Privacy Policy

Disclaimer

Privacy Notice for customers, business partners and prospective clients (B2B)
In this privacy policy, we inform you about the processing of personal data when you use our website. Personal data is information relating to an identified or identifiable individual. This primarily includes details that allow conclusions to be drawn about your identity, such as your name, telephone number, postal address or email address. Statistical data that we collect, for example, when you visit our website and which cannot be linked to you personally, does not fall under the definition of personal data.

1. Contact Person
The contact person and so-called joint controller for the processing of your personal data when visiting this website within the meaning of the General Data Protection Regulation (GDPR) is

Holger Döring
ITS Informationstechnik Service GmbH
Phoenixseestraße 6
44263 Dortmund
Germany

Tel.: +49 231 222 49 100
E-Mail: datenschutz@its-service.de
Website: its-service.de

2. Data processing on our website
2.1 General use of the website
Every time you visit our website, your web browser automatically sends certain information to us. This information includes, for example

  • Language and version of the browser software
  • Operating system used and its user interface
  • Referrer URL (the previously visited page)
  • Hostname of the accessing computer (IP address)
  • Date and time of the server request
  • Time zone difference from Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Amount of data transferred
  • Access status/HTTP status code

We use this data to ensure that you can access our web content and to guarantee the stability and security of our systems. The legal basis for this data processing is Article 6(1)(b) of the GDPR.

We are generally unable to link this data to specific individuals. This data is not combined with other data sources. Furthermore, the data is deleted within 7 days following statistical analysis. Data that must be retained for evidential purposes is exempt from deletion until the respective incident has been fully resolved.

We use hosting services. These are used to provide infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services in order to maintain the operation of this online service.

In doing so, we or our hosting provider process master data, contact details, content data, contractual data, usage data, metadata and communication data relating to customers, prospective customers and visitors to this website on the basis of our legitimate interests in providing this website efficiently and securely.

This data processing is carried out to safeguard our legitimate interests on the basis of Article 6(1)(f) of GDPR.

2.2 Contacting us
There are various ways in which you can contact us. In this context, we process data solely for the purpose of communicating with you. The legal basis is Article 6(1)(b) of the GDPR. Mandatory fields in contact forms are marked accordingly. The data we collect when you use the contact form will be deleted once your enquiry has been fully processed, unless we still require your enquiry to fulfil contractual or legal obligations (see section ‘Retention period’).

2.3 Organisation of events
We also process personal data (e.g. name, billing and delivery addresses, email addresses, payment details) for the purpose of organising events. The legal basis for the aforementioned data processing is Article 6(1)(b) of the GDPR.

2.4 Data processing for marketing purposes

2.4.1 Marketing to existing customers

When you book an event on our website, we also use your contact details to send you further information via email about our products and services that may be of interest to you, as well as related news, promotions and offers, and feedback and other surveys. You may object to the use of your data for marketing purposes at any time by contacting us using the contact details provided in section 1 (e.g. by email or post), without incurring any costs other than the transmission costs charged at standard rates. The legal basis for this data processing is Article 6(1)(f) of the GDPR, according to which data processing is permitted for the purposes of legitimate interests, insofar as this concerns the storage and further use of the data for advertising purposes (marketing to existing customers).

2.4.2 Newsletter
Provided you have given us your consent, we will send you a newsletter in which we will regularly inform you about updates to our products and special offers. You can unsubscribe from the newsletter at any time. A link to unsubscribe is included in every newsletter. Naturally, you may also simply contact us using the contact details provided above or in the newsletter (e.g. by email or post). The legal basis for processing is your consent in accordance with Article 6(1)(a) of the GDPR.

3. Use of cookies and similar technologies
This website uses cookies and similar tracking technologies (collectively referred to as ‘tools’), which are provided either by us or by third parties. Cookies are small text files used by websites to make the user experience more efficient. Similar technologies include, in particular, fingerprints, web beacons, tags or pixels. You can adjust your browser settings so that cookies are rejected or only stored with your prior consent. If you reject cookies, not all of our services may function properly for you. By law, we may store cookies on your device if they are strictly necessary for the operation of this website. For all other types of cookies, we require your permission. You can adjust your cookie preferences at any time in the cookie settings (section 3.5) (e.g. withdraw your consent).

3.1 Essential cookies
We use certain tools to enable the basic functions of our website. Without these tools, we would be unable to provide our service. The main purpose of these tools is to provide you with a personalised experience and to make using our services as time-efficient as possible. We use these tools to store your preferences on our website, such as language settings, or to technically implement the login function for the password-protected area. In doing so, we aim to enable you to use our website in a more convenient and personalised manner.
We use tools necessary for the operation of the website on the basis of our legitimate interest pursuant to Article 6(1)(f) of the GDPR, in order to enable you to use our website in a more convenient and personalised manner and to make its use as time-saving as possible. In certain cases, these tools may also be necessary for the performance of a contract or for the implementation of pre-contractual measures; in such cases, processing takes place in accordance with Article 6(1)(b) of the GDPR.

3.2 Analysis and marketing purposes (“statistics”)

To improve our website, we use tools for the statistical collection and analysis of general usage behaviour based on access data, in order to design our website to meet user needs and to continuously optimise it. We also use analytics services to evaluate the use of our various marketing channels.

We use all non-essential tools, in particular those for analysis and marketing purposes, on the basis of your consent in accordance with Article 6(1)(a) of the GDPR. Data processing using these tools only takes place if we have obtained your prior consent for this. Where personal data is transferred to third countries, we refer to Section 6 (‘Data transfers to third countries’), including with regard to any associated risks. If you have given your consent to the use of specific tools, we transfer the data processed during the use of these tools to third countries (also) on the basis of this consent.

3.2.1 Google Analytics et al.
Our website uses Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (‘Google’). The data processor is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses cookies and similar technologies to analyse and improve our website based on your user behaviour. The data collected in this context may be transferred by Google to a server in the USA for analysis and stored there. In the event that personal data is transferred to the USA, we have entered into standard contractual clauses with Google. However, your IP address is truncated prior to the analysis of usage statistics, so that no conclusions can be drawn regarding your identity. To this end, the code “anonymizeIP” has been added to Google Analytics on our website to ensure the anonymised collection of IP addresses. Google will process the information obtained via the cookies to evaluate your use of the website, to compile reports on website activity for the website operators, and to provide other services related to website and internet usage.

Click here to read the data controller’s privacy policy: https://policies.google.com/privacy?hl=de
Click here to adjust your privacy settings on Google: https://safety.google/privacy/privacy-controls/

3.2.2 Google reCAPTCHA

To ensure data security when submitting forms, we use the reCAPTCHA service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). The data processor is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. This allows us to verify whether the input is being made by a natural person or through machine-based and automated processing. The service involves the transmission of the IP address and, where applicable, other data required by Google for the reCAPTCHA service.

Click here to read the data processor’s privacy policy: https://policies.google.com/privacy?hl=de

4. Disclosure of data

We will only disclose the data we have collected if:

  • you have given your explicit consent in accordance with Article 6(1)(a) of the GDPR,
  • the disclosure is necessary in accordance with Article 6(1)(f) of the GDPR for the establishment, exercise or defence of legal claims and there is no reason to assume that you have an overriding legitimate interest in preventing the disclosure of your data,
  • we are legally obliged to disclose the data under Article 6(1)(c) of the GDPR, or
  • this is necessary under Article 6(1)(b) of the GDPR for the performance of contractual relationships with you or for the implementation of pre-contractual measures taken at your request (e.g. when forwarding enquiries and orders to regional cooperation partners) .

Furthermore, disclosure may take place in connection with official enquiries, court orders and legal proceedings where this is necessary for the pursuit or enforcement of legal claims.

Some data processing may be carried out by our service providers. In addition to the service providers mentioned in this privacy policy, these may include, in particular, data centres, software providers, IT service providers, agencies, market research companies, group companies and consultancy firms. Where we pass data on to our service providers, they may use the data solely for the purpose of fulfilling their tasks. We have carefully selected and commissioned these service providers. They are contractually bound by our instructions, have appropriate technical and organisational measures in place to protect the rights of data subjects, and are regularly monitored by us.

If these service providers process your data outside the European Union, this may result in your data being transferred to a country with a lower standard of data protection than that in the European Union. In such cases, SPIE ensures that the service providers in question guarantee an equivalent level of data protection, either contractually or by other means (for example, by entering into standard contractual clauses with the service provider or by ensuring the service provider is certified under the EU-US Privacy Shield).

5. Data transfers to third countries

We use services provided by companies some of which are based in so-called third countries (such as the USA), i.e. countries whose level of data protection does not correspond to that of the European Union. Where this is the case and the European Commission has not issued an adequacy decision (Art. 45 GDPR) for these countries, we have taken appropriate measures to ensure an adequate level of data protection for any data transfers. These include, amongst other things, the European Union’s standard contractual clauses or binding internal data protection regulations.

Where this is not possible, we base the data transfer on the exceptions set forth in Article 49 of the GDPR, in particular your explicit consent or the necessity of the transfer for the performance of a contract or for the implementation of pre-contractual measures.

If a transfer to a third country is planned and no adequacy decision or appropriate safeguards are in place, it is possible and there is a risk that government authorities in the respective third country (e.g., intelligence agencies) may gain access to the transferred data to collect and analyze it, and that the enforceability of your data subject rights cannot be guaranteed. When your consent is obtained via the cookie banner, you will also be informed of this.

6. Retention Period

As a general rule, we retain personal data only for as long as necessary to fulfill the contractual or legal obligations for which we collected the data. After that, we delete the data immediately, unless we still need the data until the expiration of the statutory limitation period for evidentiary purposes regarding civil claims or due to statutory retention obligations.

For evidentiary purposes, we must retain contract data for three years from the end of the year in which our business relationship with you ends. Any claims become time-barred at the earliest at this point, in accordance with the standard statutory limitation period.

Even after that, we must still store some of your data for accounting purposes. We are required to do so due to legal documentation obligations that may arise from the German Commercial Code, the German Fiscal Code, the Money Laundering Act, and the Securities Trading Act. The retention periods specified therein range from two to ten years.

7. Your Rights

You have the right to request information at any time regarding our processing of your personal data. In this context, we will explain the data processing to you and provide you with an overview of the data we have stored about you. If any data stored by us is incorrect or no longer up to date, you have the right to have this data corrected. You may also request the deletion of your data. You may also have the processing of your personal data restricted, for example, if you question the accuracy of the data. You also have the right to data portability.

You have the right to withdraw your consent at any time. As a result, we will no longer process your data in the future based on that consent. Withdrawing your consent does not affect the lawfulness of the processing carried out on the basis of your consent prior to its withdrawal.

To the extent that we process your data based on legitimate interests, you have the right to object to the processing of your data at any time for reasons arising from your particular situation. If the objection concerns data processing for direct marketing purposes, you have a general right to object, which we will honor even without you providing a reason.

To exercise the rights described here, you may contact us at any time using the contact information provided above. You also have the right to lodge a complaint with the data protection supervisory authority responsible for us. You may also contact the data protection authority in your place of residence, which will then forward your request to the competent authority.

8. Changes to the Privacy Policy

We occasionally update this Privacy Policy, for example when we make changes to our website or when legal or regulatory requirements change.

Last updated: May 2024