Protection of Private Data
I. Name and address of responsible party
Responsible in terms of the EU Datenschutzgrundverordnung (DSGVO) (general data protection regulation) and other national data protection laws of the Member States as well as other regulations regarding data protection is:
Inlevel GmbH, represented by the authorized managing director Björn Lindner
Inlevel GmbH
Krantzstr. 7
52070 Aachen
Germany
Telephone: +49 – (0)241 1894296-0
Fax: +49 – (0)241 1894296-9
E-mail: info@inlevel.de
II. General information regarding data processing
1. Scope of processing of personal data
In principle we collect and use personal data of our website users only to such extent as required for the provision of a functioning website as well as for the provision of contents and services. The collection and use of personal data of our users are generally subject to the previous consent of our users except in those cases in which a previous consent is factually not possible or in which data processing is permitted under statutory provisions.
2. Legal basis for the processing of personal data
As far as for processing operations of personal data a permission of the person concerned is obtained, article 6 (1)(a) of the Datenschutzgrundverordnung (DSGVO) (general data protection regulation) serves as the legal basis. Regarding the processing operations of personal data necessary for the fulfilment of a contract, of which one party is the person concerned, the legal basis is article 6 (1)(b) DSGVO. This is also applicable for processing operations of data required for measures preliminary to a contract. As far as processing personal data is required for the fulfilment of a legal obligation which our company has to comply with article 6 (1)(c) DSGVO serves as the legal basis. As far as a processing of personal data is required regarding vital interests of the person concerned or any other natural person, article 6 (1)(d) DSGVO serves as the legal basis.
Should processing operations of personal data be necessary to protect our own legitimate business interests or the interests of any third party and should the interests, fundamental rights and basic rights of the person concerned not outweigh the first-mentioned interests, article 6 (1)(f) serves as the legal basis for the processing.
3. Data deletion and data storage period
Personal data of the person concerned are deleted or blocked as soon as the purpose of the storage ceases. Further storage can take place if it is foreseen by European or national legislators under regulations of the European Union, laws or other provisions the responsible party is subject to. A blocking or deletion of the data also takes place whenever a storage period provided for under any such norms expires unless further storage of the data is required for the conclusion or fulfilment of a contract.
III. Use of cookies
1. Description and scope of data processing
Our website uses cookies. Cookies are text files that are stored on the internet browser resp. by the internet browser on the computer system of the user. When a user visits a website, a cookie can be stored on the operating system of the user. This cookie uses a certain character string which enables a clear identification of the browser when the website is visited again.
We use cookies to ensure a user-friendly website. Some elements of our website require that the calling browser can also be identified after a web page change.
Cookies store and transmit the following data:
(1) Language settings
(2) Log-in information
2. Legal basis for processing personal data
The legal basis for the processing of personal data when using cookies is Art. 6 (1)(f) DSGVO.
3. Purpose of data processing
The purpose of using technically necessary cookies is to simplify the use of websites for the user. Some functions of our website could not be offered without the use of cookies. For those functions it is necessary that the browser can still be recognized after a web page change.
Cookies are required for the following functions:
(1) Copying of language settings
(2) Memorizing of search strings
The data collected for technically necessary cookies are not used to compile user profiles. Pursuant to Art. 6 (1)(f) it is our legitimate interest to perform data processing for the above-mentioned purposes.
4. Storage period, right to objection and possibility of elimination
Cookies are stored on the user's computer and are transmitted by it to our website. Therefore, you, as the user, have the total control over the use of cookies. By changing the settings in your internet browser you can deactivate or restrict the transmission of cookies. Any saved cookies can be deleted at any time. This can also happen automatically. In case of cookies being deactivated for our website, possibly not all functions of the website can be made full use of.
IV. Provision of a website and creation of log files
1. Description and scope of data processing operations
Every time you enter our website our system automatically collects and stores information that the computer system of the calling computer transmits to us.
The following data are collected:
(1) Information about browser type and browser version
(2) Operating system of user
(3) Internet-service-provider of user
(4) IP address of user
(5) Date and time of the server request
(6) Websites from which the user's system have access to our website
(7) Websites visited by the user's system via our website
These data are also stored in log files by our system. A storage of these data in combination with other personal data of the user does not take place.
2. Legal basis for data processing operations
Basis for the temporary storage of data and log files is Art. 6 (1)(f) DSGVO.
3. Purpose of data processing
The temporary storage of the IP address by the system is necessary to deliver the website to the calling computer of the user. This requires the temporary storage of the user's IP address during the period of the visit. The storage of the log files is necessary to ensure the proper functioning of the website. These log files are also used to optimize our website and to ensure the security of our information technology systems.
An analysis of the data for marketing purposes does not take place in this context.
Pursuant to Art. 6 (1)(f) it is in our legitimate interest to perform data processing for the above-mentioned purposes.
4. Storage period
All data are deleted as soon as they are no longer required for achieving the purpose for which they were collected. In the case of the data being collected for providing the website the data are deleted as soon as the user ends a session.
Regarding the storage of data in log files a deletion of the data takes place not later than seven days after their collection.
Beyond this, a storage of the data is possible. In this case the IP addresses of the users are deleted or alienated so that an allocation of the calling client is no longer possible.
5. Right to objection and possibility of elimination
The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of a website. Consequently, the user has no right to object regarding this matter.
V. Google Maps
The site uses the Google Maps map service via an API. It is operated by Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA.
For the use of the functions of Google Maps it is necessary to store your IP address. The information is normally transmitted to a server of Google in the USA where they are stored. Google Maps is used to provide an appealing presentation of our online offers and to ensure a quick retrieval of the places indicated on our website. This is a legitimate interest according to Art. 6 (1)(f) DSGVO.
Further information about the handling of user data can be found in the data protection declaration of Google under: https://www.google.de/intl/de/policies/privacy/.
VI. Google Web Fonts
For the uniform presentation of fonts, our website uses so-called Web Fonts provided by Google. When a website is requested your browser loads the required Web Fonts in its browser cache in order to display correctly texts and fonts.
To do so the browser used by you needs to connect to the servers of Google. By means of this procedure Google gains knowledge that via your IP address our website was requested. Google Web Fonts are used in the interest of providing a uniform and an appealing presentation of our online offers. This is a legitimate interest according to Art. 6 (1)(f) DSGVO.
If your browser does not support Web Fonts your computer uses a standard font.
Further information regarding Google Web Fonts can be found at https://developers.google.com/fonts/faq and in the data protection declaration of Google at: https://www.google.com/policies/privacy/.
VII. YouTube
1. Scope of personal data processing
For the presentation of our offer our website refers to videos available on the platform YouTube operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Thereby YouTube receives the IP address of the user.
2. Legal basis for processing personal data
The legal basis for the processing of personal data of users is Art 6 (1)(f) DSGVO.
3. Purpose of data processing, storage period
Purpose and scope of the collection, further processing and use of the data by YouTube as well as the respective rights and configuration options to protect privacy of the user can be found in the data protection information of YouTube under: https://www.google.com/policies/privacy/
4. Right to objection and possibility of elimination
A user who does not want YouTube to receive his personal data, has the possibilities as listed under https://adssettings.google.com.authenticated
VIII. Facebook social plugin
1. Scope of processing of personal data
Our website uses social plugins of the social network facebook.com, operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"). The plugins are interaction elements and recognizable by the Facebook logo (dark "f" on light background). Facebook is certified under the privacy-shield-agreement and by this guarantees to comply with the European data protection regulations; https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active
When a user makes use of the social plugin, his device establishes a connection to the servers of Facebook. By this Facebook receives the information that a user has visited the respective website. If the user is logged in, Facebook can allocate the user's visit of the website to his Facebook account. In case of the user not being a member of Facebook there is nevertheless the possibility that Facebook finds out his IP address and saves it. According to Facebook in Germany only anonymized IP addresses are stored.
2. Legal basis for processing personal data
The legal basis for the processing of personal data of users is Art 6 (1)(f) DSGVO.
3. Purpose of data processing, storage period
Purpose and scope of the collection, further processing and use of data by Facebook as well as the respective rights and configuration options to protect privacy of the user can be found under: https://www.facebook.com/about/privacy/
4. Right to objection and possibility of elimination
A user who is a member of Facebook and who does not want Facebook neither to collect data about him nor to link them to the data saved by Facebook via this online offer has to log out from Facebook prior to using our online offer and to delete his cookies. Further configuration options and revocations to the use of data for advertising purposes are available within the Facebook-profile setting: https://www.facebook.com.settings?tab=ads or at the US site http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/.
The settings take place platform-independently, i.e. they are applied for all devices such as desktop computers or mobile devices.
IX. E-mail contact
1. Description and scope of personal data processing
It is possible to contact our company via the available e-mail address. In this case the personal data of the user transmitted in this e-mail are saved. In this context no further distribution of the data to third parties takes place. The data are exclusively saved for processing of the conversation.
2. Legal basis for processing personal data
The legal basis for the processing of personal data transmitted via an e-mail is Art. 6 (1)(f) DSGVO. In the case of an e-mail contact aiming at the conclusion of a contract, the additional legal basis for the data processing is Art. 6 (1)(b) DSGVO.
3. Purpose of data processing
The processing of personal data serves purely to process the contact. This is also the required legitimate interest for the data processing.
4. Storage period
All personal data are deleted as soon as they are no further required for achieving the purpose for which they were collected. Regarding personal data transmitted via e-mail this is the case, when the respective conversation with the user has ended. A conversation has been terminated when it can be concluded from the circumstances that the respective situation has been clarified conclusively.
All personal data collected additionally during the dispatching process are deleted no later than seven days thereafter.
5. Right to objection and possibility of elimination
The user has the possibility to revoke his consent to the processing of his personal data at any time. In the event of a user getting in contact with us by e-mail he can object to the storage of his personal data at any time. In this case the conversation cannot be continued.
The revocation can be made by means of an e-mail to the website operator under info@inlevel.de or by letter to the address given under I. In this case all personal data stored in the context of this contact are deleted.
X. Rights of the person concerned
In the case of personal data concerning you being processed you are the "person concerned" according to the DSGVO and you are entitled to the following rights against the responsible party:
1. Right to information
You can request confirmation from the responsible party whether personal data regarding you are processed by us. In the case of personal data being processed you have the right to request the following information from the responsible party:
(1) The purposes for which the personal data are processed;
(2) The categories of personal data being processed;
(3) The recipients resp. the categories of recipients to which the personal data concerning you have been disclosed or are still to be disclosed;
(4) The intended storage period regarding your personal data or, should detailed information cannot be given, the criteria for the determination of the storage period;
(5) The existence of a right to correction or deletion of the personal data regarding you, a right to restriction of processing the data by the party responsible or a right to object the processing;
(6) The existence of a right to file a complaint with a regulatory authority;
(7) All information available about the origin of the data when personal data are not collected from the party concerned;
(8) The existence of automated decision making including profiling according to Art. (1) and (4) DSGVO and at least in those cases significant information about the involved logics as well as the scope and intended impacts of such processing on the person concerned.
You have the right to request information about whether your personal data are transmitted to a third country or an international organisation. In this context you can also request to be informed about the suitable guarantees regarding the transmission of the data according to Art.46 DSGVO.
2. Right to correction
You have the right of correction and/or completion against the party responsible as far the personal data concerning you are incorrect or incomplete. The party responsible has to carry out the correction immediately.
3. Right to restriction of processing
Under the following conditions you can request a restriction of the processing of your personal data:
(1) If you contest the correctness of your personal data for such a period of time which allows the responsible party to check the correctness of your personal data
(2) The processing is unlawful and you reject a deletion of your personal data and you request a restriction of use of your personal data instead.
(3) The responsible party does not need your personal data for the purposes of the processing any more but you still need them for asserting, exercising or defending legal claims or
(4) If you have lodged an objection regarding the processing according to Art. 21 (1) DSGVO and it is still unknown whether the legitimate interests outweigh your interests.
In the case of the processing of your personal data having been restricted these data – apart from saving them – may only be processed with your consent or to assert, exercise or defend legal claims or to protect the rights of another person or legal entity or for reasons of important public interest of the European Union or of one Member State.
4. Right to deletion
a) obligation to deletion
You can request from the responsible party to delete your personal data immediately and the responsible party is obliged to delete them if one of the following reasons apply:
(1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
(2) You revoke your consent on which the processing according to Art. 6 (1)(a) or Art. 9 (2)(a) DSGVO were based and there is no other legal basis for the processing.
(3) You can revoke your consent to data processing pursuant to Art. (1) DSGVO and there are no prevailing reasons for processing the data or you revoke your consent to processing your personal data according to Art. 21 (2) DSGVO.
(4) The personal data concerning you were processed unlawfully.
(5) The deletion of personal data concerning you is necessary to fulfil a legal obligation under European law or the law of the Member States which apply to the responsible party.
(6) The personal data concerning you were collected relating to information society services pursuant to Art. 8 (1) DSGVO.
b) Information to Third Parties
In the event of the responsible party having made public the personal data regarding you and in the event of the responsible party being obliged to their deletion, the responsible party has to take appropriate, also technical, measures in consideration of the available technology and the costs of implementation in order to inform the party responsible for the processing of personal data that you as the person concerned have requested the deletion of all links to these personal data or of copies or replications of those personal data.
c) Exceptions
There is no right to deletion in so far as processing is necessary
(1) For the execution of the right of free expression and information;
(2) For the fulfilment of a legal obligation, which makes data processing necessary according to the law of the European Union or of the Member States applicable to the responsible party or for the performance of a task which is in the public interest or in execution of official authority the responsible party has been charged with
(3) For reasons of public interest in public health care according to Art. 9 (2)(h) and (i) as well as Art. 9 (3) DSGVO;
(4) For archiving purposes in the public interest, for scientific or historic research or for statistical purposes according to Art. 89 (1) DSGVO as far the right mentioned under a) will probably make impossible or have a serious effect on the realization of the objectives of the data processing or
(5) For the assertion, execution of defence of legal rights.
5. Right to information
In the event of you having asserted the right to correction, deletion or restriction of data processing against the responsible party, the responsible party is obliged to inform all recipients, to which the personal data concerning you have been disclosed about the correction or the deletion or restriction of the data or restriction of processing unless this proves to be impossible or unless this involves a disproportionately high effort. You have the right against the responsible party to be informed about those recipients.
6. Right to data portability
You have the right to receive the personal data concerning you and provided by you to the responsible party in a structured, common and machine-readable format. You also have the right to transmit the data to another party responsible without obstruction by the responsible party providing the personal data, if
(1) Data processing is based on a consent according to Art. 6 (1)(a) DSGVO or Art. 9 (2) (a) DSGVO or on a contract according to Art. 6 (1)(b) and
(2) Processing is carried out by means of automated processes.
When executing this right you also have the right to make the responsible party transmit the personal data concerning you directly to another responsible party, if technically feasible. Freedoms and rights of other people may not be adversely affected. The right to data portability is not valid for the processing of personal data necessary for the fulfilment of a tasks taking place in the public interest or in execution of public authority the responsible party has been assigned to.
7. Right to revocation of consent
You have the right to revoke your consent for the processing of your personal data according to Art. 6 (1)(e) or (f) DSGVO for reasons arising from your special situation; this also applies to profiling taking place on the basis of said regulations. The party responsible shall not process the personal data concerning you any more unless he can prove that he has compelling and legitimate reasons for the processing which outweigh your interests, rights and freedoms or which takes place when asserting, executing or defending legal rights. In the event of your personal data being processed for the purpose of direct marketing you always have the right to revoke your consent for the processing of your personal data for the purpose of such marketing; this also applies to profiling as far as it is related to such direct marketing. In the event of you revoking your consent regarding the processing of your personal data for the purpose of direct marketing your personal data are no longer processed for such purpose. In connection with the use of information society services and regardless of directive 2002/58/EG you have the right to execute your right via the use of automated processes for which technical specifications are used.
8. Right to revocation of data protection declaration
You have the right to revoke your consent for your data protection declaration at any time. By revoking your consent the legality of the processing of the data for the period up to your revocation shall not be affected.
9. Automated decision in an individual case including profiling
You have the right not to be subjected to a decision based exclusively on automated processing including profiling which has legal effect on you or which affects you substantially in a similar way.
This is not applicable if the decision
(1) Is necessary for the conclusion or fulfilment of a contract between you and the responsible party,
(2) Is permitted under European legislation or the legislation of the Member States which the responsible party is subject to and if this legislation contains appropriate measures to protect your rights and freedoms as well as your legitimate interests or
(3) Is made with your explicit consent.
However, these decisions shall not be made based on special categories of personal data according to Art. 9 (1) DSGVO, provided that Art. 9 (2)(a) or (g) DSGVO is applicable and provided that appropriate measures to protect the rights and freedoms of your legitimate interests have been taken.
Regarding the cases under (1) and (3) the responsible party takes actions to protect your rights, freedoms and your legitimate interests; this includes at least the right to obtain intervention of a person on the part of the responsible party to make known the own point of view and to contest the decision.
10. Right to file a complaint with a regulatory authority
Irrespective of other administrative or judicial remedies you have the right to file a complaint with a regulatory authority, in particular in the Member State of your residence, your workplace or the place of the alleged violation if you are of the opinion that the processing of your personal data infringes the DSGVO. The regulatory authority, with which the complaint has been filed, informs the complainant about the status and the results of the complaint including the possibility to legal remedies according to Art. 78 DSGVO.