Data privacy

The protection of your personal data is of particular concern to us. For this reason, too, we comply with the relevant legal regulations. This data protection declaration is intended to inform you what type of data is collected for what purpose and to what extent this data is made accessible to third parties.

The data protection information is divided into five parts:

A. General Data protection information

B. Data protection information for users of this website

C. Data protection information for customers

D. Rights of data subjects

E. Data protection information for applicants

A. General data protection information

Name and address of the controller

itelio GmbH
represented by the managing directors: Dipl.-Inf. (FH) Peter Kurz, Tobias Kurz, Ingemar Mayr

Franz-Larcher-Straße 4
D – 83088 Kiefersfelden

Phone: +49 (0)8033 / 6978–0
Telefax: +49 (0)8033 / 6978–91
E-mail: info@itelio.com
Internet: www.itelio.com

Data Protection Officer

If you have any questions about data protection or the processing of your personal data processed by us, you can contact our company data protection officer by e-mail at datenschutz@itelio.com or at the above address labelled "Data Protection Officer".

B. Data protection information when using our website.

Processing of personal data

The processing of personal data is carried out in accordance with Art. 5 GDPR.

Personal data is processed on our websites

  • insofar as this is technically necessary
  • is used for the analysis, optimisation or economic operation of our websites,
  • this is necessary for the fulfilment of the contract or
  • to provide you, the customer, with product-specific information

Data security

We use technical and organisational security measures to protect your data managed by us against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Our security measures are continuously improved in line with technological developments.
Data transmissions are carried out using the SSL procedure (Secure Socket Layer).

Security notice
We make every effort to take all technical and organisational measures to store your personal data in such a way that it is not accessible to third parties. When communicating by e-mail, we cannot guarantee complete data security, so we recommend that you send confidential information by post.

Use of service providers

We use service providers (so-called processors) to provide services and process your data. The service providers process the data exclusively on our instructions and are obliged to comply with the applicable data protection regulations. All processors have been carefully selected and are only given access to your data to the extent and for the period required to provide the services.

External service providers are carefully selected by us and contractually bound in accordance with Art. 28 GDPR by means of an order processing agreement.

Processing of data in countries outside the European Economic Area EEA

Some of the service providers we use are based in the USA or other countries outside the European Economic Area. Companies in these countries are subject to data protection laws that do not generally protect personal data to the same extent as is the case in the member states of the European Union. We use contractual arrangements or other recognised instruments to ensure that your personal data is adequately protected.

Logging of the use of our websites

When you visit our website, you transmit data to a web server via your internet browser (for technical reasons). The following data is recorded during an ongoing connection for communication between your internet browser and our web servers

  • Browser type/version,
  • operating system used,
  • Referrer URL (the previously visited page) and
  • the time of the server request.

We require this data for reasons of technical security and for statistical analyses and we are generally unable to assign it to specific persons. This data is not merged with other data sources. This data is deleted after 14 days at the latest.

Cookies

Various services on our website use so-called "cookies". These are small text files that are stored on your computer and enable your use of the website to be analysed. They serve to make our website more user-friendly, effective and secure overall - for example, when it comes to speeding up navigation on our platform.

Cookies also enable us to measure the frequency of page views and general navigation, for example. Cookies are small text files that are stored on your computer system. We would like to point out that some of these cookies are transferred from our server to your computer system, most of which are so-called "session cookies". "Session cookies" are characterised by the fact that they are automatically deleted from your hard drive at the end of the browser session. Other cookies remain on your computer system and enable us to recognise your computer system on your next visit (so-called persistent cookies). Of course, you can reject cookies at any time if your browser allows this.

Of course, you can also use our website without cookies being used. You can generally deactivate the use of cookies at any time via the settings of your Internet browser or have the setting of cookies displayed and then decide on a case-by-case basis whether to accept cookies. Please note, however, that in this case you may not be able to use all the functions of our website to their full extent.

Instructions for deleting cookies in the most common browsers can be found here:

Social networks

We use various plugins from social networks on our websites.

Facebook is operated by Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"). An overview of the Facebook plugins and their appearance can be found here:
https://developers.facebook.com/docs/plugins?locale=en_US

Instagram is operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA ("Instagram"). An overview of the Instagram buttons and their appearance can be found here:
https://instagram.tumblr.com/post/36222022872/introducing-instagram-badges

LinkedIn is operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland ("LinkedIn").

XING is operated by Xing SE, Dammtorstraße 30, 20354 Hamburg, Germany ("Xing"). An overview of the Xing buttons and their appearance can be found here:
https://dev.xing.com/plugins/share_button

X (Twitter) is operated by X Inc, 1355 Market St, Suite 900, San Francisco, CA 94103, USA ("Twitter"). An overview of the Twitter buttons and their appearance can be found here:
https://about.twitter.com/en_us/company/brand-resources.html

Cookies also enable us to measure, for example, the frequency of page views and general navigation. Cookies are small text files that are stored on your computer system. Please note that some of these cookies are transferred from our server to your computer system, which are usually so-called “session cookies.” “Session cookies” are characterized by the fact that they are automatically deleted from your hard drive at the end of the browser session. Other cookies remain on your computer system and enable us to recognize your computer system the next time you visit (so-called persistent cookies). Of course, you can reject cookies at any time, provided that your browser allows this.

These social plugins are operated exclusively by the respective providers. The social plugins on our website are labelled with the respective button belonging to the provider or service. If you visit one of our websites that contains such a social plugin, your browser connects to the servers of the respective service. This in turn transmits the content of the plugin to your browser, which integrates it into the page displayed. The respective information is thus transmitted to the respective service when you visit our website.

If you are logged in to one of the respective services via your personal user account at the same time as visiting our website, this service can assign the visit to the website to your account. Users can use social plugins to post or share links to websites in social networks. Through interactions, such as leaving a comment or clicking on the respective button, the respective information is transferred directly to the respective services and stored there.

If you do not want such data transfer and wish to prevent it, log out of your social networks or user accounts before visiting our websites. We have no influence on the collection and transfer of data by social plugins. For the purpose and scope of the data collection of the respective provider or service and the further use and processing of your data, please refer to the respective data protection information directly from the providers' websites. Please find out there what rights you have and how you can achieve a satisfactory data protection setting.

Data protection information on social plugins currently used on our websites:

Bing Ads

On our website, data is collected and stored using Bing Ads technologies, from which usage profiles are created using pseudonyms. This is a service of the

Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

This service enables us to track the activities of users on our website if they have reached our website via adverts from Bing Ads. If you reach our website via such an advert, a cookie is placed on your computer. A Bing UET tag is integrated on our website. This is a code that is used in conjunction with the cookie to store some non-personal data about the use of the website. This includes, among other things, the time spent on the website, which areas of the website were accessed and which ad the user used to access the website. Information about your identity is not recorded. Data transfer to the USA is based on the EU-US Data Privacy Framework.

The information collected is transferred to Microsoft servers in the USA and stored there for a maximum of 180 days. You can prevent the collection of data generated by the cookie and related to your use of the website as well as the processing of this data by deactivating the setting of cookies. This may limit the functionality of the website under certain circumstances.

In addition, Microsoft may be able to track your usage behaviour across several of your electronic devices through so-called cross-device tracking and is therefore able to display personalised advertising on or in Microsoft websites and apps.

You can disable this behaviour at https://choice.microsoft.com/en-us/opt-out to deactivate this behaviour.

You can find more information about Bing's analytics services on the Bing Ads website (https://help.bingads.microsoft.com/#apex/3/en/53056/2). You can find more information on data protection at Microsoft and Bing in Microsoft's privacy policy (https://privacy.microsoft.com/en-us/privacystatement).

Facebook Custom Audience

Facebook users should note that Facebook's Website Custom Audience communication tool is used on this website. For this purpose, so-called Facebook pixels are integrated on our websites, which mark you as a visitor to our website in anonymised form, i.e. without identifying you as a person.

If you are a Facebook user, this allows Facebook to associate your visit to our pages with your user account. Facebook can also subsequently recognise whether a Facebook ad has had an effect, e.g. whether it has led to a purchase. The Facebook pixel also enables us to display adverts to a defined audience on Facebook. We only receive statistical data from Facebook for this purpose without reference to a specific person. This is done for the purposes of advertising effectiveness, market research and the customised design of our website. Tracking using the pixel is carried out in a way that does not allow us to identify you as a person and only marks users as visitors to our website in a form that is anonymised for us. Facebook uses cookies for this purpose. Facebook stores and uses the data collected using the pixel. This also takes place, at least in part, outside the territorial scope of EU data protection regulations.

Data transfer to the USA is based on the EU-US Data Privacy Framework. For more information on the purpose and scope of data collection and the further processing and use of data by Facebook, as well as your setting options for protecting your privacy, please refer to Facebook's privacy policy, which can be found at https://www.facebook.com/privacy/explanation.

Option to object: If you wish to object to the use of Facebook Website Custom Audiences, you can do so at https://www.facebook.com/ads/website_custom_audiences. You must be logged in to Facebook to do this.

Google Ads

In order to draw the attention of potential users and customers to our online offers, we use the online advertising programme "Google Ads" and, as part of Google Ads, conversion tracking, an analysis service provided by Google.

Google Inc. (Google)1600 Amphitheatre Parkway
Mountain View
CA 94043
USA

Google Ads places a cookie on your computer ("conversion cookie") if you have reached our website via a Google advert. These cookies lose their validity after 30 days and are not used for personal identification. If you visit certain pages of our website and the cookie has not yet expired, we and Google can recognise that someone has clicked on the ad and been redirected to our site. Each Google Ads customer receives a different cookie. Cookies can therefore not be tracked via the websites of Google Ads customers. The information collected using the conversion cookie is used to generate conversion statistics for Google Ads customers who have opted for conversion tracking.

Google Ads customers find out the total number of users who clicked on their advert and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users. Data transfer to the USA is based on the EU-US Data Privacy Framework.

If you do not wish to participate in the tracking process, you can refuse the setting of a cookie required for this - for example, by changing your browser settings to generally deactivate the automatic setting of cookies. You can also deactivate cookies for conversion tracking by setting your browser to block cookies from the domain "googleadservices.com".

You can find Google's privacy policy on conversion tracking at
https://services.google.com/sitestats/en.html

You can also prevent Google Ads from collecting data by clicking on the following link. An opt-out cookie will be set to prevent future collection of your data when you click this link:

Google Analytics

This website uses Google Analytics, a web analytics service provided by

Google Inc ("Google")
1600 Amphitheatre Parkway
Mountain View
CA 94043
USA

Google Analytics uses "cookies". The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there for 14 months. Data transfer to the USA is based on the EU-US Data Privacy Framework. However, if IP anonymisation is activated on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area.

Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. Google will use this information on behalf of the operator of this website to analyse your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

We would like to point out that on this website Google Analytics has been extended by the code "gat._anonymizeIp();" to ensure anonymised collection of IP addresses (so-called IP masking). You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link:
tools.google.com/dlpage/gaoptout?hl=en.

You can also prevent Google Analytics from collecting data by clicking on the following link. An opt-out cookie will be set to prevent future collection of your data when you click this link:

Google Tag Manager

Google Tag Manager is used on this website. The Google Tag Manager is a solution from

Google Inc ("Google")
1600 Amphitheatre Parkway
Mountain View
CA 94043
USA

with which companies can manage website tags via an interface. Google Tag Manager is a cookie-less domain that does not collect any personal data. The Google Tag Manager triggers other tags, which in turn may collect data. We hereby point this out separately.
The Google Tag Manager does not access this data. If a deactivation has been made by the user at domain or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager.

Jotform

For the provision of forms on our websites, we use a service from

Jotform Ltd.
25 Cabot Square
E14 4QZ London
United Kingdom

Jotform enables us to create online forms to collect registrations, applications and general enquiries on our websites. inquiries on our websites. The entries you make are processed on Jotform's servers. Jotform only stores the data on servers in Europe (Germany).
Jotform is used for the performance of our tasks (Art. 6 para. 1 lit. e GDPR) or on the basis of our legitimate interest in the optimal digital processing of your request (Art. 6 para. 1 lit. f GDPR). In connection with a contractual relationship, we process on the basis of Art. 6 para. 1 lit. b GDPR.

Further information on data protection at Jotforms can be found here: www.jotform.com/gdpr-compliance/dpa/

Matomo

We collect certain information so that we can offer you the best possible experience on our websites. For this purpose, we use the Matomo Web Analytics Platform of the company

InnoCraft Ltd.
7 Waterloo Quay PO625
6140 Wellington
New Zealand

When you visit our site, we store: Your anonymised IP address, the website from which you visited us, the parts of our websites you visit, the date and duration of your visit, information from the device you used during your visit (device type, operating system, screen resolution, language, country you are in and web browser type) and more. We process this usage data in the Matomo Web Analytics Platform for statistical purposes in order to improve our site and to recognise and prevent abuse.

Opt-out from the web analysis

You can opt out of being tracked by our Matomo web analytics at any time.

You may choose to prevent this website from aggregating and analyzing the actions you take here. Doing so will protect your privacy, but will also prevent the owner from learning from your actions and creating a better experience for you and other users.

Microsoft

To create a user account for the purpose of authentication in our online portals, we use the "Microsoft Azure Active Directory B2C" service from Microsoft on the basis of Article 6(1)(f) GDPR.

Microsoft Ireland Operations Ltd
One Microsoft Place
South County Business Park
Leopardstown
Dublin 18
Ireland

To create a user account, the first name, surname and email address are transmitted. The password chosen by the user is stored there.
We use this service as a secure alternative to integrated password storage in the respective web applications and for centralised and universal login to all our websites. This prevents unauthorised persons from gaining access to protected parts of our online services.

Data transfer to the USA is based on the EU-US Data Privacy Framework.

Mollie

On our website in our webshop, we offer payment via the external payment service provider

Mollie B.V.
Keizersgracht 126
1015 CW Amsterdam
The Netherlands

to. The following payment methods are processed via Mollie: Mastercard, Visa, American Express, SEPA and PayPal. If you select the payment method, the payment data you enter will be transmitted to both Mollie and the payment provider you have selected. The transmission of your data to Mollie is based on Art. 6 para. 1 lit. b GDPR (processing for the fulfilment of a contract). Payment transactions are subject to the terms and conditions and data protection notices of the respective payment service providers, which are also available on the respective websites or transaction applications. We also refer to these for further information and the assertion of cancellation, information and other data subject rights. Details on payment via the payment service provider Mollie can be found at the following link https://www.mollie.com/en/privacy.

Salesforce/ Pardot

We only store personal data of website visitors who have registered voluntarily/on their own initiative on our websites in order to receive information about products and services, to receive newsletters or to download documents. Some forms and websites are linked to Pardot. Pardot is a marketing automation software of the

salesforce.com Germany GmbH
Erika-Mann-Straße 31-37
80636 Munich
Munich, Germany

Personal data provided voluntarily will first be stored in Pardot and then processed with the Salesforce CRM system for the purpose of contacting you and/or sending you information.

We use Pardot as a marketing analysis service that enables us to maintain, measure and expand our website and marketing communication and to optimise website content. Data is processed in Salesforce/ Pardot on our behalf through the use of cookies.

Here you can find out how Salesforce processes your data when you visit websites: https://help.salesforce.com/articleView?id=pardot_basics_cookies.htm&type=5.

Visual Website Optimizer

On our websites we use the web analysis tool Visual Website Optimizer from

Wingify Software Pvt Ltd.
1104, 11th Floor, KLJ Tower B-5
Netaji Subhash Place, Pitampura
Delhi-110034
India

We use this web analysis tool for so-called A/B and multivariate tests and its sole purpose is to improve the usability and design of our websites. We carry out analyses to evaluate your use of the websites and to compile reports on website activity. Visual Website Optimizer analyzes, for example, how long a user has spent on different versions of our websites and which areas of the respective version were clicked on. These purposes pursued by us constitute the legitimate interest on the basis of Art. 6 para. 1 lit. f GDPR.

Visual Website Optimizer uses cookies. The information generated by cookies about your use of our websites is transmitted to a server of the provider and stored there. As we have activated IP anonymization, your IP address will be truncated by Visual Website Optimizer within a member state of the European Union or in other states party to the Agreement on the European Economic Area. You can deactivate Visual Website Optimizer tracking at any time and thus prevent the collection of data generated by cookies and related to your use of the website - including your IP address - to Visual Website Optimizer and the processing of this data. You can find information on this in the instructions at https://vwo.com/opt-out.

Wistia

On the basis of Article 6(1)(f) GDPR, we use the software Wistia (https://wistia.com/) of the

Wistia Inc.
17 Tudor Street
Cambridge, MA 02139
USA

The software is used to embed videos in our website and to promote and measure the interaction behaviour of website visitors with the videos. Wistia collects the following categories of personal data on our behalf

  • anonymised IP address incl. provider;
  • Access time for viewed videos;
  • Details of their viewed video sections;
  • URL of the videos;
  • Type of end device (stationary, mobile), operating system and browser used

Cookies are not used for this purpose.

Data transfer to the USA is based on the EU-US Data Privacy Framework. You can find all information on the transfer and use of data by Wistia here: https://wistia.com/privacy.

Zapier

To integrate different databases and tools for the automation of our workflows, we use Zapier, a service provided by

Zapier Inc.
548 Market St #62411
San Francisco
California 94104
USA

Customer data, with the exception of payment data, may be transmitted.

Zapier is used on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in integrating the tools used as effectively as possible.

Data transfer to the USA is based on the EU-US Data Privacy Framework. Further information on data protection at Zapier can be found at https://zapier.com/privacy/.

Amendment to our privacy policy

We reserve the right to change our security and data protection measures at any time, insofar as this is necessary due to technical developments or legal changes. In these cases, we will also adapt our privacy policy accordingly. Please therefore note the latest version of this privacy policy.

C. Customer privacy information.

If you conclude a contract with us or in the case of pre-contractual measures, we process your data to conclude and execute the contract. Your data is processed on the basis of Art. 6 (1) (b) GDPR (contract fulfilment) and Art. 6 (1) (c) GDPR (compliance with legal storage requirements, § 257 HGB, § 147 AO). We process your data as long as the contract exists and there may still be claims arising from the contract, which is usually three years after the conclusion of the contract in the case of a purchase contract and three years after the termination of a service contract, in each case beginning on 31.12. of a year. In addition, we store accounting documents for a period of 10 years and commercial and business letters for a period of 6 years to fulfill our legal storage obligations. The storage period always begins at the end of the calendar year of receipt/dispatch of the commercial and business letter or the creation of the accounting document.

The data will not be passed on to third parties, with the exception of contract processors in accordance with Article 28 GDPR, with whom there is a contract for order processing. There is no transfer of data to a third country. Automated decision-making also does not take place.

D. Data subject rights for users of this website and customers.

If you have any questions regarding data protection, please contact our data protection officer, whom you can contact by e-mail at datenschutz@itelio.com or can also be reached by post at our address marked “Data Protection Officer”.

In addition, you are also entitled to legal data subject rights, which we list below. In these cases, too, please contact our data protection officer.

You have the right to:

  • to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of appeal, the origin of your data if it was not collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information on its details;
  • in accordance with Art. 16 GDPR, to immediately request the correction of incorrect or incomplete personal data stored by us;
  • to request the erasure of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
  • to demand the restriction of the processing of your personal data in accordance with Art. 18 GDPR, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need it for the assertion, exercise or defence of legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR;
  • in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request the transmission to another controller;
  • in accordance with Art. 7 para. 3 GDPR, you have the right to withdraw your consent to us at any time. As a result, we may no longer continue the data processing that was based on this consent in the future;
  • to object to the processing of your personal data in accordance with Art. 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation. You have the option to inform us of your objection informally by telephone, email, fax or to our address listed at the beginning of this privacy policy and

In accordance with Article 77 GDPR, you also have the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or place of work or our headquarters; an overview of the supervisory authorities can be found here (https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html); the supervisory authority responsible for us is usually

Bavarian State Office for Data Protection Supervision
Promenade 27 (castle)
91522 Ansbach
Telephone: 0981/53-1300
Fax: 0981/53-5300
email: poststelle@lda.bayern.de
Home page: http://www.lda.bayern.de

E. Data protection information for applicants.

The information provided to us as part of your application will of course be kept confidential and, in compliance with data protection regulations, exclusively for

  • Conducting the application process and
  • may be processed for the preparation and establishment of an employment relationship

Your data is processed on the basis of Section 26 BDSG (data processing for employment purposes) on the basis of Article 6 (1) (f) GDPR (legitimate interest). If there is no employment relationship, the data will be deleted after 6 months at the latest. We have a legitimate interest in being able to defend ourselves against liability claims under the General Equal Treatment Act (AGG) and therefore store the application documents for this period of time even after your application has been rejected.

Within our company, only the people involved in the application and selection process have access to your data. Your data will not be passed on to third parties. Automated decision-making does not take place.

Status: April 2024