Privacy policy according to the GDPR (the General Data Protection Regulation)

This privacy statement explains the nature, scope and purpose of the processing of personal data (hereinafter referred to as "data") within our website.

I. Name and address of the responsible authority

The responsible authority in terms of the basic data protection regulation and other national data protection laws of the member states as well as other data protection regulations is:

IDZ Design Partner Berlin GmbH
Hagelberger Str. 52
10965 Berlin

Managing Director: Ralf Wudtke
District court Charlottenburg HRB 77023
Phone: +49 (0)30 61 62 321-0 | e-mail

II. Data protection officer

You can reach the data protection officer at: e-mail

III. General information on data processing

1/ Scope of processing of personal data

In principle, we process personal data of our users only tot he extent necessary to provide a functional website including our contents and services. The regular processing of personal data of our users occurs only with consent of the user. An exception applies to cases in which prior consent cannot be obtained for reasons of fact and the processing of the data is permitted by legal regulations.

2/ Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 Para. 1 lit. a EU Data Protection Regulation (GDPR) serves as the legal basis. In the processing of personal data necessary for the performance of a contract of which the data subject is a party, Art. 6 (1) (b) GDPR serves as the legal basis.This also applies to processing operations required to carry out pre-contractual measures.

Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 (1) (c) GDPR serves as the legal basis. In the event that vital interests of the data subject or any other natural person require the processing of personal data, Art. 6 (1) (d) GDPR serves as the legal basis. If processing is necessary to safeguard the legitimate interests of our company or a third party, and if interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1) (f) GDPR serves as the legal basis for the processing.

3/ Deletion of Data and Duration of Storge

The personal data of the affected person will be deleted or blocked as soon as the purpose of the storage ceases to exist. In addition, storage may also occur if this storage is intended by the European or national legislator in EU regulations, laws or other guidelines to which the responsible authority is subject. Blocking or deletion of the data also occurs upon the expiration of a storage period prescribed by the aforementioned standards, unless there is a need for further storage of the data for conclusion or fulfilment of a contract.

4/ Cooperation with contract processors and third parties

Insofar as we transfer data to other persons and companies (contract processors or third parties) within the scope of our processing or otherwise grant them access to the data, this shall only take place on the basis of legal permission, you have consented, a legal obligation this provides or on the basis of our legitimate interest (e.g. when using agents, web hosts, etc.). If we commission third parties with the processing of data on the basis of a so-called "order processing contract", this is done on the basis of Art. 28 DGPR.

5/ Company profiles in social media

We operate company profiles within social networks and platforms in order to communicate with the customers, interested parties and users active there and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply. Unless otherwise stated in our private policy, we process the data of users who communicate with us within the social networks and platforms, e.g. write articles on our online presences or send us messages.

IV. Provision of the website and creation of log files

Every time our website is visited, information is automatically sent to the server of our website by the browser used on your end device. This information is temporarily stored in a so-called log file. The following information is recorded without your intervention and stored until it is automatically deleted:

  • Information about the browser type and the version used
  • The IP address of the user
  • Date and time of access
  • Websites from which the user's system reached our website
  • Websites called up by the user's system via our website
  • Amount of the delivered data in bytes

The mentioned data will be processed by us for the following purposes:

  • Ensuring a smooth connection of the website,
  • Ensuring a comfortable use of our website,
  • Evaluation of system security and stability as well as
  • for other administrative purposes.

The legal basis for data processing is Art. 6 Para. 1 sentence 1 lit. f GDPR. Our legitimate interest follows from the purposes listed above for data collection. Under no circumstances do we use the collected data for the purpose of drawing conclusions about your person. In addition, we use cookies and analysis services when you visit our website. You will find more detailed explanations in sections V and VIII of this privacy policy.

V. Use of cookies

Our website uses cookies. These are small files that are automatically created by your browser, stored on your end device (laptop, tablet, smartphone or similar) when you visit our site. Cookies do not cause any damage to your terminal device, nor do they contain viruses, Trojans or other malware. Information stored in the cookies is related to the specific terminal device used. However, this does not mean that we obtain instant knowledge about your identity.

On the one hand, the use of cookies serves the purpose of providing you with a more pleasant experience when using our services. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after you hae left our site. In addition, we also use temporary cookies in order to optimise user-friendliness, which are stored on your end device for a specified period of time. If you revisit our website in order to make use of our services, it will be automatically recognised that you have already been to the website; in addition, your previous entries and settings will be restored so that they do not need to be entered again.

Beyond this, we use cookies to capture a statistical picture of use of the website and to evaluate the latter for the purpose of optimising its service (see section VIII). When you revisit the website, these cookies enable us to recognise automatically that you have already visited the website at some point. These cookies are automatically deleted after a defined period of time. When calling up our website, users are informed by an info banner about the use of cookies for analysis purposes and are referred to this privacy policy.

The data processed by cookies is required for the purposes mentioned to protect our legitimate interests and those of third parties in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR. Most browsers automatically accept cookies. However, you can configure your browser in such a way that no cookies are stored on your terminal devices or that a message always appears any time a new cookie is about to be created. However, the complete disablement of cookies may result in you not being able to use all the functions of the website.

VI. Newsletter

On our website you have the possibility to subscribe to a free newsletter. When registering for the newsletter, the following data from the input mask is transmitted to us:

  • First name (optional)
  • Last name (optional)
  • E-mail address

For the processing of the data, your consent will be obtained during the registration process and reference will be made to this privacy policy. The registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registration you receive an e-mail asking you to confirm your registration. This confirmation is necessary so that nobody can log in with unrecognised e-mail addresses. The registrations for the newsletter are logged in order to be able to prove the registration process in accordance with legal requirements. This includes the storage of the registration and confirmation time, as well as the IP address. Modifications to your data stored at the dispatch service provider are also recorded.

The newsletter is sent by means of "MailChimp", a newsletter dispatch platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA ("dispatch service provider"), to which we pass on your data for the purpose of newsletter creation and dispatch. The privacy policy of Mailchimp can be viewed here. The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield Agreement and therefore offers a guarantee of complying with the European data protection standards.

In addition, according to its own information, Mailchimp may use this data in a pseudonymous form, i.e. without attribution to a user, for the optimisation or improvement of its own services, e.g. for technical optimization of the sending and presentation of newsletters or for statistical purposes to determine from which countries the recipients come. However, Mailchimp does not use the data of our newsletter recipients to approach them itself or to pass them on to third parties.

Legal basis for the processing of data after registration for the newsletter by the user is Art. 6 Para. 1 lit. a GDPR if the user has given his consent. The collection of the user's e-mail address serves to deliver the newsletter. The collection of other personal data during the registration process serves to prevent misuse of the services or the e-mail address used. The data is deleted as soon as it is no longer required for the purpose of its collection. The user's e-mail address is therefore stored as long as the subscription to the newsletter is active.

Users may at any time revoke their consent to receiving the newsletter and unsubscibe from the latter. The revocation can be made by clicking on the corresponding link in every newsletter. This also enables a revocation of the consent to the storage of personal data collected during the registration process. Alternatively, you can send your revocation request at any time by sending an e-mail to news@idz.de.

VII. E-mail contact

It is possible to contact us via the provided e-mail address idz@idz.de. In this case the personal data of the user transmitted with the e-mail will be stored. In this context, the data will not be passed on to third parties. The data will be used exclusively for processing the conversation.

The legal basis for the processing of the data transmitted in the course of sending an e-mail is Art. 6 Para. 1 lit. f GDPR. If the e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 Para. 1 lit. b GDPR.

The processing of the personal data from the e-mail serves us solely to process the contact. This also includes the necessary legitimate interest in the processing of the data.The data will be deleted as soon as they are no longer required for the purpose of their collection. For personal data sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is terminated when it can be concluded from the circumstances that the matter in question has been finally clarified.

The user has the possibility to revoke his or her consent to the processing of personal data at any time. If the user contacts us by e-mail (idz@idz.de), he/she can object to the storage of his/her personal data at any time. In such a case the conversation cannot be continued. All personal data stored in the course of the contact will be deleted in this case.

VIII. Tracking tools

The tracking measures listed below and used by us are carried out on the basis of Art. 6 Para. 1 sentence 1 lit. f GDPR. The tracking tool are used in order to ensure that our website is user-oriented and constantly optimised. We also use tracking tools to statistically record and evaluate the use of our website in order to optimise our services for you. These interests are to be considered legitimate in terms of the aforementioned regulation. The respective data processing purposes and data categories can be derived from the corresponding tracking tools.

1/ Google analytics

For the purpose of designing our website to meet your needs and continuously optimizing it, we use Google Analytics, a web analysis service by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter "Google"). In this context, pseudonymised user profiles are created and cookies (see section V) are used. The information generated by the cookie about your use of this website such as

  • browser type/version,
  • the operating system used,
  • referrer URL (the previously visited page),
  • host name of the accessing computer (IP address),
  • time of the server request,

are transmitted to a Google server in the USA and stored there. The information is used in order to evaluate the use of the website in order to compile reports on the website activities and to provide further services associated with the use of the website and the Internet for the purposes of market research and demand-oriented design of these Internet pages. This information may also be transferred to third parties where required by law or as far as third parties process this data on our behalf. Under no circumstances will your IP address be combined with other data of Google. The IP addresses are rendered anonymous, so that an assignment is not possible (IP masking). You may refuse the generation of cookies by selecting the appropriate settings on your browser; however, please note that in case of refusing such cookies you may not be able to make full use of all website functions. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a Browser Add-on. As an alternative to the Browser Add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from collecting the data by clicking on this link. An opt-out cookie will be set to prevent the collection of your data during your visit to the website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you will have to reinstall opt-out cookie. Further information on data protection in connection with Google Analytics can be found in the Google Analytics Help.

IX. Rights of the data subject

If personal data are processed by you, you are the data subject within the meaning of the GDPR and entitled to the following rights in relation to the person responsible:

1/ Right of access by the data subject

You can request confirmation from the person responsible as to whether personal data concerning you are being processed by us. If personal data are processed, you may request the following information from the data controller:

  1. the purposes of processing;
  2. the categories of personal data concerned;
  3. the recipients or categories of recipients to whom the personal data have been or will be disclosed;
  4. the envisaged duration of the storage of personal data or, if it is not possible, to give specific details and criteria used to determine the storage duration;
  5. the existence of a right of rectification or erasure of personal data concerning you, a right to have the processing limited by or a right to object to such processing;
  6. the right to lodge a complaint with a supervisory authority
  7. any available information as to their source, if the personal data are not collected from the data subject;
  8. the existence of automated decision-making, including profiling, referred to in Art. 22 Para. 1 and 4 GDPR and, at least in those cases, meaningful information on the logic involved, as well as the scope and the envisaged consequences of such processing for the data subject.

You are entitled to the right to access information as to whether your personal data is being transferred to a third country or to an international organisation. In this context and pursuant to Art. 46 GDPR, you may request to be informed of the appropriate safeguards in connection with the transfer.

2/ Right to rectification

You have the right to obtain from the data controller the rectification and/or integration of your personal data if it is incorrect or incomplete. The data controller shall make the rectification without delay.

3/ Right to restriction of processing

Under the following conditions, you shall request that the processing of personal data concerning you be restricted:

  1. If the accuracy of the personal data concerning you are contested for a period enabling the controller to verify the accuracy of the personal data;
  2. the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
  3. the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
  4. you have objected to processing pursuant to Art. 21 Para. 1 GDPR pending the verification whether the legitimate grounds of the controller override yours.

Where the processing of personal data relating to you has been restricted, such data may be processed, with the exception of storage, only with your consent or for the purpose of pursuing, exercising or defending legal claims or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or of a Member State. If you have obtained restriction of processing in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

4/ Right to erasure

a) Duty to delete
You shall have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

  1. The personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
  2. You withdraw consent on which the processing is based according to Art. 6 Para. 1 lit. a or Art 9 Para. 2 lit. a GDPR, and where there is no other legal ground for the processing;
  3. You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 Para. 2 GDPR.
  4. The personal data concerning you have been unlawfully processed.
  5. the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
  6. The personal data concerning you have been collected in relation to the offer of information society services referred to in Art. 8 Para. 1 GDPR.

b) Exceptions
The right of cancellation does not exist in so far as the processing is necessary

  1. for exercising the right of freedom of expression and information;
  2. or compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  3. for reasons of public interest in the field of public health pursuant to Art. 9 Para. 2 lit. h and i and Art. 9 Para. 3 GDPR;
  4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89 Para. 1 GDPR in so far as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  5. for the establishment, exercise or defence of legal claims.

5/ Right to information

The controller shall communicate any rectification or erasure of personal data or restriction of processing carried out to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform the data subject about those recipients if the data subject requests it.

6/ Right to object

You have the right to object, on grounds relating to your particular situation, at anytime to processing of personal data concerning you which is based on point (e) or (f) Art. 6 Para. 1 of GPDR, including profiling based on those provisions. The controller no longer processes the personal data concerning you, unless he can demonstrate compelling legitimate grounds for processing which are worthy of protection and which outweigh your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Where personal data relating to you are processed for direct marketing, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

7/ Right to revoke the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of your consent does not affect the legality of the processing carried out on the basis of your consent until you revoke it.

8/ Right to lodge a complaint with supervisory authority
Without prejudice to any other administrative or judicial remedy, you are entitled to the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or the place of aalleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant of the progress and the outcome of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.

Status: May 2018