Privacy Policy – IT GmbH

Privacy Policy according to GDPR

1.) Introduction and contact details of the controller

1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about the handling of your personal data when using our website. Personal data in this context is all data with which you can be personally identified.

1.2 The controller for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is IT Gesellschaft für Informationstechnik mbH, An der Kaufleite 12, 90562 Kalchreuth, Germany, Tel.: +49 911 5183490, e-mail: info@it-gmbh.de.

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

IT GmbH takes the protection of your personal data very seriously and strictly adheres to the rules of data protection laws. Personal data will only be collected on this website to the extent technically necessary.

Under no circumstances will the collected data be sold or otherwise passed on to third parties without your consent.

The following statement gives you an overview of how we ensure this protection and what kind of data is collected for what purpose.

2) Data collection when visiting our website

2.1 During the purely informational use of our website, that is, if you do not register or otherwise transmit information to us, we only collect data that your browser transmits to the page server (so called server log files). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you:

Our visited website
Date and time at the time of access
Amount of data sent in bytes
Source or reference from which you came to the site
Browser used
Operating system used
IP address used, if applicable in anonymized form

The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data is not passed on or otherwise used. However, we reserve the right to check the server log files retrospectively if there are concrete indications of unlawful use.

2.2 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content, such as orders or inquiries to the controller. You can recognize an encrypted connection by the character string “https://” and the lock symbol in your browser line.

3) Cookies

In order to make visiting our website more attractive and to enable the use of certain functions, we use cookies, that is, small text files that are stored on your end device. In some cases, these cookies are automatically deleted again after closing the browser, so called session cookies. In other cases, these cookies remain on your end device for longer and allow page settings to be saved, so called persistent cookies. In the latter case, you can find the storage period in the overview of the cookie settings of your web browser.

If personal data is also processed by individual cookies used by us, the processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR either for the performance of the contract, pursuant to Art. 6 para. 1 lit. a GDPR in the case of granted consent, or pursuant to Art. 6 para. 1 lit. f GDPR to protect our legitimate interests in the best possible functionality of the website and a customer friendly and effective design of the site visit.

You can set your browser in such a way that you are informed about the setting of cookies and can decide individually about their acceptance or can exclude the acceptance of cookies for certain cases or in general.

Please note that if you do not accept cookies, the functionality of our website may be limited.

4) Contacting us

Personal data is collected when contacting us, for example via contact form or e-mail. Which data is collected in the case of using a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of responding to your request or for contacting you and the associated technical administration.

The legal basis for the processing of this data is our legitimate interest in responding to your request in accordance with Art. 6 para. 1 lit. f GDPR. If your contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR. Your data will be deleted after final processing of your request. This is the case if it is clear from the circumstances that the matter in question has been conclusively clarified and provided that there are no statutory retention obligations to the contrary.

5) Registration on the portal or forum

You can register on our website by providing personal data. Which personal data is processed for the registration can be seen from the input mask used for the registration. We use the so called double opt in procedure for registration, that is, your registration is only completed when you have previously confirmed your registration via a confirmation e-mail sent to you for this purpose by clicking on the link contained therein. If your confirmation is not received within 24 hours, your registration will be automatically deleted from our database. The provision of the aforementioned data is mandatory. You can provide all other information voluntarily by using our portal.

If you use our portal, we store your data required for the fulfillment of the contract, including any information on the method of payment, until you finally delete your access. Furthermore, we store the voluntary data you provide for the time of your use of the portal, unless you delete it beforehand. You can manage and change all information in the protected customer area. The legal basis is Art. 6 para. 1 lit. f GDPR.

In addition, we store all content published by you, such as public posts, pinboard entries, guestbook entries, etc., in order to operate the website. We have a legitimate interest in providing the website with the full user generated content. The legal basis for this is Art. 6 para. 1 lit. f GDPR. If you delete your account, your public statements, especially in the forum, will remain visible to all readers, but your account will no longer be retrievable. All other data will be deleted in this case.

6) Use of customer data for direct marketing purposes

6.1 Registration for our e-mail newsletter

If you register for our e-mail newsletter, we will regularly send you information about our offers. The only mandatory information for sending the newsletter is your e-mail address. The provision of further data is voluntary and will be used to address you personally. For sending the newsletter we use the so called double opt in procedure. This means that we will not send you an e-mail newsletter until you have explicitly confirmed that you consent to receive the newsletter. We will then send you a confirmation e-mail asking you to confirm that you wish to receive the newsletter in the future by clicking on a corresponding link.

By activating the confirmation link, you give us your consent for the use of your personal data in accordance with Art. 6 para. 1 lit. a GDPR. When you register for the newsletter, we store your IP address entered by your Internet service provider and the date and time of registration in order to be able to trace any possible misuse of your e-mail address at a later date. The data collected by us when you register for the newsletter is used exclusively for the purpose of addressing you in an advertising manner by way of the newsletter. You can unsubscribe from the newsletter at any time via the link provided for this purpose in the newsletter or by sending a corresponding message to the controller named above. After unsubscribing, your e-mail address will be deleted from our newsletter distribution list immediately, unless you have expressly consented to further use of your data or we reserve the right to use your data in a manner permitted by law and about which we inform you in this declaration.

6.2 Sending the e-mail newsletter to existing customers

If you have provided us with your e-mail address when purchasing goods or services, we reserve the right to regularly send you offers for similar goods or services from our range by e-mail. For this purpose, we do not have to obtain separate consent from you in accordance with Section 7 para. 3 UWG. In this respect, data processing is carried out solely on the basis of our legitimate interest in personalized direct advertising in accordance with Art. 6 para. 1 lit. f GDPR. If you have initially objected to the use of your e-mail address for this purpose, no mailings will be sent by us.

You are entitled to object to the use of your e-mail address for the aforementioned advertising purpose at any time with effect for the future by sending a message to the controller named at the beginning. You will only incur transmission costs according to the basic rates. Upon receipt of your objection, the use of your e-mail address for advertising purposes will cease immediately.

6.3 Klaviyo

Our e-mail newsletters and other promotional e-mail communication are sent via the following provider: Klaviyo, Inc., 125 Summer St., Ste 600, Boston, MA 02110, USA.

On the basis of our legitimate interest in effective and user friendly e-mail marketing, we pass on the data you provided when registering in accordance with Art. 6 para. 1 lit. f GDPR to this provider so that it can send e-mails on our behalf.

Subject to your express consent pursuant to Art. 6 para. 1 lit. a GDPR, the provider also performs a statistical evaluation of the success of mail campaigns using web beacons or tracking pixels in the e-mails sent, which can measure opening rates and specific interactions with the contents of the newsletter. In the process, end device information, such as time of retrieval, IP address, browser type and operating system, is also collected and evaluated, but not merged with other data sets.

You can revoke your consent to mail tracking at any time with effect for the future.

We have concluded a data processing agreement with the provider, which protects the data of our site visitors and prohibits disclosure to third parties.

For data transfers to the USA, the provider has joined the EU US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.

6.4 Advertising by postal mail

On the basis of our legitimate interest in personalized direct advertising, we reserve the right to store your first and last name, your postal address and, insofar as we have received this additional information from you within the scope of the contractual relationship, your title, academic degree, year of birth and your professional, industry or business designation in accordance with Art. 6 para. 1 lit. f GDPR and to use this data for sending you interesting offers and information about our products by postal mail.

You may object to the storage and use of your data for this purpose at any time.

7) Web analytics services

7.1 Google Analytics 4

This website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, hereinafter “Google”, which enables an analysis of your use of our website.

By default, Google Analytics 4 sets cookies when you visit the website, which are stored as small text files on your end device and collect certain information. The scope of this information also includes your IP address, which is, however, shortened by Google in order to exclude a direct personal reference.

The information is transferred to Google servers and processed there. In the process, transfers to Google LLC, based in the USA, are also possible.

Google uses the collected information on our behalf to evaluate your use of the website, to compile reports on website activity for us and to provide other services related to website activity and internet usage. The IP address transmitted and shortened by your browser within the scope of Google Analytics will not be merged with other data from Google. The data collected in the context of the use of Google Analytics 4 will be stored for a period of two months and then deleted.

All processing described above, in particular the setting of cookies on the end device used, will only take place if you have given us your express consent for this in accordance with Art. 6 para. 1 lit. a GDPR.

Without your consent, Google Analytics 4 will not be used during your visit to the site. You can revoke your consent at any time with effect for the future. To exercise your right of revocation, please deactivate this service via the “Cookie Consent Tool” provided on the website.

We have concluded a data processing agreement with Google, which ensures the protection of our site visitors’ data and prohibits unauthorized disclosure to third parties.

Further legal information on Google Analytics 4 can be found at https://business.safety.google/intl/de/privacy/, https://policies.google.com/privacy?hl=de&gl=de and https://policies.google.com/technologies/partner-sites.

Demographic characteristics
Google Analytics 4 uses the special feature “demographic characteristics” and can use it to create statistics that make statements about the age, gender and interests of site visitors. This is done by analyzing advertising and information from third party providers. This allows target groups to be identified for marketing activities. However, the collected data cannot be assigned to a specific person and is deleted after being stored for a period of two months.

Google Signals
As an extension to Google Analytics 4, Google Signals can be used on this website to generate cross device reports. If you have activated personalized ads and linked your devices to your Google account, Google may, subject to your consent to the use of Google Analytics pursuant to Art. 6 para. 1 lit. a GDPR, analyze your usage behavior across devices and create database models, including on cross device conversions. We do not receive any personal data from Google, only statistics. If you want to stop the cross device analysis, you can deactivate the “Personalized advertising” function in the settings of your Google account. To do so, follow the instructions on this page: https://support.google.com/My-Ad-Center-Help/answer/12155764?hl=de.

Further information about Google Signals can be found at the following link: https://support.google.com/analytics/answer/7532985?hl=de

UserIDs
As an extension to Google Analytics 4, the “UserIDs” function can be used on this website. If you have consented to the use of Google Analytics 4 pursuant to Art. 6 para. 1 lit. a GDPR, have set up an account on this website and log in with this account on various devices, your activities, including conversions, can be analyzed across devices.

7.2 Google Tag Manager

This website uses the “Google Tag Manager”, a service of the following provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter “Google”.

Google Tag Manager provides a technical basis for bundling various web applications, including tracking and analytics services, and for calibrating, controlling and linking them to conditions via a uniform user interface. Google Tag Manager itself does not store any information on user end devices or read it out. The service also does not perform any independent data analyses. However, Google Tag Manager transmits your IP address to Google when you visit a page and may store it there. A transmission to servers of Google LLC in the USA is also possible.

This processing is only carried out if you have given us your express consent to this in accordance with Art. 6 para. 1 lit. a GDPR. Without this consent, Google Tag Manager will not be used during your visit to the site. You can revoke your consent at any time with effect for the future. To exercise your revocation, please deactivate this service in the “Cookie Consent Tool” provided on the website.

We have concluded a data processing agreement with the provider, which ensures the protection of our site visitors’ data and prohibits unauthorized disclosure to third parties.

8) Retargeting, remarketing and conversion tracking

Meta Pixel with advanced matching

Within our online offering, we use the “Meta Pixel” service of the following provider in advanced matching mode: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, hereinafter “Meta”.

If a user clicks on an advertisement placed by us on Facebook or Instagram, the URL of our linked page is extended by a parameter with the help of “Meta Pixel”. This URL parameter is then entered in the user’s browser after redirection by a cookie that our linked page sets itself. In addition, this cookie or the processing additionally recorded via server side interfaces can collect specific customer data such as the e-mail address that we collect on our website linked to the Facebook or Instagram ad during processes such as purchase transactions, account logins or registrations, advanced matching.

We use “Meta Pixel” with advanced matching to make our advertisements, so called ads, on Facebook and or Instagram more effective and to ensure that they correspond to the interests of users or have certain characteristics, for example interests in certain topics or products determined on the basis of the websites visited, which we transmit to Meta, so called Custom Audiences.

In addition, we analyze the effectiveness of our advertisements by tracking whether users were redirected to our website after clicking on an advertisement, conversion. In addition, server side transmission via the Conversion API may take place in order to better measure and assign the effectiveness of our advertising campaigns.

All transmitted data is stored and processed by Meta so that it can be assigned to the respective user profile and Meta can use the data for its own advertising purposes in accordance with Meta’s data usage guidelines at https://www.facebook.com/privacy/policy/. The data may enable Meta and its partners to place advertisements on and outside Facebook or Instagram.

All processing described above, in particular the setting of cookies for reading information on the end device used, will only be carried out if you have given us your express consent to do so in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future by deactivating this service in the “Cookie Consent Tool” provided on the website.

We have concluded a data processing agreement with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties.

The information generated by Meta is usually transferred to a Meta server and stored there. In this context, it may also be transferred to Meta Platforms Inc. servers in the USA.

9) Page functionalities

9.1 YouTube

This website uses plugins for displaying and playing videos from the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

Data may also be transmitted to Google LLC, USA.

If you access a page on our website that contains such a plugin, your browser establishes a direct connection to the provider’s servers at the latest when the video is played in order to load the content. In this process, certain information, including your IP address, is transmitted to the provider.

If the playback of embedded videos is started via the plugin, the provider also uses cookies to collect information about user behavior, create playback statistics and prevent abusive behavior.

If you are logged into a user account with the provider during your visit to the site, your data will be directly assigned to your account when you click on a video. If you do not want the assignment to your account, you must log out before pressing the play button.

All of the above processing, in particular the setting of cookies for reading information on the end device used, only takes place if you have given us your express consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future by deactivating this service via the “Cookie Consent Tool” provided on the website.

9.2 Google Maps

This website uses an online map service provided by the following provider: Google Maps API by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, hereinafter “Google”.

Google Maps is a web service for displaying interactive maps in order to visually present geographical information. By using this service, our location is shown to you and a possible route is facilitated.

When you call up those subpages in which the Google Maps map is integrated, information about your use of our website, such as your IP address, is transmitted to Google servers and stored there. This may also involve transmission to the servers of Google LLC in the USA. This occurs regardless of whether Google provides a user account through which you are logged in or whether a user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your Google profile, you must log out before activating the button. Google stores your data, even for users who are not logged in, as usage profiles and evaluates them.

The collection, storage and analysis are carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of Google’s legitimate interest in the display of personalized advertising, market research and or the needs based design of Google websites. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right. If you do not agree to the future transmission of your data to Google in the context of the use of Google Maps, you also have the option of completely deactivating the Google Maps web service by turning off JavaScript in your browser. Google Maps and therefore also the map display on this website can then not be used.

As far as legally required, we have obtained your consent for the processing of your data as described above in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future. To exercise your revocation, please follow the option described above for making an objection.

9.3 Cloudflare Turnstile

On this website, we use the CAPTCHA service of the following provider: Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107, USA.

The service checks whether an entry is made by a natural person or abusively by machine and automated processing, and blocks spam, DDoS attacks and similar automated malicious access. In order to ensure that an action is carried out by a person and not by an automated bot, Cloudflare Turnstile collects the IP address of the end device used, identification data of the browser and operating system type used, as well as the date and duration of the visit, and transmits this information to the provider’s servers for evaluation.

The legal basis is our legitimate interest in establishing individual responsibility on the internet and avoiding abuse and spam in accordance with Art. 6 para. 1 lit. f GDPR.

We have concluded a data processing agreement with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties.

9.4 Zapier

This website uses the services of the following provider for the integration and synchronization of databases and web applications: Zapier Inc., 548 Market St #62411, San Francisco, California 94104, USA.

Our processing operations are automated and various workflows are established in order to efficiently manage and execute internal processes in our processing system. If personal data is also processed in this context, this is done in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in optimizing our internal organization.

We have concluded a data processing agreement with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties.

9.5 Gravity Forms

For conducting surveys or for online forms, we use the services of the following provider: Rocketgenius Inc., 1620 Centerville Turnpike STE 102, Virginia Beach, VA 23464, USA.

The provider enables us to design and evaluate surveys and online forms. In addition to the respective personal data that you enter in the forms, information about your operating system, browser, date and time of your visit, referrer URL and your IP address is also collected, transmitted to the provider and stored on the provider’s servers.

The information you enter in the forms is stored in a password protected manner in order to ensure that access by third parties is excluded and that only we can evaluate the data for the purpose specified in the respective form.

When processing personal data that is required to fulfill a contract with you, this also applies to processing operations that are required to carry out pre contractual measures, Art. 6 para. 1 lit. b GDPR serves as the legal basis. If you have given us your consent to process your data, the processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR. Any consent given can be revoked at any time with effect for the future.

We have concluded a data processing agreement with the provider, which ensures the protection of the data of our site visitors and prohibits unauthorized disclosure to third parties.

For the transfer of data to the USA, the provider relies on standard contractual clauses of the European Commission, which are intended to ensure compliance with the European level of data protection.

9.6 Perspective

For the provision of contact, inquiry or application forms, we use the services of the following provider: Perspective Software GmbH, Müggelstraße 22, 10247 Berlin, Germany.

The provider enables us to design and evaluate the aforementioned forms. In addition to the respective personal data that you enter in the forms, information about your operating system, browser, date and time of your visit, referrer URL and your IP address is also collected, transmitted to the provider and stored on the provider’s servers.

The legal basis for the processing of this data is our legitimate interest in the efficient recording, handling and answering of your request in accordance with Art. 6 para. 1 lit. f GDPR.

We have concluded a data processing agreement with the provider, which ensures the protection of the data of our site visitors and prohibits unauthorized disclosure to third parties.

9.7 Applications for job advertisements by e-mail

On our website, we advertise current vacancies in a separate section, for which interested parties can apply by e-mail to the contact address provided.

Applicants must provide all personal data required for an informed assessment, including general information such as name, address and contact details, as well as performance related evidence and, if applicable, health related information. Details on how to apply can be found in the job advertisement.

Once the application has been received by e-mail, the data will be stored and evaluated solely for the purpose of processing the application. In the event of queries, we will use either the applicant’s e-mail address or telephone number. Processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR, or Section 26 para. 1 BDSG, insofar as the application procedure is considered the initiation of an employment contract.

Insofar as special categories of personal data within the meaning of Art. 9 para. 1 GDPR, such as health data like information on severely disabled status, are requested from applicants as part of the application process, the processing is carried out in accordance with Art. 9 para. 2 lit. b GDPR so that we can exercise the rights arising from labor law and social security and social protection law and fulfill our obligations in this regard.

Cumulatively or alternatively, the processing of special categories of data may also be based on Art. 9 para. 1 lit. h GDPR if it is carried out for the purposes of preventive health care or occupational medicine, for the assessment of the applicant’s ability to work, for medical diagnostics, health or social care or treatment, or for the management of health or social care systems and services.

If the applicant is not selected or if an applicant withdraws the application prematurely, the transmitted data and all electronic correspondence, including the application e-mail, will be deleted after six months at the latest following corresponding notification. This period is based on our legitimate interest in answering any follow up questions about the application and, if necessary, in being able to comply with obligations to provide evidence under the regulations on equal treatment of applicants.

In the event of a successful application, the data provided will be processed on the basis of Art. 6 para. 1 lit. b GDPR, for processing in Germany in conjunction with Section 26 para. 1 BDSG, for the purpose of implementing the employment relationship.

9.8 Online applications via a form

On our website, we advertise current vacancies in a separate section, for which interested parties can apply using a corresponding form.

When the form is sent, the applicant data is transmitted to us in encrypted form in accordance with the state of the art, stored by us and evaluated exclusively for the purpose of processing the application. Processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR, or Section 26 para. 1 BDSG, insofar as the application procedure is considered the initiation of an employment contract.

If the applicant is not selected or if an applicant withdraws the application prematurely, the data submitted via the form and all electronic correspondence, including the application e-mail, will be deleted after six months at the latest following corresponding notification. This period is based on our legitimate interest in answering any follow up questions about the application and, if necessary, in being able to comply with obligations to provide evidence under the regulations on equal treatment of applicants.

10) Tools and miscellaneous

10.1 Cookie Consent Tool

This website uses a so called “Cookie Consent Tool” to obtain effective user consent for cookies and cookie based applications that require consent. The “Cookie Consent Tool” is displayed to users in the form of an interactive user interface when they call up the page, on which consent for certain cookies and or cookie based applications can be given by ticking the appropriate box. By using the tool, all cookies and services requiring consent are only loaded if the respective user grants the corresponding consent by setting a check mark. This ensures that such cookies are only set on the respective user’s end device if consent has been granted.

The tool sets technically necessary cookies to save your cookie preferences. Personal user data is generally not processed in this context.

If, in individual cases, personal data, such as the IP address, is processed for the purpose of storing, assigning or logging cookie settings, this is done in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in legally compliant, user specific and user friendly consent management for cookies and thus in a legally compliant design of our website.

A further legal basis for the processing is Art. 6 para. 1 lit. c GDPR. As controller, we are subject to the legal obligation to make the use of technically unnecessary cookies dependent on the respective user consent.

To the extent necessary, we have concluded a data processing agreement with the provider, which ensures the protection of the data of our site visitors and prohibits unauthorized disclosure to third parties.

Further information on the operator and the setting options of the Cookie Consent Tool can be found directly in the corresponding user interface on our website.

10.2 Wordfence

For security purposes, this website uses the service of the following provider: Defiant Inc., 800 5th Ave Ste 4100, Seattle, WA 98104, USA.

The provider protects the website and related IT infrastructure from unauthorized third party access, cyber attacks, as well as viruses and malware. The provider collects the IP addresses of users and, if necessary, other data about your behavior on our website, in particular URLs accessed and header information, in order to detect and prevent illegitimate page access and threats. In this process, the captured IP address is compared with a list of known attackers. If the captured IP address is identified as a security risk, the provider can automatically block it from accessing the site. The information collected in this way is transferred to a server of the provider and stored there.

The described data processing is carried out pursuant to Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interests in protecting the website from harmful cyber attacks and in maintaining structural and data integrity and security.

If visitors to the website have login rights, the provider also sets cookies, meaning small text files, on the end device used by the visitor. With the help of these cookies, certain location and device information can be read, which enables an assessment of whether the login authorized access originates from a legitimate person. At the same time, access rights can be evaluated via the cookies and released via a site internal firewall according to the authorization level. Finally, the cookies are used to register irregular access by site administrators from new devices or new locations and to notify other administrators about this.

These cookies are only set if a user has login privileges. The provider does not set cookies for site visitors without login authorization.

If personal data is processed via the cookies, the processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in preventing illegitimate access to the site administration and defending against unauthorized administrator access.

We have concluded a data processing agreement with the provider, which ensures the protection of our site visitors’ data and prohibits unauthorized disclosure to third parties.

11) Rights of the data subject

11.1 The applicable data protection law grants you the following data subject rights, rights of information and intervention, vis à vis the controller with regard to the processing of your personal data, whereby reference is made to the stated legal basis for the respective exercise prerequisites:

Right of access pursuant to Art. 15 GDPR
Right to rectification pursuant to Art. 16 GDPR
Right to erasure pursuant to Art. 17 GDPR
Right to restriction of processing pursuant to Art. 18 GDPR
Right to information pursuant to Art. 19 GDPR
Right to data portability pursuant to Art. 20 GDPR
Right to withdraw consent given pursuant to Art. 7 para. 3 GDPR
Right to lodge a complaint pursuant to Art. 77 GDPR

11.2 RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST WITHIN THE FRAMEWORK OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE ON GROUNDS ARISING FROM YOUR PARTICULAR SITUATION.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO CONTINUE PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES TO ASSERT, EXERCISE OR DEFEND LEGAL CLAIMS.

IF WE PROCESS YOUR PERSONAL DATA FOR THE PURPOSES OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSES OF SUCH MARKETING. YOU MAY EXERCISE THE OBJECTION AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.

If you wish to exercise your right of withdrawal or objection, simply send an e-mail to info@it-gmbh.de.

12) Duration of storage of personal data

The duration of the storage of personal data is measured on the basis of the respective legal basis, the purpose of processing and, if relevant, additionally on the basis of the respective statutory retention period, for example retention periods under commercial and tax law.

When processing personal data on the basis of explicit consent pursuant to Art. 6 para. 1 lit. a GDPR, the data concerned will be stored until you revoke your consent.

If there are legal retention periods for data that is processed within the scope of legal or similar obligations on the basis of Art. 6 para. 1 lit. b GDPR, this data will be routinely deleted after the retention periods have expired, provided that it is no longer required for the fulfillment or initiation of a contract and or there is no legitimate interest on our part in continuing to store it.

When personal data is processed on the basis of Art. 6 para. 1 lit. f GDPR, this data is stored until you exercise your right to object pursuant to Art. 21 para. 1 GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

When personal data is processed for the purpose of direct marketing on the basis of Art. 6 para. 1 lit. f GDPR, this data is stored until you exercise your right to object pursuant to Art. 21 para. 2 GDPR.

Unless otherwise stated in the other information contained in this declaration regarding specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.

Orders, support, remote maintenance

For orders, our General Terms and Conditions and the data protection provisions listed there apply.

In the context of an order, including app orders via the KNX online shop, support service and remote maintenance services, the company name, surname, first name, address, telephone number and e-mail address are recorded. The use of this data is exclusively for processing and sending your order and sending information in connection with the purchased products.

The passing on of contact data in the case of project support or project processing will only take place with your prior express permission.

Location

The web server is located in Germany.

Right to information

You have the right at any time to obtain information about the data stored about you, its origin and recipients, and the purpose for which it is stored. To do so, please contact our office by post or e-mail. In order to receive information, you must identify yourself as the person concerned or be able to prove that you are entitled to receive information about a third person.

Further information

If you have any further questions that this privacy policy could not answer, or if you would like more in depth information on any point, please contact us at any time.

Disclaimer

The content of this website has been created with the utmost care. Nevertheless, errors can occur. Therefore, we do not assume any liability for the correctness of the contents. Please inform us if you have any suggestions for corrections. We will be happy to consider them after review.

We cannot accept any liability for the content of linked pages, as we have no influence over them.

Current validity and changes to this privacy policy

This privacy policy is currently valid and has the status of March 2026.

Due to the further development of our website and offers on it or due to changed legal or regulatory requirements, it may become necessary to change this privacy policy. You can access and print the current privacy policy at any time on the website at https://it-gmbh.de/en/privacy-policy/.