Introduction

You can find all data protection regulations of IDIA Beratung GmbH here. We appreciate your interest in our work.

The protection of your data is important to us. We process your data in accordance with the applicable legal regulations for the protection of personal data, in particular the EU General Data Protection Regulation (hereinafter: GDPR) and the German implementing regulations applicable to GPA, in particular the Federal Data Protection Act (BDSG), the North Rhine-Westphalia Data Protection Act (DSG NRW) and the Telemedia Act (TMG).

Below, we would like to inform you about the personal data we collect from you, what we use it for, when we delete it, and how your data is protected to the best of our ability through security measures. We will also inform you of the respective legal basis that permits us to process this data. You will also find information below about your legally established rights in connection with the processing of this data.

Responsible location

The entity responsible for this website and therefore also responsible for the collection and storage of personal data is:

IDIA Beratung GmbH
Kommendeweg 14
50859 Cologne

Phone: +49 (0) 2234 2002 177
E-Mail: datenschutz@idia-beratung-gmbh.de

The data protection officer of IDIA Beratung GmbH is

Lawyer Klaus Kollbach
Kommendeweg 14
50859 Cologne

Data protection inquiries can be submitted by post or email. Please use the following email address: datenschutz@idia-beratung-gmbh.de

When we refer to “we”, “us” or “IDIA” below, we mean IDIA Beratung GmbH (Amtsgericht Köln HRB 87115).

What data is collected when you visit our website?

When you visit our website, we, as the website operator or the website provider 1&1 IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, www.ionos.com, collect and process the following data:

  • Name of the Internet service provider
  • Information about the website from which you are visiting us
  • Web browser and operating system used
  • The IP-Address assigned to you by your Internet Service Provider
  • Requested files, amount of data transferred, downloads/file export
  • Information about the websites you visit on our site, including date and time.

Furthermore, personal data is only collected if you provide it to us voluntarily, for example, as part of an inquiry. For certain services, registration and/or the entry of personal data by you, as well as its processing and storage by us, are essential, in particular

  • when contacting us,
  • when processing requests for information or other services offered by IDIA
  • when subscribing to/unsubscribing to newsletters,
  • during the processing of orders.

What data is collected when we submit written, telephone, or electronic inquiries and requests?

For written, telephone or electronic (email, fax) inquiries or other requests, we process the following personal data:

  • Personal data of natural persons (title, first/last name, name suffixes)
  • Master data of organizations, authorities or companies, associations (name, contact person, function of the contact person, company address, telephone number, fax number)
  • Contact details (e.g. name and private or business address (if applicable, floor, district, state), mobile and landline telephone number, email address, fax number)
  • Information on company and professional activities
  • Notes on phone calls (if applicable)
  • Bank details (if applicable, also the first and last name of the account holder in the context of a SEPA direct debit mandate)
  • Documentation of correspondence (postal and digital)

We generally receive this personal data directly from you in connection with your inquiries. In exceptional cases, your personal data may also be collected from other sources. This includes inquiries, for example, with the residents’ registration office to verify your change of address when we receive a returned item.

The scope and purpose of data processing, the storage period, the legal bases, and your rights to object and have your data erased are explained in detail below in the section “Data processing, data storage of individual processes and services”.

What data is requested?

We adhere to the principles of data avoidance and data minimization, collecting as little personal data as possible. In our written documents and forms on this website, you can see which information is absolutely necessary for processing; these fields are marked as mandatory. You can also provide additional information voluntarily. This helps us to communicate with you more effectively.

How do we protect your data?

To protect the data we store against accidental or intentional manipulation, loss, destruction, or unauthorized access, we implement appropriate technical and organizational security measures that are continuously reviewed and adapted to new security standards. Your personal data is processed exclusively on computers protected by industry-standard security technologies (e.g., firewalls, password protection, access controls, etc.).

Within our association, access to personal data is only possible for authorized persons in the office or the respective specialist working groups who are involved in processing it.

Data exchange to and from our website is always encrypted. We offer HTTPS (Hypertext Transfer Protocol Secure) as the transmission protocol for our website. Data you enter is transmitted to us securely and stored. We use a secure online transmission method (TLS encryption). This transmission method is supported by most browsers. All information transmitted using this secure method is encrypted before being sent. As an additional measure, PGP encryption is also used for sensitive email content.

When are we even allowed to process data?

We only collect and store data within the framework of legal requirements. The circumstances under which processing is permitted are defined in Article 6 of the EU GDPR; you can access this article via the EU website: https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016R0679&from=DE.

The processing is therefore only lawful if at least one of the following conditions is met:

Article 6 paragraph 1 letter a: You have given your consent to the processing of your personal data for one or more specific purposes (e.g., consent for us to send you a newsletter or other specialist information).
Article 6 paragraph 1 letter b: Processing is necessary for the performance of a contract between us (e.g., membership application, scholarship or award application submitted in writing, by telephone, electronically, or by fax).

Article 6 paragraph 1 letter b: Processing is necessary for taking steps prior to entering into a contract if you have requested information from us (e.g., membership fees, scholarship or award requirements).

Article 6 paragraph 1 letter c: processing is necessary for compliance with a legal obligation to which we, as the responsible company/association, are subject (e.g., tax or commercial law retention periods). Article 6 paragraph 1 letter f: processing is necessary for the purposes of the legitimate interests pursued by our association (e.g., collecting technical background information for website optimization or to increase the security of our IT systems; sending you specialist information from our association or our member associations, provided you have consented to this and/or have not objected).

We provide detailed information about the legal basis and your rights to object and have your data erased for each service in the section “Data processing, data storage of individual processes and services”.

Do we share your data with third parties?

We do not sell or rent user information. Personal data is only shared with third parties when necessary for processing inquiries or fulfilling contracts with service providers; this applies in particular to e-journals and newsletters. We have concluded the necessary data protection agreements with these service providers to ensure that data protection requirements are met.

Third parties in this sense do not include data processors who perform technical or publishing services for us. We have concluded appropriate service and data processing agreements with these processors to ensure that data protection requirements are met.

Within our company, we ensure that only those individuals who need your data to fulfill contractual or legal obligations receive it.

No data will be transferred to third countries (outside the European Union or the European Economic Area).

How long will the data be stored?

We only store personal data of the data subject for the period necessary to achieve the purpose of storage or as required by law.

If the purpose for which the data was stored ceases to exist or a legally prescribed retention period expires, the personal data will be routinely blocked or deleted in accordance with legal requirements, unless further storage of the data is necessary for the conclusion or performance of a contract.

Will your data be used for advertising or informational purposes?

IDIA does not sell products and therefore does not advertise in the conventional sense. However, in line with our corporate objectives, we want to inform you about certain topics and can, upon request, send you information on relevant subjects and keep you updated on relevant developments. Therefore, we process your data to send you this information by mail or digitally. Your data will not be sold or rented. The data will only be used by IDIA.

You can object to the processing of your personal data for direct marketing purposes or withdraw your consent at any time. You can do this by phone or in writing (email, post) using the following contact details:

IDIA Beratung GmbH
Kommendeweg 14
50859 Cologne

Phone: +49 (0) 2234 2002 177
E-Mail: datenschutz@idia-beratung-gmbh.de

No automated processes are used to find out more about your interests based on personal data (so-called profiling).

What rights do you have?

You have the right to receive information free of charge about your stored data, as well as the right to rectification, restriction of processing, blocking, or erasure of your data. This excludes data whose rectification, blocking, or erasure is precluded by statutory or contractual retention periods, and data that is necessary for the establishment, content, or modification of your contractual relationship with us or that must be stored for the purposes of contract processing.

You may withdraw your consent to the processing of your personal data at any time without giving reasons, with effect for the future. Furthermore, you may object to the data processing, assert your right to data portability, or lodge a complaint with the competent data protection supervisory authority regarding the data processing.

To assert your rights, please contact:
datenschutz@idia-beratung-gmbh.de

Overview of data processing, data storage of individual offers, processes and services on www.idia-beratung-gmbh.de/en/

Below we describe the scope, purpose, storage period, legal basis and your rights regarding individual services and processes on our website:

  1. Providing the website, collecting and storing general data and information
  2. Use of cookies (none here)
  3. Newsletter, Infopapers, e-Journals
  4. Contact form, contact via email
  5. Web analytics service Google Analytics (not here)
  6. Using script libraries
  7. Data Protection Officer and Supervisory Authority
1. Provision of the website, collection and storage of general data and information

Description and scope of data processing

Each time our website is accessed, general data and information about the computer system of the accessing computer are automatically collected.

The following general data and information are temporarily stored in server log files on the website without a members’ area by us as the website operator or by the page provider 1&1 IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, www.ionos.com:

  • browser type and version number, and operating system used,
  • Name of the Internet service provider
  • Information about the websites you visit on our site, as well as the date and time of your visit.
  • Information on whether data is being transferred (name of the requested file, amount of data)
  • the Internet Protocol (IP) address assigned to you by your Internet Service Provider

This data is stored separately from any personal data provided by a data subject by IDIA.

Purpose of data processing

This collected data and information is needed to

  • to deliver and optimize the content of our website correctly,
  • to ensure the continued functionality of our information technology systems and the technology of our website,
  • to be able to defend against attacks on our web server and, if necessary, to provide law enforcement agencies with the necessary information.
Storage duration

The log data will be deleted after 30 days.

Legal basis for data processing

The statistical analysis of the data is carried out to optimize the website and adapt it to user needs, and to increase and ensure the security of our IT systems. IDIA therefore has a legitimate interest in processing this data. The legal basis for storing this general data and information, as well as the log files, is therefore Article 6(1)(f) of the GDPR.

Your rights as a data subject

The collection of data for the provision of the website and the storage of data in log files is essential for its operation for the reasons stated above. Consequently, users have no right to object.

2. Use of cookies (none here)
Description and scope of data processing

Cookies are small text files that are stored on your computer and saved by your browser (locally on your hard drive). Our website does not use any cookies at all. Therefore, there is no choice between strictly necessary and other cookies.

We also do not allow third-party cookies.

3. Newsletters, infopapers, e-journals
Description and scope of data processing

It is possible to subscribe to one or more free newsletters on various topics by individual arrangement. We also provide informational papers on some current topics upon request (via email or download link). When registering for the newsletter or requesting informational papers, the data from the email or input form is transmitted to us encrypted (TLS encryption). The email address is a mandatory field for registration. Title, first name, and last name are optional.

In addition, when registering for the newsletter, the user’s IP address, the date and time of registration may be stored (technical background data).

For legal reasons, a confirmation email is sent to the email address of a data subject who registers for the newsletter for the first time, using the so-called double opt-in procedure. The same applies when subscribing to an information paper. This confirmation email serves to verify that the owner of the email address, as the data subject, has authorized receipt of the newsletter.

Purpose of data processing

The collection and storage of this data serves the purpose of delivering the newsletter or enabling access to the information paper. The collection and storage of technical background data is necessary to be able to trace any potential misuse of a data subject’s email address at a later date and therefore serves the legal protection of the data controller.

Storage duration

The data will be deleted as soon as it is no longer needed for the purpose for which it was collected. The user’s email address will be stored for as long as the newsletter subscription is active.

Legal basis for data processing

The legal basis for processing data after newsletter registration is, based on consent, Article 6(1)(a) of the GDPR. Regarding the technical background data, there is a legitimate interest, as storing this data is necessary to protect GPA as the data controller; the legal basis here is Article 6(1)(f) of the GDPR.

Your rights as a data subject

You can unsubscribe from the newsletter at any time and revoke your consent to the storage of personal data that you provided for newsletter distribution. Each newsletter contains a corresponding link for unsubscribing or revoking your consent. You can also unsubscribe directly on our website at any time. Alternatively, you can inform our customer service at any time by other means (by phone, mail, or email).

4. Contact form, contact via email
Description and scope of data processing

Our website includes a contact form that can be used to contact us electronically. When you use this contact form, the data you enter is transmitted to us securely (TLS encryption) and stored. The only required fields in this contact form are your email address and the message itself. Title, first and last name, company details, and address are optional.

At the time of transmission, the following data is also stored: the user’s IP address, the date and time of transmission (technical background data).

Alternatively, you can contact us via the provided email addresses. In this case, the personal data you transmit with your email will be stored.

Purpose of data processing

The processing of personal data from the input form serves to handle your questions and requests. The collection of technical background data is necessary to prevent misuse of the contact form and to ensure the security of our IT systems.

Storage duration

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. For personal data from the contact form and data transmitted by email, this is the case when the respective conversation with the user has ended. A conversation is considered ended when it is clear from the circumstances that the matter in question has been resolved.

Legal basis for data processing

The legal basis for processing data transmitted via email is Article 6(1)(f) of the GDPR (legitimate interest). If the contact aims at concluding a contract, the additional legal basis for processing is Article 6(1)(b) of the GDPR. Regarding the technical background data, there is a legitimate interest, as storing this data is necessary to protect the GPA as the data controller; the legal basis here is Article 6(1)(f) of the GDPR.

Your rights as a data subject

You have the right to withdraw your consent to the processing of your personal data at any time by contacting customer service (by phone, mail, or email). All personal data stored as a result of this contact will be deleted in this case. The conversation cannot be continued in such a case.

5. Web analytics service Google Analytics (not used here)
Description and scope of data processing

This website does not use Google Analytics, a web analytics service provided by Google Inc. (“Google”).

6. Using script libraries
Description and scope of data processing

Um unsere Inhalte browserübergreifend korrekt und grafisch ansprechend darzustellen, verwenden wir auf dieser Website Scriptbibliotheken nur mit lokal abgelegten Webfonds. Eine Verbindung mit Betreiber von Scriptbibliotheken ist ausgeschlossen.

Purpose of data processing

This collected data and information is needed to

to correctly deliver and optimize the content of our website,
to ensure the continued functionality of our information technology systems and the technology of our website, to be able to defend against attacks on our web server, and to be able to provide law enforcement authorities with the necessary information if necessary.

Storage duration

Deletion takes place after 30 days.

Legal basis for data processing

Displaying content always requires a font. The data is processed to display and optimize the website and adapt it to user needs, as well as to enhance and ensure the security of our IT systems. GPA therefore has a legitimate interest in this data processing. The legal basis for storing this general data and information, as well as the script and font libraries, is therefore Article 6(1)(f) of the GDPR.

Your rights as a data subject

The collection and storage of data relating to script and font libraries is essential for the operation of the website for the reasons stated above. Therefore, users have no right to object.

7. Data Protection Officer and Supervisory Authority

Our data protection officer is available at any time to address your data protection concerns. The data protection officer of IDIA Beratung GmbH is:

Lawyer Klaus Kollbach
Kommendeweg 14
50859 Cologne

Questions regarding data protection can be submitted by post or email. Please use the following email address:
datenschutz@idia-beratung-gmbh.de

Should our data protection officer, contrary to expectations, be unable to resolve your data protection concerns to your satisfaction, you have the right to lodge a complaint with a supervisory authority at any time, which you can contact, for example, here:

The State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia
Kavalleriestr. 2-4,
40213 Duesseldorf
Germany