Privacy

Introduction

Whether you are a customer, prospective customer or visitor to our website: We protect your privacy, which is very important to us when processing your data. That is why we act in accordance with the provisions of the General Data Protection Regulation (GDPR).

The following privacy policy explains which data is processed. It applies to ITM Beratungsgesellschaft mbH - hereinafter referred to as ITM.

In addition, you will receive information on the processing of your data in accordance with the applicable legal standards (Art. 13 et seq. GDPR). You can quickly and easily get an overview of what personal data we collect from you and what we do with it. We will also inform you about your rights under applicable data protection law and tell you who you can contact if you have any questions.

Person responsible for data processing

ITM Beratungsgesellschaft mbH
Meitnerstraße 8
70563 Stuttgart
Phone: +49 711 45129-0
E-mail: info[at]itm.net

Contact details of the data protection officer

You can reach our data protection officer at:
Phone: +49 711 45129-15
Email: compliance+dsb[at]itm.net

Purposes and legal bases of data processing

We process your personal data exclusively in accordance with the statutory data protection regulations, in particular the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). This privacy policy explains what personal data we collect, how we use it and what rights you have.

Collection and storage of personal data and type and purpose of use

When visiting the website

When you visit our website, the browser used on your device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information is recorded and stored until it is automatically deleted:

  • IP address of the requesting computer
  • Date and time of access
  • Name and URL of the retrieved file
  • Website from which the access is made (referrer URL)
  • Browser used and, if applicable, the operating system of your computer

We process the aforementioned data for the following purposes:

  • Ensuring a smooth connection to the website
  • Ensuring a comfortable use of our website
  • Evaluation of system security and stability

We cannot assign this data to specific persons. This data is not merged with other data sources. The legal basis for data processing is Art. 6 para. 1 lit. f GDPR.

SSL or TLS encryption

‍For security reasons and to protect the transmission of confidential content that you send to us as the site operator, our website uses SSL or TLS encryption. This means that data that you transmit via this website cannot be read by third parties. You can recognize an encrypted connection by the "https://" address line of your browser and the lock symbol in the browser line.

Use of cookies and tracking technologies

Our website uses cookies, small text files that your web browser stores on your end device to make your visit to our website more convenient and to enable the use of certain functions. You have the option of preventing the storage of cookies on your computer by making the appropriate settings in your browser. However, this may limit the functionality of our website for you.

You can adjust or revoke your consent to the use of unnecessary cookies at any time via our cookie consent tool on the website. To do this, you can click on the corresponding icon at the bottom left of the website or call up the settings in the cookie banner. Alternatively, you can delete or block stored cookies in the browser settings.

The processing is based on your consent (Art. 6 para. 1 lit. a GDPR) or our legitimate interest (Art. 6 para. 1 lit. f GDPR).

Cookie Consent Manager 19

We use the Cookie Consent Manager 19 (CCM19) from Papoo Software & Media GmbH to inform you about cookies that are essential for the core function of the website and to provide you with the decision on the use of additional, optional technologies and to document these in compliance with data protection regulations.

When you visit our website, the following personal data is transmitted to CCM19:

  • Your consent(s) or the revocation of your consent(s)
  • Your IP address
  • Information about your browser
  • Information about your end device
  • Time of your visit to the website

In addition, CCM19 stores a cookie in the browser to assign the consents you have given or revoked. The consent data (consent given and revocation of consent) is stored for three years and automatically deleted after this time.

The legal basis for this is Art. 6 para. 1 lit. c GDPR

Analysis tools and advertising

Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics enables the website operator to analyze the behavior of website visitors. In doing so, the website operator receives various usage data, such as page views, length of visit, operating systems used and origin of the user. We use Google Analytics in conjunction with the IP anonymization function. This ensures that Google truncates your IP address within member states of the European Union or in other signatory states to the Agreement on the European Economic Area before transmitting it to the USA. There may be exceptional cases in which Google transmits the full IP address to a server in the USA and truncates it there.

Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You can prevent the storage of cookies by selecting the appropriate settings in your browser software. You can also prevent the collection of data relating to your use of the website (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link:
http://tools.google.com/dlpage/gaoptout?hl=de

This analysis tool is used on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the analysis of user behavior in order to optimize both its website and its advertising. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

Matomo Analytics

Our website uses the web analysis service Matomo. Matomo is an open source solution. Matomo uses "cookies." These are small text files that your web browser stores on your end device and that enable website usage to be analyzed. Information generated by cookies about the use of our website is stored on our server. Your IP address is anonymized before it is stored. Matomo cookies remain on your device until you delete them. Matomo cookies are set on the basis of Art. 6 para. 1 lit. f GDPR. As the operator of this website, we have a legitimate interest in the anonymized analysis of user behaviour in order to optimize both our website and, if necessary, advertising. The information stored in the Matomo cookie about the use of this website is not passed on. The setting of cookies by your web browser can be prevented.

Plugins and tools

YouTube

Our website uses plugins from YouTube to integrate and display video content. The operator of the pages is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. We use YouTube in extended data protection mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video. As soon as you start a YouTube video on this website, a connection to the YouTube servers is established. This tells YouTube which of our pages you have visited. YouTube can assign your surfing behavior directly to your personal profile if you are logged into your YouTube account. You can prevent this by logging out beforehand. Furthermore, YouTube can store various cookies on your end device after starting a video or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to record video statistics, improve user-friendliness and prevent fraud attempts. The use of YouTube is in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. Details on the handling of user data can be found in YouTube's privacy policy at: https://www.google.de/intl/de/policies/privacy.

Google reCAPTCHA

Our primary goal is to make our website secure and user-friendly for both you and us. To prevent automated access (e.g. by bots) and to protect us from spam attacks, we use Google reCAPTCHA. The provider of this service is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

With the help of reCAPTCHA, we can distinguish whether an input is made by a human or abusively by automated, machine processing. Various data is collected and transmitted to Google, such as the IP address, mouse movements, length of visit, browser and device properties and any Google cookies already set. This data is used exclusively to protect our website.

As a rule, your IP address is truncated within member states of the European Union or in other signatory states to the Agreement on the European Economic Area before it is transferred to servers in the USA. The data collected by reCAPTCHA will only be merged with other Google data if you are logged into your Google account at the time of use.

We use Google reCAPTCHA to maintain the integrity of our website, to protect us from automated attacks and to ensure user-friendliness for real visitors. The legal basis for data processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in securing our website and preventing abusive access by automated systems.

Google Maps

We use Google Maps on our website to show you an interactive map and to make it easier to find our company location. The provider of this service is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

By using Google Maps, information about your use of our website (including your IP address) is transmitted to Google and stored on Google servers. This may also include transmission to servers in the USA. Google processes this data to provide the map functions and to improve its services. If you are logged into your Google account while using Google Maps, the data may be linked to your Google account. We have no influence on this data processing.

Google Maps is integrated to provide you with a user-friendly presentation of our location and to facilitate navigation. The legal basis for data processing is Art. 6 para. 1 lit. f GDPR.

If you do not agree to the future transmission of your data to Google in connection with the use of Google Maps, you can deactivate the service by switching off JavaScript in your browser. Please note that this will mean that Google Maps and the map display on this website will no longer work.

Weglot

We use the Weglot translation service to provide multilingual content on our website. The provider is Weglot SAS, 138, rue Pierre Joigneaux, 92270 Bois-Colombes, France.

Weglot enables us to automatically translate content into different languages in order to make our website more accessible to an international audience. When you access the website, your IP address is transmitted to Weglot together with other technical information (e.g. browser type, language used, pages visited). This data is required to correctly recognize the language settings and provide the corresponding content.

Data processing is carried out by Weglot on servers within the European Union. Weglot undertakes to comply with the applicable data protection provisions of the GDPR.

The legal basis for data processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in a barrier-free and user-friendly presentation of our website in several languages in order to improve the accessibility of our content.

Note on deactivating Weglot
If you do not want data to be transmitted to Weglot, you can deactivate the translation function by switching off JavaScript in your browser. Please note, however, that the website will then only be displayed in the original language and individual functions may be restricted.

Contact us by e-mail or contact form

If you send us inquiries via the contact form or e-mail, your details, including the contact data you provide, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. We will not pass on this data without your consent.

The following personal data may be processed:

  • Name
  • E-mail address
  • Company (if specified)
  • Telephone number (if provided)
  • Content of the message

This data is processed on the basis of Art. 6 para. 1 lit. b GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f GDPR).

Applications

When you apply to us, we process your personal data in order to carry out the application process. Your application documents will be treated confidentially and will only be used for the purpose of processing your application. The processed data includes

  • Master data (e.g. name, address, contact details)
  • Application documents (e.g. CV, certificates, qualifications)
  • Other voluntary information that you provide to us as part of your application

Your data will only be used internally and will not be passed on to third parties.

The legal basis for the processing of your application data is § 26 BDSG in conjunction with Art. 6 para. 1 lit. b GDPR. If you are not hired, your application documents will be deleted no later than six months after completion of the application process, unless you have given your consent for longer storage.

Visitors and external companies

For visitors and employees of external companies who enter our premises, we collect personal data such as

  • Name
  • Contact details
  • Company affiliation
  • Time of visit

This data is used to ensure the safety and protection of our employees and to comply with legal regulations. The legal basis for this processing is Art. 6 para. 1 lit. c GDPR (legal obligation) and our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.

Storage period and deletion of data

Personal data is stored for as long as is necessary for the respective processing purposes or for as long as there are statutory retention obligations. The data will be deleted once it is no longer required or statutory periods have expired.

Data processing for business partners, third-party companies and business contacts

What data do we process?

We collect the following personal data as part of our business relationships with customers, suppliers, service providers and other business partners:

  • Surname, first name, title
  • Company affiliation, position
  • Business address
  • Contact details (e-mail, telephone, fax)
  • Contract and billing data
  • Payment information (bank details, invoice details)
  • Communication in the context of the business relationship (e.g. emails, inquiries, meetings, contracts)
Purpose of data processing

This data is processed for the following purposes:

  • Initiation, implementation and handling of business relationships
  • Processing of inquiries and contract negotiations
  • Processing of orders and payments
  • Compliance with legal requirements (e.g. tax retention obligations)
  • Communication with business partners and third-party companies
  • Improvement of our business processes
Legal basis of the processing

The processing of personal data of business partners is based on the following legal bases:

  • Art. 6 para. 1 lit. b GDPR (contract initiation and fulfillment)
  • Art. 6 para. 1 lit. c GDPR (legal obligations, e.g. tax retention obligations)
  • Art. 6 para. 1 lit. f GDPR (legitimate interest in the maintenance of business relationships, quality assurance and security)
Storage period and deletion of business partner data

Contract-related data and personal data are stored for as long as is necessary for the respective business relationship or as long as statutory retention obligations exist. The data will be deleted once it is no longer required or statutory periods have expired.

Disclosure of business partner data

We only pass on personal data to third parties if this is necessary for the fulfillment of contractual or legal obligations or to protect legitimate interests. This includes e.g:

  • Tax consultants, auditors and banks for processing payments
  • Authorities and public bodies with statutory reporting obligations
  • Insurance companies for liability issues
Data security for business partners

We use technical and organizational measures to protect personal data from unauthorized access, loss or misuse. This includes, among other things, access controls, encryption technologies and regular security checks. These include, among other things:

  • Access restrictions and role-based authorizations
  • Encryption of sensitive data
  • Secure transmission technologies for electronic communication
  • Regular security audits and data protection training

Your rights as a data subject

If your personal data is processed by us, you have the following rights under the GDPR:

Right to information pursuant to Art. 15 GDPR

You have the right to receive information about the personal data processed by us. This includes in particular

  • Processing purposes
  • Categories of data processed
  • Recipients or categories of recipients to whom your data has been or will be disclosed
  • Planned storage period or criteria for determining the storage period
  • Your rights to rectification, erasure, restriction of processing or objection
  • The existence of automated decision-making including profiling and, where applicable, meaningful information about its details
  • Information on the possible transfer of personal data to third countries and the corresponding protective measures
Right to rectification pursuant to Art. 16 GDPR

If the personal data processed is incorrect or incomplete, you have the right to have your data rectified or completed without delay.

Right to erasure ("being forgotten") pursuant to Art. 17 GDPR

You can request the deletion of your personal data if:

  • the data is no longer required for the original purposes,
  • you have withdrawn your consent and there is no other legal basis,
  • you object to the processing and there are no overriding legitimate grounds for the processing,
  • the data has been processed unlawfully or
  • the deletion is necessary to fulfill a legal obligation.
Right to restriction of processing pursuant to Art. 18 GDPR

You have the right to restrict the processing of your personal data if one of the following conditions is met:

  • You dispute the accuracy of the data and we need time to check it.
  • The processing is unlawful, but you oppose the erasure.
  • We no longer need your data, but you need it to assert, exercise or defend legal claims.
  • You have objected to the processing and it is not yet clear whether our legitimate interests prevail.
Right to object pursuant to Art. 21 GDPR

You have the right to object at any time to the processing of your personal data based on Art. 6 para. 1 lit. e or f GDPR, at any time. This applies in particular to direct advertising. In this case, your data will no longer be processed for these purposes.

Right to withdraw consent pursuant to Art. 7 (3) GDPR

You have the right to withdraw your consent at any time. The revocation does not affect the lawfulness of the processing prior to the revocation. You can withdraw your consent at any time by sending an e-mail to compliance+dsb[at]itm.net.

Right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR

In accordance with Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your place of residence, workplace or our company headquarters. The supervisory authority responsible for ITM Beratungsgesellschaft mbH is

The State Commissioner for Data Protection and Freedom of Information
P.O. Box 10 29 32
70025 Stuttgart

Phone: 0711/615541-0
Fax: 0711/615541-15
E-mail: Poststelle@lfdi.bwl.de

Contact options & compliance inquiries

We have set up central contact points for inquiries about data protection, information security and security incidents. Please use the appropriate e-mail address to ensure faster processing.

Main contact
  • E-Mail: compliance[at]itm.net
  • ITM hotline: +49 711 45129-0
  • Website & further information: www.itm.net

Further contacts:
e-mail
Topics

compliance[at]itm.net

General compliance inquiries & audits

compliance+dsb[at]itm.net

Data protection & GDPR

compliance+isb[at]itm.net

Information security & IT security

compliance+security[at]itm.net

Reporting of security incidents

Up-to-dateness of and changes to this privacy policy

This privacy policy is currently valid. It may become necessary to amend this privacy policy as a result of further development of our website or due to changes in legal requirements. The current privacy policy can be viewed at any time on our website.