| Company: | INGOS GmbH | |
| Address: | Mimminger Str. 37B | |
| 94491 Hengersberg | ||
| Country: | Deutschland | |
| Phone: | +49 9901 90 35 9 - 0 | |
| E-Mail: | privacy@ingos.com | |
| Commercial Register: | Deggendorf, HRB 1784 | |
| CEO: | Oliver Schulz |
Data Controller
| Company: | INGOS GmbH | |
| Address: | Mimminger Str. 37B | |
| 94491 Hengersberg | ||
| Country: | Deutschland | |
| Phone: | +49 9901 90 35 9 - 0 | |
| E-Mail: | privacy@ingos.com | |
| Commercial Register: | Deggendorf, HRB 1784 | |
| CEO: | Oliver Schulz |
1.1. This privacy policy informs you about the nature, scope, and purpose of the processing of personal data within our online offering and the associated websites, functions, and content (collectively referred to as "online offering" or "website"). This policy applies regardless of the domains, systems, platforms, and devices (e.g., desktop or mobile) used.
1.2. Terms such as "personal data" or "processing" are defined in Article 4 of the General Data Protection Regulation (GDPR).
1.3. The personal data processed in our online offering includes inventory data (e.g., names and addresses of customers), contract data (e.g., services used, names of contact persons, payment information), usage data (e.g., visited websites, interest in products), and content data (e.g., entries in the contact form).
1.4. The term "user" encompasses all categories of data subjects, including business partners, customers, interested parties, and other visitors. The term is used gender-neutrally.
1.5. We process personal data of users only in compliance with the relevant data protection regulations. This means that the data is processed only if a legal permission exists, such as for the provision of our contractual services (e.g., processing orders), compliance with legal obligations, user consent, or based on our legitimate interests (e.g., analysis, optimization, and economic operation of our online offering under Art. 6(1)(f) GDPR).
1.6. The legal bases for the processing are Art. 6(1)(a) and Art. 7 GDPR for consent, Art. 6(1)(b) GDPR for contractual obligations, Art. 6(1)(c) GDPR for legal obligations, and Art. 6(1)(f) GDPR for legitimate interests.
2.1. We implement organizational, contractual, and technical security measures in accordance with the state of the art to ensure compliance with data protection laws and to protect the data we process from accidental or intentional manipulation, loss, destruction, or access by unauthorized persons.
2.2. Security measures include encrypted data transmission between your browser and our server.
3.1. Recipients of personal data include employees of INGOS, affiliated companies within the corporate group for internal processing, clients and their employees to enable the use of INGOS Services, data processors and subcontractors, as well as third-party providers and suppliers, if necessary for contractual or pre-contractual matters. Additionally, leasing and factoring partners, credit agencies for credit assessments, and authorities may receive personal data where required.
4.1. Data is disclosed to third parties only within the framework of legal requirements. User data is disclosed to third parties only if necessary for contractual purposes under Art. 6(1)(b) GDPR or based on legitimate interests under Art. 6(1)(f) GDPR.
4.2. If we use subcontractors, we take appropriate legal precautions and corresponding technical and organizational measures to ensure the protection of personal data according to legal regulations.
4.3. If, in the context of this privacy policy, content, tools, or other services from third-party providers are used and these providers are located in a third country, it must be assumed that data is transferred to the respective third-country locations of those providers. A third country refers to any country where the GDPR does not apply directly, typically countries outside the EU or the European Economic Area (EEA). The transfer of data to third countries only occurs if there is an adequate level of data protection, user consent, or another legal authorization.
4.4. In cases where we transfer personal data to third parties or third countries, we ensure that appropriate protective measures are in place in accordance with Art. 44 et seq. GDPR to guarantee an adequate level of data protection. These measures include, but are not limited to: EU Commission adequacy decisions, standard contractual clauses, or binding corporate data protection policies. INGOS exclusively collaborates with external partners that maintain a sufficient level of IT security, such as those certified under the EU-US Privacy Framework or those holding an ISO 27001 certification.
5.1. We process inventory data (e.g., names and addresses, contact data of users), contract data (e.g., services used, names of contact persons, payment information) to fulfill our contractual obligations and services under Art. 6(1)(b) GDPR.
5.2. Users can create a user account to view their orders. Required information is communicated to users during registration. User accounts are not public and not indexed by search engines. If users terminate their account, their data will be deleted unless retention is necessary for commercial or tax reasons under Art. 6(1)(c) GDPR. Users are responsible for securing their data before contract termination. We may irretrievably delete all user data stored during the contract.
5.3. During registration and repeated logins, and use of our online services, we store IP addresses and the time of each user action based on our legitimate interests and user protection. Data is not shared with third parties unless necessary to pursue our claims or legally required under Art. 6(1)(c) GDPR.
5.4. We process usage data (e.g., visited websites, interest in products) and content data (e.g., entries in contact forms) for advertising purposes in a user profile to show users product recommendations based on their previously used services.
6.1. When contacting us (via contact form or email), user details are processed to handle and respond to the contact request under Art. 6(1)(b) GDPR.
6.2. User details may be stored in our Customer Relationship Management System (CRM) or similar request organization.
7.1. When users leave comments or contributions, their IP addresses are stored for 7 days based on our legitimate interests under Art. 6(1)(f) GDPR.
7.2. This is for our security in case of illegal content (insults, prohibited political propaganda, etc.). In such cases, we can be held liable and are therefore interested in the author's identity.
8.1. Based on our legitimate interests under Art. 6(1)(f) GDPR, we collect data on every access to the server (so-called server log files). Access data includes the name of the accessed website, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL, IP address, and requesting provider.
8.2. Log file information is stored for security reasons (e.g., to investigate abusive or fraudulent activities) for a maximum of seven days and then deleted. Data needed for evidentiary purposes is excluded from deletion until the incident is resolved.
We process personal data for newsletter distribution and direct advertising if the data subject has expressly consented under Art. 6(1)(a) GDPR and registered via a double opt-in procedure. For newsletter distribution, we use the email address, first and last name, and any personal data provided by the data subject. By consenting to the newsletter, the customer agrees to regularly receive information about INGOS's products and services. We use a self-hosted marketing automation tool to evaluate and manage the newsletter. Pseudonymous user profiles are created to determine whether newsletters are opened and used (e.g., by clicking on links). IP addresses, location data, and device data are stored anonymously. If we receive the email or postal address during a sale, you will regularly receive offers of products and services for direct advertising. The data subject can object to the use of their email address for direct advertising at any time via a link in the email or by contacting privacy@ingos.com.
10.1. Cookies are information transmitted from our web server or third-party web servers to the user's web browser and stored there for later retrieval. Cookies can be small files or other types of information storage.
10.2. We use "session cookies," which are stored only for the duration of the current visit (e.g., to enable the storage of your login status or shopping cart function). A session cookie stores a randomly generated unique ID, a session ID. Additionally, a cookie contains information about its origin and storage period. These cookies cannot store any other data. Session cookies are deleted when you log out or close the browser.
10.3. Users are informed about the use of cookies within the scope of pseudonymous reach measurement in this privacy policy.
10.4. If users do not want cookies stored on their computer, they are asked to disable the corresponding option in their browser's system settings. Stored cookies can be deleted in the browser's system settings. Disabling cookies may lead to functional limitations of this online offering.
10.5. Users can object to the use of cookies for reach measurement and advertising purposes via the opt-out page of the Network Advertising Initiative (http://optout.networkadvertising.org/) and additionally the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).
10.6. We use Matomo, an open-source web analytics platform, to analyze visitor behavior on our website and improve user experience, provided the user consents (Consent Cookie). Data is used exclusively for statistical purposes and website optimization. The following data is collected: IP address (anonymized), date and time of access, visited pages and duration, origin country, browser type, operating system, screen resolution, referrer URL (previously visited page). The IP address is immediately anonymized, making identification impossible. Anonymized data is stored exclusively on our server and not shared with third parties. The legal basis for processing is Art. 6(1)(f) GDPR. Our legitimate interest is in improving and optimizing our website and online offering, as well as for statistical purposes (user behavior analysis). Matomo data is deleted after a maximum of 6 months or when the purpose of storage is fulfilled.
11.1. Based on our legitimate interests (i.e., interest in analysis, optimization, and economic operation of our online offering within the meaning of Art. 6(1)(f) GDPR), we use content or service offerings from third-party providers to integrate their content and services, such as videos or fonts (hereinafter referred to as "content"). This always requires that the third-party providers of this content perceive the IP address of the users, as they cannot send the content to their browser without the IP address. The IP address is thus necessary for displaying this content. We strive to use only such content whose respective providers use the IP address solely for content delivery. Third-party providers may also use so-called pixel tags (invisible graphics, also referred to as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may include technical information about the browser and operating system, referring websites, visit time, and other information about the use of our online offering, as well as being linked to such information from other sources.
11.2. The following provides an overview of third-party providers as well as their content, along with links to their privacy policies, which contain further information on data processing and, in some cases mentioned here, opt-out options:
Instagram: Functions of the Instagram service are integrated into our online offering. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged into your Instagram account, you can link the contents of our pages to your Instagram profile by clicking the Instagram button. This allows Instagram to associate the visit to our pages with your user account. We point out that as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Instagram. Privacy Policy.
Pinterest: We use social plugins of the social network Pinterest, which is operated by Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA. When you call up a page that contains such a plugin, your browser establishes a direct connection to the servers of Pinterest. The plugin transmits protocol data to the Pinterest server in the USA. This protocol data may include your IP address, the address of the visited websites that also contain Pinterest functions, browser type and settings, date and time of the request, your usage of Pinterest, and cookies. Privacy Policy.
Twitter (X): Functions of the Twitter (X) service are integrated into our online offering. These functions are offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the "Re-Tweet" function, the websites you visit are linked to your Twitter account and made known to other users. Data is also transferred to Twitter. We point out that as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Twitter. Privacy Policy. You can change your privacy settings on Twitter in the account settings at http://twitter.com/account/settings.
12.1. We process personal data in accordance with §26 BDSG-new for the purpose of initiating, establishing, and terminating employment relationships. Personal data is processed solely for filling the specific position to which the applicant applies. If the application is to be considered for other open positions within the company, this requires the applicant's consent, which can be revoked at any time. Applicant data is generally collected directly from the applicant, for example, from the application documents, interviews, or questionnaires. We may also receive data from third parties, such as in the context of job placement. Furthermore, we obtain personal data from publicly accessible sources, such as social networks. The following personal data is generally processed: applicant master data such as name, first name, date of birth, address, telephone number, email address, residence permit, professional background, certificates, and any health suitability.
12.2. If an employment contract is concluded with an applicant, the application documents will be included in the personnel file. After the termination of the employment relationship, personal data is stored as long as legally required. According to the Commercial Code and the Tax Code, retention periods of up to 10 years apply. If claims can be asserted against us, personal data will be stored until all foreseeable claims are barred by the statute of limitations. Retention periods of three to thirty years apply in such cases. In the event of a rejection, the application documents will be returned/destroyed or deleted at the latest six months after the conclusion of the application process.
12.3. Only persons and entities within the company involved in establishing an employment relationship will have access to personal applicant data.
12.4. If applications are sent to us electronically, for example by email, the applicant can provide us with the application documents as an encrypted ZIP file. Please communicate the password for the encryption to us by phone at +49 9901 90359-0 or in a separate email to privacy@ingos.com.
13.1. We use video surveillance at our construction site at Gewerbepark 2, 94547 Iggensbach to document the construction progress and ensure the security of the site. The video surveillance is used exclusively to monitor the construction progress, ensure compliance with safety regulations, and protect building materials and equipment from theft and vandalism.
13.2. The processing of video recordings is based on our legitimate interest pursuant to Article 6 (1) (f) of the GDPR, to protect the construction site and document the construction process. Video recordings stored for security purposes are retained for a maximum of 72 hours and are then automatically deleted unless security-related incidents require extended storage (e.g., for evidence preservation in the event of an incident).
13.3. Additionally, regularly recorded footage is stored for the duration of the construction phase to create a visual chronology of the construction process upon completion of the project. These recordings exclusively capture the construction site and do not contain identifiable individuals.
13.4. The recordings are only accessible to authorized personnel and are used solely for the aforementioned purposes. Data will only be shared with third parties if it is necessary for the investigation of a security-related incident (e.g., law enforcement authorities) or if disclosure is required as part of the construction monitoring process (e.g., to involved contractors or project owners).
14.1. We operate fan pages on the social media platforms Facebook and Instagram, where we regularly share content about our company. The processing of personal data in this context is based on our legitimate interest in corporate communication in accordance with Art. 6 (1) (f) GDPR.
14.2. When using social networks, the respective platform operators collect user behavior data through cookies or similar technologies. The type, purpose, and scope of data processing are largely determined by the platform operators themselves. We have no control over their data processing activities and therefore refer to the privacy policies of the respective providers.
14.3. However, we can view posts, messages, and comments that users share on our fan pages, as well as publicly available information from their social media profiles.
For more details on data protection, please refer to the privacy policies of the respective social media platforms:
https://x.com/de/privacy
https://www.facebook.com/policy.php
https://help.instagram.com/519522125107875
https://www.linkedin.com/legal/privacy-policy
15.1. Individuals can submit support requests via the INGOS ticket management system, which includes a chat function and an integrated knowledge base, available at https://support.ingos.com, or by email at support@ingos.com.
15.2. For the purpose of handling a support case, a user account is created based on the email address of the individual, allowing support cases to be assigned to the respective customer and the requesting company. This ticket system is hosted on INGOS systems.
15.3. All support requests, whether submitted via phone or email, are processed through the INGOS Helpdesk ticket system for documentation and evidence purposes. The processing of these requests is carried out in accordance with Art. 6 (1) (b) GDPR.
15.4. When using the ticket system, the following data is stored: Customer number, Login credentials (such as username and password), name of the organization, Email address, Details of support requests and their status, Access data, including IP address, browser version, operating system, and log files.
16.1. Right of Access (Art. 15 GDPR)
The data subject has the right to request confirmation as to whether we process personal data about them, as well as information regarding the purposes of processing, the categories of personal data we process, and the recipients of such data.
16.2. Right to Rectification (Art. 16 GDPR)
The data subject has the right to request the immediate correction of inaccurate personal data or the completion of incomplete personal data.
16.3. Right to Erasure (Art. 17 GDPR)
The data subject may request the deletion of their personal data if the data is no longer necessary for the purposes for which it was collected, if they withdraw their consent and no other legal basis exists, or if the data is being processed unlawfully. Legal retention periods may prevent such deletion.
16.4. Right to Restriction of Processing (Art. 18 GDPR)
The data subject has the right to request the restriction of processing if: They contest the accuracy of the data, for the duration necessary to allow us to verify the accuracy of the data;
The processing of the data is unlawful, and instead of deletion, the customer requests the restriction of its use;The data is no longer needed for processing purposes but is required for the establishment, exercise, or defense of legal claims.
16.5. Right to Data Portability (Art. 20 GDPR)
The data subject has the right to receive the personal data they have provided to us in a structured, commonly used, and machine-readable format. Additionally, they have the right to have this data transmitted directly to another controller without hindrance, provided that the processing is based on their consent (which they can withdraw) or a contract and is carried out using automated processes.
16.6. Right to Object (Art. 21 GDPR)
The data subject has the right to object at any time to the processing of their personal data if the processing is based on Art. 6 (1) (e) or (f) GDPR.
16.7. Right to Withdraw Consent (Art. 7 (3) GDPR)
If the processing of data is based on consent, the data subject may withdraw this consent at any time without affecting the lawfulness of the processing carried out before the withdrawal.
16.8. Right to Lodge a Complaint with the Supervisory Authority (Art. 77 GDPR)
If the customer believes that the processing of their personal data violates the GDPR, they have the right to file a complaint with a data protection supervisory authority. The competent authority for our company is the Bavarian State Office for Data Protection Supervision (BayLDA).
17.1. Data we store is deleted as soon as it is no longer needed for its intended purpose and no statutory retention obligations prevent its deletion. If user data is not deleted because it is needed for other and legally permissible purposes, its processing will be restricted. This means the data is locked and not processed for other purposes. This applies, for example, to user data that must be retained for commercial or tax law reasons.
17.2. According to legal requirements, data is retained for 6 years under § 257(1) HGB (commercial books, inventories, opening balances, annual financial statements, commercial letters, booking receipts, etc.) and for 10 years under § 147(1) AO (books, records, management reports, booking receipts, commercial and business letters, documents relevant for taxation, etc.).
18.1. We reserve the right to change the privacy policy to adapt it to changed legal situations or changes in the service or data processing. This applies, however, only with regard to declarations on data processing. If user consents are required or components of the privacy policy contain provisions of the contractual relationship with the users, the changes will only be made with the users' consent.
18.2. Users are requested to inform themselves regularly about the content of the privacy policy.
AND TAKE YOUR BUSINESS TO THE NEXT LEVEL