Data privacy

The protection of your personal data is of particular concern to us. For this reason, too, we comply with the relevant legal regulations. This data protection declaration is intended to inform you what type of data is collected for what purpose and to what extent this data is made accessible to third parties.

The data protection information is divided into five parts:

A. General data protection information

B. Data protection information for users of this website

C. Data protection information for customers

D. Rights of data subjects

E. Data protection information for applicants

A. General data protection information

Name and address of the controller

itelio GmbH
represented by the managing directors: Dipl.-Inf. (FH) Peter Kurz, Tobias Kurz, Ingemar Mayr

Franz-Larcher-Straße 4
D - 83088 Kiefersfelden

Phone: +49 (0)8033 / 6978-0
Telefax: +49 (0)8033 / 6978-91
E-mail: info@itelio.com
Internet: www.itelio.com

Name and address of the data protection officer

If you have any questions about data protection or the processing of your personal data processed by us, you can contact our company data protection officer by e-mail at datenschutz@itelio.com or at the above address labelled "Data Protection Officer".

B. Data protection information when using our website

Processing of personal data

The processing of personal data is carried out in accordance with Art. 5 GDPR.

Personal data is processed on our websites

  • insofar as this is technically necessary
  • is used for the analysis, optimisation or economic operation of our websites,
  • this is necessary for the fulfilment of the contract or
  • to provide you, the customer, with product-specific information

Data security

We use technical and organisational security measures to protect your data managed by us against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Our security measures are continuously improved in line with technological developments.
Data transmissions are carried out using the SSL procedure (Secure Socket Layer).

Security notice
We make every effort to take all technical and organisational measures to store your personal data in such a way that it is not accessible to third parties. When communicating by e-mail, we cannot guarantee complete data security, so we recommend that you send confidential information by post.

Use of service providers

We use service providers (so-called processors) to provide services and process your data. The service providers process the data exclusively on our instructions and are obliged to comply with the applicable data protection regulations. All processors have been carefully selected and are only given access to your data to the extent and for the period required to provide the services.

External service providers are carefully selected by us and contractually bound in accordance with Art. 28 GDPR by means of an order processing agreement.

Processing of data in countries outside the European Economic Area EEA

Some of the service providers we use are based in the USA or other countries outside the European Economic Area. Companies in these countries are subject to data protection laws that do not generally protect personal data to the same extent as is the case in the member states of the European Union. We use contractual arrangements or other recognised instruments to ensure that your personal data is adequately protected.

Logging of the use of our websites

When you visit our website, you transmit data to a web server via your internet browser (for technical reasons). The following data is recorded during an ongoing connection for communication between your internet browser and our web servers

  • Browser type/version,
  • operating system used,
  • Referrer URL (the previously visited page) and
  • the time of the server request.

We require this data for reasons of technical security and for statistical analyses and we are generally unable to assign it to specific persons. This data is not merged with other data sources. This data is deleted after 14 days at the latest.

Cookies

Various services on our website use so-called "cookies". These are small text files that are stored on your computer and enable your use of the website to be analysed. They serve to make our website more user-friendly, effective and secure overall - for example, when it comes to speeding up navigation on our platform.

Cookies also enable us to measure the frequency of page views and general navigation, for example. Cookies are small text files that are stored on your computer system. We would like to point out that some of these cookies are transferred from our server to your computer system, most of which are so-called "session cookies". "Session cookies" are characterised by the fact that they are automatically deleted from your hard drive at the end of the browser session. Other cookies remain on your computer system and enable us to recognise your computer system on your next visit (so-called persistent cookies). Of course, you can reject cookies at any time if your browser allows this.

Cookies: Consent options

Of course, you can also use our website without cookies being used. You can generally deactivate the use of cookies at any time via the settings of your Internet browser or have the setting of cookies displayed and then decide on a case-by-case basis whether to accept cookies. Please note, however, that in this case you may not be able to use all the functions of our website to their full extent.

Instructions for deleting cookies in the most common browsers can be found here:

Social networks

We use various plugins from social networks on our websites.

Facebook is operated by Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"). An overview of the Facebook plugins and their appearance can be found here:
https://developers.facebook.com/docs/plugins?locale=en_US

Instagram is operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA ("Instagram"). An overview of the Instagram buttons and their appearance can be found here:
https://instagram.tumblr.com/post/36222022872/introducing-instagram-badges

LinkedIn is operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland ("LinkedIn").

XING is operated by Xing SE, Dammtorstraße 30, 20354 Hamburg, Germany ("Xing"). An overview of the Xing buttons and their appearance can be found here:
https://dev.xing.com/plugins/share_button

X (Twitter) is operated by X Inc, 1355 Market St, Suite 900, San Francisco, CA 94103, USA ("Twitter"). An overview of the Twitter buttons and their appearance can be found here:
https://about.twitter.com/en_us/company/brand-resources.html

These social plugins are operated exclusively by the respective providers. The social plugins on our website are labelled with the respective button belonging to the provider or service. If you visit one of our websites that contains such a social plugin, your browser connects to the servers of the respective service. This in turn transmits the content of the plugin to your browser, which integrates it into the page displayed. The respective information is thus transmitted to the respective service when you visit our website.

If you are logged in to one of the respective services via your personal user account at the same time as visiting our website, this service can assign the visit to the website to your account. Users can use social plugins to post or share links to websites in social networks. Through interactions, such as leaving a comment or clicking on the respective button, the respective information is transferred directly to the respective services and stored there.

If you do not want such data transfer and wish to prevent it, log out of your social networks or user accounts before visiting our websites. We have no influence on the collection and transfer of data by social plugins. For the purpose and scope of the data collection of the respective provider or service and the further use and processing of your data, please refer to the respective data protection information directly from the providers' websites. Please find out there what rights you have and how you can achieve a satisfactory data protection setting.

Data protection information on social plugins currently used on our websites:

Salesforce/ Pardot

We only store personal data of website visitors who have registered voluntarily/on their own initiative on our websites in order to receive information about products and services, to receive newsletters or to download documents. Some forms and websites are linked to Pardot. Pardot is a marketing automation software of the

salesforce.com Germany GmbH
Erika-Mann-Straße 31-37
80636 Munich
Munich, Germany

Personal data provided voluntarily will first be stored in Pardot and then processed with the Salesforce CRM system for the purpose of contacting you and/or sending you information.

We use Pardot as a marketing analysis service that enables us to maintain, measure and expand our website and marketing communication and to optimise website content. Data is processed in Salesforce/ Pardot on our behalf through the use of cookies.

Here you can find out how Salesforce processes your data when you visit websites: https://help.salesforce.com/articleView?id=pardot_basics_cookies.htm&type=5.

Microsoft

To create a user account for the purpose of authentication in our online portals, we use the "Microsoft Azure Active Directory B2C" service from Microsoft on the basis of Article 6(1)(f) GDPR.

Microsoft Ireland Operations Ltd
One Microsoft Place
South County Business Park
Leopardstown
Dublin 18
Ireland

To create a user account, the first name, surname and email address are transmitted. The password chosen by the user is stored there.
We use this service as a secure alternative to integrated password storage in the respective web applications and for centralised and universal login to all our websites. This prevents unauthorised persons from gaining access to protected parts of our online services.

Mollie

On our website in our webshop, we offer payment via the external payment service provider

Mollie B.V.
Keizersgracht 126
1015 CW Amsterdam
The Netherlands

to. The following payment methods are processed via Mollie: Mastercard, Visa, American Express, SEPA and PayPal. If you select the payment method, the payment data you enter will be transmitted to both Mollie and the payment provider you have selected. The transmission of your data to Mollie is based on Art. 6 para. 1 lit. b GDPR (processing for the fulfilment of a contract). Payment transactions are subject to the terms and conditions and data protection notices of the respective payment service providers, which are also available on the respective websites or transaction applications. We also refer to these for further information and the assertion of cancellation, information and other data subject rights. Details on payment via the payment service provider Mollie can be found at the following link https://www.mollie.com/en/privacy.

Zapier

To integrate different databases and tools for the automation of our workflows, we use Zapier, a service provided by

Zapier Inc.
548 Market St #62411
San Francisco
California 94104
USA

Customer data, with the exception of payment data, may be transmitted. Further information on data protection at Zapier can be found at https://zapier.com/privacy/.

Google Ads

In order to draw the attention of potential users and customers to our online offers, we use the online advertising programme "Google Ads" and, as part of Google Ads, conversion tracking, an analysis service provided by Google.

Google Inc. (Google)1600 Amphitheatre Parkway
Mountain View
CA 94043
USA

Google Ads places a cookie on your computer ("conversion cookie") if you have reached our website via a Google advert. These cookies lose their validity after 30 days and are not used for personal identification. If you visit certain pages of our website and the cookie has not yet expired, we and Google can recognise that someone has clicked on the ad and been redirected to our site. Each Google Ads customer receives a different cookie. Cookies can therefore not be tracked via the websites of Google Ads customers. The information collected using the conversion cookie is used to generate conversion statistics for Google Ads customers who have opted for conversion tracking.

Google Ads customers find out the total number of users who clicked on their advert and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.

If you do not wish to participate in the tracking process, you can refuse the setting of a cookie required for this - for example, by changing your browser settings to generally deactivate the automatic setting of cookies. You can also deactivate cookies for conversion tracking by setting your browser to block cookies from the domain "googleadservices.com".

You can find Google's privacy policy on conversion tracking at
https://services.google.com/sitestats/en.html

You can also prevent Google Ads from collecting data by clicking on the following link. An opt-out cookie will be set to prevent future collection of your data when you visit this website:
Disable Google Ads

Google Analytics

This website uses Google Analytics, a web analytics service provided by

Google Inc ("Google")
1600 Amphitheatre Parkway
Mountain View
CA 94043
USA

Google Analytics uses "cookies". The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there for 14 months. However, if IP anonymisation is activated on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area.

Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. Google will use this information on behalf of the operator of this website to analyse your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

We would like to point out that on this website Google Analytics has been extended by the code "gat._anonymizeIp();" to ensure anonymised collection of IP addresses (so-called IP masking). You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link:
tools.google.com/dlpage/gaoptout?hl=en.

You can also prevent Google Analytics from collecting data by clicking on the following link. An opt-out cookie will be set to prevent future collection of your data when you visit this website:
Disable Google Analytics

Google Optimise

Our websites also use Google Optimize. Google Optimize is a tool integrated into Google Analytics. Google Optimize analyses the use of different variants of our websites and helps us to improve the user-friendliness according to the behaviour of our users.

Google Tag Manager

Google Tag Manager is used on this website. The Google Tag Manager is a solution from

Google Inc ("Google")
1600 Amphitheatre Parkway
Mountain View
CA 94043
USA,

with which companies can manage website tags via an interface. Google Tag Manager is a cookie-less domain that does not collect any personal data. The Google Tag Manager triggers other tags, which in turn may collect data. We hereby point this out separately.
The Google Tag Manager does not access this data. If a deactivation has been made by the user at domain or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager.

Bing Ads

On our website, data is collected and stored using Bing Ads technologies, from which usage profiles are created using pseudonyms. This is a service of the

Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

This service enables us to track the activities of users on our website if they have reached our website via adverts from Bing Ads. If you reach our website via such an advert, a cookie is placed on your computer. A Bing UET tag is integrated on our website. This is a code that is used in conjunction with the cookie to store some non-personal data about the use of the website. This includes, among other things, the time spent on the website, which areas of the website were accessed and which ad the user used to access the website. Information about your identity is not recorded.

The information collected is transferred to Microsoft servers in the USA and stored there for a maximum of 180 days. You can prevent the collection of data generated by the cookie and related to your use of the website as well as the processing of this data by deactivating the setting of cookies. This may limit the functionality of the website under certain circumstances.

In addition, Microsoft may be able to track your usage behaviour across several of your electronic devices through so-called cross-device tracking and is therefore able to display personalised advertising on or in Microsoft websites and apps.

You can disable this behaviour at
https://choice.microsoft.com/en-us/opt-out to deactivate this behaviour.

You can find more information about Bing's analytics services on the Bing Ads website (https://help.bingads.microsoft.com/#apex/3/en/53056/2). You can find more information on data protection at Microsoft and Bing in Microsoft's privacy policy (https://privacy.microsoft.com/en-us/privacystatement).

Facebook Custom Audience

Facebook users should note that Facebook's Website Custom Audience communication tool is used on this website. For this purpose, so-called Facebook pixels are integrated on our websites, which mark you as a visitor to our website in anonymised form, i.e. without identifying you as a person.

If you are a Facebook user, this allows Facebook to associate your visit to our pages with your user account. Facebook can also subsequently recognise whether a Facebook ad has had an effect, e.g. whether it has led to a purchase. The Facebook pixel also enables us to display adverts to a defined audience on Facebook. We only receive statistical data from Facebook for this purpose without reference to a specific person. This is done for the purposes of advertising effectiveness, market research and the customised design of our website. Tracking using the pixel is carried out in a way that does not allow us to identify you as a person and only marks users as visitors to our website in a form that is anonymised for us. Facebook uses cookies for this purpose. Facebook stores and uses the data collected using the pixel. This also takes place, at least in part, outside the territorial scope of EU data protection regulations.

For more information on the purpose and scope of data collection and the further processing and use of data by Facebook, as well as your setting options for protecting your privacy, please refer to Facebook's privacy policy, which can be found at https://www.facebook.com/privacy/explanation.

Option to object: If you wish to object to the use of Facebook Website Custom Audiences, you can do so at https://www.facebook.com/ads/website_custom_audiences. You must be logged in to Facebook to do this.

Wistia

On the basis of Article 6(1)(f) GDPR, we use the software Wistia (https://wistia.com/) of the

Wistia Inc.
17 Tudor Street
Cambridge, MA 02139
USA

The software is used to embed videos in our website and to promote and measure the interaction behaviour of website visitors with the videos. Wistia collects the following categories of personal data on our behalf

  • anonymised IP address incl. provider;
  • Access time for viewed videos;
  • Details of their viewed video sections;
  • URL of the videos;
  • Type of end device (stationary, mobile), operating system and browser used

No cookies are used for this purpose.

All information on the transfer and use of data by Wistia can be found here: https://wistia.com/privacy.

Change to our privacy polic

We reserve the right to change our security and data protection measures at any time if this becomes necessary due to technical developments or legal changes. In these cases, we will also adapt our data protection information accordingly. Please therefore refer to the latest version of this privacy policy.

Matomo

We collect certain information so that we can offer you the best possible experience on our websites. For this purpose, we use the Matomo Web Analytics Platform of the company

InnoCraft Ltd.
7 Waterloo Quay PO625
6140 Wellington
New Zealand

When you visit our site, we store: Your anonymised IP address, the website from which you visited us, the parts of our websites you visit, the date and duration of your visit, information from the device you used during your visit (device type, operating system, screen resolution, language, country you are in and web browser type) and more. We process this usage data in the Matomo Web Analytics Platform for statistical purposes in order to improve our site and to recognise and prevent abuse.

Opt-out from the web analysis

You can opt out of being tracked by our Matomo web analytics at any time.

 

C. Data protection information for customers 

If you conclude a contract with us or in the case of pre-contractual measures, we process your data in order to conclude and fulfil the contract. Your data is processed on the basis of Art. 6 para. 1 sentence 1 lit. b) GDPR (fulfilment of contract) and Art. 6 para. 1 sentence 1 lit. c) GDPR (fulfilment of statutory retention requirements, § 257 HGB, § 147 AO). We process your data for as long as the contract exists and claims may still exist from the contract, which is usually three years after the conclusion of the contract in the case of a purchase contract and three years after the termination of a service contract, in each case starting on 31 December of a year. In addition, we store accounting documents for a period of 10 years and commercial and business letters for a period of 6 years to fulfil our statutory retention obligations. The storage period always begins at the end of the calendar year in which the commercial and business letter is received/sent or the accounting document is created.

The data will not be passed on to third parties with the exception of processors in accordance with Art. 28 GDPR with whom a contract for order processing exists. Data is not transferred to a third country. Automated decision-making does not take place either.

D. Data subject rights for users of this website and customers

If you have any questions about data protection, please contact our data protection officer, who you can reach by email at datenschutz@itelio.com or by post at our address labelled "Data Protection Officer".

In addition, you are also entitled to statutory data subject rights, which we list below. Please also contact our data protection officer in these cases.

You have the right to

  • to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of appeal, the origin of your data if it was not collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information on its details;
  • in accordance with Art. 16 GDPR, to immediately request the correction of incorrect or incomplete personal data stored by us;
  • to request the erasure of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
  • to demand the restriction of the processing of your personal data in accordance with Art. 18 GDPR, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need it for the assertion, exercise or defence of legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR;
  • in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request the transmission to another controller;
  • in accordance with Art. 7 para. 3 GDPR, you have the right to withdraw your consent to us at any time. As a result, we may no longer continue the data processing that was based on this consent in the future;
  • to object to the processing of your personal data in accordance with Art. 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation. You have the option to inform us of your objection informally by telephone, email, fax or to our address listed at the beginning of this privacy policy and

In accordance with Art. 77 GDPR, you also have the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our registered office; an overview of the supervisory authorities can be found here (https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html); the supervisory authority generally responsible for us is

Bavarian State Office for Data Protection Supervision
Promenade 27 (Castle)
91522 Ansbach
Telephone: 0981/53-1300
Fax: 0981/53-5300
E-Mail: poststelle@lda.bayern.de
Homepage: http://www.lda.bayern.de

E. Data protection information for applicants

The information provided to us as part of your application will, of course, be treated confidentially and used exclusively for the purpose of processing your application in compliance with data protection regulations.

  • Conducting the application process and
  • may be processed for the preparation and establishment of an employment relationship

Your data will be processed on the basis of Section 26 BDSG (data processing for the purpose of the employment relationship) on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR (legitimate interest). If no employment relationship is established, the data will be deleted after 6 months at the latest. We have a legitimate interest in being able to defend ourselves against liability claims under the General Equal Treatment Act (AGG) and therefore continue to store the application documents for this period even after your application has been rejected.

Within our company, only those persons involved in the application and selection process will have access to your data. Your data will not be passed on to third parties. Automated decision-making does not take place.

Status: December 2023

Remote support