to third parties if we are obliged to do so by law or by an enforceable official or court order.
2. Service provider
We reserve the right to use service providers for the collection and processing of data. Service providers only receive the personal data they require for their specific activities. For example, your email address may be passed on to a service provider so that they can deliver a newsletter that you have ordered. Service providers may also be commissioned to provide server capacity. Service providers are usually integrated as so-called order processors who may only process personal data of the users of this online offer according to our instructions.
3. Transfer of data to non-EEA countries
We also share personal data with third parties or processors located in non-EEA countries. In this case, we ensure before the transfer that either an adequate level of data protection exists at the recipient (e.g. through self-certification of the recipient for the EU-US Privacy Shield or the agreement of so-called EU standard contractual clauses of the European Union with the recipient) or that sufficient consent has been obtained from our users. You can obtain an overview of the recipients in third countries and a copy of the concretely agreed regulations to ensure the appropriate level of data protection from us. Please use the information in the Contact section for this purpose.
IV. Data collection when visiting our website
During the mere informational use of our website, i.e. if you do not register or otherwise transmit information to us, we only collect data that your browser transmits to our server (so-called "server log files"). When you call up our website, we collect the following data, which is technically necessary for us to display the website to you:
(1) Browser type and version
(2) Operating system used
(3) Referrer URL
(4) Host name of the accessing computer
(5) Time of the server request
(6) IP address
The data may also be stored in the log files of our system. This data is not stored together with other personal data of the user. The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 lit. f DSGVO. The temporary storage of the IP address by the system is necessary to enable delivery of the website to your computer. For this purpose, your IP address must remain stored for the duration of the session. The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. These purposes are also our legitimate interest in data processing according to Art. 6 para. 1 lit. f DSGVO.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.
Our internet pages use so-called "cookies". Cookies are small text files and do not cause any damage to your terminal device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or until they are automatically deleted by your web browser.
Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies are used to evaluate user behaviour or display advertising.
Cookies that are required to carry out the electronic communication process (necessary cookies) or to provide certain functions that you have requested (functional cookies, e.g. for the shopping basket function) or to optimise the website (e.g. cookies to measure the web audience) are stored on the basis of Art. 6 (1) lit. f DSGVO, unless another legal basis is specified. The website operator has a legitimate interest in storing cookies for the technically error-free and optimised provision of its services.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.
VI. Contact form and enquiries by e-mail, telephone or fax
Our website contains a contact form that can be used for electronic contact. If a user makes use of this option, the data entered in the input mask is transmitted to us and stored. These data are:
First name, last name, e-mail address, text of the message
The following data is also stored at the time the message is sent:
(1) The IP address of the user
(2) Date and time of registration
Alternatively, it is possible to contact us via the e-mail address, telephone or fax provided. In this case, the user's personal data transmitted by e-mail, telephone or fax will be stored.
In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation.
The legal basis for the processing of data is Art. 6 (1) lit. a DSGVO if the user has given his or her consent. The legal basis for the processing of data transmitted in the course of contacting us is Art. 6 para. 1 lit. f DSGVO. If the purpose of the contact is to conclude a contract, the additional legal basis for the processing is Art. 6 (1) lit. b DSGVO.
The processing of the personal data from the input mask serves us solely to process the contact. In the event of contact being made by e-mail, telephone or fax, this also constitutes the necessary legitimate interest in processing the data. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified. The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.
The user has the option to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he or she can object to the storage of his or her personal data at any time. In such a case, the conversation cannot be continued.
The user can object to the storage of his or her personal data at any time by contacting us via the email address provided above under point I email address provided above. All personal data stored in the course of contacting us will be deleted in this case.
VII. Web analysis services and tools
1. Web analysis through Matomo (formerly PIWIK)
We use the open source software tool Matomo (formerly PIWIK), a service of InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand, NZBN 6106769, ("Matomo") on our website to analyse the surfing behaviour of our users. The software sets a cookie on the user's computer (for cookies, see above). If individual pages of our website are called up, the following data is stored:
(1) Two bytes of the IP address of the calling system of the user
(2) The accessed web page
(3) The website from which the user has reached the accessed website (referrer)
(4) The subpages that are accessed from the accessed web page
(5) The length of stay on the website
(6) The frequency with which the website is accessed
The software runs exclusively on the servers of our website. Personal data of the users is only stored there. The data is not passed on to third parties.
The software is set in such a way that the IP addresses are not stored completely, but 2 bytes of the IP address are masked (e.g.: 192.168.xxx.xxx). In this way, it is no longer possible to assign the shortened IP address to the calling computer.
The legal basis for the processing of the users' personal data is Art. 6 para. 1 lit. f DSGVO. The processing of the users' personal data enables us to analyse the surfing behaviour of our users. By evaluating the data obtained, we are able to compile information on the use of the individual components of our website. This helps us to continuously improve our website and its user-friendliness. These purposes are also our legitimate interest in processing the data in accordance with Art. 6 Para. 1 lit. f DSGVO. By anonymising the IP address, the interest of users in the protection of their personal data is sufficiently taken into account.
The data is deleted as soon as it is no longer required for our recording purposes.
We offer our users the option of opting out of the analysis process on our website. To do this, you must follow the corresponding link. In this way, another cookie is set on their system, which signals to our system not to save the user's data. If the user deletes the corresponding cookie from their own system in the meantime, they must set the opt-out cookie again.
For more information on the privacy settings of the Matomo software, please see the following link: https://matomo.org/docs/privacy/.
2. Google Web Fonts
This site uses so-called web fonts provided by Google for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly.
For this purpose, the browser you use must connect to Google's servers. This enables Google to know that this website has been accessed via your IP address. The use of Google WebFonts is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the uniform presentation of the typeface on his website. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.
If your browser does not support web fonts, a standard font is used by your computer.
You have the option of subscribing to our newsletter, in which you will regularly receive free information about our services. You can revoke your corresponding consent at any time. For ordering our newsletters, we use the so-called double opt-in procedure, i.e. we will only send you newsletters by e-mail if you confirm in our notification e-mail by clicking on a link that you would like to receive our newsletters. If you confirm your wish to receive the newsletter, we will store your e-mail address, the time of registration and the IP address used for registration until you unsubscribe. The storage is solely for the purpose of sending you the newsletter and to be able to prove your registration. You can unsubscribe from the newsletter at any time. A corresponding unsubscribe link can be found in every newsletter. A message to the contact details given above or in the newsletter (e.g. by e-mail or letter) is of course also sufficient for this purpose. The legal basis for the aforementioned data processing is your consent pursuant to Art. 6 Para. 1 a) DSGVO.
IX. Handling applicant data and documents
We offer you the opportunity to apply to us (e.g. on our website, by e-mail or post). In the following, we inform you about the scope, purpose and use of your personal data collected as part of the application process. We assure you that the collection, processing and use of your data will be carried out in accordance with applicable data protection law and all other statutory provisions and that your data will be treated in strict confidence.
1. Scope and purpose of data collection
If you transmit us an application, we process your associated personal data (e.g. contact and communication data, application documents, notes in the context of job interviews, etc.) to the extent that this is necessary to decide on the establishment of an employment relationship. The personnel data are stored and processed in personnel data processing systems. The legal basis for this is § 26 BDSG-neu under German law (initiation of an employment relationship), Art. 6 para. 1 lit. b DSGVO (general contract initiation) and - if you have given your consent - Art. 6 para. 1 lit. a DSGVO. The consent can be revoked at any time. Your personal data will only be passed on within our company to persons who are involved in processing your application.
If the application is successful, the data submitted by you will be stored in our data processing systems on the basis of § 26 BDSG-neu and Art. 6 para. 1 lit. b DSGVO for the purpose of implementing the employment relationship.
2. Retention period of the data
If we are unable to make you a job offer, if you reject a job offer or withdraw your application, we reserve the right to retain the data you have provided on the basis of our legitimate interests (Art. 6 para. 1 lit. f DSGVO) for up to 6 months from the end of the application process (rejection or withdrawal of the application). The data will then be deleted and the physical application documents destroyed. This storage serves in particular as evidence in the event of a legal dispute. If it is evident that the data will be required after the 6-month period has expired (e.g. due to an impending or pending legal dispute), the data will only be deleted when the purpose for continued storage no longer applies.
Longer storage may also take place if you have given your consent (Art. 6 para. 1 lit. a DSGVO) or if legal storage obligations prevent deletion.
X. Rights of the data subject
The applicable data protection law grants you comprehensive data subject rights (rights of access and intervention) vis-à-vis the controller with regard to the processing of your personal data, which we inform you about below:
1. Right to information pursuant to Art. 15 DSGVO
In particular, you have the right to obtain information about your personal data processed by us, the purposes of processing, the categories of personal data processed, the recipients or categories of recipients to whom your data have been or will be disclosed, the planned storage period or criteria for determining the storage period, the existence of a right to rectification, erasure, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data if it is not processed by us. the criteria for determining the storage period, the existence of a right to rectification, erasure, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data if it has not been collected from you by us, the existence of automated decision-making including profiling and, if applicable, meaningful information about the logic involved and the scope and intended effects of such processing concerning you, as well as your right to be informed about which guarantees exist in accordance with Art. 46 of the GDPR if your data is transferred to third countries;
2. Right to rectification pursuant to Art. 16 DSGVO
You have the right to have any incorrect data relating to you corrected without delay and/or to have any incomplete data stored by us completed;
3. Right to erasure pursuant to Art. 17 DSGVO
You have the right to request the deletion of your personal data if the conditions of Art. 17 (1) DSGVO apply. However, this right does not exist in particular if the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;
4. Right to restriction of processing pursuant to Art. 18 DSGVO
You have the right to request the restriction of the processing of your personal data as long as the accuracy of your data that you dispute is being verified, if you refuse the deletion of your data due to unlawful data processing and instead request the restriction of the processing of your data, if you require your data for the assertion, exercise or defence of legal claims after we no longer need this data after the purpose has been achieved or if you have lodged an objection on the grounds of your particular situation as long as it has not yet been determined whether our legitimate grounds prevail;
5. Right to information pursuant to Art. 19 of the GDPR
If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients.
6. Right to data portability pursuant to Art. 20 DSGVO
You have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format or to request that it be transferred to another controller, insofar as this is technically feasible;
7. Right to revoke consent granted pursuant to Art. 7 (3) DSGVO
You have the right to revoke your consent to the processing of data at any time with effect for the future. In the event of revocation, we will immediately delete the data concerned unless further processing can be based on a legal basis for processing without consent. The revocation of consent shall not affect the lawfulness of the processing carried out on the basis of the consent until the revocation;
8. Right to lodge a complaint pursuant to Art. 77 GDPR
If you believe that the processing of personal data concerning you violates the GDPR, you have the right - without prejudice to any other administrative or judicial remedy - to lodge a complaint with the supervisory authority responsible for us. Alternatively, you can contact the data protection authority in your place of residence, which will then forward your concern to the competent authority.
Due to our registered office in Munich, the supervisory authority responsible for us is:
Bavarian State Office for Data Protection Supervision (BayLDA), Promenade 27, D-91522 Ansbach
9. Right of objection TO THE COLLECTION OF DATA IN SPECIFIC CASES AND TO DIRECT MARKETING (ART. 21 GDPR)
IF WE PROCESS YOUR PERSONAL DATA WITHIN THE FRAMEWORK OF A BALANCING OF INTERESTS ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE AT ANY TIME ON GROUNDS ARISING FROM YOUR PARTICULAR SITUATION.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO CONTINUE PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR PROCESSING THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING IS FOR THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS.
IF WE PROCESS YOUR PERSONAL DATA FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH MARKETING. YOU CAN EXERCISE THE OBJECTION AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.
XI. Further information and contacts
If you have any further questions on the subject of data protection, please contact us via the contact address given above under point I above.