Privacy Policy

Privacy Notice

As the data controller we have prepared this privacy notice to inform you in accordance with the requirements of the EU General Data Protection Regulation 2016/679 (GDPR) about the nature, scope and purpose of the processing of personal data in relation to the services we offer on our web site.

I. Definitions

„Personal data“ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

„Processing“ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

„Controller“ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

„Recipient“ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

II. General information

1. The data controller

Information Design One AG
Baseler Straße 10
60329 Frankfurt
Germany
Telephone: +49 69 244 502 0
Fax: +49 69 244 502 10
E-Mail: info@id1.de

2. Contact details of the data protection officer

OBSECOM GmbH
Königstr. 40
70173 Stuttgart
Germany
Telephone: +49 711 / 4605025-40
Fax: +49 711 / 4605025-49
E-Mail: privacy@obsecom.de
Web site: www.obsecom.eu

3. Legal bases

We process personal data based on at least one of the following legal bases:

  • The data subject has given consent to the processing of his or her personal data for one or more specific purposes (Art.  6 para. 1 lit. a GDPR);
  • Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (Art.  6 para. 1 lit. b GDPR);
  • Processing is necessary for compliance with a legal obligation to which we are subject (Art.  6 para. 1 lit. c GDPR);
  • Processing is necessary in order to protect the vital interests of the data subject or of another natural person (Art.  6 para. 1 lit. d GDPR);
  • Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party (Art.  6 para. 1 lit. f GDPR)

In this privacy policy we refer to the respective legal basis of the individual data processing operations.

4. Onward transfer of personal data

We forward personal data to recipients (data processors or other third parties) only to the extent required and only if one of the subsequent conditions are met:

  • the data subject has consented to the data transfer;
  • the onward transfer is required to fulfil a contractual obligation or pre-contractual measure on the request of the data subject;
  • we are obliged by law to make such a transfer;
  • The onward transfer is made on the basis of our legitimate interest or on those of a third party.
5. Third countries

The transfer of personal data to a third country or an international organisation outside the European Union (EU) or the European Economic Area (EEA) is subject to legal or contractual permission only in accordance with the provisions under Art. 44 et seq. GDPR. It means that pursuant to Art. 45 GDPR an adequacy decision of the EU commission must be present for the respective country, appropriate safeguards for data privacy under Art. 46 GDPR, or Binding Corporate Rules under Art. 47 GDPR do exist.3

6. Rights of data subjects

As a data subject you have the following right:

If you wish to assert the data subject rights mentioned above, you can contact us or our data protection officer at any time using the contact details above.

7. Erasure and restriction of personal data

Unless otherwise provided for in this privacy notice, personal data will be deleted, if these data are no longer necessary in relation to the purposes for which they were collected or otherwise processed and the deletion does not conflict with statutory retention requirements. In addition, we will erase the personal data processed by us in accordance with Art. 17 GDPR on your request, if the conditions provided therein are met. If personal data are required for other lawful purposes, they will not be erased, but their processing will be restricted in accordance with Art. 18 GDPR.

In case of restriction, the data will not be processed for other purposes. This applies, for example, to personal data that must be retained by us for commercial or tax law reasons. For example, data must be kept for 6 years pursuant to Section 257 (1) Nos. 2 and 3 German Commercial Code (HGB) and Section 147 (1) Nos. 2, 3, 5 German Tax Code (AO); data must be kept for 10 years pursuant to Section 257 (1) Nos. 1 and 4 HGB and Section 147 Abs. 1 No. 1, 4, 4a AO.

8. Cookies

Our web site uses cookies. Cookies are small text files that your browser automatically creates and stores on your device (laptop, tablet, smartphone, PC, etc.) when you visit our web site. Cookies do no harm to your device, nor do they contain any viruses or other malicious software. The cookie stores information which is created in relation to the specific device you are using. However, this does not mean that we become immediately aware of your identity. Cookies are mainly used to make the web site more user-friendly, effective and secure.

 

a. Necessary cookies:

NamePHPSESSID
Provider
PurposeRecognizes during your visit of our site that you have already visited individual pages of our website.
ExpiresUntil the end of your visit
Sample content3cm12d11d14fg0ssklulk1k274
Further Informationhttp://www.php-faq.de/q/q-sessions-id.html
Name__smSmartbarShown
ProviderSumo
Purpose
Expires30 Years
Sample content
Further Information
Name__smToken
ProviderSumo
PurposeThe __smToken cookie is set as soon as you log in to Sumo. It is checked whether you are logged into Sumo or not.
Expires1 Year
Sample contentNjXCR9ztNjmUQGH8sNc53WG6
Further Informationhttps://help.sumo.com/hc/en-us/articles/115004671147-How-Sumo-Cookies-Work<
Name__smVID
ProviderSumo
Purpose
Expires1 Month
Sample content
Further Information

b. Cookies for tracking and statistics

Name_fbp
ProviderFacebook
PurposeThis Facebook Pixel cookie is used to distinguish and track individual users
Expires3 Months
Sample contentfb.1.1580987411719.594444883
Further Information
Name_ga
ProviderGoogle
PurposeGoogle Universal Analytics. Distinguish unique users by randomly generated client ID numbers. Use to identify returning visitors, calculate visitor, session and campaign data.
Expires2 Years
Sample contentGA1.3.1369932704.1580458261
Further Informationhttps://policies.google.com/privacy?hl=en
Name_gid
ProviderGoogle
Purpose
Expires24 Hours
Sample contentGA1.3.1183256634.1586250684
Further Information
Name_gat_gtag_*
ProviderGoogle
PurposeGoogle Analytics: Throttles the request rate to restrict data collection on heavily frequented websites
Expires10 Minutes
Sample content1
Further Informationhttps://policies.google.com/privacy?hl=de

c. Unclassified cookies

Namecookielawinfo-checkbox-necessary
Provider
PurposeThis cookie is used by the WordPress plugin "GDPR Cookie Consent" to inform visitors about the cookies used by the website.
Expires1 Year
Sample contentyes
Further Information
Nameviewed_cookie_policy
Provider
PurposeThis cookie is used to record whether the cookie law information bar has been viewed and accepted.
Expires1 Year
Sample contentyes
Further Information

The data processed by cookies are required for the purposes mentioned above in order to protect our legitimate interests which result thereof, as well as those of third parties according to Art. 6 para. 1 lit. f GDPR.

Most browsers accept cookies automatically. However, if you do not wish to accept cookies, you can configure your browser so that no cookies are stored on your device or a message is displayed before new cookies are created. A general objection to the use of cookies used for online marketing purposes can be made for a variety of services, such as explained at http://www.youronlinechoices.com/ or the opt-out page of the Network Advertising Initiative http://optout.networkadvertising.org. However, disabling cookies may mean that you may not be able to use all the features of our web site.

III. Individual processing operations

1. Hosting

In order to make available our web site, we use services provided by hosting companies, such as: Provision of web servers, disk space, database services, and security or maintenance services. Here we, or our hosting providers, process personal data of the web site visitors on the basis of our legitimate interests in providing efficient and secure access to our web site in accordance with Art. 6 para. 1 lit. f GDPR.

2. Access data and log files

By visiting our web site or its individual pages, your device’s internet browsers automatically sends information to the server of our web site. This information is stored in so-called log files by us or our hosting provider and will be deleted after 6 months at the latest.

The following information is stored:

  • IP address of the requesting computer;
  • Date and time of access;
  • Name and URL of the requested file;
  • Web site from which our site was accessed (Referrer-URL);
  • The browser used and your computer’s operating system;
  • Status codes and the transferred amount of data;
  • Name of your access providers.

This data will be used for the following purposes:

  • The provision of our web site, including all of its features and contents;
  • To ensure a smooth connection to our web site;
  • To ensure the comfortable use of our web site;
  • To ensure system security and stability;
  • For anonymised statistical evaluation of web site access;
  • To optimise our web site;
  • For disclosure to law enforcement authorities in the event of unlawful interference / attacks on our systems;
  • For further administrative purposes.

The legal basis for data processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest follows from the data collection purposes mentioned above. Under no circumstance will we use the personal data collected for the purpose of drawing conclusions about a person.

3. Other modes of contact

If you contact us using the contact details published in our web site (for example, by e-mail) and in this context provide us with personal data, we will use this data to process your request on the basis of Art. 6 para. 1 lit. b GDPR, if your request is related to the performance of a contract or is required to perform pre-contractual action. In all other cases, processing is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and / or our legitimate interest in the effective processing of requests addressed to us pursuant to Art. 6 para. 1 lit. f GDPR. We will store your personal data until you ask us for deletion, revoke your consent to the storage, or the data are no longer necessary for the purpose for which they were collected (for example, after completion of your request). Mandatory statutory provisions - especially retention periods - remain thereof unaffected.

4. E-Mail direct marketing to customers

If you are an existing customer and we have received your e-mail address in connection with the sale of goods or services, we may use your e-mail address for direct marketing purposes of our own similar goods or services. This only applies if you have not objected and we clearly and unequivocally have advised you of the possibility of objection at the time of collecting the e-mail address, and every time we use it. The legal basis of processing is our legitimate interest in direct marketing according to Art. 6 para. 1 lit. f GDPR.

5. Newsletter

If you would like to receive our newsletter, we need your e-mail address. The data processing for the purpose of sending the newsletter takes place in accordance with Art. 6 para. 1 lit. a GDPR on the basis of your voluntary consent by means of the so-called double-opt-in procedure. The e-mail address will be used and stored for this purpose until you withdraw your consent or unsubscribe from receiving the newsletter. You can unsubscribe at any time, for example by using the link at the bottom of each newsletter. You can also send your withdrawal/unsubscribe request at any time to the e-mail address given under Clause II.

We embed a so-called counting pixel into our newsletters. A counting pixel is a miniature graphic embedded in the HTML format of the newsletter to allow us an analysis of the reader's reading behaviour. In this context, we gather information whether and at what time a newsletter was opened by you and which of the links contained in the newsletter were accessed by you. We use this data to generate statistical evaluations of the success or failure of a marketing campaign in order to optimize the distribution of our newsletters and to better tailor the content of future newsletters to your interests. The collected data will not be passed on to third parties and will be deleted after the statistical evaluation.

6. MailChimp

We process our e-mail newsletters via MailChimp. The provider is the Rocket Science Group, LLC, 675 Ponce De Leon Ave NE # 5000, Atlanta, GA 30308, USA (hereafter "MailChimp"). MailChimp is used to send and evaluate the reach of our newsletters. For this purpose, MailChimp processes your e-mail address and any other data required by MailChimp for the provision of the newsletter on our behalf. The legal basis for data processing is our legitimate interest in the use of a user-friendly and secure newsletter system in accordance with Art. 6 para. 1 lit. f GDPR.

The personal data required for processing the newsletter is stored on servers in the United States. MailChimp has joined the EU/US Privacy Shield Agreement and is committed to uphold EU data privacy standards. MailChimp therefore meets the EU requirements for legitimising the transfer of personal data to the United States. For more information about MailChimp’s commitment, please visit: www.privacyshield.gov/participant.

For more information on how MailChimp handles your personal information, please refer to the privacy policy at mailchimp.com/legal/privacy/.

7. Job applications

For more information on the processing of personal data in the context of job applications, please visit: id1-jobs.personio.de/privacy-policy?language=en

IV. Statistics and Analytics

1. Facebook-Pixel

This web site uses the so-called ‘Facebook pixel’. Provider is Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. Responsible for the processing of personal data of data subjects in the EU is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland.

Facebook has joined the EU/US Privacy Shield Agreement and is committed to uphold EU data privacy standards. Facebook therefore meets the EU requirements for legitimising the transfer of personal data to the United States. For more information about Facebook’s commitment, please visit: www.privacyshield.gov/participant

The use of the Facebook pixel-technology enables Facebook to recognize visitors of our web site and to associate them to certain groups for the display of specific advertisements (for example, so-called "Custom Audiences", visitors to our website according to areas of interest which we have given to Facebook). This ensures that the users are shown only interest-oriented ads, and thus avoiding annoyance by improper advertising. Through the use of the Facebook pixel, we can also track the effectiveness of our Facebook ads for statistical purposes and track whether and how users have used our offer after clicking on the advertisement. The use of the Facebook pixel helps us to promote our products and services in an appropriate manner without anoying users with inappropriate advertising. The legal basis for the use of the Facebook pixel are our legitimate interests and the legitimate interests of third parties pursuant to Art. 6 para. 1 lit. f GDPR.

For more information about the Facebook Pixel and how it works, please refer to: www.facebook.com/business/help. More information on how Facebook processes the data obtained, and general details about Facebook advertisement is made available on the Facebook data policy at: www.facebook.com/about/privacy/update. In your personal Facebook account under the heading "Settings", you also have the option to object to the collection of your personal data via the Facebook pixel and its use for the display of specific advertisements. More information about these settings are available at: www.facebook.com/settings (login required).

V. Google Services

Provider of the services below is Google Ireland Limited (Register No: 368047), Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter „Google“).

The legal basis for the use of the following Google services are our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR.

Google has joined the EU/US Privacy Shield Agreement and is committed to uphold EU data privacy standards. Google therefore meets the EU requirements for legitimising the transfer of personal data to the United States. For information about Google’s commitment, please visit:
www.privacyshield.gov/participant.

For more information about how Google deals with your personal data, please refer to Google's Privacy Policy:
www.google.com/intl/de/policies/privacy.

For information on the use of data for advertising purposes by Google, setting and your right to object please refer to:
www.google.de/policies/privacy/partners

www.google.de/policies/technologies/ads

adssettings.google.com

1. Google Analytics

Our Web site uses Google Analytics. Google Analytics uses cookies. Google Analytics collects information about the visits of web site users and analyses their behavior. This data serves the purpose of developing a user-friendly web site design, the continuous optimisation of our services and offers, to measure the success of marketing activities, and to create statistical analysis. In this context, pseudonymised user profiles are created and cookies are used. Google Analytics collects information such as browser type / version, operating system, referrer URL (the previously visited page), host name of the accessing computer (IP address), time of server request.  The information generated is transferred to the US and stored on servers owned by Google. The collected user data and event data will be deleted after 26 months. Information may also be transferred to third parties if required by law or if third parties process this data on behalf of us or Google. Under no circumstances will your IP address be merged with any other data that is kept by Google. The IP address will be anonymised so that assignment is impossible. You can prevent the local storage of cookies by configuring your browser software correspondingly. However, be advised that in this case you may not be able to use all the features of this web site to the full extent possible. Additionally, in order to prevent Google to collect and process the data generated in relation to your use of the web site you may download and install the browser plug-in available under the following link: tools.google.com/dlpage/gaoptout. You can prevent Google from gathering your data by clicking on this link [<p><a href="javascript:gaOptout()">deactivate Google Analytics </a></p>] which sets an opt-out cookie on your computer. This cookie ensures that Google Analytics will not collect and store any user data from your browser when visiting this web site. Attention: If you delete your cookie cache, this will result in the opt-out cookie being deleted as well. Then you must re-activated the opt-out cookie again.

2. Google Web Fonts

This web site uses external typesets provided by Google, so-called web fonts. In order to do this, your browser loads the required web fonts into your browser cache when you visit the web site. If your browser does not support this feature, your computer will use a standard font to display the web site. This service collects your IP address, which of our web sites you have visited and, if necessary, other data required by Google for the provision of the web fonts. The generated information about your use of this web site is stored on servers in the USA. This information may also be transferred to third parties if required by law or if third parties process this data on behalf of us or Google.

3. Google Tag Manager

This web site uses Google Tag Manager in order to manage web site through a single tag management interface. Google Tool Manager only implements tags. This means: no cookies are used and no personal data is collected. Google Tag Manager triggers other tags, which may collect data. However, Google Tag Manager does not access this data. If deactivated at the domain or cookie level, it will remain effective for all tracking tags as far as they are implemented with the Google Tag Manager.

VI. Mediea content

In the context of providing our web site we partially use third party content, which is loaded directly from servers of the content providers, as named below. The purpose of integrating this content is to make our web site more attractive. The legal basis is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in using such external content to make our web site more attractive.

4. YouTube

Our web site uses media content from the YouTube platform. Provider is Google Ireland Limited (Register No: 368047), Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter "Google").
The purpose is to display content of the YouTube platform that relates to the content of our web site. This service collects your IP address and any additional data Google may need to provide the YouTube content. The information gathered about your use of this web site is stored on a server in the USA. This information may also be transferred to third parties if required by law or if third parties process this data on behalf of us or Google. If you are logged in to your YouTube account while you are visiting our web site, Google can link your visit of our web site directly to your YouTube user account. If you do not want Google to be able to associate the data collected on our web site with your respective user account on YouTube, you must first log out of YouTube.

Google has joined the EU/US Privacy Shield Agreement and is committed to uphold EU data privacy standards. Google therefore meets the EU requirements for legitimising the transfer of personal data to the United States. For information about Google’s commitment, please visit:
www.privacyshield.gov/participant.

For more information about how Google deals with your personal data, please refer to Google's Privacy Policy:
www.google.com/intl/de/policies/privacy