Privacy Declaration

Information on the processing of personal data (data protection information)

Welcome to the data protection area of IFS Management GmbH. Thank you for your interest in our company. We would like to use this data protection notice to inform you in detail about when we collect which data and how it is processed.

Person responsible

The controller pursuant to Art. 4 (7) of the EU General Data Protection Regulation (GDPR) is

IFS Management GmbH

Stephan Tromp

Am Weidendamm 1A, 10117 Berlin

Phone: +49 (0)30 72 61 053-15

E-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

Data Protection Officer

You can reach our data protection officer at

Company for personnel services mbH

Pestalozzistrasse 27

34119 Kassel

Phone: +49 561 78968-80

E-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

General information on the collection of personal data

With the following information, we inform you transparently about the type and scope of the processing of personal data,

that are collected during your visit to our website,
the use of our online services,
External online presences on social media platforms
in the context of application procedures
as part of a membership
and in business relationships with customers and service providers
be collected.

The legal basis for our data protection is formed in particular by the provisions of the General Data Protection Regulation (GDPR) and the supplementary provisions of the Federal Data Protection Act (BDSG) and the Telecommunications and Telemedia Data Protection Act (TDDDG).

Purpose / legal basis of the processing

In cases where we obtain your consent for the processing of personal data, Art. 6 para. 1 lit. a GDPR serves as the legal basis.

When processing personal data that is necessary for the fulfilment of a contract concluded between the two parties, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.

In the event that the processing of personal data is necessary to fulfil a legal obligation to which we are subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR is the legal basis.

In the event that the processing of personal data is necessary to safeguard a legitimate interest of our company or a third party and your interests, fundamental rights and freedoms do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR is the legal basis for the processing.

If cookies or similar technologies are set during data processing, they are stored or information is accessed on a user's end device (e.g. device fingerprinting) in accordance with Section 25 (1) TDDDG in conjunction with Art. 6 (1) (a) GDPR.

If the use of cookies is absolutely necessary, this is done on the basis of Section 25 (2) sentence 2 TDDDG.

Disclosure of personal data

If we transfer your personal data to other parties as part of our processing or disclose it to them, this is done exclusively on one of the aforementioned legal bases. The recipients of this data may include, for example, payment service providers in the context of contract fulfilment. In cases where we are obliged to do so by law or by court order, we must transfer your data to bodies authorised to receive such information.

If external service providers support us in the processing of your data (e.g. data analysis, newsletter dispatch), this is done within the framework of order processing in accordance with Art. 28 GDPR. We only conclude corresponding contracts with service providers that offer sufficient guarantees that suitable technical and organisational measures ensure the protection of your data.

Data transfer to third countries

Data is only transferred to third countries (outside the European Union or the European Economic Area) if this is in accordance with legal requirements. Subject to express consent or contractually or legally required transfer, we only process or have the data processed in third countries with a recognised level of data protection or in accordance with Art. 44 et seq. GDPR on the basis of special guarantees, e.g. contractual obligation through so-called standard protection clauses of the EU Commission (information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).

Storage of the data

As soon as the respective purpose for storage no longer applies, we will delete or block your personal data. Furthermore, your personal data will only be stored if special statutory retention periods (in particular retention obligations under commercial and tax law) at national or European level prevent deletion.

Definitions

Our data protection information is based on the terms used and defined in the GDPR. To ensure that our data protection provisions are easy to read and understand, we would like to explain the most important terms in advance.

Personal data

"Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing

"Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or another form of provision, alignment or combination, restriction, erasure or destruction.

Responsible person

"Responsible person" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Pseudonymisation

"Pseudonymisation" means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

Processor

"Processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Recipient

"Recipient" means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular enquiry in accordance with Union or Member State law shall not be regarded as recipients.

Third party

"Third party" means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

Consent

"Consent" means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Profiling

"Profiling" means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

Rights of data subjects

The processing of personal data results in rights for you as the natural person concerned, which you can exercise against us at any time. These are

Right to revoke a declaration of consent under data protection law pursuant to Art. 7 para. 3 GDPR
Right to information about your personal data stored by us in accordance with Art. 15 GDPR
Right to rectification of inaccurate or completion of incomplete data pursuant to Art. 16 GDPR
Right to erasure of your data stored by us in accordance with Art. 17 GDPR
Right to restrict the processing of your data in accordance with Art. 18 GDPR
Right to data portability pursuant to Art. 20 GDPR
Right to object pursuant to Art. 21 GDPR
Automated decisions in individual cases including profiling in accordance with Art. 22 GDPR.

Right to information

You have the right to obtain from us the confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, which personal data is being processed, and to obtain copies of your personal data from us. Please note that your right to information may be restricted under certain circumstances in accordance with the statutory provisions.

Right to rectification

If the information concerning you is not (or is no longer) correct, you have the right to demand the immediate correction of incorrect personal data concerning you and, if necessary, the completion of incomplete personal data.

Right to cancellation

In accordance with the legal requirements, you have the right to demand that data concerning you be deleted immediately, e.g. if the data is no longer required for the purposes pursued and the legal storage and archiving regulations do not prevent deletion.

Right to restriction of processing

Within the framework of the provisions of Art. 18 GDPR, you have the right to demand a restriction on the processing of data concerning you, e.g. if you have objected to the processing, for the duration of the examination as to whether the objection can be upheld.

Right to data portability

You have the right to have data that you have provided to us handed over to you or to a third party in a commonly used, machine-readable format. If you request the direct transfer of the data to another controller, this will only take place if it is technically feasible.

Right to revoke a declaration of consent under data protection law

If the processing of your personal data is based on consent given to us, you have the right to withdraw this consent at any time. The revocation does not affect the legality of the processing carried out on the basis of the consent until the revocation.

Please address your cancellation informally to IFS Management GmbH, Am Weidendamm 1A, 10117 Berlin, Germany, This email address is being protected from spambots. You need JavaScript enabled to view it.. We would like to point out that your objection can also be made in other procedures or must be made for technical reasons. Further information on this can be found in the respective services described.

Right to object to processing

Under the conditions of Art. 21 para. 1 GDPR, you may object to data processing on the basis of Art. 6 para. 1 lit. e or f GDPR for reasons arising from your particular situation. This also applies to profiling based on these provisions. If you exercise your right to object, we will no longer process your personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

Please address your objection informally to IFS Management GmbH, Am Weidendamm 1A, 10117 Berlin, Germany, This email address is being protected from spambots. You need JavaScript enabled to view it.. We would like to point out that your objection can also be made in other procedures or must be made for technical reasons. Further information on this can be found in the respective services described.

Right to lodge a complaint with the data protection authority

In accordance with Art. 77 GDPR, you have the right to lodge a complaint with the supervisory authority if you believe that your personal data is being processed unlawfully. The address of the supervisory authority responsible for our company is

Berlin Commissioner for Data Protection and Freedom of Information

Postal address Alt-Moabit 59-61 10555 Berlin

Tel: 030/13 889-0
Fax: 030/215-5050
E-Mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

Homepage: http://www.datenschutz-berlin.de

Automated decision-making in individual cases including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you.

Use of online services

In the following, we will inform you when and in what context data is processed when you use our online services.

Collection of personal data when visiting our website

If you only use the website for information purposes, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. When you view our website, we collect the data listed below. This is technically necessary in order to display our website to you and to ensure the stability and security of the display. The legal basis for storing information in the form of cookies or in the server log file on your end device or accessing this information on your end device is Section 25 (2) No. 2 TDDDG. The associated data processing is based on Art. 6 para. 1 lit. f GDPR:

IP address
Date and time of the enquiry
Time zone difference to Greenwich Mean Time (GMT)
Content of the request (specific page)
Access status / HTTP status code
Amount of data transferred in each case
Website from which the request comes
Browser
Operating system and its interface

This data is temporarily stored in the log files of our system for a maximum of 30 days. Storage beyond this is possible, but in this case the IP addresses are partially deleted or anonymised so that it is no longer possible to identify the accessing client.

Use of cookies

In addition to the aforementioned data, cookies are stored on your end device (e.g. PC, laptop, smartphone) when you use our website. Cookies are small text files that are stored on your end device assigned to the browser you are using and through which certain information flows to the body that sets the cookie (here by us). Cookies cannot execute programmes or transfer malware to your end device. They serve to make the online offering more user-friendly and effective overall.

This website uses the following types of cookies, the scope and function of which are explained below:

Transient cookies

Transient cookies are automatically deleted when you close the browser. These include session cookies in particular. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This allows your computer to be recognised when you return to our website. The session cookies are deleted when you log out or close the browser.

Persistent cookies

Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete cookies at any time in your browser's security settings.

We use cookies on our website which are generated by us as the website operator and which are necessary for the full functionality and presentation of our website. The legal basis for storing information in the form of cookies on your end device or accessing this information on your end device is Section 25 (2) No. 2 TDDDG. We use these cookies out of legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR to secure our online offer.

In addition to the cookies set by us as the controller, we also use cookies that are offered by other providers. We process these cookies on the basis of your consent in accordance with Art. 6 Para. 1 lit. a and § 25 Para. 1 TDDDG (storage of cookies or access to information in an end device (e.g. via device fingerprinting). Further information on the use of and cooperation with external service providers can be found in the data protection information of the respective online services.

You can configure your browser settings according to your wishes and, for example, refuse to accept cookies from external providers or all cookies. However, we would like to point out that you may not be able to use all the functions of this website as a result. If you have agreed to the acceptance of cookies and would like to object to this for the future, you can delete the stored cookies in the settings of the browser you are using.

Cookie settings in web browsers

Web browsers can be set to notify you when cookies are set or to generally or partially reject or deactivate cookies. By deactivating and deleting all cookies, you can also revoke any consent you have previously given. If you deactivate or restrict cookies using your browser, various functions on our website may not be available to you. You can use your web browser to delete stored cookies at any time, even automatically.

You can use the following links to find out about these options for the most commonly used browsers:

Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-informationen-websites-auf-ihrem-computer

Google Chrome: https://support.google.com/chrome/bin/answer.py?hl=de&answer=95647

Apple Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac

Microsoft Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies

Microsoft Edge: https://support.microsoft.com/de-de/help/4027947/microsoft-edge-delete-cookies

Opera: https://help.opera.com/de/latest/web-preferences/

If no restrictions have been made to the cookie settings, cookies that enable and ensure the necessary technical functions remain on your end device until the browser is closed; other cookies may remain on your end device for longer.

SSL or TLS encryption

Our website uses TLS encryption (formerly SSL) for security reasons and to protect the transmission of confidential content. Orders or contact enquiries that you send to us are therefore sent using transport encryption. Depending on your browser type, you can recognise this either by the lock symbol and/or the https protocol in the address bar.

External hosting

We host our website externally. The personal data collected on this website is stored on the servers of the hoster(s). This may include all information relating to the users of our online offer that is collected in the course of use and communication, such as content data (e.g. entries in online forms); usage data (e.g. websites visited, access times); meta/communication data (e.g. device information, IP addresses).

We collect the aforementioned data in order to ensure the secure, fast and efficient provision of our online services. The legal basis for storing information in the form of cookies on your end device or accessing this information on your end device is Section 25 (2) No. 2 TDDDG. The associated processing of your data is carried out in accordance with Art. 6 para. 1 lit. f GDPR due to our legitimate interest in the correct presentation and functionality of our website.

We use the following hosting provider:

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://cloud.google.com/.

Further information on data protection can be found at https://www.google.com/policies/privacy.

Information from the third-party provider: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.

The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). Further information on this can be found at https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active

Information on the conclusion of EU standard contractual clauses can be found at https://privacy.google.com/businesses/controllerterms/mccs/.

Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the provider's privacy policy. There you will also find further information on your rights in this regard and setting options to protect your privacy: https://policies.google.com/privacy?hl=de&gl=de.

We have also concluded a contract for commissioned data processing (DPA). This contract regulates the scope, type and purpose of the access options of the above-mentioned provider(s) to the data. The access options are limited only to necessary accesses that are required to fulfil the hosting services and are in compliance with the GDPR.

Contact us

Contact form

When you contact us via a contact form, the data you provide (your email address, your name, your telephone number, your user group and the content of your message) will be stored by us in order to respond to your enquiry. The data entered in the contact form is processed on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR. If your contact enquiry is related to the fulfilment of a contract or the implementation of pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b GDPR. We delete the data arising in this context after storage is no longer necessary or restrict processing if there are statutory retention obligations. You can revoke this consent at any time. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.

Enquiry by e-mail, telephone, fax

When you contact us by e-mail, telephone or fax, the personal data you provide (your e-mail address, your name, your telephone number, the content of your message) will be stored by us in order to process your request. We will not pass on this data without your consent.

Data processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR if your enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, we process your data on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR and/or on the basis of our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in particular in the effective processing of your request.

The data you send to us via contact requests will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.

Online shop

We offer you an online shop for the purchase of our products. In this context, we process your personal data on the basis of Art. 6 para. 1 lit. b GDPR. Mandatory information required for the processing of contracts is marked separately, further information is voluntary. The data required for the conclusion, execution or termination of a contract include:

First name, surname, company if applicable

Billing and delivery address

E-mail address

Invoice and payment data

If we do not use your contact data for advertising purposes, we store the data collected for contract processing until the legal requirements expire. Retention periods under commercial and tax law oblige us to store the required information for a period of ten years (after conclusion of the contract).

Customer account / Registration

You can voluntarily create a customer account, through which we can save your data for future purchases. When you create an account, the data you provide will be stored on a revocable basis. At the same time, we store the IP address and the date and time of your registration. This data will not be passed on to third parties.

The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR if you have given your consent. If the registration serves the fulfilment of a contract to which you are a party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 para. 1 lit. b GDPR.

In addition to the data requested when placing an order, you must enter a password of your choice to set up a customer account. This is used together with your e-mail address to access your customer account. Please treat your personal access data confidentially and in particular do not make it accessible to unauthorised third parties.

Your data will only be used for as long as is necessary for the existing customer relationship. You can also view and change the data stored about you in your customer account at any time. You have the option of cancelling your user account at any time. In this case, your data will be deleted, unless we are obliged to retain it due to commercial and tax law requirements.

Payment systems / credit check / fraud prevention

You can choose between different payment methods in our online shop. For this purpose, the relevant payment-related data is collected in order to process your order and payment. Contract data and user data may also be stored. Your IP address and information about the device you are using are also stored by most payment providers.

Certain personal data (mandatory information), without which we cannot fulfil the contract, will be transmitted to our payment service providers for payment processing, depending on the selected payment method. For identity and credit checks, payment providers may transmit data to the relevant body. You can obtain more detailed information on this from the respective providers.

Mollie

Mollie is a payment service provider of the company Mollie B.V., Keizersgracht 313, 1016 EE Amsterdam, The Netherlands. Mollie enables the integration of various payment providers on our website. If you choose to pay with one of the payment options offered by Mollie (Paypal or credit card), the following personal data will be processed: Payment data (e.g. account or credit card number), IP address, browser, device type, first and last name if applicable, as well as address data and information about the product ordered). The processing is carried out to process the payment, the legal basis is (Art. 6 para. 1 b GDPR). Depending on the selected payment method, the data may be transmitted to the respective payment service provider (e.g. PayPal, credit card) to the extent necessary.

You can find more information about Mollie's privacy policy at https://www.mollie.com/de/privacy.

Credit card payment

When paying by credit card, your necessary data such as name, address and purchase details will be forwarded to the respective credit card company.

As is usual with credit card payments, the credit card details are checked and an authorisation is carried out by Mollie B.V..

Data processing for advertising purposes

We use the personal data provided by you in the context of a contract concluded with us for our own advertising purposes after obtaining your consent. We will inform you by [select advertising channel(s), e.g. letter post, e-mail, SMS, telephone, etc.] e-mail, mailings (detailed under Newsletter), letter post (in planning), about [create a final (!) list of purposes, e.g.: new products, services, events, discount campaigns, special sales, events, etc.]. Informing customers about new standards, programmes, tools, events/trade fairs and other information.

The legal basis for data collection is Art. 6 para. 1 lit. a GDPR. You can revoke this consent, to take effect in the future, at any time without giving reasons.

With your consent, you can subscribe to our newsletter, with which we inform you about current interesting offers. We regularly report on [product offers in our range, events/trade fairs, special sales promotions, tips on our product areas, offers from our cooperation partners]. Informing customers about new standards, programmes, tools, events/trade fairs and other information.

We use the so-called double opt-in procedure to subscribe to our newsletter. This means that after you have registered, we will send you an e-mail to the e-mail address you have provided in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within [24 hours], your information will be blocked and automatically deleted after one month. We also store the IP addresses you use and the times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.

The only mandatory information for sending the newsletter is your e-mail address. The provision of further, separately marked data is voluntary and is used to address you personally. After your confirmation, we will save your e-mail address for the purpose of sending you the newsletter. The legal basis is Art. 6 para. 1 lit. a GDPR (consent).

You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can declare your cancellation by clicking on the link provided in every newsletter email (unsubscribe) or by using this form on the website: https://www.ifs-certification.com/en/newsletter-unsubscribe.

We work with the following email marketing provider:

Inxmail GmbH, Wentzingerstr. 17, 79106 Freiburg/GERMANY, Phone: +49 761 296979-0

Data protection information: https://www.inxmail.de/de/datenschutz/

We would like to point out that we evaluate your user behaviour when sending the newsletter. For this analysis, the emails sent contain so-called web beacons or tracking pixels, which are single-pixel image files stored on our website. For the analyses, we link data and the web beacons with your email address and an individual ID. Links received in the newsletter also contain this ID. The legal basis for the storage of cookies or similar technologies (web beacons) on your end device or access to this information is Section 25 (1) TDDDG. The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR.

The data is collected exclusively in pseudonymised form, i.e. the IDs are not linked to your other personal data, and direct personal references are excluded.

Such tracking is also not possible if you have deactivated the display of images in your e-mail programme by default. In this case, the newsletter will not be displayed in full and you may not be able to use all the functions. If you display the images manually, the above-mentioned tracking will take place.

Competitions (website, newsletter, stationary, post)

From time to time, you have the opportunity to take part in competitions on our website or from our newsletter.

The purpose of the data processing is the realisation of the competition. Unless otherwise specified in the respective competition or unless you have given us further express consent, the personal data you provide to us as part of your participation in the competition will be used exclusively for the purpose of organising the competition (e.g. determining the winner, notifying the winner, sending the prize). Without providing this data, participation in our competition is not possible.

The legal basis for the data processing described is generally Art. 6 para. 1 lit. b GDPR. In the event that a declaration of consent is submitted as part of a competition, Art. 6 para. 1 lit. a GDPR is the legal basis for data processing based on consent. If you have given your consent in the context of a competition, you have the option of withdrawing this consent at any time with effect for the future.

We generally process the following data in a competition:

Surname, first name
address
E-mail address
Company

Data will only be passed on to third parties if this is necessary for the processing of the competition (e.g. notification of the winner, dispatch of the prize via a logistics company).

If other external service providers support us (e.g. to determine the prize or organise the competition...), this is done as part of order processing in accordance with Art. 28 GDPR.

After the end of the competition, the participants' personal data will be deleted after a maximum of 30 days, provided that there are no further statutory retention periods to the contrary.

Competitions on social media channels

The processing of personal data is necessary for participation in a competition on our social media channels.

In a competition on our social media channels, we generally process the following data:

Public profile information incl. user name
Comments submitted (text & image)
Reaction
Share
Follow

We request the following data from winners as part of the competitions:

Surname, first name
address
Company
E-mail address, if applicable

We will not pass on your personal data to unauthorised third parties without your express consent. Your data will only be passed on or transmitted if this is necessary for the fulfilment of the contract, e.g. for the purpose of prize delivery by a shipping service provider).

If other external service providers support us (e.g. to determine the prize or organise the competition...), this is done as part of order processing in accordance with Art. 28 GDPR.

After the end of the competition, the participants' personal data will be deleted after a maximum of 30 days, provided that there are no further statutory retention periods to the contrary.

Customer rating

Surveys via LinkedIn

For individual surveys, we use the LinkedIn platform (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland) to create and analyse online surveys. Participation is voluntary. The legal basis is your consent in accordance with Art. 6 para. 1 lit. a of the GDPR and § 25 para. 1 TDDDG.

LinkedIn collects information about the device and application you use to participate in the survey. This includes the IP address, the version of your operating system, the device type as well as information about the system and performance and the browser type and the information provided by the user in the surveys. If you participate in the survey via a mobile device, LinkedIn also collects the UUID of the device. LinkedIn also uses third-party tracking services, which in turn use cookies and page tags to collect usage data and user statistics. We have no influence on the scope of the data collected by LinkedIn.

Further information on the cookies used by LinkedIn, data protection and storage duration can be found at the following link https://www.linkedin.com/legal/privacy-policy.

As a survey participant, you can contact us at any time and request the deletion of your survey data, including personal data, if collected. It is not possible to correct individual answers after the survey has been sent.

Analysis tools

Matomo

Our website uses the open source software tool Matomo. Matomo uses "cookies", which make it possible to analyse website usage. For this purpose, the usage information recorded in the cookie (including your shortened IP address) is transmitted to our server (local host) and stored for usage analysis purposes. Matomo does not transmit any data to servers that are outside our control. Your IP address is immediately anonymised during this process so that you as a user are not identifiable to us. The information collected about your use of this website is not passed on to third parties. Our interest in and purpose of data processing lies in the optimisation of our website, the adaptation of content and the improvement of our offer.

The processing of users' personal data enables us to analyse the surfing behaviour of our website visitors. By analysing the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to continuously improve our website and its user-friendliness. These purposes also constitute our legitimate interest in processing the data in accordance with Art. 6 para. 1 lit. f GDPR. By anonymising the IP address, the interest of users in the protection of their personal data is adequately considered.

You can prevent the setting of (individual or all) cookies by selecting the appropriate settings in your browser. However, it is possible that not all functions of this website may be fully available to you.

If you do not agree to the processing and analysis of your usage data from your visit to our website, you can prevent this at any time by clicking below. An opt-out cookie will then be set via your browser, which means that Matomo will not collect any session data. Please note: If you delete your cookies, the opt-out cookie will also be deleted and must be set again by you.

You can find more information on the privacy settings of the Matomo software at the following link: https://matomo.org/docs/privacy/.

Embedded third-party content

Google Maps

We use the Google Maps service on this website. This allows us to show you interactive maps directly on the website and enables you to use the map function conveniently.

When you visit the website, Google receives the information that you have accessed the corresponding sub-page of our website. In the process, metadata is transmitted to the service provider, which may be personalised. Google also obtains your IP address. This occurs regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish your data to be associated with your Google profile, please log out before activating this function. The information collected by Google is also transmitted to Google servers (Google Inc.) in the USA. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or customising its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide customised advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you should preferably contact Google to exercise this right.

The function is only started and data transmitted to the service provider when the service is activated. The legal basis for the processing of your data is Art. 6 para. 1 lit. a GDPR (consent) and § 25 para. 1 TDDDG.

Information from the third-party provider: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.

Information on the conclusion of EU standard contractual clauses can be found at https://privacy.google.com/businesses/controllerterms/mccs/.

Link to Google Maps

We have included a link to Google Maps on our website so that you can better determine our location on a map. [By clicking on our "Directions" tab, you will be forwarded directly to the Google Maps website].

Please note that we have no influence on the content and data processing procedures of external third-party websites.

Information from the third-party provider: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.

Further information on the purpose and scope of data collection and its processing by Google can be found in the provider's privacy policy. There you will also find further information on your rights in this regard and setting options to protect your privacy: https://policies.google.com/privacy?hl=de&gl=de.

YouTube

We have integrated YouTube videos into our online offering, which are stored on https://www.youtube.com/ and can be played directly from our website. These are all integrated in "extended data protection mode", i.e. no data about you as a user is transferred to YouTube if you do not play the videos. According to YouTube, data is only transmitted when you play the videos. We have no influence on this data transfer.

When you visit the website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, metadata is transmitted to the service provider, which may be personal. This occurs regardless of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish your data to be associated with your YouTube profile, log out before activating the function. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or customising its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide customised advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you should preferably contact YouTube to exercise this right.

Information on the conclusion of EU standard contractual clauses can be found at https://privacy.google.com/businesses/controllerterms/mccs/.

Further information on data protection can be found on the following Google website: https://policies.google.com/privacy?hl=de.

Online video conferencing tools

Adobe Connect

We use the video meeting and web seminar programme Adobe Connect.

When using Adobe Connect, the following data is processed, depending on the information provided:

First name, surname
Telephone (optional)
E-mail address
Profile picture (optional)

During an online conference, your participant data can also be displayed to other participants.

Adobe Connect also processes technical data for evaluation and information about the online conference. This includes:

Title / Topic of the conference
Description (optional)
IP addresses of the participants
Device and hardware information
Browser information

In the event that online meetings are recorded with your consent, corresponding video or audio recordings will be created and processed, as well as recordings of the chat history if applicable. However, you can adjust and prevent the transmission of your audio and video recording at any time via the settings.

When dialling in, the incoming and outgoing call number, country code, start and end time are logged.

We have also concluded a contract with "Adobe" for order data processing (AV). This contract regulates the scope, type and purpose of the access options of the above-mentioned provider(s) to the data. The access options are limited only to necessary accesses that are required to fulfil the hosting services and in compliance with the GDPR. If participation has been booked with us on the basis of your own decision, this is necessary for the fulfilment of the contract for further training, based on the legal basis pursuant to Art. 6 para. 1 sentence 1 lit. b) GDPR.

Information from the third-party provider: Adobe Systems Software Ireland Limited, Ireland, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland; This email address is being protected from spambots. You need JavaScript enabled to view it..

You can find more information here: https://www.adobe.com/de/privacy/eudatatransfers.html.

Further information on data protection for Adobe services can be found here: https://www.adobe.com/de/privacy/policy.html.

Social media presences

Information on social media

We operate publicly accessible profiles in social networks to draw attention to our services and products. We would like to get in touch with you there as a visitor and user of these pages and our website.

User data may be processed outside the European Union. This may result in risks for you as a user and may make it more difficult to enforce your rights. When selecting the social media platforms we use, we ensure that the operators comply with EU data protection standards.

If you visit one of our social media sites (e.g. Facebook), we, IFS Management GmbH, Am Weidendamm 1A, 10117 Berlin, Germany, are jointly responsible with the operator of the respective social media platform for operating in accordance with the GDPR and other data protection regulations.

Data processing on social media platforms

We have no influence on the processing of personal data by the respective platform operator. For example, social networks such as Facebook use your data for market research and advertising purposes. Among other things, user behaviour can be analysed and a user profile created from the resulting interests of the user. The social media operators use cookies to store and further process this information. These are text files that are stored on the user's various end devices. If you have a profile on the respective social media platform and are logged in to it, the information is stored and analysed across all devices. This means that you may be shown interest-based advertising both while using and not using the social media site in question. The data processing may also affect individuals who are not registered as users of the social media platform in question. We can access statistical data of various categories via social media platforms. These statistics are generated and provided by the social media operator. As the operator of the fan page, we have no influence on the generation and presentation of this data. We use these summarised posts and activities on our fan page to make it more attractive to users. Due to the constant development of social media platforms, the availability and processing of data is always changing, so we refer to the platforms' privacy policies for further details. Legal basis

The operation of these fan pages, including the processing of users' personal data, is based on our legitimate interests in a contemporary and supportive information and interaction opportunity for and with our users and visitors in accordance with Art. 6 para. 1 lit. f. GDPR. Under certain circumstances, you may also have given a platform operator your consent to data processing, in which case Art. 6 para. 1 lit. a GDPR is the legal basis.

For a comprehensive description of the respective data processing and the opt-out options, please refer to the data protection declarations and information provided by the respective platform operator.

Storage duration

The data collected directly by us via the social media sites is deleted from our systems as soon as the purpose for its storage no longer applies, or you request for us to delete it or revoke your consent to its storage. Stored cookies remain on your end device until you delete them. Mandatory statutory provisions - in particular retention periods - remain unaffected.

We have no influence on the storage period of your data that is stored by social network providers for their own purposes. You can find more information on this directly from the operator of the social network (e.g. in their privacy policy, see below).

Assertion of rights

You can assert your rights (information, rectification, erasure, restriction of processing, data portability and complaint) both against us and against the operator of the respective portal (e.g. Facebook).

Despite joint responsibility, we would like to point out that we do not have complete access to your personal data. For this reason, you should contact the providers of the social media platforms directly if you wish to request information or assert your rights as a data subject. This is because only the providers have access to the user data and can take direct action and provide information. If you need help with this, please contact us: company, address, e-mail, fax if necessary.

Our social networks

LinkedIn:

https://www.linkedin.com/company/ifs-international-featured-standards

Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland

Option to object (opt-out): https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

https://x.com/ifs_standards

Provider: X Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA

Option to object (opt-out): https://x.com/personalization

YouTube:

https://www.youtube.com/channel/UCozPjvQ10x5VsA4fCAaK2Ew

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Option to object (opt-out): https://adssettings.google.com/authenticated

Data protection for applications

We offer you the opportunity to apply to us by e-mail or post. Below we inform you about the scope, purpose and use of your personal data collected as part of the application process.

Scope and purpose of data collection

To enable us to consider you in the application process for a specific position, you will need to submit standard and informative application documents in which you inform us about your s skills and qualifications.

The personal data provided by you and transmitted to us as part of your application usually includes: cover letter, CV with the usual personal details (first and last name, date of birth, address, telephone number, e-mail address, photo) as well as supporting documents and certificates.

As a matter of principle, we only use your application documents to decide on filling the position for which you have expressly applied. We process the personal data provided to us only insofar as this is necessary for the purpose of deciding whether to establish an employment relationship with us. The legal basis for this is Art. 6 para. 1 lit. b GDPR, Art. 88 GDPR i.V.m. § Section 26 para. 1 sentence 1 BDSG (new), insofar as it concerns information that we receive from you as part of the application process (name, contact details, date of birth, information on your professional qualifications and school education or information on further professional training). If you voluntarily provide us with further information, this will be processed on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR. In the course of the application process, further personal data may be collected from you personally and from generally accessible sources for this information purpose. Your personal data will only be passed on within our company to persons who are involved in processing your application.

Should we process personal data about you in order to defend ourselves against legal claims asserted by you against us arising from the application process, we refer to Art. 6 (1) point f GDPR as the legal basis for doing so. The legitimate interest is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).

Categories of recipients of personal data

Your personal data will only be transferred to third parties for the purposes listed below. We will only pass on your personal data received as part of the application process to third parties if:

you have given your express consent to this in accordance with Art. 6 para. 1 lit. a GDPR, § 26 BDSG (new),
the disclosure pursuant to Art. 6 para. 1 lit. f GDPR is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
in the event that there is a legal obligation for disclosure pursuant to Art. 6 para. 1 lit. c GDPR and
this is legally permissible and necessary for the establishment or execution of contractual relationships with you in accordance with Art. 6 para. 1 lit. b GDPR, § 26 para. 1 sentence 1 BDSG (new).

Furthermore, your data will be passed on to technical service providers on the basis of Art. 28 GDPR, who use your data exclusively on our behalf and under no circumstances for their own business purposes. These are IT service providers, hosting providers or providers of applicant management systems.

Your data will not be transferred to third countries outside the EU or the European Economic Area.

Data retention period

If we are unable to make you a job offer, you reject a job offer, withdraw your application, revoke your consent to data processing or request us to delete the data, the data you have submitted, including any remaining physical application documents, will be stored or retained for a maximum of 6 months after completion of the application process (retention period) in order to be able to trace the details of the application process in the event of discrepancies (Art. 6 para. 1 lit. f GDPR).

If an application procedure leads to employment, we will include your application documents in your personnel file on the basis of Art. 6 para. 1 lit. b GDPR, § 26 para. 1 BDSG-new, for the purpose of establishing the employment relationship and the personality profile described by you and your stated qualifications on which the recruitment is based.

Provision of the data

The provision of your personal data is not required by law in the initiation phase of an employment relationship. However, the provision of personal data is necessary for the conclusion of a contract of employment with us. This means that if you do not provide us with any personal data in an application, we cannot and will not enter into an employment relationship with you.

Automated decision making

There is no automated decision-making in individual cases within the meaning of Art. 22 GDPR. This means that we evaluate your application personally and the decision on your application is not based exclusively on automated processing.

Stationary business premises

Use of guest WLAN

We provide you with access to the Internet in our business premises in the form of WLAN access ("guest WLAN") for free use. Below we inform you about the personal data collected in this context.

Processing purposes and legal basis

The data processing is carried out for the purpose of the technical provision of a guest WLAN and to ensure smooth use by our guests. The processing is necessary for the fulfilment of a contract (provision of Internet access via the guest WLAN) pursuant to Art. 6 para. 1 lit. b GDPR.

Furthermore, we process your data to protect our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR. Our legitimate interests lie in ensuring the security of our information technology systems and in the defence against liability claims in the event of non-compliant use of the guest WLAN.

Data categories and data origin

When using our guest WLAN, the Mac address and the host name of your end device, [user name, log data on the type and scope of use of the guest WLAN...] are stored in this context. In addition, each device is assigned its own IP address.

The data is transmitted to us directly by our guests when they register for the guest WLAN.

Receiver

We do not pass on your personal data to third parties. Your data will only be passed on or transmitted if this is necessary for the execution of the contract, is based on a legal basis, is in our legitimate interest or is based on your prior consent.

If external service providers support us in processing your data (e.g. IT service providers), this is done as part of order processing in accordance with Art. 28 GDPR. We only conclude corresponding contracts with service providers that offer sufficient guarantees that suitable technical and organisational measures ensure the protection of your data.

Data transfer to a third country

We do not transfer data to third countries and do not intend to do so.

Duration of storage

The data will be deleted by us regularly, but at the latest after 30 days, unless longer storage of the personal data is required by law or is necessary for the assertion, exercise or defence of legal claims.

Provision of the data

The provision of personal data about the data subject is required for technical reasons in order to use the guest WiFi. Without this data, you will not be able to use our guest WiFi.

Business relationships

The following information shows you how we handle your data when you contact us, when contractual negotiations take place with us and/or contractual agreements exist with us.

Processing purposes and legal basis

Data processing is carried out for the purpose of contract fulfilment. The processing of your data is required in accordance with Art. 6 para. 1 lit. b GDPR for the initiation and fulfilment of contracts.

Furthermore, the processing of your personal data on the basis of Art. 6 para. 1 lit. f GDPR may be necessary to safeguard our legitimate interests. Our legitimate interests consist of avoiding economic disadvantages through credit checks, invitations to events, assertion of legal claims and avoidance of legal disadvantages (e.g. in the event of insolvency), defence against dangers and liability claims and avoidance of legal risks, e-mails, prevention of criminal offences.

Data category and data origin

We process the following categories of data:

Master and contact data: Title, name (first name and surname), department and function in the company, address, e-mail, telephone, fax, date of birth, purchase history, contract data, billing data.

The data from the aforementioned data categories was transmitted to us directly by our customers and interested parties.

Receiver

We do not pass on your personal data to third parties. Exceptions to this are our service partners, if this is necessary for the fulfilment of the contract.

Duration of storage

The data stored about you will be deleted after fulfilment of the contract, provided that there are no other statutory retention obligations to the contrary. Such obligations include commercial and financial data. This data will be deleted after ten years in accordance with legal regulations, unless longer retention periods are prescribed or required for legitimate reasons. If you revoke your consent to the use of your data, it will be deleted immediately, provided that the above reasons do not contradict this.

Right of objection

You have the right to object to the processing. You can object to the future use of your data at any time.

Provision of the data

The provision of personal data is contractually required or necessary for the conclusion of a contract. If the required personal data is not provided, this would mean that we would not be able to enter into a business relationship with you.