Ingenics AG privacy policy

Introduction

Thank you for visiting our website. Ingenics AG (hereinafter referred to as “Ingenics,” “we,” or “us”) considers the security of user data and compliance with data protection regulations to be of utmost importance. We provide information about how your personal data on our website is processed in the following.

Controller and Data Protection Officer

Controller:

Ingenics AG

Schillerstrasse 1/15

89077 Ulm, Germany

+49-731-936-800

 

External Data Protection Officer:

DDSK GmbH

Tel.: +49-754-2949-2100

E-mail: datenschutz@ingenics.com

Definition of Terms

The terminology used in this privacy policy follows the legal definitions set out in Article 4 of the GDPR.

Information about Data Processing

Automated Data Processing (Log Files, etc.)

Our website can be visited by users without them actively providing any personal information. Nevertheless, each time our website is opened we automatically store access data (server log files) such as the name of the internet service provider, the operating system used, the website from which the user visited us, the date and duration of the visit or the name of the requested file, and for security reasons (such as to detect attacks on our website), the IP address of the computer used, for a period of seven days. This data is only analyzed to improve our services and cannot be traced back to the user personally in any way. This data is not compiled with data from other sources. The legal basis for processing the data is Article 6(1)(f) GDPR. We process and use the data for the following purposes: 1. Provision of the website, 2. Improvement of our website, and 3. Prevention and detection of errors/malfunctions and misuse of the website. The data is processed in order to protect the legitimate interests of ensuring the functionality and error-free, secure operation of the website and adapting this website to user requirements.

 

Use of Cookies (General, Function, Opt-out Links, etc.)

In order to provide a website with an appealing design and facilitate the use of certain functions, we use what are known as “cookies” on our website. The use of cookies protects our legitimate interest of making visits to our website as pleasant as possible and is based on Article 6(1)(f) GDPR. Cookies are a standard internet technology for storing and recalling login and other usage information for all users of the website. Cookies are small text files stored on the user’s device. Among other things, they allow us to save user settings so that our website can be displayed in a format that is tailored to the user’s device. Some of the cookies we use are deleted at the end of the browser session, i.e., when the browser is closed (these are known as “session cookies”). Other cookies remain on the user’s device and allow us or our partner companies to recognize the browser the next time our website is visited (“persistent cookies”).

The browser can be configured so that the user is informed when cookies are used and can decide whether to accept cookies individually, only in certain cases, or generally not at all. Furthermore, cookies can be deleted after the fact, in order to remove the data stored by the website on the user’s computer. Disabling cookies (also known as an “opt-out”) may limit some features of our website.

Information for applicants
You have the option of using a careers section on our website. Personal data from applicants (basic data, contact details, attachments such as cover letters, CVs and references; etc.) is collected from an online form found on our website and processed for the purpose of the application procedure. Cookies that are technically necessary are also set on the user’s computer for this purpose by our applicant management solution so that the content in each field of the form is saved at every step and transferred to us correctly at the end.

Data subject categories: Website visitors, users of online services

Opt-out: 
Internet Explorer: https://support.microsoft.com/en-us/help/17442  

Firefox: https://support.mozilla.org/en-US/kb/how-do-i-turn-do-not-track-feature

Google Chrome: https://support.google.com/chrome/answer/95647?hl=en

Safari: https://support.apple.com/en-us/HT201265

Legal bases: Consent [Article 6(1)(a) GDPR]; legitimate interests [Article 6(1)(f) GDPR]

The legal basis applicable at a given time is specifically named for the corresponding tool.

Legitimate interests: Storage of opt-in preferences, website display, assurance of website functionality, preservation of user status across the entire website, recognition of website users upon their return, user-friendly website, provision of chat function

 

Online Marketing

In order to expand our reach and increase awareness of our website on a constant basis, we process personal data as part of our online marketing efforts, specifically when identifying potential leads and measuring the effectiveness of our marketing activities.

For the purposes of measuring the effectiveness of our marketing activities and identifying potential leads, relevant information is stored in cookies, or similar methods are used. The data stored in the cookies may include content viewed by the user, online pages visited by the user, and functions and systems used. However, no plain-text user data is processed on a regular basis for the described purposes. The data is changed so that the actual identity of the user is not known either to us or to the provider of the tool used. The data changed for this purpose is often stored in user profiles.

If it is stored in user profiles, the data collected when visiting other online pages using the same online marketing methods can then be exported, enhanced, and added to the server of the online marketing provider.

We can determine the success of our ads using compiled data made available to us by the provider of the online marketing method (this process is known as “conversion measurement”). During the conversion measurement process, we can track whether a marketing activity has led to a decision to buy by a visitor to our website. This analysis is used to evaluate the success of our online marketing.

 

Data subject categories: Website visitors, users of online services, potential leads, communication partners, business and contractual partners

Data categories: User data (e.g., visited webpages, interest in content, access times), meta and communication data (e.g., device information, IP addresses), location data, contact details, content data

Purposes of processing: Marketing (some of which is based on interests/behavior, “personalized”), conversion measurement, target group creation, click tracking, development of marketing strategies, and increase in campaign efficiency

Legal bases: Consent [Article 6(1)(a) GDPR]; legitimate interests [Article 6(1)(f) GDPR]

Legitimate interests: Optimization and further development of the website, increase in profit, customer retention and acquisition

 

Google Tag Manager

Service used: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Data privacy: https://policies.google.com/privacy

Opt-out link: https://tools.google.com/dlpage/gaoptout?hl=en or https://myaccount.google.com/

Legal basis: Legitimate interest [Article 6(1)(f) GDPR]

Legitimate interests: Coordination of different tools, management, ease of use and display

 

Google Analytics

Service used: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Data privacy: https://policies.google.com/privacy

Opt-out link: https://tools.google.com/dlpage/gaoptout?hl=en or https://myaccount.google.com/

Legal basis: Consent [Article 6(1)(a) GDPR]

Google AdWords and Conversion Measurement

Service used: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Data privacy: https://policies.google.com/privacy

Opt-out link: https://tools.google.com/dlpage/gaoptout?hl=en or https://myaccount.google.com/

Legal basis: Consent [Article 6(1)(a) GDPR]

Facebook Pixel

Service used: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland

Data privacy: https://www.facebook.com/privacy/explanation

Opt-out link: https://www.facebook.com/settings?tab=ads

Legal basis: Consent [Article 6(1)(a) GDPR]

LinkedIn

Service used: LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale, CA 94085, USA

Data privacy: https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy

Opt-out link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Legal basis: Consent [Article 6(1)(a) GDPR]

Social Media Presence

We maintain an online presence on social networks and recruitment platforms, in order to exchange information with users registered there and establish easy channels of contact with them.

Some user data on social networks is used for market research and therefore for marketing. User profiles can be created from user behavior, such as specifying interests, and used to adapt ads to the interests of target groups. Cookies are regularly stored on user devices for this purposes, regardless of whether the user is registered on a particular social network.

Depending on where the social network is operated, user data may be processed outside of the European Union or the European Economic Area. This may present risks to the users, because it makes it more difficult for them to exercise their rights, for example.

Data subject categories: Registered and non-registered users of the social network

Data categories: Master data (e.g., name, address), contact details (e.g., e-mail address, telephone number), content data (e.g., entered text, photos, videos), usage data (e.g., visited webpages, interests, access times), meta and communication data (e.g., device information, IP address)

Purposes of processing: Expansion of reach, networking

Legal bases: Legitimate interests [Article 6(1)(f) GDPR]; consent [Article 6(1)(a) GDPR]

Legitimate interests: Interaction and communication on social media, increase in profit, target group insights

Instagram

Service used: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland

Data privacy: https://help.instagram.com/519522125107875 and https://www.facebook.com/about/privacy

Opt-out link: https://www.instagram.com/accounts/login/?next=/accounts/privacy_and_security/

Facebook

Service used: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland

Data privacy: https://www.facebook.com/privacy/explanation and https://www.facebook.com/legal/terms/page_controller_addendum

Opt-out link: https://www.facebook.com/settings?tab=ads

LinkedIn

Service used: LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale, CA 94085, USA

Data privacy: https://www.linkedin.com/legal/privacy-policy

Opt-out link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

 

Kununu

Service used: New Work SE, Dammtorstr. 30, 20354 Hamburg, Germany

Data privacy: https://privacy.xing.com/en/privacy-policy         

YouTube

Service used: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Data privacy: https://policies.google.com/privacy?hl=en&gl=en

Opt-out link: https://tools.google.com/dlpage/gaoptout?hl=en or https://myaccount.google.com/

Xing

Service used: New Work SE, Dammtorstrasse 30, 20354 Hamburg, Germany

Data privacy: https://privacy.xing.com/en/privacy-policy         

 

Plug-ins and Embedded Third-Party Content

We have embedded features and content in our website from third-party providers. For example, videos, images, buttons, or posts (hereinafter referred to as content) may be embedded.

In order for content to be displayed to visitors of our website, the respective third-party provider processes, among other things, the user’s IP address so that the content can be transmitted to the browser and displayed there. Without processing this data it is not possible to display third-party content.

Some additional information is collected using what are called “pixel tags” or “web beacons,” which the third-party provider uses to obtain information about the use of the content or visitor traffic to our website, technical information about the user’s browser or operating system, the time of the visit, or webpages linking to our website. The data obtained in this way is stored in cookies on the user’s device.

To protect the personal data of visitors to our website, we have taken certain security precautions which prevent the automatic transmission of this data. This data is only transmitted if you use the buttons or click on the third-party content.

Data subject categories: Users of the plug-in or embedded third-party content

Data categories: Usage data (e.g., visited webpages, interests, access time), meta and communication data (e.g., device information, IP address), contact details (e.g., e-mail address, telephone number), master data (e.g., name, address)

Purposes of processing: Design of our website, increase in reach of social media ads, sharing of posts and content, marketing based on interests and behavior (“personalized” marketing), cross-device tracking

Legal bases: Consent [Article 6(1)(a) GDPR]

Vimeo

Service used: Vimeo Inc., 555 West 18th Street New York, New York 10011, USA

Data privacy:  https://vimeo.com/privacy

Opt-out link: https://vimeo.com/cookie_policy

Legal basis: Consent [Article 6(1)(a) GDPR]

Online Conferences, Meetings, and Webinars

We take the opportunity to hold online conferences, meetings, and webinars. To this end we use the services of other providers carefully selected by us.

When such services are actively used, data of participants is processed and stored on the servers of the third-party providers used, provided the data is required for the communication process. Furthermore, usage and meta data may be processed.

Data subject categories: Participants in the online service in question (conference, meeting, webinar)

Data categories: Master data (e.g., name, address), contact details (e.g., e-mail address, telephone number), content data (e.g., entered text, photos, videos), meta and communication data (e.g., device information, IP addresses)

Purposes of processing: Processing of queries, increase in efficiency, furtherance of cross-company or cross-location collaboration

Legal bases: Consent [Article 6(1)(a) GDPR]

GoToMeeting

Service used: LogMeIn, 320 Summer Street, Boston, MA 02210, USA

Data privacy: https://www.logmeininc.com/legal/privacy                     

Legal basis: Consent [Article 6(1)(a) GDPR]

Newsletter and Mass Communication (Possibly with Tracking)

Users on our website have the opportunity to subscribe to our newsletter or other notifications through different channels (hereinafter referred to as our newsletter). We send newsletters only to recipients who have opted in to receiving the newsletter, in accordance with legal stipulations. We use a selected service provider to send our newsletter.

An e-mail address must be provided in order to subscribe to our newsletter. We may also collect other data, such as a name, so that our newsletter can be personally addressed to the recipient.

Our newsletter is sent only after what is known as a “double-opt-in” process has been completed. Visitors to our website who decide to subscribe to our newsletter receive a confirmation e-mail, which serves to prevent the fraudulent provision of false e-mail addresses and aims to ensure that a simple, intentional click triggers the subscription to the newsletter. Users can stop receiving our newsletter at any time in the future. An opt-out link is provided at the end of each newsletter.

We are also obligated to verify that our subscribers actually wish to receive our newsletter. To this end, we collect and store the IP address and time of opt-in/opt-out.

Our newsletters are designed to give us insights into improvements, target groups, or our subscribers’ reading behavior. We are able to gain these insights through what is known as a “web beacon” or “pixel tag,” which reports on interactions with the newsletter, such as when links are clicked, the newsletter in general is opened, or the time at which the newsletter is read. We may assign this information to individual subscribers for technical reasons.

Data subject categories: Newsletter subscribers

Data categories: Master data (e.g., name, address), contact details (e.g., e-mail address, telephone number), meta and communication data (e.g., device information, IP address), usage data (e.g., interests, access times)

Purposes of processing: Marketing, customer retention and acquisition, analysis and evaluation of campaign success

Legal basis: Consent [Article 6(1)(a) GDPR]

HubSpot

Service used: HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141 USA

Data privacy: https://legal.hubspot.com/privacy-policy

Marketing Communications

We use data provided to us for marketing purposes, especially to provide information on different channels about new products and services by us or from our product/service range. Marketing outreach on our part is conducted within the framework of legal stipulations and – if so required – after obtaining consent.

If recipients of our marketing do not wish to receive this, they can let us know at any time. We will be happy to follow their wishes.

Data subject categories: Communication partners

Data categories: Master data (e.g., name, address), contact details (e.g., e-mail address, telephone number)

Purposes of processing: Direct marketing

Legal basis: Consent [Article 6(1)(a) GDPR]; legitimate interests [Article 6(1)(f) GDPR]

Legitimate interests: Acquisition of new and retention of existing contacts or contractual partners

 

Contact

We provide visitors to our website the opportunity to contact us directly or obtain information through different contact options.

If someone contacts us, we process the data of the inquiring person to the extent required for answering or processing their query. Depending on what contact method was used, the data processed may vary.

Data subject categories: Inquiring persons

Data categories: Master data (e.g., name, address), contact details (e.g., e-mail address, telephone number), content data (e.g., entered text, photos, videos), usage data (e.g., interests, access times), meta and communication data (e.g., device information, IP address)

Purposes of processing: Query processing

Legal bases: Consent [Article 6(1)(a) GDPR]; performance or initiation of a contract [Article 6(1)(b) GDPR]

 

Events

Visitors to our website have the opportunity to register for events. The data collected by us and required for initiating and performing the contract is marked as required entries. Any other data you provide is voluntary.

Data subject categories: Participants, interested parties

Data categories: Master data (e.g., name, address), contact details (e.g., e-mail address, telephone number), transaction data (bank details, billing, payment history), contract data (e.g. subject of the contract, contractual term)

Purposes of processing: Initiation and performance of a contract

Legal bases: Initiation or performance of a contract [Article 6(1)(b) GDPR]; consent [Article 6(1)(a) GDPR]

 

Downloads (Informational Material/Brochures)

Data subject categories: Interested parties who selectively download our informational material

Data categories: IP address

Purposes of processing: Marketing, customer acquisition, increase in revenue

Legal bases: Consent [Article 6(1)(a) GDPR]

 

Data Transfer

We are a global company based in Germany. The data of visitors to our website is stored in our centralized customer database in Germany in compliance with the applicable data protection regulations and is processed within this framework for internal administrative purposes across the Group. Data is not processed beyond what is required for administrative purposes.

Legal basis: Legitimate interests [Article 6(1)(f) GDPR]

Legitimate interests: “Intra-group exemption,” centralized administration within the company for the purposes of exploiting synergies, cost savings, increase in effectiveness

We transfer data to countries outside of the EEA (“third countries”) for the aforementioned purposes (transfer within the Group and/or to other recipients). Data is only transferred in order to fulfill our contractual and legal obligations or based on the consent of the data subject, which was obtained in advance. Furthermore, data is transferred in compliance with applicable data protection laws, especially the provisions set out in Articles 44 ff. GDPR, such as based on issued adequacy decisions by the European Commissions or other suitable guarantees (e.g., standard contractual clauses, etc.)

Storage Duration

We store the data of visitors to our website as long as this data is required in order to provide our service or as required under laws or regulations enforced by European directives/regulations and other legislation to which we are subject. In all other cases we delete personal data once the processing purpose has been met, except for data which we are required to store for longer in order to fulfill legal obligations (e.g., if we are obligated under tax or commercial law to observe certain retention periods for documents such as contracts and invoices).

Automated Decision-making

We do not engage in automated decision-making or profiling as referred to in Article 22 GDPR.

Legal Bases

Relevant legal bases are taken predominately from the GDPR. These are supplemented by national laws of the member states and are applicable together with or in addition to the GDPR.

Consent: Article 6(1)(a) GDPR constitutes the legal basis for processing for which we obtain consent for a specific purpose.

Performance of a contract: Article 6(1)(b) GDPR constitutes the legal basis for processing which is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

Legal obligation: Article 6(1)(c) GDPR constitutes the legal basis for processing which is necessary for compliance with a legal obligation.

Vital interests: Article 6(1)(d) GDPR constitutes the legal basis for processing which is necessary in order to protect the vital interests of the data subject or of another natural person.

Public interest: Article 6(1)(e) GDPR constitutes the legal basis for processing which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Legitimate interest: Article 6(1)(f) GDPR constitutes the legal basis for processing which is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

 

Rights of the Data Subject

Right of access: According to Article 15 GDPR, data subjects have the right to obtain confirmation as to whether or not personal data concerning them are being processed by us. They can request access to the personal data as well as the further information specified in Article 15(1) GDPR and request a copy of their data.

Right to rectification: According to Article 16 GDPR, data subjects have the right to obtain the rectification or completion of inaccurate or incomplete personal data concerning them which is processed by us.

Right to erasure: According to Article 17 GDPR, data subjects have the right to obtain the erasure of personal data concerning them without undue delay. Alternatively, they can obtain restriction of processing of their data in accordance with Article 18 GDPR.

Right to data portability: According to Article 20 GDPR, data subjects have the right to receive the personal data concerning them, which they provided to us, and have the right to transmit that data to another controller.

Right to lodge a complaint: According to Article 77 GDPR, data subjects shall also have the right to lodge a complaint with the responsible supervisory authority.

Right to object: If personal data is processed on the basis of legitimate interests pursuant to Article 6(1)(f) GDPR, data subjects have the right, in accordance with Article 21 GDPR, to object to the processing of their personal data if there are reasons for doing so which arise from their particular situation or which represent an objection to direct marketing. In the latter case, data subjects have a general right to object, which will be granted by us without requiring them to specify any particular situation.

Withdrawal

Some data processing procedures require the express consent of the data subject. You have the right to withdraw the consent previously granted at any time. You can do this by sending us an informal message or e-mail to contact@ingenics.com. The lawfulness of data processing performed prior to withdrawal remains unaffected by withdrawal.

External Links

Our website contains links to the pages of other providers. We have no influence over the content of linked webpages or to compliance with data protection regulations by these providers.

Changes

We reserve the right to change this privacy policy at any time if our website changes and in compliance with applicable data protection regulations, in order to meet legal requirements.

This privacy policy was created by

DDSK GmbH