Home/Privacy Policy

Version: 26 April 2024

Privacy Policy — itelly GmbH

With the following Privacy Policy, we would like to inform you about the types of your personal data (hereinafter also referred to briefly as "data") that we process, for what purposes and to what extent. The Privacy Policy applies to all processing of personal data carried out by us, both in the context of the provision of our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as the "online offering").

The terms used are not gender-specific.

Introduction

With the following Privacy Policy, we would like to inform you about the types of your personal data that we process, for what purposes and to what extent. The Policy applies to all processing of personal data carried out by us, both in the context of the provision of our services and in particular on our websites, in mobile applications and within external online presences such as our social media profiles.

Controller

itelly GmbH

Hauptstr. 27

79256 Buchenbach

Email: info@itelly.de

Legal Notice: https://www.itelly.de/impressum

Overview of processing

The following overview summarises the types of data processed and the purposes of their processing and refers to the data subjects.

Types of data processed

  • Master data (e.g. names, addresses).
  • Content data (e.g. text input, photographs, videos).
  • Contact data (e.g. email, telephone numbers).
  • Meta/communication data (e.g. device information, IP addresses).
  • Usage data (e.g. websites visited, interest in content, access times).
  • Social data (e.g. data processed by social insurance providers or welfare authorities).
  • Location data (information on the location of the end device).
  • Contract data (e.g. subject matter of contract, term, customer category).
  • Payment data (e.g. bank details, invoices, payment history).

Categories of data subjects

  • Employees (e.g. employees, applicants, former employees).
  • Business and contractual partners.
  • Interested parties.
  • Communication partners.
  • Customers.
  • Users (e.g. website visitors, users of online services).

Purposes of processing

  • Provision of our online offering and user-friendliness.
  • Visit action evaluation.
  • Office and organisational procedures.
  • Cross-device tracking.
  • Direct marketing.
  • Feedback.
  • Interest-based and behavioural marketing.
  • Contact requests and communication.
  • Conversion measurement.
  • Profiling and remarketing.
  • Reach measurement and tracking.
  • Contractual services and service.
  • Administration and response to enquiries.
  • Audience building.
  • Security measures.

Applicable legal bases

We set out below the legal bases of the GDPR on the basis of which we process personal data. In addition, national data protection regulations (in particular the BDSG) and any applicable state-level provisions apply.

  • Consent (Art. 6(1)(a) GDPR).
  • Performance of a contract and pre-contractual enquiries (Art. 6(1)(b) GDPR).
  • Legal obligation (Art. 6(1)(c) GDPR).
  • Legitimate interests (Art. 6(1)(f) GDPR).

National data protection regulations in Germany (including the BDSG, § 26 BDSG) and state-level provisions may apply in addition.

Security measures

We implement technical and organisational measures to ensure a level of protection appropriate to the risk (including access controls, data separation, processes for deletion and data subject rights).

SSL encryption (https): We protect transmitted data by means of SSL encryption. This is recognisable by the https:// prefix in the address bar of your browser.

Transmission and disclosure of personal data

Data may be transmitted to other entities, companies or service providers (e.g. payment institutions, IT service providers, providers of embedded content). Data protection contracts and agreements are concluded where required by law.

Data processing in third countries

Processing of data in third countries only takes place where legal requirements are met, such as an adequate level of data protection, EU standard contractual clauses or explicit consent.

Information from the EU Commission: international-dimension-data-protection

Use of cookies

Cookies store information during or after a visit. This also includes comparable technologies with a similar function.

Cookie types

  • Temporary (session) cookies.
  • Permanent cookies.
  • First-party and third-party cookies.
  • Necessary/essential cookies.
  • Statistics, marketing and personalisation cookies.

The legal basis is Art. 6(1)(a) GDPR depending on consent, or legitimate interest / performance of a contract. Storage duration may be up to two years.

Opt-out: via browser settings, optout.aboutads.info, youronlinechoices.com.

Commercial and business services

Processing of data from contractual and business partners for the purpose of contract performance, communication, administration and the assertion of rights. Transfer to third parties only takes place where necessary or based on consent.

Customer accounts may be created. Upon termination, data is deleted, subject to statutory retention obligations.

Provision of software/platform services: data processing for service delivery and security.

Data processed: master, payment, contact, contract, usage and meta/communication data.

Legal bases: Art. 6(1)(b), (c), (f) GDPR.

Use of online marketplaces for e-commerce

Services may be offered via third-party platforms; their privacy notices apply.

Data processed: master, payment, contact, contract, usage and meta/communication data. Legal bases: Art. 6(1)(b), (f) GDPR.

Service used: Digistore24 (Privacy Policy: digistore24.com/privacy).

Provision of the online offering and web hosting

Use of hosting providers for infrastructure, platform, storage, databases and security.

Server log files (including IP address, timestamp, URL, browser, referrer) are collected for security and stability purposes.

Data processed: content, usage and meta/communication data. Legal basis: Art. 6(1)(f) GDPR.

Service: Amazon Web Services (Privacy Policy: aws.amazon.com/privacy).

Blogs and publication media

Processing of reader data only to the extent necessary for presentation, communication or security.

Data processed: master, contact, content, usage and meta/communication data. Legal bases: Art. 6(1)(b), (f) GDPR.

Contact

Processing of information from enquiries (e.g. via form, email, telephone, social media) for the purpose of processing and communication.

Data processed: master, contact and content data. Legal bases: Art. 6(1)(b), (f) GDPR.

Cloud services

Use of cloud services (SaaS) for documents, email, collaboration, publications and audio/video conferences.

Providers may store cookies for analysis or settings purposes.

Data processed: master, contact, content, usage and meta/communication data. Legal bases: Art. 6(1)(a), (b), (f) GDPR.

Newsletter and electronic notifications

Sending only with consent or legal authorisation. Double opt-in, logging of registration and changes. Storage period for unsubscribed addresses up to three years for evidential purposes.

Content: information about us, services, promotions and offers. Success measurement via web beacons is carried out on the basis of legitimate interests or consent.

Opt-out: at any time via unsubscribe link or contact.

Data processed: master, contact, meta/communication and usage data. Legal bases: Art. 6(1)(a), (f) GDPR.

Services: GetResponse (Privacy), Mailchimp (Privacy).

Web analytics, monitoring and optimisation

Reach measurement, A/B testing and optimisation based on pseudonymous profiles and, where applicable, cookies. IP masking is used.

Data processed: usage and meta/communication data. Legal bases: Art. 6(1)(a), (f) GDPR.

Services: Adobe Analytics, Google Optimize (Opt-out: GA Opt-Out, Ads Settings).

Online marketing

Creation of user profiles for interest-based content/advertising, including remarketing and conversion measurement. Storage in cookies or comparable procedures; IP masking is used.

Data processed: usage, meta/communication, location and, where applicable, social data. Data subjects: users, interested parties, customers, employees, communication partners. Legal bases: Art. 6(1)(a), (f) GDPR.

Opt-out: provider-specific or via browser settings; aggregated options: Europe youronlinechoices.eu, Canada youradchoices.ca, USA aboutads.info, global optout.aboutads.info.

Services used: Google Tag Manager, Google Analytics, Google Ads/Ad Manager, Facebook Pixel.

Audience building with Google Analytics and Facebook Pixel for interest-based display of advertising and conversion measurement.

Review platforms

Participation in review processes; transmission of required data with consent for verification. Review widgets may process technical data and cookies.

Data processed: contract, usage and meta/communication data. Data subjects: customers, users. Legal bases: Art. 6(1)(a), (f) GDPR.

Presences in social networks (social media)

Processing of user data within social networks for communication and information purposes; data may be processed outside the EU.

Data processed: master, contact, content, usage and meta/communication data. Data subjects: users. Legal basis: Art. 6(1)(f) GDPR.

Service: Facebook (Opt-out: facebook.com/settings?tab=ads).

Plugins and embedded functions and content

Integration of third-party content (e.g. graphics, videos, social buttons) requires processing of the IP address. Third-party providers may use pixel tags and cookies for statistical or marketing purposes.

Data processed: usage, meta/communication, master, contact and content data. Data subjects: users. Legal bases: Art. 6(1)(f), (a), (b) GDPR.

Services: Font Awesome, Google Fonts, YouTube.

Deletion of data

Data is deleted once consent is withdrawn or purposes cease to exist, provided no other statutory retention obligations preclude this. In such cases, data is blocked and only processed for the permissible purposes.

Amendments and updates to the Privacy Policy

Please inform yourself regularly about the content. We update this Policy when changes in data processing make this necessary and will provide notification where actions on your part are required.

Rights of data subjects

  • Right to object to processing pursuant to Art. 6(1)(e) or (f) GDPR as well as against direct marketing.
  • Right to withdraw consent.
  • Right of access, right to rectification, erasure, restriction of processing.
  • Right to data portability.
  • Right to lodge a complaint with a supervisory authority.

Definitions

Overview of terms used (selection): visit action evaluation/conversion tracking, cross-device tracking, IP masking, interest- and behaviour-based marketing, conversion measurement, personal data, profiling, reach measurement, remarketing, tracking, controller, processing, audience building.

Created with the free privacy policy generator at datenschutz-generator.de by Dr Thomas Schwenke