IBIS Prof. Thome AG – Experts in SAP Analyses & ESG Compliance

// IBIS PROF. THOME AG

IBIS Prof. Thome AG
Mergentheimer Straße 76a

97082 Würzburg

// IBIS PROF. THOME AG

Privacy Policy Social Media (LinkedIn)

You can also find our company on social networks where we maintain a corporate presence. We generally collect and use personal data of our users only to the extent necessary to provide our content and services. The collection and use of personal data of our users usually takes place only after the user's consent. An exception applies in cases where obtaining prior consent is not possible for factual reasons and the processing of data is permitted by statutory regulations.

Name and Address of the Joint Controllers
Jointly responsible for data processing for the operation of our LinkedIn company presence are:

LinkedIn Ireland Unlimited Company
(hereinafter referred to as “Platform Operator”)
Wilton Place
Dublin 2 Ireland

– and –

IBIS Prof. Thome AG
(hereinafter referred to as “IBIS”)
Mergentheimer Str. 76a
97082 Würzburg
Phone: +49 931 73046 500
Fax: +49 931 73046 99 500
Email: info@ibis-thome.de
Website: www.ibis-thome.de

Name and Address of the Data Protection Officer
Contact for the Data Protection Officer of LinkedIn: https://www.linkedin.com/help/linkedin/ask/TSO-DPO

LinkedIn Privacy Policy: https://de.linkedin.com/legal/privacy-policy

–

Contact for the Data Protection Officer of IBIS Prof. Thome AG:

Attorney
Konstantin Malakas
Steinbachtal 2b
97072 Würzburg
Phone: +49 931 29 98 08 – 0
Fax: +49 931 29 98 08 – 8
Email: dsb@ibis-thome.de
Websites: www.malakas.de; www.weblawyer.de

III. Provision of Services and Creation of Logfiles

Description and Scope of Data Processing

By accessing the platform of the Platform Operator, you technically transmit, among other things, the following data to its server, which are stored in a logfile by the Platform Operator:

Information about the browser type and version used
The operating system of the user
The Internet service provider of the user
The IP address of the user
Date and time of access
Websites from which the user’s system accesses our website
Websites that are accessed by the user’s system via our website

However, IBIS does not have access to this data. Instead, the Platform Operator provides IBIS with pseudonymized statistics, through which IBIS can draw conclusions about the usage of the corporate presence and the success of advertising measures. To create these statistics, the Platform Operator processes personal data.

Based on these statistics, IBIS cannot draw any conclusions about individual persons, as additional information that would allow the data to be assigned to a specific affected person is not available to IBIS in the context of the analysis. The Platform Operator has provided further information on the scope of the data processing under the following link: https://de.linkedin.com/legal/privacy-policy

When you interact with us on LinkedIn (e.g., send us a message; contact the sales team via button; comment on posts, etc.), we can view personal data from you (your profile name on the Platform Operator, possibly your profile photo, possibly your email address, possibly your job title, possibly the company name linked to your profile, date information or possibly other data you have released on LinkedIn or transmitted to us via message), and this leads directly to data processing by us.

Please note that according to LinkedIn’s privacy policy, personal data is also processed by the Platform Operator in the USA or other third countries. LinkedIn states in its declaration that personal data is only transferred to countries for which an adequacy decision by the European Commission pursuant to Art. 45 GDPR is available or on the basis of appropriate guarantees pursuant to Art. 46 GDPR (https://www.linkedin.com/help/linkedin/answer/62533?trk=microsites-frontend_legal_privacy-policy&lang=de).

Furthermore, there is an agreement on data processing between us and the Platform Operator, which can be accessed here: https://legal.linkedin.com/dpa/DE

Legal Basis for the Processing of Personal Data

The legal basis for the processing of the personal data of the users is Art. 6 Para. 1 S.1 lit. a GDPR.

The information provided by LinkedIn regarding the legal bases of the processing of personal data can be viewed at https://de.linkedin.com/legal/privacy-policy (Section 5.3).

Purpose of Data Processing
Our purpose for the data processing on our social media presence is the dissemination of information about our product and service offerings as well as the possibility of exchanging with the users of the social network.

IBIS uses the statistics (Insights) provided by LinkedIn to analyze user behavior, reach, effectiveness of posts/advertisements, etc. The insights gained from this feed into the development of our product and service offerings. The legal basis for IBIS – both for using the statistics and for interacting with LinkedIn users – is therefore, in addition to consent, the pursuit of our legitimate interest pursuant to Art. 6 Para. 1 S.1 lit. f., insofar as your interests, fundamental rights, and freedoms do not prevail.

If IBIS publishes photos of individuals on the company presence, this is done on the legal basis of prior consent (Art. 6 Para. 1 lit. a GDPR) or a contractual agreement (Art. 6 Para. 1 lit. b GDPR).

Retention Period
The personal data of the affected person will be deleted or blocked as soon as the purpose of the storage ceases to apply. Further storage may take place if this is provided for by the European or national legislator in Union regulations, laws, or other provisions to which the Controller is subject. A block or deletion of the data also occurs if a storage period prescribed by the mentioned standards expires, unless there is a necessity for further storage of the data for a contract conclusion or contract fulfillment.

For information on data storage by the Platform Operator, please refer to its privacy policy available at https://de.linkedin.com/legal/privacy-policy.

Objection and Removal Options
For contacting the Data Protection Officer of LinkedIn Ireland Unlimited Company, the Platform Operator has provided a form at the following link: https://www.linkedin.com/help/linkedin/ask/TSO-DPO
Cookies

Cookies are used on LinkedIn for various purposes. These can include both

technically necessary cookies and
cookies for market research and advertising purposes, for collecting usage statistics, for user interaction with external services (e.g., for embedding third-party content), for web tracking, etc.

over which IBIS has no control. The platform operator has provided further information on the use of cookies on its website, which can be accessed at https://de.linkedin.com/legal/cookie-policy. For cookies that IBIS uses on the website, we refer to our privacy policy (https://ibis-thome.de/datenschutz/).

Rights of the Affected Person
If personal data concerning you are processed, you are a data subject within the meaning of the GDPR, and you have the following rights against the Controller:
Right to Information
You can request confirmation from the Controller as to whether personal data concerning you is being processed by us.
If such processing is taking place, you can request information from the Controller about the following:
(1) the purposes for which the personal data are processed;
(2) the categories of personal data that are processed;
(3) the recipients or categories of recipients to whom the personal data concerning you have been disclosed or will be disclosed;
(4) the planned duration of the storage of the personal data concerning you or, if specific information is not possible, criteria for determining the storage duration;
(5) the existence of a right to correction or deletion of personal data concerning you, a right to restrict processing by the Controller, or a right to object to this processing;
(6) the existence of a right to lodge a complaint with a supervisory authority;
(7) all available information about the origin of the data if the personal data are not collected from the data subject;
(8) the existence of automatic decision-making including profiling according to Art. 22 Para. 1 and 4 GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
You have the right to request information about whether personal data concerning you have been transferred to a third country or an international organization. In this context, you can request to be informed about the appropriate guarantees acc. to Art. 46 GDPR in connection with the transmission.
Right to Correction
You have the right to correction and/or completion against the Controller if the processed personal data concerning you are incorrect or incomplete. The Controller must make the correction without delay.
Right to Restriction of Processing
You can demand the restriction of the processing of the personal data concerning you under the following conditions:
(1) if you dispute the accuracy of the personal data concerning you for a period that enables the Controller to verify the accuracy of the personal data;
(2) if the processing is unlawful and you oppose the deletion of the personal data and instead demand the restriction of the use of the personal data;
(3) if the Controller no longer needs the personal data for processing purposes, but you need them for the assertion, exercise, or defense of legal claims, or
(4) if you have objected to the processing per Art. 21 Para. 1 GDPR and it is not yet clear whether the legitimate reasons of the Controller prevail over your reasons.
If the processing of the personal data concerning you has been restricted, these data - apart from their storage - may only be processed with your consent or for the establishment, exercise, or defense of legal claims or to protect the rights of another natural or legal person or for reasons of an important public interest of the Union or a Member State.
If the restriction of processing per the aforementioned conditions has been restricted, you will be informed by the Controller before the restriction is lifted.
Right to Deletion
a) Obligation to Delete
You can demand that the Controller deletes the personal data concerning you immediately, and the Controller is obliged to delete these data immediately if one of the following reasons applies:
(1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
(2) You withdraw your consent on which the processing per. Art. 6 Para. 1 S.1 lit. a or Art. 9 Para. 2 S.1 lit. a GDPR was based, and there is no other legal basis for the processing.
(3) You object to the processing per Art. 21 Para. 1 GDPR, and there are no overriding legitimate grounds for the processing, or you object to the processing per Art. 21 Para. 2 GDPR.
(4) The personal data concerning you have been unlawfully processed.
(5) The deletion of personal data concerning you is necessary to fulfill a legal obligation under Union or Member State law to which the Controller is subject.
(6) The personal data concerning you have been collected about the services offered by the information society in accordance with Art. 8 Para. 1 GDPR.
b) Information to Third Parties
If the Controller has made the personal data concerning you public and is required to delete them per Art. 17 Para. 1 GDPR, he shall take appropriate measures, including technical means, considering the available technology and the cost of implementation, to inform Controllers who process the personal data that you, as the data subject, have requested the deletion of all links to these personal data or copies or replications of these personal data.
c) Exceptions
The right to deletion does not exist if processing is necessary
(1) for the exercise of the right to freedom of expression and information;
(2) to fulfill a legal obligation, which requires processing under the law of the Union or Member States to which the Controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
(3) for reasons of public interest in the area of public health per Art. 9 Para. 2 S.1 lit. h and i, and Art. 9 Para. 3 GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes, or for statistical purposes per Art. 89 Para. 1 GDPR, insofar as the right mentioned in a is likely to make the achievement of the objectives of this processing impossible or seriously impair it, or
(5) for the assertion, exercise, or defense of legal claims.
Right to Notification
If you have asserted the right to correction, deletion, or restriction of processing against the Controller, the Controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction of processing unless this proves impossible or involves disproportionate effort.
You have the right to be informed by the Controller about these recipients.
Right to Data Portability
You have the right to receive the personal data concerning you, which you have provided to the Controller, in a structured, commonly used, and machine-readable format. You also have the right to transmit these data to another Controller without hindrance from the Controller to whom the personal data were provided if
(1) the processing is based on consent per Art. 6 Para. 1 S.1 lit. a GDPR or Art. 9 Para. 2 S.1 lit. a GDPR or on a contract per Art. 6 Para. 1 S.1 lit. b GDPR and
(2) the processing is carried out using automated procedures.
In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one Controller to another Controller, insofar as this is technically feasible. Freedoms and rights of other persons may not be affected by this.
The right to data portability does not apply to a processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.
Right to Object
You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you, which is conducted based on Art. 6 Para. 1 S.1 lit. e or f GDPR; including profiling based on those provisions.
The Controller shall no longer process the personal data concerning you unless he can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is for the establishment, exercise or defense of legal claims.
If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
You have the possibility, in connection with the use of information society services – notwithstanding Directive 2002/58/EC – to exercise your right to object through automated means using technical specifications.
Right to Withdraw Consent to Data Protection Declaration
You have the right to withdraw your consent to the data protection declaration at any time. The withdrawl of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Automated Decisions on a Case-by-Case Basis Including Profiling
You have the right not to be subject to a decision based solely on automated processing – including profiling – that produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
(1) is necessary for entering into, or performance of, a contract between you and the data Controller,
(2) is authorized by Union or Member State law to which the Controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests or
(3) is based on your explicit consent.
However, such decisions may not be based on special categories of personal data referred to in Art. 9 Para. 1 GDPR unless Art. 9 Para. 2 S.1 lit. a or g GDPR applies and suitable measures to safeguard your rights, freedoms, and legitimate interests are in place.
With regard to the instances referred to in (1) and (3), the Controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
Right to File a Complaint with a Supervisory Authority
Without prejudice to any other available administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of personal data concerning you infringes the GDPR.
The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.

*************

You may also directly contact the Platform Operator if it concerns data processing by the Platform Operator. The contact options can be found in section I of this declaration.

Further information and explanations regarding the above rights can be found on the website of the European Commission under “Rights for Citizens”.

IBIS Prof. Thome AG
Mergentheimer Straße 76a
97082 Würzburg

Privacy Policy according to the GDPR

I. Name and Address of the Data Controller

The data controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

IBIS Prof. Thome AG
Mergentheimer Str. 76a
97082 Würzburg
Phone: +49 931 73046 500
Fax: +49 931 73046 99 500
E-mail: info@ibis-thome.de
Website: https://ibis-thome.de/

II. Name and Address of the Data Protection Officer

The Data Protection Officer of the data controller is:

Lawyer
Konstantin Malakas
Steinbachtal 2b
97072 Würzburg
Tel. +49 931 29 98 08 – 0
Fax: +49 931 29 98 08 – 8
E-mail: dsb@ibis-thome.de
Website: www.malakas.de

III. General Information on Data Processing

Scope of processing personal data

We collect and use personal data of our users only to the extent that this is necessary for providing a functional website as well as our content and services. The collection and use of personal data of our users usually only occurs with the user’s consent. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by legal regulations.

Legal basis for processing personal data

If we obtain the consent of the data subject for processing operations involving personal data, Article 6 para. 1 s.1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis.

In the case of processing personal data necessary for the performance of a contract to which the data subject is a party, Article 6 para. 1 s.1 lit. b GDPR serves as the legal basis. This is also applicable to processing operations necessary for carrying out pre-contractual measures.

If the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Article 6 para. 1 s.1 lit. c GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6 para. 1 s.1 lit. d GDPR serves as the legal basis.

If the processing is necessary for the purposes of the legitimate interests pursued by our company or a third party and if the interests, fundamental rights, and freedoms of the data subject do not outweigh the former interest, Article 6 para. 1 s.1 lit. f GDPR serves as the legal basis for the processing.

Data deletion and storage duration

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Further storage may occur if this is provided for by the European or national legislator in union law regulations, laws, or other provisions to which the data controller is subject. A blocking or deletion of the data also occurs when a storage period prescribed by the aforementioned regulations expires, unless there is a necessity for further storage of the data for a contract conclusion or contract fulfillment.

IV. Provision of the Website and Creation of Logfiles

Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.

The following data is collected:

(1) Information about the browser type and version used

(2) The operating system of the user

(3) The internet service provider of the user

(4) The IP address of the user

(5) Date and time of access

(6) Websites from which the user’s system accessed our website

(7) Websites accessed by the user’s system via our website

The data is also stored in the log files of our system. A storage of these data together with other personal data of the user does not take place.

Legal basis for data processing

The legal basis for the temporary storage of data and log files is Article 6 para. 1 s.1 lit. f GDPR.

Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable the delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.
The storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimize the website and ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
Our legitimate interest in data processing according to Article 6 para. 1 s.1 lit. f GDPR also lies in these purposes.

Duration of storage

The data will be deleted as soon as they are no longer necessary for the purpose of their collection. In the case of the collection of data for the provision of the website, this is the case when the respective session is terminated.
In the case of storage of data in log files, this is the case after 14 days. Further storage is possible. In this case, the IP addresses of the users are pseudonymized or anonymized, so that an allocation of the accessing client is no longer possible.

Right to object and removal possibility

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.

V. Use of Cookies

Description and scope of data processing

A cookie is a small text file that our web server, IBIS Prof. Thome AG (for example, the web server of www.ibis-thome.de), sends to your browser when you visit a web page. This cookie contains a characteristic string that enables the unique identification of the browser when the website is called up again. In principle, cookies do not pose a threat to your computer, as they are merely text files and not executable programs.

When you access our website, users are informed through the info banner of our cookie manager about the use of cookies and referred to this privacy policy. Cookies are only set after your consent or through your consent. You can view your settings at any time or revoke your consent via the following link:

Edit cookie settings

Depending on the setting of your browser, the cookie file will be saved or rejected. If the file is saved, our web server can recognize your device again. If you do not want this, you can deactivate the cookies as described below:

Set your browser to refuse our cookies if you wish to use our web pages without cookie functionality. The exact steps you need to take for this vary depending on the browser used, which is why we cannot describe this in detail at this point.

If your browser is already set to show a warning message every time it receives a cookie, you can decide from case to case whether you want to accept the cookie being set. Since our identification cookie must be sent again with each individual page of our website being accessed, these messages can quickly be perceived as very annoying.
We therefore recommend that you adjust your browser to always allow cookies from www.ibis-thome.de. You can individually set this option for individual web pages. In this case, for example, your text entries in form fields can be saved for further queries so that repeated entries are not required on your next visit to our web pages. Of course, we can then also provide you with tailored content.
Some elements of our website require that the accessing browser can also be identified after a page change.

For more information on the use or deactivation of cookies, please visit www.meine-cookies.org or www.youronlinechoices.com.

Cookies are distinguished between “session cookies” and “other cookies.” Session cookies are absolutely necessary for the operation of the website; other cookies require your explicit consent.

a) Session Cookies

To make our offer as user-friendly as possible, we use session cookies. These cookies are technically necessary and store, for example, your cookie preferences/consents or the language setting of the website. The data collected in this way about users for technically necessary settings is anonymized by technical measures. Therefore, an allocation of the data to the accessing user is no longer possible. The data is not stored together with other personal data of the users. Session cookies expire at the end of the browser session and are automatically deleted after leaving our website.

b) Other Cookies

The “other cookies” include cookies used for market research and advertising purposes, to collect usage statistics, to interact with external services (e.g., to integrate third-party content), and for web tracking. No personal data is also stored in these cookies. These cookies remain stored on your device between different browser sessions and can capture your settings or actions across multiple websites. However, you can revoke your consent to the use of “other cookies” at any time.

Legal basis for data processing

For the use of technically necessary cookies, we have a legitimate interest according to Article 6 para. 1 lit. f GDPR. For all other cookies, we require your consent as the legal basis for processing the data according to Article 6 para. 1 s.1 lit. a GDPR.

Purpose of data processing

The purpose of using technically necessary cookies is to simplify the use of the website for users. Some functions of our website cannot be offered without the use of cookies. The user data collected through technically necessary cookies is not used to create user profiles.

The use of cookies for analysis, marketing, and advertising purposes is intended to improve the quality of our website and its content, to analyze the use of our website, and to analyze the effectiveness of advertising measures. This allows us to continuously improve our offerings. We use cookies from external service providers to give users the opportunity to interact with the additional services they use.

Duration of storage

Cookies are stored on the user's computer and transmitted to our site by them. Therefore, as a user, you also have full control over the use of cookies. By changing the settings in our Cookie Manager or in your internet browser, you can disable or restrict the transfer of cookies (Opt-Out). Already stored cookies can be deleted at any time.

Regarding the duration of data storage by external service providers, as well as your related rights and options for protecting your privacy, we refer you to the privacy notices of the respective service providers at the appropriate location.
Opt-Outs are saved in the settings of the cookie manager. Please note that deleting cookies may also delete Opt-Out cookies, which would negate the desired effect.

Right to object and removal possibility

You always have the option to deactivate the cookie settings of your browser as described in V. 1. Active deactivation is only possible by deleting it from your system. There is no right of objection for technical reasons.
Regarding the objection and deletion options with respect to the respective external service providers, as well as your related rights and options for protecting your privacy, we refer you to the links provided at the appropriate places to the privacy notices of the respective service providers.

VI. Contact Form and Email Contact

Description and scope of data processing

We have contact forms on our website which can be used for electronic contact. If a user takes advantage of these options, the data entered in the input mask will be transmitted to us and saved. This data includes:

(1) Name (required field)

(2) E-mail address (required field)

(3) Your message (required field)

At the time the message is sent, the following data is also saved:

(1) The IP address of the user

(2) Date and time of contact and submission of the contact form

For processing the data, your consent is obtained as part of the submission process, and you are referred to this privacy policy. Alternatively, contact can be made via the provided email address. In this case, the personal data transmitted with the email will be stored. There will be no transfer of the data to third parties outside of IBIS Prof. Thome AG in this context. The data will be used exclusively for processing the correspondence.

Legal basis for data processing

The legal basis for processing the data is, in the presence of the user's consent, Article 6 para. 1 s.1 lit. a GDPR.

The legal basis for processing the data transmitted in the course of sending an email is Article 6 para. 1 s.1 lit. f GDPR. If the email contact aims at the conclusion of a contract, then an additional legal basis for processing is Article 6 para. 1 s.1 lit. b GDPR.

Purpose of data processing

The processing of personal data from the input mask serves solely to process the contact request. In the case of contact by email, it also lies in a necessary legitimate interest in processing the data.
The other personal data processed during the submission process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.

Duration of storage

The data will be deleted as soon as they are no longer necessary for the purpose of their collection. For the personal data from the input mask of the contact form and those sent via email, this is the case when the respective correspondence with the user is completed. The correspondence is deemed complete when it can be inferred from the circumstances that the matter in question has been conclusively clarified.
The additional personal data collected during the submission process will be deleted no later than after a period of 14 days.

Right to object and deletion possibility

The user has the right to revoke their consent to the processing of personal data at any time. If the user contacts us via email, they can object to the storage of their personal data at any time. In such a case, the correspondence cannot be continued. Please send us your deletion request via email to info@ibis-thome.de.

All personal data stored during the contact process will be deleted in this case.

VII. Web Analysis and Tracking

We use the following analysis and tracking tools on our website to ensure the continuous improvement of our website:

Matomo

When you visit our website, you have the option with the info banner of our cookie manager to consent to the activation of analysis and tracking tools. The associated use of cookies only occurs after your consent or through your consent according to Article 6 para. 1 s. 1 lit. a) GDPR. You can view your settings at any time or revoke your consent via the following link: Cookie Settings

Matomo

Scope of processing personal data

We use the software tool Matomo ( https://matomo.org/) hosted on our servers in Würzburg to analyze the surfing behavior of our users. The software sets a cookie on the user's computer (see cookies above). When individual pages of our website are accessed, the following data is stored:

(1) Three bytes of the IP address of the accessing system of the user (xxx.xxx.xxx.???)

(2) The accessed website

(3) The website from which the user came to the accessed website (referrer)

(4) The subpages accessed from the accessed website

(5) The duration of stay on the website

(6) The frequency of access to the website

(7) Entered search terms

(8) Frequency of page views

The evaluation software runs exclusively on the servers we operate. The storage of personal data of users does not take place, as the IP address is anonymized. The software is configured so that the IP addresses are not fully stored, but 1 byte of the IP address is masked (e.g., xxx.xxx.xxx.???). In this way, an assignment of the truncated IP address to the accessing computer is no longer possible.
There is no transfer of the data to third parties.

Legal basis for processing personal data

The legal basis for processing the personal data of users is Article 6 para. 1 s.1 lit. a GDPR.

Purpose of data processing

The processing of users' personal data, which occurs at the earliest possible time in anonymized form, enables us to analyze the surfing behavior of our users. By evaluating the obtained data, we can compile information about the use of the individual components of our website. This helps us to constantly improve our website and its user-friendliness.

Duration of storage

Since the data is anonymized, it is not deleted but is permanently available for evaluation purposes. A conclusion about an individual user is not possible. Matomo has committed to never merge collected data with other data stocks, e.g., to establish a personal reference (cf. https://matomo.org/privacy/ ).

Right to object and removal possibility

The Matomo cookies are stored on the user's computer and transmitted by them to our site. Therefore, as a user, you also have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transfer of cookies. Already stored cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, not all functions of the website may be fully utilized. We offer our users the option to opt-out of the analysis process on our website by clicking on the following link:

Matomo

Your opt-out is then stored in the settings of the cookie manager. This signals our system not to store the user's data. If the user then deletes the corresponding cookie from their system in the meantime, a new opt-in cookie must be set for the analysis to be activated.

For more information about the privacy settings of the Matomo software, please visit the following link: https://matomo.org/privacy/

VIII. Integration of Third-Party Content

Scope of processing personal data

We integrate third-party content such as from video platforms, online map services, social media platforms, etc. on www.ibis-thome.de. These third-party providers can set cookies while you visit our websites and thereby receive information that you accessed our websites at www.ibis-thome.de. Please visit the third-party providers' websites for more information on their use of cookies. If you decide not to give consent to the use of third-party content or to revoking it (by deactivating cookies), only the functions of our website that we can ensure without these cookies will be made available to you. You may then not be able to use the contents of the following service providers on our website.

If you access one of our web pages containing components of the following service providers, and if you have previously given consent via the Cookie Manager , your browser builds a direct connection with the servers of the respective service provider. The content of the component is transmitted directly from the service provider to your browser and integrated into the website.

We have no influence on the extent of the data that the service providers collect and therefore inform you accordingly based on our current knowledge: By embedding the component, the respective service provider receives the following information:

URL,
Referrer URL,
IP address,
Device and browser properties,
Timestamp.

If you are a member of the respective service provider and are logged in, they can assign the visit to your account there. If you interact with the content, the corresponding information is transmitted directly from your browser to the respective service provider and stored there. If you do not want such a transfer of this information, you can prevent this transfer by logging out of your respective account with the service provider before accessing our web pages. We suspect that the respective service provider stores your IP address (possibly also on a server located in the USA), even if you are not a member of a service provider.

For more information on the purpose and extent of data collection and the further processing and use of the data as well as your options for protecting your privacy, please refer to the respective privacy policies of the service providers.

a) YouTube

We embed videos from YouTube on our website using iFrame. The embedding is done in the “extended privacy mode of YouTube.” The operator of YouTube is Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland).
Link to the privacy policy of the service provider: https://www.google.com/intl/en/policies/privacy/

b) Vimeo

We embed videos from Vimeo on our website using iFrame. The operator of Vimeo is Vimeo, LLC (555 West 18th Street, New York, New York 10011).

Link to the privacy policy of the service provider: https://vimeo.com/privacy

Legal basis for data processing

The legal basis for data processing is, in the presence of user consent, Article 6 para. 1 s.1 lit. a GDPR.

Purpose of data processing

We embed third-party content on our website to provide you with useful content and communication opportunities.

Duration of storage

Cookies are stored on the user's computer and transmitted to our site by them. Although you have full control over the use of cookies, we cannot guarantee that no unlawful transfer of personal data occurs when using these services, as we have no technical means of permanently monitoring the data transmitted from our websites to such service providers. By changing the settings in your internet browser, you can disable or restrict the transfer of cookies. Already stored cookies can be deleted at any time.

With regard to the data storage by the respective external service provider and your related rights and options for protecting your privacy, we refer to the links provided above to the privacy notices of the respective service providers.

Right to object and removal possibility

You always have the option to deactivate the cookie settings of your browser as described in V. 1. You can revoke your consent to embed third-party content on our website at any time via the Cookie Manager . If no active deactivation occurs, removal is only possible by deleting it from your system. There is no right of objection for technical reasons. Regarding the objection and removal options with respect to the respective external service providers, as well as your related rights and options for protecting your privacy, we refer you to the links provided above to the privacy notices of the respective service providers.

IX. Rights of the Data Subject

If personal data is processed by you, you are considered a data subject as defined by the GDPR and have the following rights against the data controller:

Right to information

You can request confirmation from the data controller as to whether personal data relating to you is being processed by us.
If such processing occurs, you can request the data controller to provide you with the following information:

(1) the purposes for which the personal data is processed;

(2) the categories of personal data which are processed;

(3) the recipients or the categories of recipients to whom the personal data concerning you has been disclosed or will be disclosed;

(4) the planned duration of storage of the personal data concerning you or, if concrete details are not possible, criteria for determining the storage duration;

(5) the existence of a right to rectification or deletion of the personal data concerning you, a right to restriction of processing by the data controller, or a right to object to this processing;

(6) the existence of a right to lodge a complaint with a supervisory authority;

(7) all available information about the origin of the data, if the personal data has not been collected from the data subject;

(8) the existence of automated decision-making including profiling according to Article 22 para. 1 and 4 GDPR and – at least in these cases – meaningful information about the involved logic as well as the significance and the intended effects of such processing for the data subject.

You have the right to request information as to whether the personal data concerning you is being transferred to a third country or to an international organization. In this context, you may request to be informed about the appropriate safeguards according to Article 46 GDPR in connection with the transfer.

Right to rectification

You have the right to request rectification and/or completion from the data controller, provided the personal data concerning you is inaccurate or incomplete. The data controller shall make the correction without delay.

Right to restriction of processing

Under the following conditions, you can request the restriction of processing of the personal data concerning you:

(1) if you contest the accuracy of the personal data concerning you for a duration that enables the data controller to verify the accuracy of the personal data;

(2) the processing is unlawful and you refuse the deletion of the personal data and instead request the restriction of the use of the personal data;

(3) the data controller no longer needs the personal data for the purposes of processing, but you need it for the establishment, exercise, or defense of legal claims, or

(4) if you have objected to the processing according to Article 21 para. 1 GDPR and it is not yet clear whether the legitimate grounds of the data controller override your grounds.

If the processing of the personal data concerning you has been restricted, these data – aside from their storage – may only be processed with your consent or for the establishment, exercise, or defense of legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or a member state.

If the restriction of processing has been imposed under the aforementioned conditions, you will be informed by the data controller before the restriction is lifted.

Right to deletion

a) Deletion obligation

You can request the data controller to delete the personal data concerning you without delay, and the data controller is obliged to delete this data without delay if one of the following reasons applies:

(1) The personal data concerning you is no longer necessary for the purposes for which it was collected or processed in any other manner.

(2) You revoke your consent on which the processing is based according to Article 6 para. 1 s.1 lit. a or Article 9 para. 2 s.1 lit. a GDPR, and there is no other legal basis for the processing.

(3) You lodge an objection against the processing according to Article 21 para. 1 GDPR and there are no overriding legitimate grounds for the processing, or you lodge an objection against the processing according to Article 21 para. 2 GDPR.

(4) The personal data concerning you has been processed unlawfully.

(5) The deletion of the personal data concerning you is necessary for the fulfillment of a legal obligation under Union law or the law of the member states to which the data controller is subject.

(6) The personal data concerning you has been collected in relation to the offer of services of the information society according to Article 8 para. 1 GDPR.

b) Information to third parties

If the data controller has made the personal data concerning you public and is obliged to delete it according to Article 17 para. 1 GDPR, it takes reasonable steps, taking into account available technology and implementation costs, including technical measures, to inform the data controllers processing the personal data about your request to delete all links to these personal data or copies or replications of these personal data.

c) Exceptions

The right to deletion does not exist insofar as the processing is necessary

(1) for exercising the right to freedom of expression and information;

(2) for compliance with a legal obligation that requires processing under Union law or the law of the member states to which the data controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller;

(3) for reasons of public interest in the area of public health according to Article 9 para. 2 s.1 lit. h and i as well as Article 9 para. 3 GDPR;

(4) for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes according to Article 89 para. 1 GDPR, insofar as the right mentioned under a) is likely to make it impossible or seriously impair the achievement of the objectives of that processing, or

(5) for the establishment, exercise, or defense of legal claims.

Right to notification
If you have asserted the right of rectification, deletion, or restriction of processing against the data controller, the data controller is obliged to inform all recipients to whom the personal data concerning you has been disclosed about this rectification or deletion of the data or restriction of processing unless this proves impossible or involves a disproportionate effort.

You have the right to be informed by the data controller about these recipients.

Right to data portability

You have the right to receive the personal data concerning you, which you provided to the data controller, in a structured, commonly used, and machine-readable format. You also have the right to transmit those data to another data controller without hindrance from the data controller to whom the personal data were provided, provided that

(1) the processing is based on consent according to Article 6 para. 1 s.1 lit. a GDPR or Article 9 para. 2 s.1 lit. a GDPR or on a contract according to Article 6 para. 1 s.1 lit. b GDPR, and

(2) the processing is carried out by automated means.
In exercising this right, you also have the right to request that the personal data concerning you be transmitted directly from one data controller to another, where technically feasible. The freedoms and rights of other persons must not be affected.

The right to data portability does not apply to a processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.

Right to object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you that is based on Article 6 para. 1 s.1 lit. e or f GDPR; this also applies to profiling based on those provisions.

The data controller shall no longer process the personal data concerning you unless they demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.

If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing purposes; this also applies to profiling, insofar as it is related to such direct marketing.
If you object to the processing for the purposes of direct marketing, the personal data concerning you will no longer be processed for these purposes.
You have the option to exercise your right to object in relation to the use of services of the information society – notwithstanding Directive 2002/58/EC – by automated means, using technical specifications.

Right to withdraw the data protection consent declaration

You have the right to withdraw your data protection consent declaration at any time. The withdrawal of consent does not affect the lawfulness of the processing carried out based on the consent until the withdrawal.

Automated decision-making in individual cases including profiling

You have the right not to be subject to a decision based solely on automated processing – including profiling – that has legal effects concerning you or similarly significantly affects you. This does not apply if the decision

(1) is necessary for the conclusion or performance of a contract between you and the data controller,

(2) is permissible based on legal regulations of the Union or the member states to which the data controller is subject and these regulations provide appropriate measures to safeguard your rights and freedoms and your legitimate interests, or

(3) is based on your explicit consent.

However, such decisions must not be based on special categories of personal data according to Article 9 para. 1 GDPR, unless Article 9 para. 2 s.1 lit. a or g GDPR applies and appropriate measures to protect the rights and freedoms as well as your legitimate interests have been implemented.

In the cases mentioned in (1) and (3), the data controller takes appropriate measures to safeguard the rights and freedoms and your legitimate interests, including at least the right to obtain intervention from a person on the part of the data controller, to express their point of view and to contest the decision.

Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your residence, your place of work, or the location of the alleged infringement, if you believe that the processing of the personal data concerning you infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy according to Article 78 GDPR.

*************

For more information and explanations regarding the rights mentioned above, please visit the website “Rights for Citizens“ of the European Commission.

Company

Values

Management & Team

Career at IBIS

IBIS Prof. Thome AG
Mergentheimer Str. 76a
97082 Würzburg

Solutions