// IBIS PROF. THOME AG
Privacy Policy
IBIS Prof. Thome AG
Mergentheimer Straße 76a
97082 Würzburg
// IBIS PROF. THOME AG
Privacy Policy according to the GDPR
I. Name and Address of the Data Controller
The data controller in terms of the General Data Protection Regulation and other national data protection laws of the Member States, as well as other data protection provisions, is:
IBIS Prof. Thome AG
Mergentheimer Str. 76a
97082 Würzburg
Telephone: +49 931 73046 500
Fax: +49 931 73046 99 500
Email: info@ibis-thome.de
Website: www.ibis-thome.de
II. Name and Address of the Data Protection Officer
The data protection officer of the data controller is:
Attorney
Konstantin Malakas
Steinbachtal 2b
97072 Würzburg
Tel. +49 931 29 98 08-0
Fax: +49 931 29 98 08-8
Email: dsb@ibis-thome.de
Websites: www.malakas.de; www.weblawyer.de
III. General Information on Data Processing
1. Scope of Processing Personal Data
We collect and use personal data of our users only as necessary to provide a functional website as well as our content and services. The collection and use of our users' personal data regularly takes place only after the user's consent. An exception applies in those cases where obtaining prior consent is factually impossible and the processing of the data is permitted by statutory regulations.
2. Legal Basis for Processing Personal Data
Insofar as we obtain the consent of the data subject for processing operations of personal data, Art. 6(1) S.1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis.
When processing personal data necessary for the performance of a contract to which the data subject is a party, Art. 6(1) S.1 lit. b GDPR serves as the legal basis. This also applies to processing operations required to carry out pre-contractual measures.
Insofar as processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6(1) S.1 lit. c GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6(1) S.1 lit. d GDPR serves as the legal basis.
If processing is necessary to protect a legitimate interest of our company or a third party, and the interests, fundamental rights, and freedoms of the data subject do not override the first-named interest, Art. 6(1) S.1 lit. f GDPR serves as the legal basis for processing.
3. Data Deletion and Storage Duration
The personal data of the data subject are deleted or blocked as soon as the purpose of storage ceases to apply. Additionally, storage can occur if this is required by the European or national legislators in EU regulations, laws, or other provisions to which the data controller is subject. Data will also be blocked or deleted if a storage period prescribed by these regulations expires, unless there is a necessity for further storage of the data for contract conclusion or performance.
IV. Provision of the Website
1. Description and Scope of Data Processing
Our website is hosted by the provider Framer (Framer B.V., Rozengracht 207B, 1016 LZ Amsterdam, Netherlands). In this context, a data processing contract has been concluded with Framer. Framer processes personal data of our website visitors only under directive and in compliance with the GDPR. Framer's privacy policy can be viewed via the following link: https://www.framer.com/legal/privacy-statement/
Each time our website is accessed, the following data and information are automatically processed by the computer system of the accessing computer:
(1) Information about the browser type and version used
(2) The user's operating system
(3) The user's Internet service provider
(4) The user's IP address
(5) Date and time of access
(6) Websites from which the user's system reaches our website
(7) Websites accessed by the user's system via our website
These data can also be stored in log files. Storage of this data together with other personal data of the user does not take place.
2. Legal Basis for Data Processing
The legal basis for temporary storage of data and log files is Art. 6(1) S.1 lit. f GDPR.
3. Purpose of Data Processing
Temporary storage of the user's IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must be stored for the duration of the session. Additionally, the data serve to ensure security, troubleshooting, and improvement of the services. An evaluation of the data for marketing purposes does not take place in this context.
4. Duration of Storage
Data are deleted as soon as they are no longer necessary for achieving the purpose of their collection.
5. Right to Object and Remedy
Data collection for provision of the website and storage of data in log files is essential for website operation. Therefore, there is no option for the user to object.
V. Use of Cookies
1. Description and Scope of Data Processing
A cookie is a small text file that a website server sends to your browser when you visit a website. This cookie contains a characteristic string that allows unique identification of the browser when the website is accessed again. Cookies generally pose no danger to your computer since they are text files and not executable programs.
When accessing our website, users are informed about the use of cookies by our cookie manager info banner, and reference is made to this privacy policy. Moreover, consents of website users are obtained and managed should third-party content be loaded or used. The cookie manager concerns the Usercentrics software, which we use as a SAAS solution from Usercentrics GmbH (Sendlinger Straße 7, 80331 München, Germany). A data processing contract has been concluded with the provider Usercentrics. Usercentrics processes personal data of our website visitors under directive and compliance with the GDPR. The data protection declaration of Usercentrics is available via the following link: https://usercentrics.com/de/datenschutzerklaerung/
Cookies, which are not technically necessary, are set only after your or by your consent. Depending on your browser settings, the cookie file is stored or rejected. If the file is stored, our web server may recognize your device again. If you do not wish this, you can deactivate cookies as described below:
Set your browser to reject our cookies if you want to use our websites without cookie functionality. The exact steps for this vary depending on the browser used, which is why we do not specify further here.
If your browser is already set to notify you each time it receives a cookie, you can decide case by case whether you want to accept the cookie. As our identification cookie must be sent anew each time one of our websites is accessed, these messages can quickly become annoying.
Therefore, we recommend setting your browser to always allow cookies from www.ibis-thome.de. You can configure this setting individually for single websites. For example, your text inputs in form fields can be saved for future queries, so that repeated input is not needed on your next visit. Naturally, we can then also present you with content tailored specifically to you.
Some elements of our website require the calling browser to be identifiable even after a page change.
Further information on the use or deactivation of cookies can be found at www.meine-cookies.org or www.youronlinechoices.com.
Cookies are distinguished into "session cookies" and "other cookies." Session cookies are absolutely necessary for the operation of the website (essential); other cookies, however, require your explicit consent.
a) Session Cookies
To make our offer as user-friendly as possible, we use session cookies. These cookies are technically necessary. The data collected from users for technically necessary settings are anonymized through technical measures. Thus, an assignment of the data to the calling user is no longer possible. The data are not stored together with other personal data of users. Session cookies have a lifespan of 24 hours.
b) Other Cookies
"Other cookies" include cookies used for market research and advertising purposes, for collecting usage statistics, for user interaction with external services (e.g., embedding third-party content), and for web tracking. No personal data are stored in these cookies either. These cookies are stored on your device between various browser sessions and can capture your settings or actions across multiple websites. However, you can withdraw your consent to the use of "other cookies" at any time.
2. Legal Basis for Data Processing
For the use of technically necessary cookies, we have a legitimate interest under Art. 6(1) lit. f GDPR. For all other cookies, we require your consent as the legal basis for data processing in accordance with Art. 6(1) S.1 lit. a GDPR.
3. Purpose of Data Processing
The purpose of using technically necessary cookies is to simplify the use of our website for users. Some functionalities of our website cannot be offered without the use of cookies. The data collected through technically necessary cookies are not used to create user profiles.
The use of cookies for analysis, marketing, and advertising takes place to improve the quality of our website and its content, analyze the use of our website, and analyze the effectiveness of advertising measures. This enables us to constantly improve our offer. We use cookies from external service providers to allow users to interact with the additional services they use.
4. Duration of Storage
Cookies are stored on the user's computer and transmitted to our site. Therefore, you as a user have full control over the use of cookies. You can deactivate or restrict the transfer of cookies by changing the settings in our cookie manager or in your Internet browser (opt-out). Already stored cookies can be deleted at any time.
Regarding the duration of data storage by external service providers and your respective rights and settings to protect your privacy, we refer you to the data protection notices of the respective service providers.
Opt-outs are stored in the cookie manager's settings. Please note that by deleting cookies, you may also delete opt-out cookies, which would negate the intended effect.
5. Right to Object and Remedy
You can deactivate the cookie settings of your browser as described in V.1 at any time. If no active deactivation is carried out, a removal is only possible by deleting it on your system. There is no right of objection for technical reasons.
Regarding the right of objection and removal options with the respective external service providers and your related rights and privacy settings, we refer you to the data protection notices of the respective service providers linked at the appropriate points.
VII. Web Analysis and Tracking
We use the following analysis and tracking tools on our website to ensure the continuous improvement of our website:
· Google Analytics (via Google Tag Manager)
· Meta Pixel
· LinkedIn Insight Tag
When accessing our website, you have the option to consent to the activation of analysis and tracking tools via the cookie manager info banner. The associated use of cookies only takes place after your consent in accordance with Art. 6(1) S.1 lit. a) GDPR. You can review your settings at any time or withdraw your consent.
Google Analytics (via Google Tag Manager)
1. Scope of Processing Personal Data
We use the analysis service "Google Analytics" from Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) for our website. This service stores cookies on users' computers (see cookies above). When individual pages of our website are accessed, the following data is generally transferred to a server at Google in the USA and stored there:
(1) The IP address of the accessing user's system
(2) The page accessed
(3) The website from which the user accessed the page (referrer)
(4) The subpages accessed from the accessed page
(5) The duration of the visit to the page
(6) The frequency of page access
(7) Search terms entered
(8) Frequency of page views
The IP anonymization on our website is activated, so your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area beforehand. Only in exceptional cases will the full IP address be transferred to a server in the USA and shortened there. We otherwise have no influence over this process. We do not know in which cases or how often the full IP address is initially transmitted.
2. Legal Basis for Processing Personal Data
Legal basis for processing the personal data of users is Art. 6(1) S.1 lit. a GDPR.
3. Purpose of Data Processing
Processing personal data of users enables us to analyze the surfing behavior of our users. By evaluating the obtained data, we can compile information on the use of individual components of our website. This helps us in constantly improving our website and its user-friendliness.
4. Duration of Storage
On our behalf, Google will use this information to evaluate your use of our website, compile reports on website activity, and provide us with additional services related to website and internet usage. The IP address transmitted by your browser in the context of Google Analytics is not combined with other data from Google.
User and event data are stored for 14 months (minimum storage period).
5. Right to Object and Remedy
Cookies are stored on the user's computer and transmitted from there to our site. Therefore, you as a user have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Already stored cookies can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, not all functions of the website may be fully usable.
We offer our users the option of opting out of the analysis process on our website. This can be done by clicking on the icon (fingerprint) at the bottom left of the website, as well as the switch for deactivation.
Your opt-out will then be stored in the cookie manager settings. Thus, our system is signaled not to save the user's data. If the user deletes the corresponding cookie from their system in between, a new opt-in cookie must be set for analysis re-activation.
You can also prevent collection of the data generated by the cookie related to your use of the website (including your IP address) by Google and the processing of these data by Google by downloading and installing the browser plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de
Meta Pixel
1. Scope of Processing Personal Data
We use the "Meta Pixel" of Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland on our website. With this pixel (JavaScript code and cookie), Facebook can track your actions on our website if you arrived via a Facebook advertisement. Facebook collects various data, such as:
· HTTP headers (IP address, web browser information, page location, document, referrer, and site visitor information)
· Pixel-specific data (Pixel ID, Facebook Cookie)
· Button click data,
· Optional values,
· Form field names (without field values).
We receive only statistical data from Facebook without any personal reference.
2. Legal Basis for Processing Personal Data
Legal basis for processing the personal data of users is Art. 6(1) S.1 lit. a GDPR.
3. Purpose of Data Processing
The Meta Pixel enables us to identify the effectiveness of a Facebook advertisement, or to determine whether it was successful (possible objectives are, for example, the download of a brochure or a click on a contact button, etc.).
4. Duration of Storage
Facebook indicates that data is stored until it is no longer needed to provide services or products to you, or until your Facebook account is deleted (see: https://de-de.facebook.com/about/privacy/ Section: "Data Storage, Decommissioning, and Deletion of Accounts" or also here: https://www.facebook.com/help/224562897555674?helpref=faq_content).
5. Right to Object and Remedy
Cookies are stored on the user's computer and transmitted from there to our site. Therefore, you as a user have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Already stored cookies can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, not all functions of the website may be fully usable.
We offer our users the option of opting out of the analysis process on our website. This can be done by clicking on the icon (fingerprint) at the bottom left of the website, as well as the switch for deactivation.
Your opt-out will then be stored in the cookie manager settings. Thus, our system is signaled not to save the user's data. If the user deletes the corresponding cookie from their system in between, a new opt-in cookie must be set for analysis re-activation.
The Facebook privacy policy can be found here: https://de-de.facebook.com/about/privacy/
To contact Facebook Ireland Ltd.'s data protection officer, Facebook has provided a form via the following link: https://www.facebook.com/help/contact/540977946302970
LinkedIn Insight Tag
1. Scope of Processing Personal Data
We use the "LinkedIn Insight Tag" from LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland on our website. The Insight-Tag sets a cookie allowing LinkedIn to track your actions on our website if you reached us via a LinkedIn advertisement. LinkedIn collects various data (see https://www.linkedin.com/help/lms/answer/a427661/linkedin-insight-tag-haufig-gestellte-fragen?lang=de) such as:
· URL,
· Referrer URL,
· IP address (shortened or hashed),
· Device and browser properties (User Agent),
· Timestamp.
However, we receive only statistical data from LinkedIn, without personal reference, as well as reports/communications on the effectiveness of advertisements.
2. Legal Basis for Processing Personal Data
Legal basis for processing personal data of users is Art. 6(1) S.1 lit. a GDPR.
3. Purpose of Data Processing
The LinkedIn Insight-Tag allows us to identify the effectiveness of a LinkedIn advertisement or to determine whether it was successful (possible objectives are, for example, the download of a brochure or a click on a contact button, etc.).
4. Duration of Storage
LinkedIn specifies that direct identifiers of members are removed within seven days to pseudonymize the data. The remaining pseudonymized data is then deleted within 180 days (see: https://www.linkedin.com/help/lms/answer/a427661/linkedin-insight-tag-haufig-gestellte-fragen?lang=de Section: "What information does my website send via this tag and how is this data used").
5. Right to Object and Remedy
Cookies are stored on the user's computer and transmitted from there to our site. Therefore, you as a user have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Already stored cookies can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, not all functions of the website may be fully usable.
We offer our users the option of opting out of the analysis process on our website. This can be done by clicking on the icon (fingerprint) at the bottom left of the website, as well as the switch for deactivation.
Your opt-out will then be stored in the cookie manager settings. Thus, our system is signaled not to save the user's data. If the user deletes the corresponding cookie from their system in between, a new opt-in cookie must be set for analysis re-activation.
The LinkedIn privacy policy can be found here: https://www.linkedin.com/legal/privacy-policy
To contact the data protection officer of LinkedIn Ireland Unlimited Company, LinkedIn has provided a form via the following link: https://www.linkedin.com/help/linkedin/ask/TSO-DPO
VII. Social Media Presence
You can also find our company's services on social online networks/video platforms that other companies offer online (Facebook, Google, YouTube, Vimeo, LinkedIn, XING).
These services can only be used if you are registered and logged in to the respective social network.
Under the following links, you will find privacy policies for our presences on these platforms:
· Facebook/Instagram: [www.ibis-thome.de/datenschutzerklärung-facebook]
· LinkedIn: [www.ibis-thome.de/datenschutzerklärung-linkedin]
IX. Rights of the Data Subject
If personal data concerning you is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the data controller:
1. Right to Information
You can request confirmation from the data controller as to whether personal data concerning you is being processed by us.
If such processing is present, you can request information from the data controller about the following:
(1) the purposes for which the personal data are processed;
(2) the categories of personal data being processed;
(3) the recipients or categories of recipients to whom the personal data concerning you have been disclosed or will be disclosed;
(4) the planned duration of storage of the personal data concerning you or, if specific details are not possible here, criteria for determining the storage duration;
(5) the existence of a right to rectification or deletion of the personal data concerning you, a right to restrict processing by the controller, or a right to object to such processing;
(6) the existence of a right to lodge a complaint with a supervisory authority;
(7) all available information about the data source if the personal data were not collected from the data subject;
(8) the existence of automated decision-making, including profiling, according to Art. 22(1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved as well as the scope and intended effects of such processing for the data subject.
You have the right to request information about whether the personal data concerning you have been transferred to a third country or an international organization. In this context, you can request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.
2. Right to Rectification
You have the right to rectification and/or completion if the personal data concerning you being processed is incorrect or incomplete. The controller must make the rectification without delay.
3. Right to Restriction of Processing
Under the following conditions, you can request restriction of the processing of the personal data concerning you:
(1) if you contest the accuracy of the personal data concerning you for a duration that enables the controller to verify the accuracy of the personal data;
(2) the processing is unlawful, and you oppose deletion of the personal data and request the restriction of their use instead;
(3) the controller no longer needs the personal data for the purposes of processing, but you need them for establishing, exercising, or defending legal claims, or
(4) if you have objected to processing pursuant to Art. 21(1) GDPR, and it has not yet been determined whether the legitimate grounds of the controller override your reasons.
If the processing of personal data concerning you has been restricted, these data – apart from being stored – may only be processed with your consent or for the establishment, exercise, or defense of legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.
If the restriction of processing is lifted according to the abovementioned conditions, you will be informed by the controller before the restriction is lifted.
4. Right to Deletion
a) Deletion Obligation
You can request the controller to delete the personal data concerning you without delay, and the controller is obligated to delete this data immediately if one of the following reasons applies:
(1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
(2) You withdraw your consent on which the processing is based according to Art. 6(1) S.1 lit. a or Art. 9(2) S.1 lit. a GDPR, and there is no other legal basis for processing.
(3) You object to processing pursuant to Art. 21(1) GDPR, and there are no overriding legitimate grounds for processing, or you object to processing pursuant to Art. 21(2) GDPR.
(4) The personal data concerning you has been unlawfully processed.
(5) Deletion of personal data concerning you is necessary to fulfill a legal obligation under Union or Member State law to which the controller is subject.
(6) The personal data concerning you was collected in relation to information society services offered pursuant to Art. 8(1) GDPR.
b) Information to Third Parties
If the controller makes the personal data concerning you public and is obligated under Art. 17(1) GDPR to delete such data, the controller shall take reasonable measures, including technical means, considering the available technology and the implementation costs, to inform controllers processing the personal data that you, as the data subject, have requested deletion of all links to, or copies or replications of, those personal data.
c) Exceptions
The right to deletion does not exist insofar as processing is necessary:
(1) for exercising the right to freedom of expression and information;
(2) for compliance with a legal obligation that requires processing under Union or Member State law to which the controller is subject or for performing a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health according to Art. 9(2) S.1 lit. h and i, as well as Art. 9(3) GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Art. 89(1) GDPR, insofar as the right referred to in section a) is likely to make it impossible or seriously impair the achievement of the purposes of that processing, or
(5) for the establishment, exercise, or defense of legal claims.
5. Right to Notification
If you have asserted the right to rectification, deletion, or restriction of processing against the controller, the latter is obligated to notify all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction of processing unless this proves impossible or would involve disproportionate effort.
You have the right to be informed by the controller about these recipients.
6. Right to Data Portability
You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used, and machine-readable format. You also have the right to transmit those data to another controller without obstruction by the controller to whom the personal data have been provided, provided:
(1) the processing is based on consent pursuant to Art. 6(1) S.1 lit. a GDPR or Art. 9(2) S.1 lit. a GDPR or on a contract pursuant to Art. 6(1) S.1 lit. b GDPR, and
(2) processing is carried out by automated means.
In exercising this right, you also have the right to obtain that the personal data concerning you are transmitted directly from one controller to another, where technically feasible. This must not adversely affect the freedoms and rights of others.
The right to data portability does not apply to a processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right to Object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you, which is based on Art. 6(1) S.1 lit. e or f GDPR; this includes profiling based on those provisions.
The controller will no longer process the personal data concerning you unless compelling legitimate grounds for the processing exist which override your interests, rights, and freedoms or the processing serves the establishment, exercise, or defense of legal claims.
If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing; this includes profiling to the extent it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes.
In connection with the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
8. Right to Withdraw Consent Under Data Protection Law
You have the right to withdraw your consent under data protection law at any time. The withdrawal of consent does not affect the legality of processing based on consent before its withdrawal.
9. Automated Individual Decision-Making, Including Profiling
You have the right not to be subject to a decision based solely on automated processing – including profiling – that produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:
(1) is necessary for entering into, or performance of, a contract between you and the controller,
(2) is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or
(3) is based on your explicit consent.
However, these decisions must not be based on special categories of personal data according to Art. 9(1) GDPR, unless Art. 9(2) S.1 lit. a or g GDPR applies, and suitable measures to protect the rights and freedoms and legitimate interests are implemented.
Regarding the cases mentioned in (1) and (3), the controller shall implement suitable measures to safeguard your rights, freedoms, and legitimate interests, which include at least the right to obtain human intervention on the part of the controller, to express your point of view, and to contest the decision.
10. Right to Lodge a Complaint with a Supervisory Authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant of the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
*************
Further information and explanations regarding the rights mentioned above can be found on the European Commission's website “Rights for Citizens”.
Privacy Policy according to the GDPR
I. Name and Address of the Data Controller
The data controller in terms of the General Data Protection Regulation and other national data protection laws of the Member States, as well as other data protection provisions, is:
IBIS Prof. Thome AG
Mergentheimer Str. 76a
97082 Würzburg
Telephone: +49 931 73046 500
Fax: +49 931 73046 99 500
Email: info@ibis-thome.de
Website: www.ibis-thome.de
II. Name and Address of the Data Protection Officer
The data protection officer of the data controller is:
Attorney
Konstantin Malakas
Steinbachtal 2b
97072 Würzburg
Tel. +49 931 29 98 08-0
Fax: +49 931 29 98 08-8
Email: dsb@ibis-thome.de
Websites: www.malakas.de; www.weblawyer.de
III. General Information on Data Processing
1. Scope of Processing Personal Data
We collect and use personal data of our users only as necessary to provide a functional website as well as our content and services. The collection and use of our users' personal data regularly takes place only after the user's consent. An exception applies in those cases where obtaining prior consent is factually impossible and the processing of the data is permitted by statutory regulations.
2. Legal Basis for Processing Personal Data
Insofar as we obtain the consent of the data subject for processing operations of personal data, Art. 6(1) S.1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis.
When processing personal data necessary for the performance of a contract to which the data subject is a party, Art. 6(1) S.1 lit. b GDPR serves as the legal basis. This also applies to processing operations required to carry out pre-contractual measures.
Insofar as processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6(1) S.1 lit. c GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6(1) S.1 lit. d GDPR serves as the legal basis.
If processing is necessary to protect a legitimate interest of our company or a third party, and the interests, fundamental rights, and freedoms of the data subject do not override the first-named interest, Art. 6(1) S.1 lit. f GDPR serves as the legal basis for processing.
3. Data Deletion and Storage Duration
The personal data of the data subject are deleted or blocked as soon as the purpose of storage ceases to apply. Additionally, storage can occur if this is required by the European or national legislators in EU regulations, laws, or other provisions to which the data controller is subject. Data will also be blocked or deleted if a storage period prescribed by these regulations expires, unless there is a necessity for further storage of the data for contract conclusion or performance.
IV. Provision of the Website
1. Description and Scope of Data Processing
Our website is hosted by the provider Framer (Framer B.V., Rozengracht 207B, 1016 LZ Amsterdam, Netherlands). In this context, a data processing contract has been concluded with Framer. Framer processes personal data of our website visitors only under directive and in compliance with the GDPR. Framer's privacy policy can be viewed via the following link: https://www.framer.com/legal/privacy-statement/
Each time our website is accessed, the following data and information are automatically processed by the computer system of the accessing computer:
(1) Information about the browser type and version used
(2) The user's operating system
(3) The user's Internet service provider
(4) The user's IP address
(5) Date and time of access
(6) Websites from which the user's system reaches our website
(7) Websites accessed by the user's system via our website
These data can also be stored in log files. Storage of this data together with other personal data of the user does not take place.
2. Legal Basis for Data Processing
The legal basis for temporary storage of data and log files is Art. 6(1) S.1 lit. f GDPR.
3. Purpose of Data Processing
Temporary storage of the user's IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must be stored for the duration of the session. Additionally, the data serve to ensure security, troubleshooting, and improvement of the services. An evaluation of the data for marketing purposes does not take place in this context.
4. Duration of Storage
Data are deleted as soon as they are no longer necessary for achieving the purpose of their collection.
5. Right to Object and Remedy
Data collection for provision of the website and storage of data in log files is essential for website operation. Therefore, there is no option for the user to object.
V. Use of Cookies
1. Description and Scope of Data Processing
A cookie is a small text file that a website server sends to your browser when you visit a website. This cookie contains a characteristic string that allows unique identification of the browser when the website is accessed again. Cookies generally pose no danger to your computer since they are text files and not executable programs.
When accessing our website, users are informed about the use of cookies by our cookie manager info banner, and reference is made to this privacy policy. Moreover, consents of website users are obtained and managed should third-party content be loaded or used. The cookie manager concerns the Usercentrics software, which we use as a SAAS solution from Usercentrics GmbH (Sendlinger Straße 7, 80331 München, Germany). A data processing contract has been concluded with the provider Usercentrics. Usercentrics processes personal data of our website visitors under directive and compliance with the GDPR. The data protection declaration of Usercentrics is available via the following link: https://usercentrics.com/de/datenschutzerklaerung/
Cookies, which are not technically necessary, are set only after your or by your consent. Depending on your browser settings, the cookie file is stored or rejected. If the file is stored, our web server may recognize your device again. If you do not wish this, you can deactivate cookies as described below:
Set your browser to reject our cookies if you want to use our websites without cookie functionality. The exact steps for this vary depending on the browser used, which is why we do not specify further here.
If your browser is already set to notify you each time it receives a cookie, you can decide case by case whether you want to accept the cookie. As our identification cookie must be sent anew each time one of our websites is accessed, these messages can quickly become annoying.
Therefore, we recommend setting your browser to always allow cookies from www.ibis-thome.de. You can configure this setting individually for single websites. For example, your text inputs in form fields can be saved for future queries, so that repeated input is not needed on your next visit. Naturally, we can then also present you with content tailored specifically to you.
Some elements of our website require the calling browser to be identifiable even after a page change.
Further information on the use or deactivation of cookies can be found at www.meine-cookies.org or www.youronlinechoices.com.
Cookies are distinguished into "session cookies" and "other cookies." Session cookies are absolutely necessary for the operation of the website (essential); other cookies, however, require your explicit consent.
a) Session Cookies
To make our offer as user-friendly as possible, we use session cookies. These cookies are technically necessary. The data collected from users for technically necessary settings are anonymized through technical measures. Thus, an assignment of the data to the calling user is no longer possible. The data are not stored together with other personal data of users. Session cookies have a lifespan of 24 hours.
b) Other Cookies
"Other cookies" include cookies used for market research and advertising purposes, for collecting usage statistics, for user interaction with external services (e.g., embedding third-party content), and for web tracking. No personal data are stored in these cookies either. These cookies are stored on your device between various browser sessions and can capture your settings or actions across multiple websites. However, you can withdraw your consent to the use of "other cookies" at any time.
2. Legal Basis for Data Processing
For the use of technically necessary cookies, we have a legitimate interest under Art. 6(1) lit. f GDPR. For all other cookies, we require your consent as the legal basis for data processing in accordance with Art. 6(1) S.1 lit. a GDPR.
3. Purpose of Data Processing
The purpose of using technically necessary cookies is to simplify the use of our website for users. Some functionalities of our website cannot be offered without the use of cookies. The data collected through technically necessary cookies are not used to create user profiles.
The use of cookies for analysis, marketing, and advertising takes place to improve the quality of our website and its content, analyze the use of our website, and analyze the effectiveness of advertising measures. This enables us to constantly improve our offer. We use cookies from external service providers to allow users to interact with the additional services they use.
4. Duration of Storage
Cookies are stored on the user's computer and transmitted to our site. Therefore, you as a user have full control over the use of cookies. You can deactivate or restrict the transfer of cookies by changing the settings in our cookie manager or in your Internet browser (opt-out). Already stored cookies can be deleted at any time.
Regarding the duration of data storage by external service providers and your respective rights and settings to protect your privacy, we refer you to the data protection notices of the respective service providers.
Opt-outs are stored in the cookie manager's settings. Please note that by deleting cookies, you may also delete opt-out cookies, which would negate the intended effect.
5. Right to Object and Remedy
You can deactivate the cookie settings of your browser as described in V.1 at any time. If no active deactivation is carried out, a removal is only possible by deleting it on your system. There is no right of objection for technical reasons.
Regarding the right of objection and removal options with the respective external service providers and your related rights and privacy settings, we refer you to the data protection notices of the respective service providers linked at the appropriate points.
VII. Web Analysis and Tracking
We use the following analysis and tracking tools on our website to ensure the continuous improvement of our website:
· Google Analytics (via Google Tag Manager)
· Meta Pixel
· LinkedIn Insight Tag
When accessing our website, you have the option to consent to the activation of analysis and tracking tools via the cookie manager info banner. The associated use of cookies only takes place after your consent in accordance with Art. 6(1) S.1 lit. a) GDPR. You can review your settings at any time or withdraw your consent.
Google Analytics (via Google Tag Manager)
1. Scope of Processing Personal Data
We use the analysis service "Google Analytics" from Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) for our website. This service stores cookies on users' computers (see cookies above). When individual pages of our website are accessed, the following data is generally transferred to a server at Google in the USA and stored there:
(1) The IP address of the accessing user's system
(2) The page accessed
(3) The website from which the user accessed the page (referrer)
(4) The subpages accessed from the accessed page
(5) The duration of the visit to the page
(6) The frequency of page access
(7) Search terms entered
(8) Frequency of page views
The IP anonymization on our website is activated, so your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area beforehand. Only in exceptional cases will the full IP address be transferred to a server in the USA and shortened there. We otherwise have no influence over this process. We do not know in which cases or how often the full IP address is initially transmitted.
2. Legal Basis for Processing Personal Data
Legal basis for processing the personal data of users is Art. 6(1) S.1 lit. a GDPR.
3. Purpose of Data Processing
Processing personal data of users enables us to analyze the surfing behavior of our users. By evaluating the obtained data, we can compile information on the use of individual components of our website. This helps us in constantly improving our website and its user-friendliness.
4. Duration of Storage
On our behalf, Google will use this information to evaluate your use of our website, compile reports on website activity, and provide us with additional services related to website and internet usage. The IP address transmitted by your browser in the context of Google Analytics is not combined with other data from Google.
User and event data are stored for 14 months (minimum storage period).
5. Right to Object and Remedy
Cookies are stored on the user's computer and transmitted from there to our site. Therefore, you as a user have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Already stored cookies can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, not all functions of the website may be fully usable.
We offer our users the option of opting out of the analysis process on our website. This can be done by clicking on the icon (fingerprint) at the bottom left of the website, as well as the switch for deactivation.
Your opt-out will then be stored in the cookie manager settings. Thus, our system is signaled not to save the user's data. If the user deletes the corresponding cookie from their system in between, a new opt-in cookie must be set for analysis re-activation.
You can also prevent collection of the data generated by the cookie related to your use of the website (including your IP address) by Google and the processing of these data by Google by downloading and installing the browser plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de
Meta Pixel
1. Scope of Processing Personal Data
We use the "Meta Pixel" of Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland on our website. With this pixel (JavaScript code and cookie), Facebook can track your actions on our website if you arrived via a Facebook advertisement. Facebook collects various data, such as:
· HTTP headers (IP address, web browser information, page location, document, referrer, and site visitor information)
· Pixel-specific data (Pixel ID, Facebook Cookie)
· Button click data,
· Optional values,
· Form field names (without field values).
We receive only statistical data from Facebook without any personal reference.
2. Legal Basis for Processing Personal Data
Legal basis for processing the personal data of users is Art. 6(1) S.1 lit. a GDPR.
3. Purpose of Data Processing
The Meta Pixel enables us to identify the effectiveness of a Facebook advertisement, or to determine whether it was successful (possible objectives are, for example, the download of a brochure or a click on a contact button, etc.).
4. Duration of Storage
Facebook indicates that data is stored until it is no longer needed to provide services or products to you, or until your Facebook account is deleted (see: https://de-de.facebook.com/about/privacy/ Section: "Data Storage, Decommissioning, and Deletion of Accounts" or also here: https://www.facebook.com/help/224562897555674?helpref=faq_content).
5. Right to Object and Remedy
Cookies are stored on the user's computer and transmitted from there to our site. Therefore, you as a user have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Already stored cookies can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, not all functions of the website may be fully usable.
We offer our users the option of opting out of the analysis process on our website. This can be done by clicking on the icon (fingerprint) at the bottom left of the website, as well as the switch for deactivation.
Your opt-out will then be stored in the cookie manager settings. Thus, our system is signaled not to save the user's data. If the user deletes the corresponding cookie from their system in between, a new opt-in cookie must be set for analysis re-activation.
The Facebook privacy policy can be found here: https://de-de.facebook.com/about/privacy/
To contact Facebook Ireland Ltd.'s data protection officer, Facebook has provided a form via the following link: https://www.facebook.com/help/contact/540977946302970
LinkedIn Insight Tag
1. Scope of Processing Personal Data
We use the "LinkedIn Insight Tag" from LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland on our website. The Insight-Tag sets a cookie allowing LinkedIn to track your actions on our website if you reached us via a LinkedIn advertisement. LinkedIn collects various data (see https://www.linkedin.com/help/lms/answer/a427661/linkedin-insight-tag-haufig-gestellte-fragen?lang=de) such as:
· URL,
· Referrer URL,
· IP address (shortened or hashed),
· Device and browser properties (User Agent),
· Timestamp.
However, we receive only statistical data from LinkedIn, without personal reference, as well as reports/communications on the effectiveness of advertisements.
2. Legal Basis for Processing Personal Data
Legal basis for processing personal data of users is Art. 6(1) S.1 lit. a GDPR.
3. Purpose of Data Processing
The LinkedIn Insight-Tag allows us to identify the effectiveness of a LinkedIn advertisement or to determine whether it was successful (possible objectives are, for example, the download of a brochure or a click on a contact button, etc.).
4. Duration of Storage
LinkedIn specifies that direct identifiers of members are removed within seven days to pseudonymize the data. The remaining pseudonymized data is then deleted within 180 days (see: https://www.linkedin.com/help/lms/answer/a427661/linkedin-insight-tag-haufig-gestellte-fragen?lang=de Section: "What information does my website send via this tag and how is this data used").
5. Right to Object and Remedy
Cookies are stored on the user's computer and transmitted from there to our site. Therefore, you as a user have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Already stored cookies can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, not all functions of the website may be fully usable.
We offer our users the option of opting out of the analysis process on our website. This can be done by clicking on the icon (fingerprint) at the bottom left of the website, as well as the switch for deactivation.
Your opt-out will then be stored in the cookie manager settings. Thus, our system is signaled not to save the user's data. If the user deletes the corresponding cookie from their system in between, a new opt-in cookie must be set for analysis re-activation.
The LinkedIn privacy policy can be found here: https://www.linkedin.com/legal/privacy-policy
To contact the data protection officer of LinkedIn Ireland Unlimited Company, LinkedIn has provided a form via the following link: https://www.linkedin.com/help/linkedin/ask/TSO-DPO
VII. Social Media Presence
You can also find our company's services on social online networks/video platforms that other companies offer online (Facebook, Google, YouTube, Vimeo, LinkedIn, XING).
These services can only be used if you are registered and logged in to the respective social network.
Under the following links, you will find privacy policies for our presences on these platforms:
· Facebook/Instagram: [www.ibis-thome.de/datenschutzerklärung-facebook]
· LinkedIn: [www.ibis-thome.de/datenschutzerklärung-linkedin]
IX. Rights of the Data Subject
If personal data concerning you is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the data controller:
1. Right to Information
You can request confirmation from the data controller as to whether personal data concerning you is being processed by us.
If such processing is present, you can request information from the data controller about the following:
(1) the purposes for which the personal data are processed;
(2) the categories of personal data being processed;
(3) the recipients or categories of recipients to whom the personal data concerning you have been disclosed or will be disclosed;
(4) the planned duration of storage of the personal data concerning you or, if specific details are not possible here, criteria for determining the storage duration;
(5) the existence of a right to rectification or deletion of the personal data concerning you, a right to restrict processing by the controller, or a right to object to such processing;
(6) the existence of a right to lodge a complaint with a supervisory authority;
(7) all available information about the data source if the personal data were not collected from the data subject;
(8) the existence of automated decision-making, including profiling, according to Art. 22(1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved as well as the scope and intended effects of such processing for the data subject.
You have the right to request information about whether the personal data concerning you have been transferred to a third country or an international organization. In this context, you can request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.
2. Right to Rectification
You have the right to rectification and/or completion if the personal data concerning you being processed is incorrect or incomplete. The controller must make the rectification without delay.
3. Right to Restriction of Processing
Under the following conditions, you can request restriction of the processing of the personal data concerning you:
(1) if you contest the accuracy of the personal data concerning you for a duration that enables the controller to verify the accuracy of the personal data;
(2) the processing is unlawful, and you oppose deletion of the personal data and request the restriction of their use instead;
(3) the controller no longer needs the personal data for the purposes of processing, but you need them for establishing, exercising, or defending legal claims, or
(4) if you have objected to processing pursuant to Art. 21(1) GDPR, and it has not yet been determined whether the legitimate grounds of the controller override your reasons.
If the processing of personal data concerning you has been restricted, these data – apart from being stored – may only be processed with your consent or for the establishment, exercise, or defense of legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.
If the restriction of processing is lifted according to the abovementioned conditions, you will be informed by the controller before the restriction is lifted.
4. Right to Deletion
a) Deletion Obligation
You can request the controller to delete the personal data concerning you without delay, and the controller is obligated to delete this data immediately if one of the following reasons applies:
(1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
(2) You withdraw your consent on which the processing is based according to Art. 6(1) S.1 lit. a or Art. 9(2) S.1 lit. a GDPR, and there is no other legal basis for processing.
(3) You object to processing pursuant to Art. 21(1) GDPR, and there are no overriding legitimate grounds for processing, or you object to processing pursuant to Art. 21(2) GDPR.
(4) The personal data concerning you has been unlawfully processed.
(5) Deletion of personal data concerning you is necessary to fulfill a legal obligation under Union or Member State law to which the controller is subject.
(6) The personal data concerning you was collected in relation to information society services offered pursuant to Art. 8(1) GDPR.
b) Information to Third Parties
If the controller makes the personal data concerning you public and is obligated under Art. 17(1) GDPR to delete such data, the controller shall take reasonable measures, including technical means, considering the available technology and the implementation costs, to inform controllers processing the personal data that you, as the data subject, have requested deletion of all links to, or copies or replications of, those personal data.
c) Exceptions
The right to deletion does not exist insofar as processing is necessary:
(1) for exercising the right to freedom of expression and information;
(2) for compliance with a legal obligation that requires processing under Union or Member State law to which the controller is subject or for performing a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health according to Art. 9(2) S.1 lit. h and i, as well as Art. 9(3) GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Art. 89(1) GDPR, insofar as the right referred to in section a) is likely to make it impossible or seriously impair the achievement of the purposes of that processing, or
(5) for the establishment, exercise, or defense of legal claims.
5. Right to Notification
If you have asserted the right to rectification, deletion, or restriction of processing against the controller, the latter is obligated to notify all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction of processing unless this proves impossible or would involve disproportionate effort.
You have the right to be informed by the controller about these recipients.
6. Right to Data Portability
You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used, and machine-readable format. You also have the right to transmit those data to another controller without obstruction by the controller to whom the personal data have been provided, provided:
(1) the processing is based on consent pursuant to Art. 6(1) S.1 lit. a GDPR or Art. 9(2) S.1 lit. a GDPR or on a contract pursuant to Art. 6(1) S.1 lit. b GDPR, and
(2) processing is carried out by automated means.
In exercising this right, you also have the right to obtain that the personal data concerning you are transmitted directly from one controller to another, where technically feasible. This must not adversely affect the freedoms and rights of others.
The right to data portability does not apply to a processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right to Object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you, which is based on Art. 6(1) S.1 lit. e or f GDPR; this includes profiling based on those provisions.
The controller will no longer process the personal data concerning you unless compelling legitimate grounds for the processing exist which override your interests, rights, and freedoms or the processing serves the establishment, exercise, or defense of legal claims.
If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing; this includes profiling to the extent it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes.
In connection with the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
8. Right to Withdraw Consent Under Data Protection Law
You have the right to withdraw your consent under data protection law at any time. The withdrawal of consent does not affect the legality of processing based on consent before its withdrawal.
9. Automated Individual Decision-Making, Including Profiling
You have the right not to be subject to a decision based solely on automated processing – including profiling – that produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:
(1) is necessary for entering into, or performance of, a contract between you and the controller,
(2) is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or
(3) is based on your explicit consent.
However, these decisions must not be based on special categories of personal data according to Art. 9(1) GDPR, unless Art. 9(2) S.1 lit. a or g GDPR applies, and suitable measures to protect the rights and freedoms and legitimate interests are implemented.
Regarding the cases mentioned in (1) and (3), the controller shall implement suitable measures to safeguard your rights, freedoms, and legitimate interests, which include at least the right to obtain human intervention on the part of the controller, to express your point of view, and to contest the decision.
10. Right to Lodge a Complaint with a Supervisory Authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant of the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
*************
Further information and explanations regarding the rights mentioned above can be found on the European Commission's website “Rights for Citizens”.
IBIS Prof. Thome AG
Mergentheimer Str. 76a
97082 Würzburg
Solutions
©2025 IBIS Prof. Thome AG
IBIS Prof. Thome AG
Mergentheimer Str. 76a
97082 Würzburg
Solutions
IBIS Prof. Thome AG
Mergentheimer Str. 76a
97082 Würzburg
Solutions
Company
IBIS Prof. Thome AG
Mergentheimer Str. 76a
97082 Würzburg
©2025 IBIS Prof. Thome AG
©2025 IBIS Prof. Thome AG
©2025 IBIS Prof. Thome AG