Website Privacy Policy and Simultaneous Information of Data Subjects in Accordance with Articles 13 and 14 of the EU General Data Protection Regulation
1. General Information about our Privacy Policy
Details of the Responsible Entity
INNERECOMMERCE GmbH
Bocksmauer 20,
49074 Osnabrück
GERMANY
Phone: 0541 / 931 311 46
Privacy Policy Email: privacy@innerecommerce.com
Contact Details of the Data Protection Officer:
Attorney Dr. Sebastian Kraska
IITR Datenschutz GmbH
Marienplatz 2, 80331 Munich
Tel: +49 89 1891 7360
email@iitr.de
www.iitr.de
GDPR certified by:
IITR CERT GmbH
Eschenriederstraße 62c, 82194 Gröbenzell
Tel. +49 (0)89 18917360
Email: email@iitr.de
www.iitr-cert.de
2. General Data Processing Information
Personal data is only collected if you voluntarily provide it or if it is technically necessary. Beyond this, no personal data is collected. Processing of your personal data beyond the scope of legal permissions is only based on your explicit consent.
Purpose of Processing / Legal Basis: Contract execution.
Categories of Recipients:
- Public authorities in the presence of overriding legal provisions.
- External service providers or other contractors.
- Other external entities as far as the data subject has given consent or transmission is permissible due to overriding interest.
Transfers to Third Countries: There is no transfer of personal data to third countries unless there is an adequate level of data protection, the users have given their consent, or there is a legal permission according to applicable data protection regulations.
Data Storage Duration: The duration of data storage is determined by legal retention obligations and is generally 10 years.
Usage Data on the Website and Our Demo Ecommerce Store
When you access our websites, data is technically transmitted to our web server by your internet browser. The following data is recorded during an ongoing connection for communication between your internet browser and our web server:
- Date and time of the request
- Name of the requested file
- Page from which the file was requested
- Access status (file transferred, file not found, etc.)
- Web browser used and operating system
- Full IP address of the requesting computer
- Amount of data transferred.
For reasons of technical security, particularly to prevent attempts to attack our web server, these data are temporarily stored by us. It is not possible for us to draw conclusions about individual persons from these data. After a maximum of 30 days, the data is anonymized by shortening the IP address at the domain level, making it impossible to relate it back to the individual user. In anonymized form, the data is also processed for statistical purposes; no comparison with other databases or sharing to third parties, even in excerpts, takes place.
3. Specific Information about the Website
Use of a Newsletter
As part of registering for our newsletter, you provide us with your email address and optionally further data. We use this information exclusively to send you the newsletter. The data entered at newsletter registration remains stored with us until you unsubscribe from our newsletter. Unsubscription is possible at any time via the provided link in the newsletter or by sending a corresponding message to us. By unsubscribing, you object to the use of your email address.
Matomo Analytics
To design our website according to users’ needs, we use Matomo, a so-called web analytics service. To capture and analyze the use of our website, usage information is transmitted to our server and stored for analysis purposes. Your IP address is processed in a shortened, thereby anonymized form. If you wish to prevent analysis for these purposes, you can object at any time with a mouse click. In this case, a so-called Opt-Out-Cookie will be stored in your browser, which means that Matomo does not collect any session data.
You have the option to prevent actions you take here from being analyzed and linked. This will protect your privacy but will also prevent the owner from learning from your actions and improving usability for you and other users.
You may choose to prevent this website from aggregating and analyzing the actions you take here. Doing so will protect your privacy, but will also prevent the owner from learning from your actions and creating a better experience for you and other users.
Use of Cookies Necessary for Displaying the Website
This website uses its own “cookies” to store settings necessary for the display of the website (“cookies” are records that are sent from the webserver to the user’s browser and stored there for later retrieval). No personal data is stored in our own “cookies.” You can prevent the use of “cookies” in general if you prohibit the storage of “cookies” in your browser.
Website Encryption
For security reasons and to protect the transmission of personal data and other confidential content, such as orders or inquiries sent to the responsible party, this website uses SSL or TLS encryption. An encrypted connection can be recognized by the string “https://” and the lock symbol in your browser line.
4. Information on Other Data Processing Procedures
Specific Information on the Processing of Customer Data/Prospective Customer Data
Affected data: Data communicated for contract execution; if applicable, additional data for processing based on your explicit consent.
Purpose of Processing / Legal Basis: Contract execution, including offers, orders, sales, and invoicing, quality assurance.
Categories of Recipients:
- Public authorities in the presence of overriding legal provisions.
- External service providers or other contractors, including for data processing and hosting, web services, and invoicing.
- Other external entities as far as the data subject has given consent or transmission is permissible due to overriding interest, including sanction list checking, creditworthiness information, and quality assurance purposes.
Transfers to Third Countries: None.
Specific Information on the Application Process
Affected data: Application details.
Purpose of Processing / Legal Basis: Conduct of application procedures.
Categories of Recipients:
- Public authorities in the presence of overriding legal provisions.
- External service providers or other contractors, including for data processing and hosting.
- Other external entities as far as the data subject has given consent or transmission is permissible due to overriding interest.
Transfers to Third Countries: There is no transfer of personal data to third countries unless there is an adequate level of data protection, the users have given their consent, or there is a legal permission according to applicable data protection regulations.
Data Storage Duration: Application data are deleted generally within four months after the communication of the decision unless consent has been given for longer data storage within the framework of joining an applicant pool.
Specific Information on the Processing of Employee Data
Affected data: Data communicated for contract execution within the employment relationship; if applicable, additional data for processing based on your explicit consent.
Purpose of Processing / Legal Basis: Contract execution within the employment relationship.
Categories of Recipients:
- Public authorities in the presence of overriding legal provisions, including tax offices, social security institutions, and professional associations.
- External service providers or other contractors, including for data processing and hosting, payroll accounting, travel expense accounting, insurance services, and vehicle use.
- Other external entities as far as the data subject has given consent or transmission is permissible due to overriding interest, including for acquiring contracts, insurance services.
Transfers to Third Countries: None.
Data Storage Duration: The duration of data storage is determined by legal retention obligations and is generally 10 years.
Specific Information on the Processing of Supplier Data
Affected data: Data communicated for contract execution; if applicable, additional data for processing based on your explicit consent.
Purpose of Processing / Legal Basis: Contract execution, including inquiries, purchasing, quality assurance.
Categories of Recipients:
- Public authorities in the presence of overriding legal provisions, including tax offices, customs.
- External service providers or other contractors, including for data processing and hosting, accounting, payment processing.
- Other external entities as far as the data subject has given consent or transmission is permissible due to overriding interest.
Transfers to Third Countries: None.
Data Storage Duration: The duration of data storage is determined by legal retention obligations and is generally 10 years.
Specific Information on the Use of Video Conference/Webinar Software
Affected data: Data communicated for the use of video conference software or webinar software (especially first name, last name, email address; optionally: audio transmission, video transmission, questions using chat functions); data of your system necessary technically for making a connection with the conference software provider.
Purpose of Processing / Legal Basis: Conduct of video conferences or webinars.
Categories of Recipients:
- Public authorities in the presence of overriding legal provisions.
- External service providers or other contractors, including for data processing and hosting.
- Other external entities as far as the data subject has given consent or transmission is permissible due to overriding interest.
Transfers to Third Countries: There is no transfer of personal data to third countries unless there is an adequate level of data protection, the users have given their consent, or there is a legal permission according to applicable data protection regulations.
Data Storage Duration: Recording of video conferences is only done with prior documented consent of the participants. Technical data is deleted as soon as it is no longer necessary. Otherwise, the duration of data storage is determined by legal retention obligations.
Specific Information on the Use of Web Services
Affected data: The use of our web services may involve the transfer of personal data provided by users, including but not limited to first name, last name, email address, birthday, gender, and other information provided during the use of our services. It is possible that technical data necessary for establishing a connection with our servers is also transmitted.
Purpose of Processing / Legal Basis: The processing of this data is carried out for the purpose of providing and improving our web services in accordance with applicable legal provisions. The legal basis for processing may be the fulfillment of a contract, the consent of the users, or another legitimate interest according to applicable data protection laws.
Categories of Recipients: The transfer of personal data is exclusively to external service providers or contractors who are responsible for data processing and hosting our web services. Even in the case of third-party providers from third countries (e.g., hosting), it is ensured that personal data is processed exclusively on European servers.
Transfers to Third Countries: None.
Data Storage Duration: The duration of data storage is determined by legal retention obligations and is generally 90 days unless a shorter storage period is required due to other legal obligations or legitimate interests. We delete or anonymize personal data as soon as it is no longer necessary for the purposes mentioned above.
5. Additional Information and Contacts of this Privacy Policy
Furthermore, you can always assert your rights to access, correct, delete, or restrict the processing or to object to the processing as well as the right to data portability. Here you will find the possibility to contact us by email or letter. You also have the right to complain to the data protection supervisory authority.
You can find more information about privacy and privacy policy on the website of the European Commission.