| Company: | INGOS GmbH | |
| Address: | Mimminger Str. 37B | |
| 94491 Hengersberg | ||
| Country: | Deutschland | |
| Phone: | +49 9901 90 35 9 - 0 | |
| E-Mail: | privacy@ingos.com | |
| Commercial Register: | Deggendorf, HRB 1784 | |
| CEO: | Oliver Schulz |
Data Controller
| Company: | INGOS GmbH | |
| Address: | Mimminger Str. 37B | |
| 94491 Hengersberg | ||
| Country: | Deutschland | |
| Phone: | +49 9901 90 35 9 - 0 | |
| E-Mail: | privacy@ingos.com | |
| Commercial Register: | Deggendorf, HRB 1784 | |
| CEO: | Oliver Schulz |
A company data protection officer has been appointed.
Contact: privacy@ingos.com
2.1. This privacy policy provides information about the nature, scope and purpose of the processing of personal data within our online offering ingos.com, including contact/enquiry functions, career/application functions and the status page status.ingos.net. This privacy policy applies regardless of the domains, systems, platforms and devices (e.g. desktop or mobile) on which the online offering is accessed.
2.2. For the processing of personal data in the context of the general business activities of INGOS (e.g. contract processing, support, private cloud services), the separate privacy policy pursuant to Art. 13 and 14 GDPR applies, which is available at https://transfer.ingos.net/url/privacy.
2.3. The terminology used, such as “personal data” or “processing”, refers to the definitions in Art. 4 of the General Data Protection Regulation (GDPR). The term “user” encompasses all categories of persons affected by data processing and is to be understood as gender-neutral.
3.1. Our website is hosted on the own infrastructure of INGOS GmbH in Germany. All web servers, databases and application servers are located in our own data centre. No external hosting providers are used.
3.2. Fonts and icons are delivered locally from our servers; no external resources (e.g. Google Fonts, external CDNs) are embedded.
4.1. When you access our website, data is processed for technical reasons that your browser transmits to our server. This includes in particular: IP address, date and time of the request, page/file accessed, referrer URL, browser type/version, operating system as well as status codes and error messages.
4.2. Purpose: Operation of the website, error analysis, detection of misuse and attacks, and ensuring the integrity, availability and confidentiality of our systems.
4.3. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the secure and uninterrupted operation and defence against attacks).
4.4. Retention period: Standard web server log files are typically stored for 7 days and deleted after no more than 30 days. For attack detection, incident response and forensic analysis, security-relevant log files may be stored for up to 12 months. Log files are not used for marketing purposes or behavioural analysis. Access is granted only to authorised administrators.
5.1. We use Matomo for audience measurement and improvement of our online offering. Matomo is self-hosted on the infrastructure of INGOS in Germany; no data is transmitted to third parties.
5.2. Matomo is only activated if you have expressly consented via our consent banner (custom implementation). You may withdraw your consent at any time via the consent settings with effect for the future.
5.3. Legal basis: Art. 6(1)(a) GDPR (consent).
5.4. Data processed: Usage data (pages visited, duration of visit), truncated/anonymised IP address, device/browser information, referrer URL, timestamp. Your IP address is anonymised immediately upon collection, so that identification of your person is not possible. The anonymised data is stored exclusively on our server.
5.5. Retention period: Data stored in Matomo is deleted after no more than 6 months or when the purpose of storage no longer applies.
6.1. When you contact us via an enquiry form, we process the data you submit (e.g. name, email, phone number, message, company details if applicable).
6.2. Purpose: Processing and responding to your enquiry, communication, initiation or performance of contractual measures.
6.3. Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures/contract performance), where applicable; otherwise Art. 6(1)(f) GDPR (legitimate interest in efficient communication).
6.4. User data may be stored in our ERP system or a comparable enquiry management system.
7.1. If you subscribe to our newsletter, we process your email address (and any additional data you voluntarily provide) for the purpose of sending the newsletter. Registration is carried out using a double opt-in procedure. To verify your consent, we store the registration and confirmation timestamps as well as technical log data where applicable.
7.2. Legal basis: Art. 6(1)(a) GDPR (consent). You may unsubscribe from the newsletter at any time via the unsubscribe link in the newsletter or by contacting privacy@ingos.com (withdrawal with effect for the future).
7.3. For the evaluation and management of newsletter distribution, we use a self-hosted marketing automation tool on the infrastructure of INGOS. To determine whether newsletters are opened, to what extent they are used (e.g. through clicks on specific links in a newsletter) or for the creation of campaign reports, pseudonymised user profiles are created. IP addresses, location data and device data of users are stored in anonymised form.
7.4. If we have received your email address or postal address in connection with the sale of our services, you will receive regular offers for products and services from the INGOS portfolio by email or post for the purpose of direct marketing. You may object to the use of your email address for direct marketing at any time via a designated link in the promotional email or via privacy@ingos.com.
8.1. We process personal data of applicants for the purpose of conducting the application process and deciding on the establishment of an employment relationship. The legal basis is Section 26(1) of the German Federal Data Protection Act (BDSG). Where processing is necessary to protect our legitimate interests (e.g. defence against legal claims), this is carried out on the basis of Art. 6(1)(f) GDPR.
8.2. Processing is generally carried out only for the specific position applied for. Your application will only be considered for other open positions (talent pool) with your consent (Art. 6(1)(a) GDPR in conjunction with Section 26(2) BDSG), which you may withdraw at any time with effect for the future.
8.3. We generally collect applicant data directly from you (e.g. from application documents, interviews). In individual cases, we may receive data from third parties, e.g. from recruitment agencies or the Federal Employment Agency. Where necessary, we may also process information from publicly accessible professional sources (e.g. LinkedIn).
8.4. Categories of data processed: Master data (name, contact details), application documents (CV, references, qualifications), communication content and, where applicable, further information required for the position. A certificate of good conduct is only processed if this is legally required or essential for the respective role.
8.5. Retention period: In the event of a rejection, we generally delete application documents no later than 6 months after completion of the application process, unless longer retention is required for legal defence. In the event of employment, retention is governed by the statutory retention periods applicable to employee data.
8.6. Secure transmission: Applications sent by email to karriere@ingos.com are processed on the infrastructure of INGOS in Germany; transmission is generally transport-encrypted (TLS). For confidential documents, you may submit your application as an encrypted ZIP file; please communicate the password to us by telephone at +49 9901 90359-0.
8.7. If you apply via the application form on our website, we process the data entered and documents uploaded for the purposes stated above. When using the form, technically required access data (e.g. IP address, date/time, browser/operating system) is also processed to ensure IT security and website operation (Art. 6(1)(f) GDPR).
8.8. No transfer to third countries takes place.
9.1. For the status page status.ingos.net, we use the service UptimeRobot for availability monitoring. The status page is hosted on the infrastructure of UptimeRobot (status.ingos.net points via CNAME record to UptimeRobot). UptimeRobot is operated by Uptime Robot Service Provider Ltd., Regent House, Office 21, Bisazza Street, SLM 1640 Sliema, Malta (EU).
9.2. Purpose: Technical monitoring and providing information about the availability or disruptions of our services.
9.3. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in reliable operation and transparency towards our customers).
9.4. Data processed: Technically necessary connection/access data (in particular IP address and timestamp), as technically required by UptimeRobot. As UptimeRobot is based in Malta (EU), no third-country transfer takes place. For further information, please refer to the privacy policy of UptimeRobot at https://uptimerobot.com/privacy/.
10.1. On our website, you will find links to our profiles on social networks (e.g. Instagram, Facebook, X, LinkedIn). These are exclusively simple links (no social media plugins, no tracking pixels, no embedded content).
10.2. When visiting our website, no personal data is automatically transferred to the providers as a result. Only when you click on a link will you be redirected to the website of the respective provider; from that point on, data processing is carried out by the provider in accordance with their privacy policy.
10.3. Privacy policies of the platform operators:
Facebook: https://de-de.facebook.com/privacy/policy/
Instagram: https://privacycenter.instagram.com/policy/
X (Twitter): https://twitter.com/de/privacy
LinkedIn: https://de.linkedin.com/legal/privacy-policy
11.1. We operate video surveillance on our construction site at Gewerbepark 2, 94547 Iggensbach, to document construction progress and ensure the safety of the construction site (protection against theft/vandalism, compliance with safety regulations).
11.2. Before entering the construction site, a notice sign informs visitors of the video surveillance. The cameras are positioned so that neighbouring properties or public areas are not captured.
11.3. Legal basis: Art. 6(1)(f) GDPR.
11.4. Retention period: Recordings stored for security purposes are retained for a maximum of 72 hours and subsequently deleted, unless an incident requires longer retention for evidence preservation.
11.5. For the documentation of construction progress, regularly captured recordings are stored for the duration of the construction phase to create a time-lapse construction chronicle. These recordings are positioned and technically designed (low resolution) so that individuals are not identifiable where possible.
12.1. Recipients of personal data are – depending on the purpose – in particular internal departments at INGOS (e.g. sales, administration, HR). Where necessary for service provision, processors (e.g. for the operation of the status page) may be engaged.
12.2. Where legally permissible and necessary, intra-group support within the corporate group (SCHUTZSCHILD GmbH, interconnectron GmbH) may also take place.
13.1. A transfer of personal data to countries outside the European Economic Area (EEA) does not generally take place within the scope of our online offering.
13.2. Should a third-country transfer be required in individual cases, this will only take place in compliance with Art. 44 et seq. GDPR (e.g. adequacy decision, EU standard contractual clauses).
14.1. We take appropriate technical and organisational security measures to protect personal data, in particular: encrypted transmission (TLS/HTTPS), access restrictions and role-/permission-based concepts (need-to-know principle), logging of administrative access, data backup/backups, measures for attack detection and abuse prevention, as well as an ISO 27001-certified information security management system.
15.1. We store personal data after collection only for as long as is necessary in compliance with statutory retention periods and/or until the purpose of storage no longer applies. Subsequently, the data is deleted or – where statutory obligations preclude deletion – processing is restricted by blocking.
15.2. Statutory retention periods (examples): Business correspondence: 6 years pursuant to Section 257(1) of the German Commercial Code (HGB); tax-relevant documents: 10 years pursuant to Section 147(1) of the German Fiscal Code (AO).
16.1. Right of access (Art. 15 GDPR): You have the right to obtain confirmation as to whether we process personal data concerning you, as well as information about the purposes of processing, categories and recipients.
16.2. Right to rectification (Art. 16 GDPR): You have the right to obtain without undue delay the rectification of inaccurate personal data or the completion of incomplete personal data.
16.3. Right to erasure (Art. 17 GDPR): You may request the erasure of your personal data where the legal requirements are met. Statutory retention periods may preclude erasure.
16.4. Right to restriction of processing (Art. 18 GDPR): You have the right to request the restriction of processing of your data under the conditions of Art. 18(1)(a)–(d) GDPR.
16.5. Right to data portability (Art. 20 GDPR): You have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format and to transmit this data to another controller.
16.6. Right to object (Art. 21 GDPR): You have the right to object at any time to the processing of your personal data where the processing is based on Art. 6(1)(e) or (f) GDPR.
16.7. Right to withdraw consent (Art. 7(3) GDPR): Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing carried out prior to withdrawal. Consent may be withdrawn at any time by sending an email to privacy@ingos.com.
16.8. To exercise your rights, please contact privacy@ingos.com.
16.9. Right to lodge a complaint (Art. 77 GDPR): You also have the right to lodge a complaint with a data protection supervisory authority. The competent supervisory authority is the Bavarian State Office for Data Protection Supervision (Bayerisches Landesamt für Datenschutzaufsicht), Promenade 27, 91522 Ansbach, Germany.
17.1. Automated decision-making including profiling pursuant to Art. 22 GDPR does not take place within the scope of our online offering.
18.1. We reserve the right to amend this privacy policy to adapt it to changed legal requirements or changes to the service and data processing. Where user consent is required, changes will only be made with the consent of the users.
18.2. Last updated: 15 March 2026
AND TAKE YOUR BUSINESS TO THE NEXT LEVEL