This data protection declaration explains the type, scope and purpose of the processing of personal data (hereinafter referred to as “data”) collected from our online offering and associated websites, services and contents as well as any of our external online presence, e.g., our social media profile (hereinafter jointly referred to as “online offering”). With regard to the terms used, such as “personal data” or their “processing,” we refer to the definitions in Art. 4 of the European General Data Protection Regulation (GDPR).
Responsible for Integration Matters Inc.
c/o Wuersch & Gering LLP, 100 Wall Street, 10th Floor, New York, NY 10005, USA
Department of State (DOS) ID 4916718
CEO: Abdelghani Faiz
Responsible for Faiz & Siegeln Software GmbH
Address: Hüttenstr. 50, 45527 Hattingen, Germany
Commercial Register: Amtsgericht Essen: HRB 24061
Managing Directors: Abdelghani Faiz, Hendrik Siegeln
Phone: +49 (0) 2324 / 569 77-0
Types of data processed:
- Master data (e.g., names, addresses).
- Contact data (e.g., e-mail, phone numbers).
- Content data (e.g., text input, photographs, videos).
- Usage data (e.g., visited websites, preferred content, access times).
- Meta-/communication data (e.g., device information, IP addresses).
Processing of special categories of data (Art. 9 (1) GDPR):
- No special categories of data are processed.
Processing categories of affected individuals:
- Visitors und users of our online offerings. Hereinafter, the persons concerned will be referred to as “users.”
Purpose of processing:
- Providing online content and services.
- Responding to user requests and communicating with users.
- Measurement of reach, marketing.
- Security measures.
We additionally process
- Contract data (e.g., contractual matters, duration, customer category).
- Payment data (e.g., bank details, payment history)
from our customers, potential clients and business partners for the purpose of providing contractual services, service and customer care, marketing, advertising and market research.
Last updated: 03.12.2019
Relevant legal framework
In accordance with Art. 13 GDPR, we are notifying you of the legal grounds on which we base our data processing. If the legal framework is not mentioned in the data protection declaration, the following applies: The legal basis for obtaining consent is established by Art. 6 (1) (a) and Art. 7 GDPR, the legal basis for processing data in order to fulfil our services and carry out contractual measures as well as to answer inquiries is established by Art. 6 (1) (b) GDPR, the legal basis for processing data to fulfil our legal obligations is established by Art. 6 (1) © GDPR, and the legal basis for processing data to protect our legitimate interests (legitimate reason for using the data) is established by Art. 6 (1) (f) GDPR. In the event that the vital interests of the concerned individual or another natural person require the processing of personal data, Article 6(1) (d) GDPR serves as the legal basis.
In accordance with Art. 32 GDPR and taking into account the current state of technology, implementation costs and the nature, scope, circumstances and purposes of processing as well as the probability of occurrence and severity of risk to the rights and freedoms of natural persons, we take suitable technical and organizational measures to ensure a level of protection appropriate to the risk. Such measures in particular include ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access, input, transmission, security of availability and its deletion. Furthermore, we have established procedures to ensure the awareness of rights, deletion of data and response to data threats. In addition, we take into account the protection of personal data during the development or selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and data-protection-friendly presets (Art. 25 GDPR). The security measures include in particular the encrypted transmission of data between your browser and our server.
Cooperation with outsourced processors and third parties
If, during our processing, we disclose data to other persons and companies (contracted processors or third parties) transmit it to them or otherwise grant them access to the data, this shall only occur as legally permitted (e.g., if a transmission of the data to third parties, such as payment service providers, in accordance with Art. 6 (1) (b) GDPR, is necessary for contract fulfilment), if you have consented, if a legal requirement stipulates this or on the basis of our legitimate interests (e.g., when using appointees, web hosts, etc.). If we commission third parties with the processing of data based on a so-called “order processing contract”, this is done on the basis of Art. 28 GDPR.
Transfers to third countries
If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs due to the use of third-party services or disclosure or transfer of data to third parties, this only takes place if it is necessary for the fulfilment of our (pre)contractual obligations, based on your consent, a legal requirement or our legitimate interests. Subject to legal or contractual permissions, we process or place the data in a third country only if the special requirements of Art. 44 ff. GDPR are fulfilled. This means, for example, processing is carried out with special guarantees, such as the officially recognized determination of an EU-conform data protection level (e.g., for the USA by the “Privacy Shield”) or compliance with officially recognized special contractual requirements (so-called “standard contractual clauses”).
Rights of involved persons
In accordance with Art. 15 GDPR, you have the right to request confirmation as to whether the involved data are being processed and to request information about these data as well as further information and a copy of the data. In accordance with Article 16 of the GDPR, you have the right to request that the data concerning you be completed or inaccurate data corrected. In accordance with Art. 17 GDPR, you have the right to demand that relevant data be immediately deleted or, alternatively, in accordance with Art. 18 GDPR, to demand the processing of the data be limited. In accordance with Art. 20 GDPR, you have the right to request the data you provided to us that concerns you and to request its transmission to other responsible persons. In accordance with Art. 77 GDPR, you also have the right to file a complaint with the relevant supervisory authority.
Right of revocation
You have the right to revoke granted permission pursuant to Art. 7 (3) GDPR for the future.
Right to object
You can object at any time to the future processing of data concerning you in accordance with Art. 21 GDPR. The objection may be lodged in particular against processing for direct marketing purposes.
Cookies and the right to object to direct advertising
The data processed by us will be deleted or their processing restricted in accordance with Articles 17 and 18 GDPR. Unless expressly stated in this data protection declaration, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory storage requirements. If the data are not deleted because they are necessary for other and legally permissible purposes, their processing is limited. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons.
In accordance with statutory requirements, records are kept for 6 years in accordance with § 257 (1) HGB (German commercial code) (trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) and for 10 years in accordance with § 147 (1) AO (German fiscal code) (books, records, management reports, accounting documents, commercial and business letters, documents relevant for taxation, etc.).
We process master data (e.g., names and addresses as well as contact data of users), contract data (e.g., services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services pursuant to Art. 6 (1) (b) GDPR. The entries marked on online forms as obligatory are required to conclude the contract.
Customers can optionally create a user account by downloading software and manuals and making use of services. During the registration process, the required information will be communicated to users. User accounts are not public and cannot be indexed by search engines. If users terminate their user account, their user account data will be deleted, subject to its storage being necessary for commercial or tax reasons according to Art. 6 (1) © GDPR. It is up to users to save their data before their contract ends once they have given notice of termination. We are entitled to irretrievably delete all user data stored during the term of the contract.
When registering, re-registering and using our online services, we store the IP address and the time of the respective user action. The data is stored based on our legitimate interests as well as to protect users against misuse and other unauthorized use. A transfer of this data to third parties will not occur, unless it is necessary for the pursuit of our claims or if there is a legal obligation according to Art. 6 (1) © GDPR.
We process usage data in a user profile (e.g., the visited websites of our online offering, interest in our products) and content data (e.g., entries in the contact form or user profile) for advertising purposes in order to offer the user, for example, product information based on their previously used services.
Deletion takes place after expiration of statutory warranty and comparable requirements; the necessity to store data is checked every three years; in the case of statutory archiving requirements, deletion takes place after their expiration (end of commercial law (6 years) and tax law (10 years) storage requirements); information in the customer account remain until their deletion.
Administration, financial accounting, office organization, contact management
We process data as part of administrative tasks as well as the organization of our company, financial accounting and compliance with legal requirements, e.g., archiving. We process the same data that we process in the course of providing our contractual services. The processing is based on Art. 6 (1) © GDPR, Art. 6 (1) (f) GDPR. Customers, prospective clients, business partners and website visitors are affected by the processing. The purpose and our interest in processing lies in the administration, financial accounting, office organization and archiving of data; thus tasks which serve to maintain our business activities, complete our tasks and provide our services. The deletion of data with regard to contractual services and communication corresponds to the information provided as processing operations. We disclose or transmit data to tax authorities consultants such as tax advisors or auditors, as well as other payment offices and payment service providers.
Furthermore, we store information on suppliers, event organizers and other business partners based on our business interests, e.g., for the purpose of contacting at a later date. We store this data, which is mainly company-related, permanently.
When contacting us (via contact form, e-mail, phone or social media), the user’s input is stored for processing the contact enquiry in accordance with Art. 6 (1) (b) GDPR. User information may be stored in our Customer Relationship Management System (“CRM System”) or comparable system. We delete the requests when they are no longer necessary. We review this requirement every two years; statutory archiving regulations also apply.
We use the CRM system “SugarCRM” from SugarCRM Inc. (10050 N Wolfe Rd, Cupertino, CA 95014, USA) based on our legitimate interests (efficient and fast processing of user inquiries). The data protection regulations of the CRM provider can be viewed here: https://www.sugarcrm.com/legal/privacy-policy. To this end, we have entered into a contract with SugarCRM with so-called standard contractual clauses in which SugarCRM strives to process user data only in accordance with our instructions and to comply with EU data protection levels. SugarCRM is also certified under the Privacy Shield Agreement and thus offers an additional guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TNjnAAG).
Comments and input
If users leave comments or other input, their IP addresses will be saved for 7 days based on our legitimate interests pursuant to the definition of Art. 6 (1) (f) GDPR.
This is for our safety, in case someone posts illegal comments and content (insults, forbidden political propaganda, etc.). In this case we ourselves can be prosecuted for the comment or content and are therefore interested in the identity of the author.
The following information informs you about the contents of our newsletter as well as the registration, shipment and statistical evaluation procedures and your right to appeal. By subscribing to our newsletter, you agree to its receipt and the procedures described.
Content of the newsletter: We send newsletters, e-mails and other electronic notifications containing advertising information (hereinafter “newsletter”) only with consent of the recipients or legal permission. If the contents of a newsletter are correctly described as part of a registration, they presuppose the consent of the user. In addition, our newsletters contain information about our services and company.
Double opt-in and documentation: Registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registration you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that no one can register with another e-mail address. Subscriptions to the newsletter are documented order to be able to verify that the registration process was implemented in accordance with legal requirements. This includes storage of the login and confirmation time, as well as the IP address. Changes to your data stored with the delivery service provider are also documented.
Registration: To subscribe to the newsletter, please enter your e-mail address and, to personally address you, your name.
The delivery of the newsletter and performance measurements associated with it are based on the recipient’s consent pursuant to Art. 6 (1) (a), Art. 7 GDPR in conjunction with § 7 para. 2 no. 3 UWG (unfair competition law) or on the basis of legal permission pursuant to § 7 para. 3 UWG.
The registration procedure is recorded in accordance with our legitimate interests pursuant to Art. 6 (1) (f) GDPR. We are interested in the use of a user-friendly and secure newsletter system that serves both our business interests and the expectations of users and also allows us to provide proof of consent.
Cancellation/Revocation - You can cancel the receipt of our newsletter at any time, i.e., revoke your consent. You will find a link to cancel the newsletter at the end of each newsletter. Based on our legitimate interests, we may store the unsubscribed e-mail addresses for up to three years before we delete them in order to be able to prove that consent was previously given. The processing of these data are limited to use as a possible defense against claims. An individual application for deletion is possible at any time, provided that the existence of a former consent is confirmed at the same time.
Newsletter – Mailchimp
The newsletter is sent by the mail service provider “MailChimp”, a newsletter delivery platform from the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. The data protection regulations of the delivery service provider can be viewed here: https://mailchimp.com/legal/privacy/. The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection levels (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG). The delivery service provider is used based on our legitimate interests according to Art. 6 (1) (f) GDPR and an order processing contract according to Art. 28 (3) (1) GDPR.
The delivery service provider can use the recipient’s data in pseudonymous form, i.e., without assignment to a user, to optimize or improve its own services, e.g., to technically optimize the transmission and presentation of the newsletter or for statistical purposes. However, the delivery service does not use the data of our newsletter recipients to write to them or to send the data on to third parties.
Newsletter – Performance Measurement
The newsletters contain a so-called “web-beacon”, i.e., a pixel-sized file which is downloaded from our server when the newsletter is opened or, if we use a delivery service provider, from their server. As part of this, technical information, such as information about your browser and system as well as your IP address and time of retrieval are collected.
This information is used to technically improve the services based on the technical data or the target groups and their reading behavior based on their locations (which can be determined using their IP address) or access times. The statistical surveys also include determination of whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to individual newsletter recipients. However, it is neither our endeavor, nor, if used, that of the delivery service provider, to observe individual users. The evaluations serve more to recognize the reading habits of our users and to adapt our contents to them or to send different content according to their interests.
The hosting services we use serve to provide the following: infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we use for the purpose of operating this online offering.
We or our hosting provider process master data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors of this online offering based on our legitimate interests to efficiently and securely provide this online offering according to Art. 6 (1) (f) GDPR in conjunction with Art. 28 GDPR (conclusion of order processing contract).
Collection of access data and log files
We collect data based on our legitimate interests as outlined by Art. 6 (1) (f) GDPR with each access to the server on which this service is located (so-called server log files). Access data include the name of the accessed website, file, date and time of access, transferred data volume, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.
Log file information is stored for a maximum of seven days for security reasons (e.g., to investigate misuse or fraud) and then deleted. Further storage of data that is required for evidentiary purposes are excluded from deletion until the respective incident has been finally clarified.
Online presence in social media
Based on our legitimate interests and as outlined by Art. 6 (1) (f) GDPR, we maintain online presence within social networks and platforms to communicate and inform about our services customers, interested parties and users who are active there. When accessing the respective networks and platforms, the terms and conditions and the data processing guidelines of their respective providers apply.
Google is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI).
Google will use this information on our behalf to evaluate the use of our online offering by users, to compile reports on activities within this online offering and to provide us with further services associated with the use of this online offering and the use of internet. Pseudonymous user profiles may be created from the processed data.
We use Google Analytics only with IP enabled anonymization. This means that Google will shorten the IP address of users within Member States of the European Union or in other states in the European Economic area which are party to the agreement . Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
The IP address transmitted by the user’s browser is not merged with other Google data. Users can prevent the storage of cookies by setting their browser software accordingly; users can also prevent Google from collecting the data generated by the cookie and related to their use of the online offering and the processing of this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
For further information about Google’s data usage, settings and opt-out options, visit Google’s websites: https://www.google.com/intl/de/policies/privacy/partners (“Google’s data usage when using our partners’ websites or apps”), https://policies.google.com/technologies/ads (“Data use for advertising purposes”), https://adssettings.google.com/authenticated (“Manage information that Google uses to show you advertising”).
In addition, personal data will be anonymized or deleted after a period of 14 months.
This website has integrated components of YouTube. YouTube is an Internet video portal that enables video publishers to set video clips and other users free of charge, which also provides free viewing, review and commenting on them. YouTube allows you to publish all kinds of videos, so you can access both full movies and TV broadcasts, as well as music videos, trailers, and videos made by users via the Internet portal.
The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. The YouTube, LLC is a subsidiary of Google LLC, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
With each call-up to one of the individual pages of this Internet site, which is operated by the controller and on which a YouTube component (YouTube video) was integrated, the Internet browser on the information technology system of the data subject is automatically prompted to download a display of the corresponding YouTube component. Further information about YouTube may be obtained under https://www.youtube.com/intl/en419/about/. During the course of this technical procedure, YouTube and Google gain knowledge of what specific sub-page of our website was visited by the data subject.
If the data subject is logged in on YouTube, YouTube recognizes with each call-up to a sub-page that contains a YouTube video, which specific sub-page of our Internet site was visited by the data subject. This information is collected by YouTube and Google and assigned to the respective YouTube account of the data subject.
YouTube and Google will receive information through the YouTube component that the data subject has visited our website, if the data subject at the time of the call to our website is logged in on YouTube; this occurs regardless of whether the person clicks on a YouTube video or not. If such a transmission of this information to YouTube and Google is not desirable for the data subject, the delivery may be prevented if the data subject logs off from their own YouTube account before a call-up to our website is made.
YouTube’s data protection provisions, available at https://www.google.com/intl/en/policies/privacy/, provide information about the collection, processing and use of personal data by YouTube and Google.
Integration of third-party services and content
Within our online offering, based on our legitimate interests (i.e., interest in the analysis, optimization and economic operation of our online offering within the context of Art. 6 (1) (f) GDPR), we use content or service offerings of third parties to incorporate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”).
This always presupposes that the third-party providers of this content discern the IP address of users, since without the IP address they could not send the content to their browser. The IP address is therefore required for the display of this content. We make every effort to only use content whose respective providers only use the IP address for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. “Pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may include, but is not limited to, technical information about the browser and operating system, referring websites, visit time and other information about the use of our online offering, as well as being linked to such information from other sources.