Data Protection Declaration
Commercial register, No.: Jena, HRB 501047
Management: Dr. Holm Fischäder, Dr. Thomas Rücker
Phone: +49 3677 7613500
Fax: +49 3677 7613509
Data protection officer
You can reach our contact person for data protection-related inquiries at:
Sprottauer Straße 4-8
Types of data processed
- Contact information (e.g. names, addresses, email, phone numbers)
- Content data (e.g. inquiries, project descriptions, technical concepts)
- Offer and contract data (e.g. object of offer, terms)
- Payment data (e.g. bank details, payment history)
- Communication data (e.g. device information, IP addresses)
Processing of special categories of data (Art. 9 para. 1 GDPR)
- No special categories of personal data are processed.
Categories of data subjects concerned by the processing operation
- Interested parties, suppliers, customers
- Employees of suppliers and customers
- Employees of IPOL GmbH, applicants
- Visitors and users of the website
In the following, we refer to the persons concerned collectively as "users".
Purpose of the processing
- Provision of contractual services and customer care
- Fulfilment of legal obligations in accordance with Art. 6 para. 1 lit. c GDPR
- Responding to contact requests and communication with users
- Provision of the online offer, its contents, and functions
- Marketing and advertising
1. Principles of processing of personal data
1.1. Lawfulness (Art. 5 para. 1 lit. a GDPR)
For processing to be lawful under Art. 6 GDPR, personal data must be processed with the consent of the data subject (Art. 6 para. 1 lit. a in conjunction with Art. 7 GDPR) or on another permissible legal basis. In the case of IPOL GmbH the lawfulness results from Art. 6 para. 1 lit. a, b and c GDPR.
1.2. Processing fairly (Art. 5 para. 1 lit. a)
Data processing at IPOL GmbH is always carried out in accordance with the principle of fairness.
1.3. Transparency (Art. 5 para. 1 lit. a)
The principle of transparency is an important part of the work of IPOL GmbH and is closely linked to that of fairness. It forms the basis for the existing duties of disclosure and information (Art. 13 to 15 GDPR). Transparency requires that personal data are easily accessible, understandable and written in clear, simple language.
1.4. Purpose limitation (Art. 5 para. 1 lit. b GDPR)
This is a core component of data protection law, which concerns both the collection, processing and duration of data storage. We commit ourselves to limiting the processing of your data, as long as they are not deleted because they are required for other and legally permissible purposes.
1.5. Data minimization (Art. 5 para. 1 lit. c GDPR)
Personal data must be adequate and relevant to the purpose and limited to what is necessary for the purposes of the processing (data minimization principle).
1.6. Accuracy (Art. 5 para. 1 lit. d GDPR)
Personal data must be factually correct and up to date. Data which is incorrect regarding the purposes of its processing shall be deleted immediately (Art. 17 para. 1 lit. a GDPR) or corrected (Art. 16 GDPR).
1.7. Storage limitation (Art. 5 para. 1 lit. e GDPR)
Based on the standardized storage limitation, IPOL GmbH stores personal data only in a form that allows the identification of the person only as long as it is necessary for the purposes of processing.
1.8. Integrity and confidentiality (Art. 5 para. 1 lit. f GDPR)
Personal data must be processed in such a way as to ensure adequate data security. This includes protection against unauthorized and unlawful processing and against accidental loss, accidental destruction, or damage of personal data. For this purpose, IPOL GmbH has taken suitable technical and organizational measures to ensure the confidential handling of your data, which are particularly specified in Art. 32 GDPR.
2. Applicable legal basis
In accordance with Art. 13 GDPR we inform you about the legal basis of our data processing. If the legal basis is not stated in the data protection declaration, the following applies: The legal basis for obtaining consent is Art. 6 Para. 1 lit. a and Art. 7 GDPR, the legal basis for processing for the purpose of fulfilling our services, as well as answering inquiries and fulfilling our legal obligations is Art. 6 Para. 1 lit. c GDPR, and the legal basis for processing for the purpose of safeguarding our legitimate interests is Art. 6 Para. 1 lit. f GDPR.
3. Security measures
3.1. In accordance with Art. 32 GDPR and taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the varying probability of occurrence and severity of the risk to the rights and freedoms of natural persons, we take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk. The measures include in particular the safeguarding of the confidentiality, integrity and availability of data by controlling the physical access to the data as well as the access, input, disclosure, safeguarding of availability and its separation. Furthermore, we have established procedures to ensure that the rights of data subjects are exercised, data is deleted, and we respond to any threats to the data. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and through data protection-friendly presettings (Art. 25 GDPR).
3.2. The security measures include in particular the encrypted transmission of data.
4. Cooperation with processors and third parties
4.1. If, in the course of our processing, we disclose data to other persons and companies (processors or third parties), transfer it to them or otherwise grant them access to the data, this is only done on the basis of a legal authorization, your consent, a legal obligation to do so or on the basis of our legitimate interests (e.g. when using agents etc.).
4.2. If we commission third parties to process data on the basis of a so-called "processing agreement", this is done on the basis of Art. 28 GDPR.
5. Transfer to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in the context of using the services of third parties or disclosure or transfer of data to third parties, this will only take place if it is based on your consent, on a legal obligation or on our legitimate interests. Subject to legal or contractual permissions, we will only process or transfer the data in a third country if the special requirements of Art. 44 ff. GDPR. This means that the processing is carried out, for example, on the basis of special guarantees, such as the officially recognized establishment of a level of data protection equivalent to that in the EU (e.g. for the USA through the "Privacy Shield" agreement) or in compliance with officially recognized special contractual obligations (so-called "standard contractual clauses").
6. Rights of the data subjects
6.1. You have the right to request confirmation as to whether or not data in question is being processed and to receive information about this data, as well as further information and a copy of the data in accordance with Art. 15 GDPR.
6.2. In accordance with Art. 16 GDPR, you have the right to request the completion of data concerning you or the rectification of incorrect data concerning you.
6.3. In accordance with Art. 17 GDPR, you have the right to demand that the data in question be deleted immediately, or alternatively, in accordance with Art. 18 GDPR, to demand that the processing of the data be restricted.
6.4. You have the right to demand that the data concerning you, that you have provided us with, be made available to you in accordance with Art. 20 GDPR, and to request that it be passed on to other responsible parties.
6.5. Under Art. 77 GDPR, you also have the right to lodge a complaint with the competent supervisory authority.
7. Right of withdrawal
You have the right to revoke consents granted in accordance with Art. 7 para. 3 GDPR with effect for the future.
8. Right to object
You can object to the future processing of data concerning you at any time in accordance with Art. 21 GDPR. The objection may in particular be made against processing for the purposes of direct advertising.
Our website uses HTTP cookies to store user-specific data.
9.1 What are cookies exactly?
Whenever you surf the Internet, you use a browser. Well-known browsers include Chrome, Safari, Firefox, Internet Explorer and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.
Cookies store certain user data about you, such as language or personal page settings. When you return to our site, your browser transmits the "user-related" information back to our site. Thanks to the cookies, our website knows who you are and offers you your usual default settings. In some browsers, each cookie has its own file, in others, such as Firefox, all cookies are stored in a single file.
There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, third-party cookies are created by partner sites (e.g. Google Analytics). Each cookie is unique because each cookie stores different data. The expiration time of a cookie also varies from a few minutes to a few years. Cookies are not software programs and do not contain viruses, trojans or other "malware". Cookies also cannot access information on your PC.
Cookie data can look like this, for example:
- Name: _ga
- Expiration period: 2 years
- Usage: differentiation of website visitors
- Example value: GA1.2.1326744211.152321186370
A browser should support the following minimum sizes:
- A cookie may contain at least 4096 bytes
- At least 50 cookies should be able to be stored per domain
- A total of at least 3000 cookies should be able to be stored
9.2 What types of cookies are there?
There are 4 types of cookies:
9.2.1 Essential Cookies
These cookies are necessary to ensure basic functions of the website. For example, these cookies are needed when a user adds a product to the shopping cart, then continues surfing on other pages and only goes to check out later. Thanks to these cookies, the shopping cart is not deleted, even if the user closes his browser window.
9.2.2 Functional Cookies
These cookies collect information about user behavior and whether the user receives any error messages. These cookies are also used to measure the loading time and the behavior of the website in different browsers.
9.2.3 Goal-oriented cookies
These cookies ensure a better user experience. For example, entered locations, font sizes or form data are stored.
9.2.4 Advertising cookies
These cookies are also called targeting cookies. They are used to deliver customized advertising to the user. This can be very practical, but also very annoying.
Usually, the first time you visit a website, you will be asked which of these types of cookies you wish to accept. And of course, this decision is also stored in a cookie.
9.3 How can I delete cookies?
If you want to find out which cookies are stored in your browser or if you want to change or delete cookie settings, you can find this in your browser settings:
If you do not wish to receive cookies, you can set your browser to notify you whenever a cookie is set. In this way, you can decide for each individual cookie whether or not you wish to accept it. The procedure varies depending on the browser. The best thing to do is to look for the instructions in Google with the search term "Delete cookies Chrome" or "Deactivate cookies Chrome" in the case of a Chrome browser or replace the word "Chrome" with the name of your browser, e.g. Edge, Firefox, Safari.
9.4 What about my data protection?
The so-called "cookie guidelines" have been in place since 2009. This states that the storage of cookies requires the consent of the website visitor (i.e. you). Within the EU countries, however, there are still very different reactions to these guidelines. In Germany, the cookie guidelines have not been implemented as national law. Instead, the implementation of these guidelines was largely carried out in § 15 para. 3 of the Telemediengesetzes (TMG).
If you want to know more about cookies and are not afraid of technical documentation, we recommend https://tools.ietf.org/html/rfc6265, the Request for Comments of the Internet Engineering Task Force (IETF) called "HTTP State Management Mechanism".
10. Storage of personal data
Personal information that you submit to us electronically on this website, such as your name, e-mail address, postal address or other personal information when submitting a form or comments on the blog, together with the time and IP address, will only be used by us for the stated purpose, kept securely stored and not disclosed to third parties.
We use your personal data only for communication with those visitors who explicitly wish to be contacted and for processing the services and products offered on this website. We will not pass on your personal data without your consent, but we cannot exclude the possibility that this data may be viewed in the event of illegal behavior.
If you send us personal data by e-mail - thus off this website - we cannot guarantee secure transmission and protection of your data. We recommend that you never send confidential data by e-mail without encryption.
According to Article 6 paragraph 1 (a) GDPR (lawfulness of processing), the legal basis is that you give us your consent to process the data you have entered. You can revoke this consent at any time - an informal e-mail is sufficient; you will find our contact details in the imprint.
11. Deletion of data
11.1 The data processed by us will be deleted or limited in their processing in accordance with articles 17 and 18 GDPR. Unless explicitly stated within the scope of this data protection declaration, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any legal storage obligations. If the data are not deleted because they are required for other and legally permissible purposes, their processing will be restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.
11.2 For us as a company based in Germany, the following applies: In accordance with legal requirements, storage takes place in particular for 6 years in accordance with § 257 para. 1 HGB (German Commercial Code) (commercial books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting vouchers, etc.) and for 10 years in accordance with § 147 para. 1 AO (books, records, management reports, accounting vouchers, commercial and business letters, documents relevant for taxation, etc.).
12.1 When contacting us (via contact form or e-mail), the user's details are processed for the purpose of processing the contact request and its handling in accordance with Art. 6 para. 1 lit. b, c GDPR.
12.2 We will delete the requests if they are no longer necessary. In the case of the legal storage obligations, the deletion is carried out after their expiry.
13.1 With the following notes we inform you about the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedure and about your rights of objection. By subscribing to our newsletter, you agree to receive it and to the described procedures.
13.2 Content of the newsletter: We send newsletters and e-mails only with the consent of the recipients or a legal permission. If the contents of the newsletter are specifically described in the context of a registration for the newsletter, they are decisive for the consent of the users. Our newsletters also contain information about our products, offers, promotions and our company.
13.3 Login data: To subscribe to the newsletter, you only need to enter your e-mail address. Optionally, we ask you to enter a name for personal contact in the newsletter.
13.4 The following applies to Germany: The dispatch of the newsletter and the measurement of success are based on the consent of the recipients in accordance with Art. 6 para. 1 lit. a, Art. 7 GDPR in conjunction with § 7 para. 2 No. 3 UWG or on the basis of the legal permission in accordance with § 7 para. 3 UWG.
13.5 Cancellation/revocation: You can cancel the receipt of our newsletter at any time, i.e. revoke your consent. You will find a link to cancel the newsletter at the end of each newsletter. If users have only registered for the newsletter and cancelled this registration, their personal data will be deleted.
14. Automatic data storage (server log files)
When you visit websites today, certain information is automatically created and stored, including on this website.
When you visit our website as you are doing right now, our web server (computer on which this website is stored) automatically saves data such as
• the address (URL) of the accessed web page
• Browser and browser version
• the operating system used
• the address (URL) of the previously visited page (referrer URL)
• the host name and IP address of the device being accessed
• Date and time
in files (web server log files).
Usually web server log files are stored for two weeks and then automatically deleted. We do not pass on this data but cannot exclude the possibility that this data may be viewed in the event of illegal behavior.
15. Data protection
We use https to transmit data tap-proof on the Internet (data protection through technology design article 25 paragraph 1 GDPR). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission on the Internet, we can ensure the protection of confidential data. You can recognize the use of this data transmission security by the small lock symbol in the upper left corner of the browser and the use of the scheme https (instead of http) as part of our internet address.
16. Integration of third-party services and content
Within our offer, we may also use third parties to provide services on the basis of our legitimate interests (within the meaning of Art. 6 para. 1 lit. f GDPR). In the event of an exchange or the first-time use of a third party, which is also a further processor within the meaning of the GDPR, the customer has the right to raise an objection in accordance with Art. 28 para. 2 GDPR. In this case IPOL GmbH reserves the right to terminate the business relationship without notice for good cause.
16.1 Google Fonts Data Protection Declaration
On our website we use Google Fonts. These are the "Google fonts" of the company Google Inc. For the European area the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.
To use Google fonts, you do not need to log in or set a password. Furthermore, no cookies are stored in your browser. The files (CSS, fonts) are requested via the Google domains fonts.googleapis.com and fonts.gstatic.com. According to Google, the requests for CSS and fonts are completely separate from all other Google services. If you have a Google Account, you do not need to worry about your Google Account information being submitted to Google while using Google Fonts. Google records the use of CSS (Cascading Style Sheets) and the fonts used and stores this information securely. We will see in detail how the data storage looks exactly.
16.1.1 What are Google Fonts?
Google Fonts (formerly Google Web Fonts) is a directory of over 800 fonts that Google makes available to its users free of charge.
Many of these fonts are published under the SIL Open Font License, while others are published under the Apache License. Both are free software licenses.
16.1.2 Why do we use Google Fonts on our website?
With Google Fonts we can use fonts on our own website, but we don't have to upload them to our own server. Google Fonts is an important component to keep the quality of our website high. All Google fonts are automatically optimized for the web and this saves data volume and is a great advantage especially for the use with mobile devices. If you visit our site, the low file size ensures a fast loading time. Furthermore, Google Fonts are secure web fonts. Different image synthesis systems (rendering) in different browsers, operating systems and mobile devices can lead to errors. Such errors can visually distort some texts or entire web pages. Thanks to the fast Content Delivery Network (CDN), there are no cross-platform problems with Google Fonts. Google Fonts supports all major browsers (Google Chrome, Mozilla Firefox, Apple Safari, Opera) and works reliably on most modern mobile operating systems, including Android 2.2+ and iOS 4.2+ (iPhone, iPad, iPod). So we use Google Fonts to make our entire online service as beautiful and consistent as possible.
16.1.3 Which data is stored by Google?
When you visit our website, the fonts are reloaded via a Google server. This external call transfers data to the Google servers. In this way Google also recognizes that you or your IP address are visiting our website. The Google Fonts API was developed to reduce the use, storage and collection of end user data to what is necessary for a proper provision of fonts. By the way, API stands for "Application Programming Interface" and serves, among other things, as a data transmitter in the software sector.
Google Fonts securely stores CSS and font requests at Google and is therefore protected. Through the collected usage figures, Google can determine how well each font is received. Google publishes the results on internal analysis pages, such as Google Analytics. Google also uses data from its own web crawler to determine which websites use Google fonts. This data is published in the BigQuery database of Google Fonts. Entrepreneurs and developers use Google's BigQuery web service to examine and move large amounts of data.
However, it should also be noted that each Google Font request automatically sends information such as language settings, IP address, browser version, browser screen resolution and browser name to the Google servers. Whether this data is also stored cannot be clearly determined or is not clearly communicated by Google.
16.1.4 How long and where is the data stored?
Google stores requests for CSS assets for one day on its servers, which are mainly located outside the EU. This allows us to use the fonts with the help of a Google style sheet. A stylesheet is a style template that allows you to change easily and quickly, for example, the design or font of a web page.
The font files are stored at Google for one year. Google's goal is to improve the loading time of websites. When millions of web pages link to the same fonts, they are cached after the first visit and reappear immediately on all other web pages visited later. Sometimes Google updates font files to reduce file size, increase language coverage and improve design.
16.1.5 How can I delete my data or prevent data storage?
JThe data that Google stores for a day or a year cannot be simply deleted. The data is automatically transmitted to Google when the page is called up. To delete this data prematurely, you must contact Google support at https://support.google.com/?hl=en&tid=321186370. In this case you only prevent data storage if you do not visit our site.
Unlike other web fonts, Google allows us unlimited access to all fonts. So, we have unlimited access to a sea of fonts and can get the most out of our website. You can find more information about Google Fonts and other questions at https://developers.google.com/fonts/faq?tid=321186370. Although Google addresses privacy issues there, it does not provide detailed information about data storage. It is relatively difficult to get detailed information about stored data from Google.
You can also read on https://www.google.com/intl/en/policies/privacy/ which data are basically collected by Google and for what purpose these data are used.
16.2 Vimeo Data Protection Declaration
We also use videos from the company Vimeo on our website. The video portal is operated by Vimeo LLC, 555 West 18th Street, New York, New York 10011, USA. With the help of a plug-in, we can display interesting video material directly on our website. Certain data may be transferred from you to Vimeo. In this privacy statement, we will show you what data is involved, why we use Vimeo, and how you can manage your data or stop data transfer.
16.2.1 What is Vimeo?
Vimeo is a video platform that was founded in 2004 and since 2007 has enabled the streaming of videos in HD quality. Since 2015 it is also possible to stream in 4k Ultra HD. The use of the portal is free of charge, but content with costs can also be published. In comparison to the market leader YouTube, Vimeo places priority on high quality content in good quality. Thus, the portal offers on the one hand a lot of artistic content such as music videos and short films, but on the other hand also documentations about various topics.
16.2.2 Why do we use Vimeo on our website?
The goal of our web presence is to provide you with the best possible content. And that as easily accessible as possible. Only when we have achieved this we are satisfied with our service. The Vimeo video service helps us achieve this goal. Vimeo gives us the opportunity to present you with high-quality content directly on our website. Instead of just giving you a link to an interesting video, you can watch the video right here. This extends our service and makes it easier for you to access interesting content. Therefore, we offer video content in addition to our texts and images.
16.2.3 What data is stored on Vimeo?
When you visit a Web page on our site that has a Vimeo video embedded, your browser connects to the Vimeo servers. This results in a data transfer. This data is collected, stored and processed on the Vimeo servers. Whether or not you have a Vimeo account, Vimeo collects information about you. This includes your IP address, technical information about your browser type, operating system, or very basic device information. In addition, Vimeo stores information on which web site you use the Vimeo service and what actions (web activities) you perform on our web site. These web activities include, for example, session duration, bounce rate, or which button you clicked on our website with a built-in Vimeo function. Vimeo can track and store these actions using cookies and similar technologies.
If you are logged in as a registered member of Vimeo, more data can usually be collected, since more cookies may already have been set in your browser. In addition, your actions on our website are directly linked to your Vimeo account. To prevent this, you must log out of Vimeo while you are "surfing" our website.
Below we show you cookies that are set by Vimeo when you are on a website with integrated Vimeo functions. This list is not exhaustive and assumes that you do not have a Vimeo account.
Purpose: This cookie saves your settings before you play an embedded Vimeo video. This means that the next time you watch a Vimeo video, you will get your preferred settings back.
Expiration date: after one year
Purpose: This cookie collects information about your actions on websites that have embedded a Vimeo video.
Expiration date: after 2 years
Note: These two cookies are always set when you are on a web page with an embedded Vimeo video. When you view the video and click the button, for example to "share" or "link" the video, additional cookies are set. These are also third-party cookies such as _ga or _gat_UA-76641-8 from Google Analytics or _fbp from Facebook. Exactly which cookies are set here depends on your interaction with the video.
The following list shows a section of possible cookies that are set when you interact with the Vimeo video:
Purpose: This Vimeo cookie helps Vimeo remember the settings you applied. This could be a preset language, region or username, for example. In general, the cookie stores information about how you use Vimeo.
Expiration date: after one year
Purpose: This cookie is a first-party cookie from Vimeo. The cookie collects information about how you use the Vimeo service. For example, the cookie stores when you pause or replay a video.
Expiration date: after one year
Purpose: This cookie is a third-party cookie from Google. By default analytics.js uses the _ga cookie to store the user ID. Basically, it is used to differentiate between website visitors.
Expiration date: after 2 years
Purpose: This third-party Google AdSense cookie is used to improve the effectiveness of ads on websites.
Expiration date: after 3 months
Purpose: This is a Facebook cookie. This cookie is used to display advertisements or promotional products from Facebook or other advertisers.
Expiration date: after 3 months
Vimeo uses this data to improve its own service, to communicate with you and to implement its own targeted advertising measures, among other things. Vimeo emphasizes on its website that only first-party cookies (i.e., cookies from Vimeo itself) are used for embedded videos, as long as you do not interact with the video.
16.2.4 How long and where is the data stored?
Vimeo has its headquarters in White Plains, New York State (USA). However, the services are offered worldwide. The company uses computer systems, databases and servers in the USA and in other countries. Your data can therefore also be stored and processed on servers in America. The data will remain stored by Vimeo until the company no longer has an economic reason for storing it. Then the data is deleted or made anonymous. Vimeo complies with the EU-U.S. Privacy Shield Framework and is therefore permitted to collect, use and transfer data from users in the EU to the USA.
16.2.5 How can I delete my data or prevent data storage?
You always have the possibility to manage cookies in your browser according to your wishes. For example, if you do not want Vimeo to set cookies and thus collect information about you, you can delete or deactivate cookies in your browser settings at any time. Depending on your browser, this works slightly differently. Please note that it is possible that after deactivating/deleting cookies, various functions may no longer be available to the full extent. The following instructions show you how to manage or delete cookies in your browser.
If you are a registered Vimeo member, you can also manage the cookies used in the Vimeo settings.
17. Online presence in social media
17.1 We maintain online presences within social networks and platforms in order to communicate with the customers, interested parties and users active there and to be able to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply.
17.3 We use social plug-ins of social networks on our website on the basis of Art. 6 para. 1 lit. f GDPR to make our company known. The advertising purpose behind this is to be regarded as a legitimate interest within the meaning of the GDPR. The responsibility for data protection compliant operation is to be guaranteed by their respective providers.
The integration of these plug-ins by us takes place by means of the so-called two-click method in order to protect visitors to our website in the best possible way.
18. Changes and updates to the data protection declaration
Last update: May 2020