1. Name and Address of the Responsible Company
The data controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states, as well as other data protection provisions, is:
INTERMAIL AG
Flughafenstraße 9
64347 Griesheim
+49-6155-8225–0
info@intermail.ag
www.intermail.ag
2. Contact Information of the Data Protection Officer
The data protection officer of the data controller is:
Mr. Jürgen Rosenow
All-in-Media GmbH - Company for Data Protection and Data Security
Markwaldstrasse 11
63073 Offenbach am Main
Tel. +49 69 5699922-0
www.all-in-media.com
datenschutz@intermail.ag
3. Legal Basis for the Processing of Personal Data
Where we obtain the consent of the data subject for the processing of personal data, Art. 6 (1) a of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
For the processing of personal data necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) b GDPR serves as the legal basis. This also applies to processing operations required for the performance of pre-contractual measures.
Where the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 (1) c GDPR serves as the legal basis.
If the processing is necessary to protect the legitimate interests of our company or a third party, and the interests or fundamental rights and freedoms of the data subject do not override the former interests, Art. 6 (1) f GDPR serves as the legal basis for the processing.
4. Data Deletion and Storage Duration
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Storage may also take place if provided for by European or national legislators in Union regulations, laws, or other provisions to which the data controller is subject.
Data will also be blocked or deleted when a storage period prescribed by the above-mentioned standards expires unless there is a necessity for further storage of the data for the conclusion or performance of a contract.
5. Disclosure to Third Parties
We use the support of service providers bound to us by an order processing contract for processing, such as the technical operator of the website (hoster) who manages the consent banner (cookie banner).
There is otherwise no transmission to other third parties, unless they are bound to us by an order processing contract, there is a legal basis, or they are explicitly mentioned.
6. Provision of the Website and Creation of Log Files
6.1 Description and Scope of Data Processing
When our website is accessed, our system automatically records data and information from the computer system of the accessing computer.
The following data is collected:
- Information about the browser type and version used
- Login time
- Pages accessed and time spent on them
- The user's operating system
- The user's internet service provider
- The user's IP address
- Date and time of access
- Websites from which the user's system accessed our website
- Websites accessed by the user's system via our website
The log files may contain IP addresses or other data that may allow an association with a user. This could be the case, for example, if the link to the website from which the user accesses the website or the link to the website the user switches to contains personal data.
The data mentioned above is also stored in the log files of our system for technical reasons.
Storage of this data together with other personal data of the user does not occur.
6.2 Legal Basis for Data Processing
The legal basis for the temporary storage of data and log files is Art. 6 (1) f GDPR.
6.3 Purpose of Data Processing
The temporary storage of the IP address by the system is necessary to enable the delivery of the website to the user's computer. For this purpose, the user's IP address must be stored for the duration of the session.
Storage in log files is done to ensure the functionality of the website. In addition, the data serves us to ensure the security of our information technology systems.
An evaluation of the data for marketing purposes does not take place in this context.
In these purposes, our legitimate interest in data processing pursuant to Art. 6 (1) f GDPR also lies.
6.4 Duration of Storage
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. In the case of data collection for the provision of the website, this is the case when the respective session is ended.
In the case of storing data in log files, this is the case after a maximum of seven days. Further storage for reasons of data security is possible. In this case, the IP addresses of users are deleted or anonymized, so that an assignment of the accessing client is no longer possible.
6.5 Objection and Removal Option
The collection of data for the provision of the website and the storage of data in log files is mandatory for the operation of the website. Therefore, there is no option for the user to object.
7. Use of Cookies
7.1 Description and Scope of Data Processing
Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. When a user accesses a website, a cookie may be stored on the user's operating system. These cookies contain a characteristic string of characters that enable a unique identification of the browser and thus the functionality when the website is accessed again.
7.1.1 Technically Necessary Cookies
We use cookies to make our website more user-friendly. Some elements of our website require that the requesting browser can still be identified after a page change.
The following data is stored and transmitted in the cookies:
Here is a list of the stored data:
- Session cookies
- A cookie to store the cookie settings
These cookies are technically necessary. Therefore, there is no option for the user to object.
This list is not exhaustive. Additional cookies can be detailed when you access the cookie consent.
7.1.2 Cookies for optimizing website content
Furthermore, we use cookies on our website that allow an analysis of user browsing behavior.
This way, the following data can be transmitted:
- Frequency of page views
- Google Tag Manager
- Matomo Analysis Tool
The data collected from users in this way is pseudonymized through technical precautions. Therefore, it is no longer possible to assign the data to the user making the request. The data is not stored together with other personal user data.
When users access our website, they are informed about the use of cookies, among other things, for analysis purposes, and their consent for the processing of personal data used in this context is obtained. In this context, there is also a reference to this privacy policy.
7.2 Legal Basis for Data Processing
The legal basis for processing personal data using technically necessary cookies is Art. 6 (1) f GDPR.
The legal basis for processing personal data using cookies for analysis purposes in the event of a user's consent is Art. 6 (1) a GDPR.
7.3 Purpose of Data Processing
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. It is necessary for the browser to be recognized even after a page change for these functions to work.
User data collected by technically necessary cookies is not used to create user profiles.
The use of analysis cookies is intended to improve the quality of our website and its content. Analysis cookies help us understand how the website is used, allowing us to continuously optimize our offerings.
Information about analysis cookies or the use of third-party tools can be found below.
These purposes also constitute our legitimate interest in processing personal data under Art. 6 (1) f GDPR or Art. 6 (1) a GDPR.
7.4 Duration of Storage, Objection, and Removal Options
Cookies are stored on the user's computer and transmitted to our site by the user. Therefore, you, as the user, have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time.
This can also be done automatically or through the consent process (for technically unnecessary cookies) at the beginning of the website.
If cookies are disabled for our website, some of the website's functions may not be fully available.
This legal basis is the cookie banner.
You can access and change your consent settings at the bottom left of the website (fingerprint) by clicking.
7.5 Consent Banner
7.5.1 Usercentrics
We use the Usercentrics tool for cookie consent management by Usercentrics GmbH, Rosental 4, 80331 Munich, website: https://usercentrics.com/de/ (hereinafter referred to as "Usercentrics").
All processing data is processed on servers within the jurisdiction of the GDPR, here in the European Union.
As part of the provision of the consent banner, the following data is technically necessary:
- Your consent(s) or the revocation of your consent(s)
- Your IP address
- Information about your browser
- Information about your device
- Time of your visit to the website
Technically necessary cookies are used to manage user settings.
This data is stored until the purpose of data storage ceases, you request deletion, and you delete this technically necessary cookie yourself. If there are legal retention obligations, they remain unaffected.
The legal basis for this application is based on Art. 6 (1) c GDPR.
We have an order processing agreement with this service provider under GDPR.
8. Marketing
8.1 Google Tag Manager
We have an order processing agreement with Google regarding the use of the Tag Manager.
The Tag Manager must be explicitly allowed by you through the cookie banner.
8.1.1 Description
This is a tag management system. Tags can be centrally integrated through a user interface via the Google Tag Manager. Tags are small pieces of code that can track activities. The Google Tag Manager is used to integrate script codes from other tools. The Tag Manager allows for controlling when a specific tag is triggered.
8.1.2 Processing Company
Google Ireland Limited
Google Building Gordon House
4 Barrow St
Dublin, D04 E5W5
Ireland
8.1.3 Data Processing Purposes
This list represents the purposes of data collection and processing.
- Tag management
8.1.4 Used Technologies
- Pixel
8.1.5 Data Collected
This list contains all (personal) data collected by or through the use of this service.
- Aggregated data on tag triggering
8.1.6 Legal Basis
Below, the required legal basis for data processing is mentioned.
- Art. 6 (1) S. 1 lit. a GDPR
8.1.7 Location of Processing
- European Union
8.1.8 Retention Period
The retention period is the period during which the collected data is stored for processing. The data must be deleted as soon as it is no longer needed for the specified processing purposes.
8.1.9 Data Recipients
- Alphabet Inc.
- Google LLC
- Google Ireland Limited
8.1.10 Data Protection Officer of the Processing Company
Below you will find the email address of the data protection officer of the processing company.
https://support.google.com/policies/contact/general_privacy_form
Data Transfer to Third Countries
This service may transfer the collected data to another country. Please note that this service may transfer data outside the European Union and the European Economic Area and to a country that does not provide an adequate level of data protection. If the data is transferred to the USA, there is a risk that your data may be processed by US authorities for control and monitoring purposes without you having legal recourse. Below is a list of the countries to which data may be transferred. This may be for various purposes, such as storage or processing.
- United States of America,
- Singapore,
- Taiwan,
- Chile.
Click here to read the data processor's privacy policy https://policies.google.com/privacy?hl=de
Click here to opt out on all domains of the processing company https://safety.google/privacy/privacy-controls/
Click here to read the data processor's cookie policy https://policies.google.com/technologies/cookies?hl=de
9. Contact Form and Email Contact
9.1 Description and Scope of Data Processing
There is a contact form on our website that can be used for electronic contact. If a user uses this option, the data entered in the input form is transmitted to us and stored. This data includes:
Here is a list of the data from the input form:
- First name
- Last name
- Subject
- Message
At the time of sending the message, the following data is also stored:
- User's IP address
- Date and time of registration
Your consent is obtained for the processing of data during the submission process, and reference is made to this privacy policy.
Alternatively, contact can be made via the provided email address. In this case, the personal data of the user transmitted with the email will be stored.
In this context, there is no further disclosure of data to third parties. The data is used exclusively for processing the conversation.
9.2 Legal Basis for Data Processing
The legal basis for processing data is Art. 6 (1) a GDPR if the user gives consent.
The legal basis for processing data that is transmitted in the course of sending an email is Art. 6 (1) f GDPR.
If the email contact aims to conclude a contract, an additional legal basis for the processing is Art. 6 (1) b GDPR.
9.3 Purpose of Data Processing
The processing of personal data from the input form serves us solely for processing the contact. In the case of contact via email, there is also the necessary legitimate interest in processing the data.
The other personal data processed during the submission process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.
9.4 Duration of Storage
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. For personal data from the contact form input and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is considered ended when it can be inferred from the circumstances that the matter in question has been finally clarified.
Additional personal data collected during the submission process will be deleted at the latest after a period of seven days, unless they are needed for security tracking.
9.5 Objection and Removal Option
The user has the option to revoke their consent to the processing of personal data at any time. If the user contacts us via email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.
You can make an objection or revoke the storage at any time via email.
All personal data stored as part of the contact will be deleted in this case.
10. Web Analytics
10.1 Web Analytics by Matomo (formerly PIWIK)
10.1.1 Scope of Processing of Personal Data
We use the open-source software tool Matomo (formerly PIWIK) on our website to analyze the surfing behavior of our users. The software places a cookie on the user's computer (see cookies above). When individual pages of our website are accessed, the following data is stored:
- Two bytes of the IP address of the user's accessing system
- The accessed webpage
- The website from which the user accessed the accessed webpage (referrer)
- The subpages accessed from the accessed webpage
- The length of time spent on the webpage
- The frequency of access to the webpage
- Screen resolution
- Time in the user's local time zone
- Files clicked on and downloaded (downloads)
- Links to external domains that were clicked on (outlinks)
- Page generation time (the time it takes to generate webpages from the webserver and then download them to the user: page speed)
- User location: country, region, city, approximate latitude, and longitude (geolocation)
- Main language of the user's browser (Accept-Language header)
- User agent of the user's browser (User-Agent header)
The software runs exclusively on the servers of our website. Personal data of users is only stored there. Data is not passed on to third parties.
The software is configured so that IP addresses are not stored in full, but rather 2 bytes of the IP address are masked (e.g., 192.168.xxx.xxx). This makes it impossible to assign the truncated IP address to the accessing computer.
10.1.2 Legal Basis for the Processing of Personal Data
The legal basis for processing the personal data of users is Art. 6 (1) a GDPR (cookie banner) and then Art. 6 (1) f GDPR.
10.1.3 Purpose of Data Processing
Processing the personal data of users allows us to analyze the surfing behavior of our users. By evaluating the data obtained, we are able to compile information about the use of the individual components of our website. This helps us continuously improve our website and its user-friendliness. Our legitimate interest in processing the data according to Art. 6 (1) f GDPR also lies in these purposes. The anonymization of the IP address sufficiently takes into account the users' interest in protecting their personal data.
10.1.4 Duration of Storage
The anonymous data is deleted as soon as it is no longer needed for our recording purposes.
10.1.5 Objection and Removal Option
Consent and objection are controlled through the cookie banner and can be freely chosen by you.
11. Rights of the Data Subject
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights against the data controller:
11.1 Right to Information
You can request confirmation from the controller as to whether personal data concerning you is being processed by us. If such processing is taking place, you can request information from the controller about the following:
- The purposes for which the personal data is being processed;
- The categories of personal data being processed;
- The recipients or categories of recipients to whom the personal data concerning you has been or will be disclosed;
- The planned duration of storage of the personal data concerning you, or if specific information about this is not possible, the criteria for determining the storage period;
- The existence of the right to rectification or erasure of personal data concerning you, the right to restrict processing by the controller, or the right to object to such processing;
- The existence of a right to lodge a complaint with a supervisory authority;
- All available information about the origin of the data if the personal data is not collected from the data subject;
You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you can request to be informed about the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.
11.2 Right to Rectification
You have the right to request the controller to correct and/or complete any personal data concerning you that is processed and is incorrect or incomplete. The controller shall make the correction without undue delay.
11.3 Right to Restriction of Processing
Under the following conditions, you can request the restriction of the processing of personal data concerning you:
- If you dispute the accuracy of personal data concerning you for a period that enables the controller to verify the accuracy of the personal data;
- If the processing is unlawful and you oppose the erasure of the personal data and request instead the restriction of its use;
- If the controller no longer needs the personal data for the purposes of processing, but you require it for the establishment, exercise, or defense of legal claims; or
- If you have objected to processing pursuant to Art. 21(1) GDPR and it has not yet been determined whether the legitimate grounds of the controller override your grounds.
If processing of personal data concerning you has been restricted, such data may – with the exception of storage – only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If processing has been restricted under the above conditions, you will be informed by the controller before the restriction is lifted.
11.4 Right to Erasure
11.4.1 Obligation to Erase
You can demand from the controller that the personal data concerning you be erased without undue delay, and the controller is obliged to erase this data without undue delay if one of the following reasons applies:
- The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
- You withdraw your consent on which the processing according to Art. 6(1)(a) or Art. 9(2)(a) GDPR was based, and there is no other legal basis for the processing.
- You object to the processing pursuant to Art. 21(1) GDPR, and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) GDPR.
- The personal data concerning you has been unlawfully processed.
- Deletion of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
- The personal data concerning you has been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
11.4.2 Deletion of Information by Third Parties
If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Art. 17(1) GDPR, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers processing the personal data that you, as the data subject, have requested erasure of all links to, or copies or replications of, such personal data.
11.4.3 Exceptions to Deletion
The right to erasure does not exist insofar as processing is necessary
- for exercising the right of freedom of expression and information;
- for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- for reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) GDPR;
- for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Art. 89(1) GDPR, insofar as the right referred to in Section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
- for the establishment, exercise, or defense of legal claims.
11.5 Right to Information
If you have asserted the right to rectification, erasure, or restriction of processing against the controller, the controller is obliged to communicate such rectification or erasure of data or restriction of processing to all recipients to whom the personal data concerning you has been disclosed, unless this proves impossible or involves a disproportionate effort.
You have the right to be informed about these recipients from the controller.
11.6 Right to Data Portability
You have the right to receive the personal data concerning you, which you provided to the controller, in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data was provided, where:
- the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR, and
- the processing is carried out by automated means.
In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. The freedoms and rights of others may not be adversely affected by this.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
11.7 Right to Object
You have the right to object, on grounds relating to your particular situation, at any time, to processing of personal data concerning you which is based on Art. 6(1)(e) or (f) GDPR, including profiling based on those provisions.
The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims.
If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes.
You have the possibility to exercise your right to object in connection with the use of information society services – notwithstanding Directive 2002/58/EC – by automated means using technical specifications.
11.8 Right to Withdraw Consent under Data Protection Law
11.8 Right to Withdraw Consent under Data Protection Law
You have the right to withdraw your data protection consent at any time. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
11.9 Automated Decision-Making Including Profiling
As a rule, there is no automated decision-making in the sense of Art. 22 GDPR.
11.10 Right to Lodge a Complaint with a Supervisory Authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement if you believe that the processing of personal data concerning you violates the GDPR.
This means you have the choice of the data protection supervisory authority.
The supervisory authority with which the complaint has been lodged shall inform the complainant of the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.