Data Privacy Controller:
The controller within the meaning of the General Data Protection Regulation (GDPR), other data protection laws applicable in the EU member states and other provisions related to data protection is:
Auf dem Langloos 10
55270 Klein-Winternheim, Germany
Authorized managing director: Edgar Mähringer-Kunz
Data Protection Officer:
The data protection officer of the controller may be contacted as follows:
Datenschutzbeauftragter IMSTec GmbH
Phone: +49 6136 99441-10
Telefax: +49 6136 99441-11
Mail: provided address of company headquarters, for the attention of „Datenschutzbeauftragter“
1. Scope and Purpose of the Processing of Personal data related to use of our website
We only process our users‘ personal data as necessary to provide a functioning website as well as our services and content. Our users‘ personal data is regularly only processed after the user’s consent (voluntary use / submittal). Exception applies in cases, in which a prior consent cannot be obtained due to actual reasons and the processing is permitted by legal regulations.
On our website, we provide a contact web form for contacting us in electronic form. If a user makes use of this offer, all information added to the web form will be sent to us and stored. This includes: surname, last name, e-mail address, phone number, subject of the message and text.
Alternatively, we may be contacted via the provided e-mail address. In this case, all personal data delivered with the E-Mail will be stored.
In this context, no information will be passed on to third parties. The information will only be used for processing the conversation.
In case of a contact via e-mail, there is a required legitimate interest in processing the data. All additionally processed personal data during the sending procedure serve for preventing the misuse of the contact web form and for ensuring the safety of our IT systems.
2. Scope and Purpose of the Processing and Transferring of Personal data related to business partners
In the context of its relationship with business partners, IMSTec GmbH process the following personal data of contact persons at our customers, interested parties, sales partners, suppliers partners, (each a “Business Partner”):
- contact information, such as full name, work address, work telephone number, work mobile phone number, work fax number and work email address,
- payment data that are required for processing payment transactions,
- further information necessarily processed in a project or contractual relationship with IMSTec or voluntarily provided by the Business Partner, e.g. within the framework of orders placed, inquiries or project details,
- personal data collected from publicly available resources, e.g. the business partner’s Internet pages.
IMSTec may process the personal data for the following purposes:
- communication with Business Partners on products, services and projects, e.g. to process enquiries from the business partner or to provide technical information on products,
- planning, execution and administration of the business relationship with the Business Partner, e.g. in order to process the order of customer-specific solutions and services, processing payments, for accounting and billing purposes, to carry out deliveries and to perform maintenance or repairs,
- carry out surveys,
- ensuring compliance with legal requirements (e.g. tax and commercial law retention obligations),
- solving of legal disputes, enforcement of existing contracts and to establish, exercise or defend legal claims.
In order to fulfil contractual obligations, it may be necessary to pass on personal data to service providers, such as transport service providers, and other suppliers, who will only act in accordance with instructions from IMSTec.
3. Scope and Purpose of the Processing of Personal data from job applicants
Information on this can be found on the respective application page: https://www.imstec.de/career/
4. Legal Bases for Processing Personal data
Insofar as we obtain the consent of the person concerned for the processing of personal data, Art. 6 Par. 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis.
Art. 6 Par. 1 lit. b (GDPR) serves as the legal basis for the processing of personal data required to fulfil of a contract to which the person concerned is a party. This also applies to processing operations that are necessary for the implementation of pre-contractual activities.
Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 Par. 1 lit. c (GDPR) serves as the legal basis.
Art. 6 Par. 1 lit. d (GDPR) serves as the legal basis in the event that vital interests of the person concerned or of another natural person necessitate the processing of personal data.
If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and fundamental freedoms of the person concerned do not outweigh the first-mentioned interest, Art. 6 Par. 1 lit. f (GDPR) serves as the legal basis for the processing.
5. Erasure and Storage Duration
The personal data of the person concerned will be erased or blocked, once the storage purpose is no longer applicable.
Information may be stored beyond, if this was provided for by European or National legislation within Union law regulations, laws or other instructions to which the person responsible is subject (storage obligations).
Personal data will also be erased or blocked, in case a storage period defined by the stated norms expires, unless a further storage is required for the conclusion or performance of a contract.
6. Withdrawal of Consent and Erasure of Information
The user of the homepage and Business Partners have the right to withdraw the consent at any time with effect for the future, i.e. the withdrawal of the consent does not affect the legality of processing carried out prior to the withdrawal on the basis of the consent.
After withdrawal, IMSTec may only process the personal data to the extent that the processing can be based on another legal basis.
7. The Data Subject’s Rights
You may exercise the following rights at any time using the contact information of the data protection officer (“Datenschutzbeauftragter”):
- Information about your personal data stored with us its processing,
- Correction of incorrect personal data,
- Deletion of your data stored with us,
- Restriction of data processing, in case we are not allowed to erase information yet due to legal obligations,
- Objection against the processing of your personal data by us and
- Data portability, as far as you have given your consent to processing or have concluded a contract with us.
When having given a consent, you may withdraw this consent at any time with respect to the future. At any moment you may lodge a complaint with the respective supervisory authority responsible for you. Your responsible supervisory authority is determined by federal state (“Bundesland”), domicile, your work or the presumed infringement. A list of all supervisory authorities (non-public sector) and their addresses is provided
8. SSL- Encryption
We use state of the art encryption (e.g. SSL) via HTTPS in order to protect your data during transmission.
9. Privacy Policies of the Web Hosting Providers
10. Google Analytics and Cookies
This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. We only process our users‘ personal data generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. In case of activation of the IP anonymization, Google will truncate/anonymize the last octet of the IP address for Member States of the European Union as well as for other parties necessary to the Agreement on the European Economic Area.
Only in exceptional cases, the full IP address is sent to and shortened by Google servers in the USA. On behalf of the website provider Google will use this information for the purpose of evaluating your use of the provide a functioning website, compiling reports on website activity for website operators and providing other services relating to website activity our services, and internet usage to the website provider. Google will not associate your IP address with any other data held by Google.
You can refuse the use of Google Analytics processing is permitted by clicking on the following link. An opt-out cookie will be set on the computer, which prevents the future collection of your data when visiting this website:
11. Online Forms / Microsoft Forms
In addition, we use online forms (e.g. for surveys or complaints) using Microsoft Forms, an offer from Microsoft with which we have concluded a data sharing/supplier agreement. The forms can be addressed in different ways (via hyperlink, QR code, embedding in a website oder sending an email). The data processing is based on your consent to the processing of your personal data according to art. 6 (1) a) GDPR or art. 6 (1) b) GDPR, if the processing is necessary for the purpose of contract execution.
Further information about Microsoft Forms can be found here: https://support.office.com/en-ie/forms. We cannot rule out that in individual cases personal data will also be transmitted to and processed by Microsoft Corporation in the USA. For more information on how Microsoft processes personal data, see https://privacy.microsoft.com/en-ie/privacystatement.