Privacy Policy

1. General Information on Data Processing and Legal Bases

1.1 This privacy policy informs you about the nature, scope, and purpose of the processing of personal data within our online offering and the websites, functions, and content associated with it (hereinafter collectively referred to as "online offering" or "website"). The privacy policy applies regardless of the domains, systems, platforms, and devices (e.g., desktop or mobile) on which the online offering is executed.

1.2 The terms used, such as "personal data" or their "processing," refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

1.3 The personal data of users processed in the context of this online offering include inventory data (e.g., names and addresses of customers), contract data (e.g., services used, names of clerks, payment information), usage data (e.g., the web pages visited on our online offering, interest in our products), and content data (e.g., entries in the contact form).

1.4 The term "user" encompasses all categories of data subjects affected by data processing. These include our business partners, customers, prospects, and other visitors to our online offering. The terms used, such as "user," are to be understood in a gender-neutral way.

1.5 We process users' personal data only in compliance with the relevant data protection regulations. This means that users' data is only processed with legal permission, i.e., especially when data processing is necessary to provide our contractual services (e.g., processing of orders) as well as online services, legally required, with the consent of the users, as well as based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation and security of our online offering in the sense of Art. 6 Para. 1 lit. f. GDPR, in particular for measuring reach, creating profiles for advertising and marketing purposes, collecting access data, and using the services of third-party providers.

1.6 We point out that the legal basis for consents is Art. 6 Para. 1 lit. a. and Art. 7 GDPR, the legal basis for processing for the fulfillment of our services and implementation of contractual measures is Art. 6 Para. 1 lit. b. GDPR, the legal basis for processing to fulfill our legal obligations is Art. 6 Para. 1 lit. c. GDPR, and the legal basis for processing to protect our legitimate interests is Art. 6 Para. 1 lit. f. GDPR.

2. Security Measures

2.1 We take organizational, contractual, and technical security measures according to the state of the art to ensure that the provisions of the data protection laws are complied with and thus to protect the data processed by us against accidental or intentional manipulation, loss, destruction, or against access by unauthorized persons.

2.2 Among the security measures is, in particular, the encrypted transfer of data between your browser and our server.

3. Transfer of Data to Third Parties and Third-Party Providers

3.1 Data is only transferred to third parties within the framework of legal regulations. We only pass on users' data to third parties if, for example, this is required for contractual purposes based on Art. 6 Para. 1 lit. b) GDPR or on the basis of legitimate interests according to Art. 6 Para. 1 lit. f. GDPR in the economic and effective operation of our business operations.

3.2 If we use subcontractors to provide our services, we take appropriate legal precautions and corresponding technical and organizational measures to ensure the protection of personal data according to the relevant legal regulations.

3.3 If content, tools, or other means from other providers (hereinafter collectively referred to as "third-party providers") are used within this privacy policy and their mentioned seat is located in a third country, it is to be assumed that a data transfer to the states of the third-party providers takes place. Third countries are countries in which the GDPR is not a directly applicable law, i.e., basically countries outside the EU or the European Economic Area. The transfer of data to third countries occurs either when an adequate level of data protection, user consent, or other legal permission exists.

4. Provision of Contractual Services

4.1 We process inventory data (e.g., names and addresses as well as contact details of users), contract data (e.g., services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services according to Art. 6 Para. 1 lit b. GDPR.

4.2 Users can optionally create a user account, through which they can view their orders, among other things. During the registration process, the required mandatory information will be communicated to the users. The user accounts are not public and cannot be indexed by search engines. If users have terminated their user account, their data with respect to the user account will be deleted, subject to their retention is necessary for commercial or tax reasons according to Art. 6 Para. 1 lit. c GDPR. It is the users' responsibility to secure their data upon termination before the end of the contract. We are entitled to irretrievably delete all user data stored during the term of the contract.

4.3 In the context of registration and renewed logins and use of our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the user's protection against misuse and other unauthorized use. A transfer of this data to third parties does not take place, unless it is necessary for the pursuit of our claims or there is a legal obligation according to Art. 6 Para. 1 lit. c GDPR.

4.4 We process usage data (e.g., the visited web pages of our online offering, interest in our products) and content data (e.g., entries in the contact form or user profile) for advertising purposes in a user profile, to show the user e.g., product hints based on their previously used services.

5. Contacting Us

5.1 When contacting us (via contact form or email), the user's details for processing the contact request and its handling are processed according to Art. 6 Para. 1 lit. b) GDPR.

5.2 User information can be stored in our Customer Relationship Management System ("CRM System") or comparable request organization.

6. Comments and Contributions

6.1 If users leave comments or other contributions, their IP addresses are stored based on our legitimate interests within the meaning of Art. 6 Para. 1 lit. f. GDPR for 7 days.

6.2 This is done for our safety, in case someone leaves illegal content in comments and contributions (insults, prohibited political propaganda, etc.). In this case, we can be prosecuted for the comment or contribution and are therefore interested in the author's identity.

7. Collection of Access Data and Log Files

7.1 Based on our legitimate interests within the meaning of Art. 6 Para. 1 lit. f. GDPR, we collect data about every access to the server on which this service is located (so-called server log files). The access data includes the name of the accessed website, file, date and time of access, transferred data volume, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address, and the requesting provider.

7.2 Logfile information is stored for security reasons (e.g., to investigate abusive or fraudulent activities) for a maximum period of seven days and then deleted. Data whose further retention is required for evidence purposes is excluded from deletion until the final clarification of the respective incident.

8. Cookies & Reach Measurement

8.1 Cookies are information transferred from our web server or third-party web servers to the web browsers of the users and stored there for later retrieval. Cookies can be small files or other types of information storage.

8.2 We use "session cookies," which are only stored for the duration of the current visit to our online presence (e.g., to enable the storage of your login status or the shopping cart function and thus the use of our online offering at all). A randomly generated unique identification number, a so-called session ID, is stored in a session cookie. A cookie also contains information about its origin and the retention period. These cookies cannot store any other data. Session cookies are deleted when you have finished using our online offering and, for example, log out or close the browser.

8.3 Users are informed about the use of cookies in the context of pseudonymous reach measurement within this privacy policy.

8.4 If users do not want cookies to be stored on their computer, they are asked to disable the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. Excluding cookies can lead to functional restrictions of this online offering.

8.5 You can object to the use of cookies used for reach measurement and advertising purposes via the deactivation page of the Network Advertising Initiative (http://optout.networkadvertising.org/) and additionally the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

9. Newsletter

We process personal data for the purpose of sending newsletters and direct advertising, provided that the data subject has expressly consented to this in accordance with Art. 6 Para. 1 lit. a GDPR and has registered for the newsletter dispatch via a double opt-in procedure. For the purpose of sending the newsletter, we use the email address of the data subject, first and last name, and, if applicable, personal data that the data subject has communicated to INGOS. By consenting to the newsletter dispatch, the customer agrees to the regular receipt of information about the goods and services of INGOS. To evaluate and process the newsletter dispatch, we use a self-hosted marketing automation tool. To determine whether newsletters are opened, the extent to which they are used (for example, by clicking on specific links in a newsletter), or to create campaign reports, pseudonymized user profiles are created. IP addresses, location data, and device data of the users are stored anonymously. If we have received the email address or postal address in connection with the sale of our service, you will regularly receive offers for products and services from the INGOS range by email or post for the purpose of direct advertising. The data subject can object to the use of the email address for the purpose of direct advertising at any time via a link provided in the promotional email or via privacy@ingos.com.

10. Integration of Services and Contents of Third Parties

10.1 Within our online offering, based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offering within the meaning of Art. 6 Para. 1 lit. f. GDPR), we use content or service offers from third-party providers in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as "content"). This always presupposes that the third-party providers of this content perceive the IP address of the users because they could not send the content to their browser without the IP address. The IP address is therefore required for the presentation of this content. We endeavor to use only content whose respective providers use the IP address solely for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may include technical information about the browser and operating system, referring web pages, visit time, and other information regarding the use of our online offering, as well as be linked to such information from other sources.

10.2 The following presentation provides an overview of third-party providers and their content, along with links to their privacy policies, which contain further information on data processing and, in part already mentioned here, possibilities to object (so-called opt-out):

• Within our online offering, functions of the service Instagram are integrated. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged into your Instagram account, you can link the contents of our pages to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate your visit to our pages with your user account. We would like to point out that we, as the provider of the pages, do not receive any knowledge of the content of the transmitted data or its use by Instagram. Privacy policy: http://instagram.com/about/legal/privacy/.

• We use social plugins of the social network Pinterest, which is operated by Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA (“Pinterest”). When you access a page that contains such a plugin, your browser establishes a direct connection to Pinterest's servers. The plugin transmits log data to the server of Pinterest in the USA. This log data may include your IP address, the addresses of the visited websites that also contain Pinterest functions, type and settings of the browser, date and time of the request, your use of Pinterest, and cookies. Privacy policy: https://about.pinterest.com/de/privacy-policy.

• Within our online offering, functions of the service Twitter can be integrated. These functions are offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the "Re-Tweet" function, the websites you visit are linked to your Twitter account and made known to other users. Data is also transferred to Twitter. We would like to point out that we, as the provider of the pages, do not receive any knowledge of the content of the transmitted data or its use by Twitter. Privacy policy of Twitter under http://twitter.com/privacy. You can change your privacy settings on Twitter in the account settings under http://twitter.com/account/settings.

11. Privacy Policy for Applications and the Application Process

11.1 We process personal data of applicants for the purpose of processing the application procedure in accordance with §26 BDSG-neu (new German Federal Data Protection Act). The processing of personal data is carried out solely for the purpose of filling the specific position for which the applicant has applied. Should the application be considered for other open positions within the company, this requires consent, which can be revoked by the affected person at any time. Applicant data is generally collected directly from the affected person, for example, from application documents, job interviews, or the personnel questionnaire. We may receive data from third parties, for example, in the context of a job placement. Furthermore, we receive personal data from publicly accessible sources, for example, social networks. In principle, the following personal data are processed: applicant master data such as name, first name, date of birth, address, telephone number, email address, residence permit, professional career, certificates, and possibly health suitability.

11.2 If an employment contract is concluded with an applicant, the submitted application documents will be transferred to the personnel file. After termination of the employment relationship, the personal data will be stored as long as required by law. According to the Commercial Code and Fiscal Code, retention periods of up to 10 years exist. If claims can be asserted against us, personal data will be stored until the expiration of all foreseeable claims that can be asserted. In this case, retention periods of three to thirty years exist. In case of a rejection, the application documents will be returned/destroyed or deleted no later than six months after the conclusion of the application process.

11.3 Only persons and departments in the company that decide on the establishment of an employment relationship have access to personal applicant data.

11.4 If applications are sent to us electronically, for example, by email, the applicant has the option to provide us with the application documents as an encrypted ZIP file. Please

12. Rights of the Users

12.1 Users have the right to request information free of charge about the personal data that we have stored about them.

12.2 In addition, users have the right to correct inaccurate data, restrict the processing, and delete their personal data, if applicable, assert their rights to data portability, and in the event of the assumption of unlawful data processing, file a complaint with the competent supervisory authority.

12.3 Likewise, users can revoke consents, generally with effect for the future.

13. Deletion of Data

13.1 The data stored by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory retention requirements. If the users' data are not deleted because they are necessary for other and legally permissible purposes, their processing will be restricted. That means the data is blocked and not processed for other purposes. This applies, for example, to data of users that must be kept for commercial or tax reasons.

13.2 According to legal requirements, storage takes place for 6 years in accordance with § 257 Para. 1 HGB (trading books, inventories, opening balance sheets, annual financial statements, trade letters, booking receipts, etc.) and for 10 years in accordance with § 147 Para. 1 AO (books, records, management reports, booking receipts, trade and business letters, documents relevant for taxation, etc.).

14. Right to Object

14.1 Users can object to the future processing of their personal data according to legal requirements at any time. The objection may, in particular, be made against processing for direct marketing purposes.

15. Changes to the Privacy Policy

15.1 We reserve the right to change the privacy policy to adapt it to changed legal situations, or in the case of changes to the service and data processing. However, this only applies with regard to declarations on data processing. If users' consents are required or components of the privacy policy contain regulations of the contractual relationship with the users, the changes will only be made with the consent of the users.

15.2 Users are asked to inform themselves regularly about the content of the privacy policy.