www.pib.rocks | Contact to pib.Team
Go to homepage

Privacy

With this privacy policy, we inform you about our handling of your personal data and your rights under the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). The responsible party for data processing is isento GmbH (hereinafter referred to as "we" or "us").

I. General Information

1. Contact If you have any questions or suggestions regarding this information or wish to exercise your rights, please direct your inquiry to

isento GmbH
Ostendstraße 242
90482 Nuremberg
Phone: +49 911 21 77 38 70
Email: info@isento.de

2. Legal Basis

The data protection term "personal data" refers to all information relating to an identified or identifiable person. We process personal data in compliance with the relevant data protection regulations, particularly the GDPR and the BDSG. Data processing by us only takes place on the basis of a legal permission. We process personal data only with your consent (§ 25 para. 1 TTDSG or Art. 6 para. 1 lit. a GDPR), to fulfill a contract to which you are a party or to carry out pre-contractual measures at your request (Art. 6 para. 1 lit. b GDPR), to fulfill a legal obligation (Art. 6 para. 1 lit. c GDPR), or if the processing is necessary to protect our legitimate interests or the legitimate interests of a third party, provided that your interests or fundamental rights and freedoms requiring the protection of personal data do not override (Art. 6 para. 1 lit. f GDPR).

3. Duration of Storage

Unless otherwise stated in the following information, we store the data only as long as necessary to achieve the processing purpose or to fulfill our contractual or legal obligations. Such legal retention obligations may arise in particular from commercial or tax regulations.

From the end of the calendar year in which the data was collected, we will retain such personal data contained in our accounting records for ten years and personal data contained in commercial letters and contracts for six years. Furthermore, we will retain data related to consent requiring proof as well as complaints and claims for the duration of the statutory limitation periods. Data stored for advertising purposes will be deleted if you object to processing for this purpose.

4. Categories of Data Recipients

We use processors in the processing of your data. Processing operations carried out by such processors include, for example, hosting, email dispatch, maintenance and support of IT systems, customer and order management, order processing, accounting and billing, marketing measures, or destruction of files and data carriers. A processor is a natural or legal person, authority, institution, or other body that processes personal data on behalf of the data controller. Processors do not use the data for their own purposes but carry out data processing exclusively for the controller and are contractually obligated to ensure appropriate technical and organizational measures for data protection. Furthermore, we may transfer your personal data to entities such as postal and delivery services, house banks, tax consulting/auditing firms, or the tax authorities. Further recipients may arise from the following information.

5. Data Transfer to Third Countries

Our data processing may involve the transfer of certain personal data to third countries, i.e., countries where the GDPR is not applicable law. Such a transfer is permissible if the European Commission has determined that an adequate level of data protection is provided in such a third country. If such an adequacy decision by the European Commission is not available, a transfer of personal data to a third country will only take place if appropriate safeguards according to Art. 46 GDPR are in place or if one of the conditions of Art. 49 GDPR is met.

Unless otherwise stated below, we use the EU standard data protection clauses as appropriate safeguards for the transfer of personal data to third countries. You have the option to obtain or view a copy of these EU standard data protection clauses. Please contact the address provided under Contact for this purpose.

If you consent to the transfer of personal data to third countries, the transfer will be based on Art. 49 para. 1 lit. a GDPR.

6. Processing When Exercising Your Rights

If you exercise your rights under Art. 15 to 22 GDPR, we process the personal data provided to us for the purpose of implementing these rights and to be able to provide proof thereof. Data stored for the purpose of providing information and its preparation will only be processed for this purpose and for purposes of data protection control and otherwise, the processing will be restricted in accordance with Art. 18 GDPR.

These processes are based on the legal basis of Art. 6 para. 1 lit. c GDPR in conjunction with Art. 15 to 22 GDPR and § 34 para. 2 BDSG.

7. Your Rights

As a data subject, you have the right to assert your data subject rights against us. In particular, you have the following rights:

  • In accordance with Art. 15 GDPR and § 34 BDSG, you have the right to request information about whether and to what extent we process personal data concerning you.
  • You have the right to request the correction of your data in accordance with Art. 16 GDPR.
  • You have the right to request the deletion of your personal data in accordance with Art. 17 GDPR and § 35 BDSG.
  • You have the right to restrict the processing of your personal data in accordance with Art. 18 GDPR.
  • You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format and to transfer this data to another controller in accordance with Art. 20 GDPR.
  • If you have given us separate consent to data processing, you can revoke this consent at any time in accordance with Art. 7 para. 3 GDPR. Such revocation does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
  • If you believe that the processing of personal data concerning you violates the provisions of the GDPR, you have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR.

8. Right to Object

In accordance with Art. 21 para. 1 GDPR, you have the right to object to processing based on the legal basis of Art. 6 para. 1 lit. e or f GDPR for reasons arising from your particular situation. If we process personal data about you for direct marketing purposes, you can object to this processing in accordance with Art. 21 para. 2 and para. 3 GDPR.

9. Data Protection Officer

You can reach our data protection officer at the following contact details:

Email: datenschutzbeauftragter@isento.de
Herting Oberbeck Datenschutz GmbH
Hallerstr. 76, 20146 Hamburg
https://www.datenschutzkanzlei.de

II. Data Processing on Our Website

When using the website, we collect information that you provide yourself. In addition, certain information about your use of the website is automatically collected during your visit. In data protection law, the IP address is generally also considered personal data. An IP address is assigned to every device connected to the internet by the internet provider so that it can send and receive data.

1. Processing of Server Log Files

When you use our website for informational purposes only, general information that your browser transmits to our server is automatically stored (i.e., not via registration). This includes, as a standard: browser type/version, operating system used, the page accessed, the previously visited page (referrer URL), IP address, date and time of the server request, and HTTP status code (so-called log files).

The processing is carried out to protect our legitimate interests and is based on the legal basis of Art. 6 para. 1 lit. f GDPR. This processing serves the technical administration and security of the website. The stored data will be deleted after seven days unless there is a justified suspicion of unlawful use based on specific indications and further examination and processing of the information is required for this reason. We are not able to identify you as a data subject based on the stored information. Therefore, the rights under Art. 15 to 22 GDPR do not apply in accordance with Art. 11 para. 2 GDPR, unless you provide additional information that enables your identification to exercise your rights laid down in these articles.

2. Contact Options and Inquiries

Our website contains contact forms through which you can send us messages. The transfer of your data is encrypted (recognizable by the "https" in the address line of the browser). All data fields marked as mandatory are required to process your request. Failure to provide this information will result in us being unable to process your request. The provision of further data is voluntary. Alternatively, you can also send us a message via the contact email. We process the data for the purpose of responding to your inquiry.

If your inquiry relates to the conclusion or performance of a contract with us, the legal basis for data processing is Art. 6 para. 1 lit. b GDPR. Otherwise, we process the data based on our legitimate interest in contacting inquiring persons. The legal basis for data processing is then Art. 6 para. 1 lit. f GDPR.

3. Registration

To place orders and use other functions of the website, registration via the website or checkout via PayPal Direct Purchase is required. The required information for registration is evident from the input mask. The provision of the information marked as mandatory is essential for completing the registration. The provided data will be processed for the purpose of providing the service.

The processing is based on the legal basis of Art. 6 para. 1 lit. b GDPR.

4. Orders

If you order a product via our website, we process personal data exclusively for contract processing or to provide you with the ordered product. We process only the data you have provided in the input mask during the booking or ordering process, as well as any payment information. To deliver the ordered products, we transmit your data required for delivery to one of our shipping service providers as specified in the order. The legal basis for processing is Art. 6 para. 1 lit. b GDPR. All data fields marked as mandatory are required to process your booking or order. Failure to provide this information will result in us being unable to process your booking or order.

The provision of further data is voluntary. Such voluntarily provided data is processed based on Art. 6 para. 1 lit. f GDPR.

It is not necessary to register for a customer account to place an order in our online shop. However, you have the option to create a customer account through registration. If you have registered for a customer account, your stored data will be automatically entered into the order form when you order a product in our shop. Additionally, you can use the customer account to check the status of your orders and save products in a wishlist.

The required information for registration is evident from the input mask. The provision of the information marked as mandatory is essential for completing the registration. A valid email address is required for registration. To confirm the registration, you will first receive a registration email, which you must confirm via a link (double opt-in). After registration, you can log in to the customer account by providing your email address and the password used. The processing of the provided data in the context of registration and use of the customer account is based on the legal basis of Art. 6 para. 1 lit. b GDPR.

5. Payment Service Providers

To pay for ordered products in our online shop, we offer the payment service provider PayPal of PayPal Europe S.a.r.l. et Cie s.c.a. (Luxembourg, EU).

The payment data you provide during the ordering process will be transmitted to the payment service provider to the extent necessary for processing the payment. PayPal may transmit your address data stored with PayPal to us, which we process exclusively for contract processing. The legal basis for this transmission is Art. 6 para. 1 lit. b GDPR.

Further information on data protection at PayPal can be found at:

https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE#r5

Please note that the respective payment information is otherwise processed by the payment service providers under their responsibility.

6. Cookies

We use cookies and similar technologies ("cookies") on our website. Cookies are small data sets that are stored by your browser when you visit a website. This allows the browser used to be identified and recognized by web servers. You have full control over the use of cookies through your browser. You can delete cookies at any time in your browser's security settings. You can generally object to the use of cookies through your browser settings or for specific cases.

The use of cookies is partly technically necessary for the operation of our website and therefore permissible without the user's consent. Additionally, we may use cookies to offer special functions and content as well as for analysis and marketing purposes. These may include third-party cookies (so-called third-party cookies). We only use such technically unnecessary cookies with your consent in accordance with § 25 para. 1 TTDSG and, if applicable, Art. 6 para. 1 lit. a GDPR. Information on the purposes, providers, technologies used, stored data, and the storage duration of individual cookies can be found in the cookie settings of our consent management tool.

7. Consent Management Tool

III. Data Processing on Our Social Media Pages

We are represented on several social media platforms with a company page. This allows us to provide additional opportunities for information about our company and for exchange. Our company has company pages on the following social media platforms:

  • Instagram
  • LinkedIn

When you visit or interact with a profile on a social media platform, personal data about you may be processed. The information associated with a social media profile used also regularly constitutes personal data. This includes messages and statements made using the profile. Additionally, certain information about your visit to a social media profile is often automatically collected, which may also constitute personal data.

1. Visiting a Social Media Page

a) Instagram

When you visit our Instagram page, through which we present our company or individual products from our range, certain information about you is processed. The sole controller for this processing of personal data is Meta Platforms Ireland Limited (Ireland, EU). Further information about the processing of personal data by Meta can be found at https://www.facebook.com/privacy/explanation. Meta offers the possibility to object to certain data processing; relevant information and opt-out options can be found at https://www.facebook.com/settings?tab=ads.

Meta provides us with anonymized statistics and insights for our Instagram page, which help us gain insights into the types of actions people take on our page (so-called "page insights"). These page insights are created based on certain information about people who have visited our page. This processing of personal data is carried out by Meta and us as joint controllers. The processing serves our legitimate interest in evaluating the types of actions taken on our page and improving our page based on these insights. The legal basis for this processing is Art. 6 para. 1 lit. f GDPR.

We cannot assign the information obtained through the page insights to individual user profiles that interact with our Instagram page. We have entered into an agreement with Meta on joint controllership, which sets out the distribution of data protection obligations between us and Meta. Details about the processing of personal data for the creation of page insights and the agreement between us and Meta can be found at https://www.facebook.com/legal/terms/information_about_page_insights_data. With regard to this data processing, you have the option to assert your data subject rights (see "Your Rights") against Meta as well. Further information can be found in Meta's privacy policy at https://www.facebook.com/privacy/explanation.

Please note that according to Meta's privacy policy, user data is also processed in the USA or other third countries. Meta transfers user data only to countries for which an adequacy decision of the European Commission pursuant to Art. 45 GDPR exists or on the basis of appropriate safeguards pursuant to Art. 46 GDPR.

b) LinkedIn

For the processing of personal data when visiting our LinkedIn page, LinkedIn Ireland Unlimited Company (Ireland, EU) is generally the sole controller. Further information about the processing of personal data by LinkedIn can be found at https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy.

When you visit our LinkedIn company page, follow this page, or engage with the page, LinkedIn processes personal data to provide us with anonymized statistics and insights. This gives us insights into the types of actions people take on our page (so-called page insights). For this purpose, LinkedIn processes in particular such data that you have already provided to LinkedIn through the information in your profile, such as data on function, country, industry, seniority, company size, and employment status. In addition, LinkedIn processes information about how you interact with our LinkedIn company page, e.g., whether you are a follower of our LinkedIn company page. LinkedIn does not provide us with any personal data about you through the page insights. We only have access to the aggregated page insights. It is also not possible for us to draw conclusions about individual members from the information in the page insights. This processing of personal data within the framework of the page insights is carried out by LinkedIn and us as joint controllers. The processing serves our legitimate interest in evaluating the types of actions taken on our LinkedIn company page and improving our company page based on these insights. The legal basis for this processing is Art. 6 para. 1 lit. f GDPR.

We have entered into an agreement with LinkedIn on joint controllership, which sets out the distribution of data protection obligations between us and LinkedIn. The agreement is available at: https://legal.linkedin.com/pages-joint-controller-addendum. According to this agreement:

  • LinkedIn and we have agreed that LinkedIn is responsible for enabling you to exercise your rights under the GDPR. You can contact LinkedIn online via the following link (https://www.linkedin.com/help/linkedin/ask/PPQ?lang=de) or reach LinkedIn via the contact details in the privacy policy. You can contact LinkedIn Ireland's data protection officer via the following link: https://www.linkedin.com/help/linkedin/ask/TSO-DPO. You can also contact us at our provided contact details to exercise your rights in connection with the processing of personal data within the framework of the page insights. In such a case, we will forward your request to LinkedIn.
  • LinkedIn and we have agreed that the Irish Data Protection Commission is the lead supervisory authority overseeing the processing for page insights. You always have the right to lodge a complaint with the Irish Data Protection Commission (see www.dataprotection.ie) or any other supervisory authority.

Please note that according to LinkedIn's privacy policy, personal data is also processed by LinkedIn in the USA or other third countries. LinkedIn transfers personal data only to countries for which an adequacy decision of the European Commission pursuant to Art. 45 GDPR exists or on the basis of appropriate safeguards pursuant to Art. 46 GDPR.

c) YouTube

When you visit our YouTube page, through which we present our company in or with videos, certain information about you is processed. The sole controller for this processing of personal data is the operator of YouTube, namely Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Each time you access one of the individual pages of this website, which is operated for us by the service provider and on which a YouTube component (YouTube video) is integrated, the internet browser on the information technology system of the data subject is automatically prompted by the respective YouTube component to download a representation of the corresponding YouTube component from YouTube. Further information about YouTube can be found at https://www.youtube.com/yt/about/de/. In the course of this technical process, YouTube and Google gain knowledge of which specific subpage of our website is visited by the data subject.

If the data subject is logged in to YouTube at the same time, YouTube recognizes which specific subpage of our website the data subject is visiting when a subpage containing a YouTube video is accessed. This information is collected by YouTube and Google and assigned to the respective YouTube account of the data subject. YouTube and Google always receive information via the YouTube component that the data subject has visited our website if the data subject is logged in to YouTube at the time of accessing our website; this occurs regardless of whether the data subject clicks on a YouTube video or not. If such a transmission of this information to YouTube and Google is not desired by the data subject, the transmission can be prevented by logging out of their YouTube account before accessing our website.

The privacy policies published by YouTube, which are available at https://www.google.de/intl/de/policies/privacy/, provide information about the collection, processing, and use of personal data by YouTube and Google.

On smartphones and tablets, the aforementioned services are often not implemented through plugins but through an internal "share" function of the device. Depending on its settings, information may also be provided to other social media service providers. Please refer to your device information for details.

2. Comments and Direct Messages

We also process information that you provide to us through our company page on the respective social media platform. Such information may include the username used, contact details, or a message to us. These processes are carried out by us as the sole controller. We process this data based on our legitimate interest in contacting inquiring persons. The legal basis for data processing is Art. 6 para. 1 lit. f GDPR. Further data processing may occur if you have consented (Art. 6 para. 1 lit. a GDPR) or if this is necessary to fulfill a legal obligation (Art. 6 para. 1 lit. c GDPR).

IV. Further Data Processing

1. Contact by Email

If you send us a message via the provided contact email, we will process the transmitted data for the purpose of responding to your inquiry. We process this data based on our legitimate interest in contacting inquiring persons.

The legal basis for data processing is Art. 6 para. 1 lit. f GDPR.

2. Customer and Interested Party Data

If you contact our company as a customer or interested party, we process your data to establish or carry out the contractual relationship to the extent necessary. This regularly includes the processing of personal master, contract, and payment data provided to us, as well as contact and communication data of our contact persons at commercial customers and business partners. The legal basis for these processes is Art. 6 para. 1 lit. b GDPR.

We also process customer and interested party data for evaluation and marketing purposes. These processes are based on the legal basis of Art. 6 para. 1 lit. f GDPR and serve our interest in further developing our offer and informing you specifically about our offers.

Further data processing may occur if you have consented (Art. 6 para. 1 lit. a GDPR) or if this is necessary to fulfill a legal obligation (Art. 6 para. 1 lit. c GDPR).

3. Use of Email Address for Marketing Purposes

We may use the email address you provided during registration or ordering to inform you about our own similar products and services.

The legal basis is Art. 6 para. 1 lit. f GDPR in conjunction with § 7 para. 3 UWG. You can object to this at any time without incurring any costs other than the transmission costs according to the basic rates. To do so, you can click on the unsubscribe link contained in each mailing or send an email to unsubscribe.


As of: 05/2023

This website uses cookies to ensure the best experience possible. More information...