Privacy Policy


Data Controller

Company:   INGOS GmbH
Address:   Mimminger Str. 37B
    94491 Hengersberg
Country:   Deutschland
Phone:   +49 9901 90 35 9 - 0
Commercial Register:   Deggendorf, HRB 1784
CEO:   Oliver Schulz

The protection of your personal data is a top priority at INGOS



1. Basic Information on Data Processing and Legal Bases

1.1. This privacy policy informs you about the nature, scope, and purpose of the processing of personal data within our online offering and the associated websites, functions, and content (collectively referred to as "online offering" or "website"). This policy applies regardless of the domains, systems, platforms, and devices (e.g., desktop or mobile) used.


1.2. Terms such as "personal data" or "processing" are defined in Article 4 of the General Data Protection Regulation (GDPR).


1.3. The personal data processed in our online offering includes inventory data (e.g., names and addresses of customers), contract data (e.g., services used, names of contact persons, payment information), usage data (e.g., visited websites, interest in products), and content data (e.g., entries in the contact form).


1.4. The term "user" encompasses all categories of data subjects, including business partners, customers, interested parties, and other visitors. The term is used gender-neutrally.


1.5. We process personal data of users only in compliance with the relevant data protection regulations. This means that the data is processed only if a legal permission exists, such as for the provision of our contractual services (e.g., processing orders), compliance with legal obligations, user consent, or based on our legitimate interests (e.g., analysis, optimization, and economic operation of our online offering under Art. 6(1)(f) GDPR).


1.6. The legal bases for the processing are Art. 6(1)(a) and Art. 7 GDPR for consent, Art. 6(1)(b) GDPR for contractual obligations, Art. 6(1)(c) GDPR for legal obligations, and Art. 6(1)(f) GDPR for legitimate interests.



2. Security Measures

2.1. We implement organizational, contractual, and technical security measures in accordance with the state of the art to ensure compliance with data protection laws and to protect the data we process from accidental or intentional manipulation, loss, destruction, or access by unauthorized persons.


2.2. Security measures include encrypted data transmission between your browser and our server.



3. Disclosure of Data to Third Parties and Third-Party Providers

3.1. Data is disclosed to third parties only within the framework of legal requirements. User data is disclosed to third parties only if necessary for contractual purposes under Art. 6(1)(b) GDPR or based on legitimate interests under Art. 6(1)(f) GDPR.


3.2. If we use subcontractors, we take appropriate legal precautions and corresponding technical and organizational measures to ensure the protection of personal data according to legal regulations.


3.3. If third-party content, tools, or other means are used and their headquarters are in a third country, data transfer to the headquarters of the third-party providers is assumed. Third countries are countries where the GDPR is not directly applicable, i.e., generally outside the EU or EEA. Data transfer to third countries occurs if an adequate level of data protection, user consent, or other legal permission exists.



4. Provision of Contractual Services

4.1. We process inventory data (e.g., names and addresses, contact data of users), contract data (e.g., services used, names of contact persons, payment information) to fulfill our contractual obligations and services under Art. 6(1)(b) GDPR.


4.2. Users can create a user account to view their orders. Required information is communicated to users during registration. User accounts are not public and not indexed by search engines. If users terminate their account, their data will be deleted unless retention is necessary for commercial or tax reasons under Art. 6(1)(c) GDPR. Users are responsible for securing their data before contract termination. We may irretrievably delete all user data stored during the contract.


4.3. During registration and repeated logins, and use of our online services, we store IP addresses and the time of each user action based on our legitimate interests and user protection. Data is not shared with third parties unless necessary to pursue our claims or legally required under Art. 6(1)(c) GDPR.


4.4. We process usage data (e.g., visited websites, interest in products) and content data (e.g., entries in contact forms) for advertising purposes in a user profile to show users product recommendations based on their previously used services.



5. Contacting Us

5.1. When contacting us (via contact form or email), user details are processed to handle and respond to the contact request under Art. 6(1)(b) GDPR.


5.2. User details may be stored in our Customer Relationship Management System (CRM) or similar request organization.



6. Comments and Contributions

6.1. When users leave comments or contributions, their IP addresses are stored for 7 days based on our legitimate interests under Art. 6(1)(f) GDPR.


6.2. This is for our security in case of illegal content (insults, prohibited political propaganda, etc.). In such cases, we can be held liable and are therefore interested in the author's identity.



7. Collection of Access Data and Log Files

7.1. Based on our legitimate interests under Art. 6(1)(f) GDPR, we collect data on every access to the server (so-called server log files). Access data includes the name of the accessed website, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL, IP address, and requesting provider.


7.2. Log file information is stored for security reasons (e.g., to investigate abusive or fraudulent activities) for a maximum of seven days and then deleted. Data needed for evidentiary purposes is excluded from deletion until the incident is resolved.



8. Newsletter

We process personal data for newsletter distribution and direct advertising if the data subject has expressly consented under Art. 6(1)(a) GDPR and registered via a double opt-in procedure. For newsletter distribution, we use the email address, first and last name, and any personal data provided by the data subject. By consenting to the newsletter, the customer agrees to regularly receive information about INGOS's products and services. We use a self-hosted marketing automation tool to evaluate and manage the newsletter. Pseudonymous user profiles are created to determine whether newsletters are opened and used (e.g., by clicking on links). IP addresses, location data, and device data are stored anonymously. If we receive the email or postal address during a sale, you will regularly receive offers of products and services for direct advertising. The data subject can object to the use of their email address for direct advertising at any time via a link in the email or by contacting



9. Cookies & Reach Measurement

9.1. Cookies are information transmitted from our web server or third-party web servers to the user's web browser and stored there for later retrieval. Cookies can be small files or other types of information storage.


9.2. We use "session cookies," which are stored only for the duration of the current visit (e.g., to enable the storage of your login status or shopping cart function). A session cookie stores a randomly generated unique ID, a session ID. Additionally, a cookie contains information about its origin and storage period. These cookies cannot store any other data. Session cookies are deleted when you log out or close the browser.


9.3. Users are informed about the use of cookies within the scope of pseudonymous reach measurement in this privacy policy.


9.4. If users do not want cookies stored on their computer, they are asked to disable the corresponding option in their browser's system settings. Stored cookies can be deleted in the browser's system settings. Disabling cookies may lead to functional limitations of this online offering.


9.5. Users can object to the use of cookies for reach measurement and advertising purposes via the opt-out page of the Network Advertising Initiative ( and additionally the US website ( or the European website (


9.6. We use Matomo, an open-source web analytics platform, to analyze visitor behavior on our website and improve user experience, provided the user consents (Consent Cookie). Data is used exclusively for statistical purposes and website optimization. The following data is collected: IP address (anonymized), date and time of access, visited pages and duration, origin country, browser type, operating system, screen resolution, referrer URL (previously visited page). The IP address is immediately anonymized, making identification impossible. Anonymized data is stored exclusively on our server and not shared with third parties. The legal basis for processing is Art. 6(1)(f) GDPR. Our legitimate interest is in improving and optimizing our website and online offering, as well as for statistical purposes (user behavior analysis). Matomo data is deleted after a maximum of 6 months or when the purpose of storage is fulfilled.



10. Integration of Third-Party Services and Content


10.1. Based on our legitimate interests (i.e., interest in analysis, optimization, and economic operation of our online offering within the meaning of Art. 6(1)(f) GDPR), we use content or service offerings from third-party providers to integrate their content and services, such as videos or fonts (hereinafter referred to as "content"). This always requires that the third-party providers of this content perceive the IP address of the users, as they cannot send the content to their browser without the IP address. The IP address is thus necessary for displaying this content. We strive to use only such content whose respective providers use the IP address solely for content delivery. Third-party providers may also use so-called pixel tags (invisible graphics, also referred to as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may include technical information about the browser and operating system, referring websites, visit time, and other information about the use of our online offering, as well as being linked to such information from other sources.


10.2. The following provides an overview of third-party providers as well as their content, along with links to their privacy policies, which contain further information on data processing and, in some cases mentioned here, opt-out options:


Instagram: Functions of the Instagram service are integrated into our online offering. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged into your Instagram account, you can link the contents of our pages to your Instagram profile by clicking the Instagram button. This allows Instagram to associate the visit to our pages with your user account. We point out that as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Instagram. Privacy Policy.


Pinterest: We use social plugins of the social network Pinterest, which is operated by Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA. When you call up a page that contains such a plugin, your browser establishes a direct connection to the servers of Pinterest. The plugin transmits protocol data to the Pinterest server in the USA. This protocol data may include your IP address, the address of the visited websites that also contain Pinterest functions, browser type and settings, date and time of the request, your usage of Pinterest, and cookies. Privacy Policy.


Twitter: Functions of the Twitter service are integrated into our online offering. These functions are offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the "Re-Tweet" function, the websites you visit are linked to your Twitter account and made known to other users. Data is also transferred to Twitter. We point out that as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Twitter. Privacy Policy. You can change your privacy settings on Twitter in the account settings at



11. Data Protection in Applications and the Application Process


11.1. We process personal data in accordance with §26 BDSG-new for the purpose of initiating, establishing, and terminating employment relationships. Personal data is processed solely for filling the specific position to which the applicant applies. If the application is to be considered for other open positions within the company, this requires the applicant's consent, which can be revoked at any time. Applicant data is generally collected directly from the applicant, for example, from the application documents, interviews, or questionnaires. We may also receive data from third parties, such as in the context of job placement. Furthermore, we obtain personal data from publicly accessible sources, such as social networks. The following personal data is generally processed: applicant master data such as name, first name, date of birth, address, telephone number, email address, residence permit, professional background, certificates, and any health suitability.


11.2. If an employment contract is concluded with an applicant, the application documents will be included in the personnel file. After the termination of the employment relationship, personal data is stored as long as legally required. According to the Commercial Code and the Tax Code, retention periods of up to 10 years apply. If claims can be asserted against us, personal data will be stored until all foreseeable claims are barred by the statute of limitations. Retention periods of three to thirty years apply in such cases. In the event of a rejection, the application documents will be returned/destroyed or deleted at the latest six months after the conclusion of the application process.


11.3. Only persons and entities within the company involved in establishing an employment relationship will have access to personal applicant data.


11.4. If applications are sent to us electronically, for example by email, the applicant can provide us with the application documents as an encrypted ZIP file. Please communicate the password for the encryption to us by phone at +49 9901 90359-0 or in a separate email to



12. User Rights


12.1. Users have the right to request information about the personal data we hold about them free of charge.


12.2. Users also have the right to correct inaccurate data, restrict processing, and delete their personal data, assert their rights to data portability, and file a complaint with the competent supervisory authority if they believe their data has been processed unlawfully.


12.3. Users can also revoke consent, generally with future effect.



13. Deletion of Data


13.1. Data we store is deleted as soon as it is no longer needed for its intended purpose and no statutory retention obligations prevent its deletion. If user data is not deleted because it is needed for other and legally permissible purposes, its processing will be restricted. This means the data is locked and not processed for other purposes. This applies, for example, to user data that must be retained for commercial or tax law reasons.


13.2. According to legal requirements, data is retained for 6 years under § 257(1) HGB (commercial books, inventories, opening balances, annual financial statements, commercial letters, booking receipts, etc.) and for 10 years under § 147(1) AO (books, records, management reports, booking receipts, commercial and business letters, documents relevant for taxation, etc.).



14. Right to Object


14.1. Users can object to the future processing of their personal data in accordance with the legal requirements at any time. The objection can be made in particular against processing for direct marketing purposes.



15. Changes to the Privacy Policy


15.1. We reserve the right to change the privacy policy to adapt it to changed legal situations or changes in the service or data processing. This applies, however, only with regard to declarations on data processing. If user consents are required or components of the privacy policy contain provisions of the contractual relationship with the users, the changes will only be made with the users' consent.


15.2. Users are requested to inform themselves regularly about the content of the privacy policy.