You are here:

Privacy Policy / Datenschutz

Informationen to Art. 13 GDPR for Visitors

Informationen to Art. 13 GDPR for Applicants

Informationen to Art. 13 GDPR for Social Media

Information to Art. 13 GDPR for Online Meetings

Information to Art. 13 GDPR for the publication of photos

Informationen to Art. 13 GDPR for Contact

Informationen to Art. 13 GDPR for Questionnaires

 

INCOATEC data protection information website

Please find here the data protection information in German.

Thank you for your interest in our company and your visit to our website. In the following, we would like to inform you about the handling of your data in accordance with Art. 13 of the German Data Protection Regulation (DSGVO).

Responsible
Responsible for the data processing described below is the office named in the imprint.

Usage data
When you visit our websites, so-called usage data is temporarily analysed anonymously on our web server for statistical purposes as a protocol in order to improve the quality of our websites. This data record consists of

  • - the name and address of the requested content,
  • - the date and time of the request,
  • - the amount of data transferred,
  • - the access status (content transferred, content not found),
  • - the description of the web browser and operating system used,
  • - the referral link, which indicates the page from which you came to ours,
  • - the IP address of the requesting computer, which is shortened so that a personal reference can no longer be established.

Storage of the IP address for security purposes
When you visit our website, our web servers anonymously store the IP address assigned to you by your Internet provider or the IP address of the proxy server you use, as well as the web pages you visit on our site. This data is stored for a strictly specific purpose for a period of 7 days in the interest of recognising, limiting and eliminating attacks on our website. After this period, the IP address is deleted. The legal basis is Art. 6 para. 1 p. 1 lit. f DSGVO.

Data security
In order to protect your data from unwanted access as comprehensively as possible, we take technical and organisational measures. We use an encryption procedure on our websites. Your data is transferred from your computer to our server and vice versa via the Internet using TLS encryption. You can usually recognise this by the fact that the lock symbol is closed in the status bar of your browser and the address line begins with https://.

Required cookies
We use cookies on our website that are required to use the websites. We do not use these required cookies for analysis, tracking or advertising purposes.
Cookies are small text files that are stored on your terminal device and can be read. A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session.
In some cases, these cookies only contain information about certain settings and are not personally identifiable. They may also be necessary to enable user guidance, security and implementation of the site. We use these cookies on the basis of Art. 6 para. 1 p. 1 lit. f DSGVO.

Session cookies Domain Purpose Storage period Provider
Contao HTTPS CSRF Token www.incoatec.de Protects against cross-site request forgery attacks Session Incoatec
PHP SESSION ID www.incoatec.de Saves the current PHP session Session Incoatec

You can set your browser to inform you about the placement of cookies. This makes the use of cookies transparent for you. You can also delete cookies at any time via the corresponding browser setting and prevent the setting of new cookies. Please note that our websites may then not be displayed and some functions may no longer be technically available.

Social Plugins
We allow you to use social plugins. However, for reasons of data protection, we only integrate the social plugins we use in deactivated form. Therefore, when you visit our websites, no data is transmitted to social media services.
However, you have the option of activating and using the social plugins integrated on our websites. For this purpose, we use a solution that results in all data and functions required to display the social plugin being provided by our web server in a first step. Only when you decide to activate the respective social plugin and make the corresponding selection via the cookie banner, will a connection to the servers of the operator of the respective social media service be established by your browser in a second step. When you activate a plugin, the social media service receives in particular your IP address and, among other things, knowledge about your visit to our websites. This takes place regardless of whether you have an account with the respective social media service. If you are logged in, the data can be directly assigned to your social media profile.Overall, we have no influence on whether and to what extent the respective social media service processes personal data after activation. However, it is likely that the social media service will create usage profiles from your data and use them for the purpose of personalised advertising. In addition, your data will be used to inform other users of the social media service about your activities on our websites.
The embedding takes place on the basis of your consent pursuant to Art. 6 para. 1 p. 1 lit. a DSGVO or § 15 para. 3 p. 1 TMG, provided that you have given your consent by clicking on the preview image. Please note that embedding the social plugins may result in your data being processed outside the EU or EEA. In some countries, there is a risk that authorities may access the data for security and monitoring purposes without you being informed or having the right to appeal. Where we use providers in unsafe third countries and you consent, the transfer to an unsafe third country will be based on Article 49(1)(a) of the GDPR.
If you no longer wish your personal data to be processed by the activated social plugins, you can prevent future processing by no longer activating them. To do this, please change the settings on the Cookie-Banner.

LinkedIn (USA)
If you have activated the LinkedIn cookie via the cookie banner at the beginning of your visit to our website, the content will be reloaded immediately. If you do not wish such loading, please leave the settings on the banner deactivated. The content will then not be visible. An overview of the cookies used by LinkedIn can be found in the following table.

Security cookies Domain Purpose Storage period Provider
bcookie linkedin.com Browser Identifier cookie to uniquely identify devices accessing LinkedIn to detect abuse on the platform 2 years LinkedIn
bscookie .www. linkedin.com Used for saving the state of 2FA of a logged in user 2 years LinkedIn
JSESSIONID .www. linkedin.com

Used for CSRF protection

Session LinkedIn
Analytics cookies        
gid
.linkedin.com Google Analytics cookie 2 days Google
Service cookies        
lang .linkedin.com To remember a user‘s language setting Session
LinkedIn
li_gc .linkedin.com To store consent of guests regarding the use of cookies for non-essential purposes 2 years LinkedIn
lidc .linkedin.com To optimize data center selection 1 day LinkedIn
lissc .linkedin.com To ensure there is correct SameSite attribute for all cookies in that browser 1 day
LinkedIn

If they are interested in seeing the LinkedIn content later, they can subsequently activate the LinkedIn cookies on the pages where the content is embedded. There is no adequate level of data protection here. The transfer takes place on the basis of Art. 49 para. 1 lit. a DSGVO.

Newsletter
You can order a newsletter on our website. Please note that we require certain data, at least your e-mail address, to subscribe to the newsletter.
The newsletter will only be sent if you have given us your express consent in accordance with Art. 6 Para. 1 S. 1 lit. a DSGVO. After you have placed an order on our websites, you will receive a confirmation e-mail at the e-mail address you provided (double opt-in). You can revoke your consent at any time. You can revoke your consent by clicking on the unsubscribe link in each newsletter.
Within the scope of the newsletter registration, we store further data in addition to the data already mentioned, insofar as this is necessary for us to be able to prove that you have ordered our newsletter. This may include the storage of the full IP address at the time of ordering or confirming the newsletter, as well as a copy of the confirmation email sent by us. The corresponding data processing is based on Art. 6 para. 1 p. 1 lit. f DSGVO and is carried out in the interest of being able to account for the lawfulness of the newsletter dispatch.

Contact form
You have the possibility to contact us via our contact form. To use our contact form, we first need the data marked as mandatory fields from you. We use this data on the basis of Art. 6 para. 1 p. 1 lit. f DSGVO to answer your enquiry.
In addition, you can decide for yourself whether you would like to provide us with further information. This information is provided voluntarily and is not mandatory for contacting you. We process your voluntary information on the basis of your consent in accordance with Art. 6 Para. 1 S. 1 lit. a DSGVO.
Your data will only be processed to respond to your request. We delete your data if it is no longer required and there are no legal retention obligations to the contrary.
Insofar as your data transmitted via the contact form is processed on the basis of Art. 6 para. 1 p. 1 lit. f DSGVO, you can object to the processing at any time. In addition, you can revoke your consent to the processing of voluntary data at any time. To do so, please contact datenschutz@incoatec.de.

Captcha
For the registration to our newsletter we use the Google service reCaptcha to determine whether a human or a computer makes a certain entry in our contact or newsletter form. Google uses the following data to check whether you are a human or a computer: IP address of the terminal device used, the website that you visit with us and on which the captcha is embedded, the date and duration of the visit, the recognition data of the browser and operating system type used, Google account if you are logged in to Google, mouse movements on the reCaptcha areas and tasks that require you to identify images. The legal basis for the data processing described is Art. 6 (1) lit. f of the General Data Protection Regulation. There is a legitimate interest on our part in this data processing to ensure the security of our website and to protect us from automated entries (attacks).
If you do not wish this data processing, please refrain from using the web forms.

Storage period
Unless we have already informed you in detail about the storage period, we delete personal data when they are no longer required for the aforementioned processing purposes and no statutory retention obligations prevent deletion.

Other processors

We pass on your data to service providers who support us in the operation of our websites and the associated processes within the framework of order processing in accordance with Art. 28 DSGVO. Our service providers are strictly bound by instructions to us and are contractually obligated accordingly.
In the following, we will name the order processors with whom we work, if we have not already done so in the above text of the data protection declaration. If data is transferred outside the EU or EEA in this context, we provide information on the appropriate level of data protection.

Processor Purpose Level of data protection
CleverReach Newsletter Processing only within EU/EEA
Planet IC Webhosting Processing only within EU/EEA

Your rights as a data subject
When processing your personal data, the GDPR grants you certain rights as a data subject:

Right of access (Art. 15 GDPR)
You have the right to request confirmation as to whether personal data concerning you is being processed; if this is the case, you have the right to be informed about this personal data and to receive the information listed in detail in Art. 15 DSGVO.

Right to rectification (Art. 16 GDPR)
You have the right to request without undue delay the rectification of any inaccurate personal data concerning you and, where applicable, the completion of any incomplete data.

Right to erasure (Art. 17 DSGVO)
You have the right to request that personal data concerning you be erased without delay, provided that one of the reasons listed in detail in Art. 17 DSGVO applies.

Right to restriction of processing (Art. 18 GDPR)
You have the right to request the restriction of processing if one of the conditions listed in Art. 18 DSGVO applies, e.g. if you have objected to the processing, for the duration of the review by the controller.

Right to data portability (Art. 20 GDPR)
In certain cases, which are listed in detail in Art. 20 DSGVO, you have the right to receive the personal data concerning you in a structured, common and machine-readable format or to request the transfer of this data to a third party.

Right of withdrawal (Art. 7 DSGVO)
If the processing of data is based on your consent, you are entitled to revoke your consent to the use of your personal data at any time in accordance with Art. 7 (3) DSGVO. Please note that the revocation only takes effect for the future. Processing that took place before the revocation is not affected.

Right of objection (Art. 21 DSGVO)
If data is collected on the basis of Art. 6 para. 1 sentence 1 lit. f DSGVO (data processing to safeguard legitimate interests) or on the basis of Art. 6 para. 1 sentence 1 lit. e DSGVO (data processing to safeguard public interest or in the exercise of official authority), you have the right to object to the processing at any time for reasons arising from your particular situation. We will then no longer process the personal data unless there are demonstrably compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

Right to complain to a supervisory authority (Art. 77 DSGVO)
Pursuant to Art. 77 DSGVO, you have the right to lodge a complaint with a supervisory authority if you are of the opinion that the processing of data concerning you violates data protection provisions. In particular, the right of complaint may be asserted before a supervisory authority in the Member State of your habitual residence, your place of work or the place of the alleged infringement.

Assertion of your rights
Unless otherwise described above, to assert your data subject rights, please contact datenschutz@incoatec.de.

Contact details of the data protection officer
Our external data protection officer is available to provide you with information on data protection at the following contact details. If you contact our data protection officer, please also indicate the responsible office named in the imprint.

datenschutz nord GmbH
Sechslingspforte 2, 22087 Hamburg
E-Mail: office@datenschutz-nord.de
Web: www.datenschutz-nord-gruppe.de

Changes to the data protection regulations
In order to comply with the current legal requirements or to adapt the data protection information in the event of changes to our services, we reserve the right to amend it from time to time. This means that the new data protection information will apply each time you visit our website.

Last updated: February 23, 2021