This privacy statement explains the nature, scope and purpose of the processing of personal data (hereinafter referred to as "data") within our website.
Name and address of the responsible authority
The responsible authority in terms of the basic data protection regulation and other national data protection laws of the member states as well as other data protection regulations is:
IDZ Designpartner Berlin GmbH
Hagelberger Str. 52
Managing Director: Ralf Wudtke
District court Charlottenburg HRB 77023
Phone: +49 (0)30 61 62 321-0 | e-mail
Data protection officer
You can reach the data protection officer at: e-mail
General information on data processing
1/ Scope of processing of personal data
In principle, we process personal data of our users only tot he extent necessary to provide a functional website including our contents and services. The regular processing of personal data of our users occurs only with consent of the user. An exception applies to cases in which prior consent cannot be obtained for reasons of fact and the processing of the data is permitted by legal regulations.
2/ Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 Para. 1 lit. a EU Data Protection Regulation (GDPR) serves as the legal basis. In the processing of personal data necessary for the performance of a contract of which the data subject is a party, Art. 6 (1) (b) GDPR serves as the legal basis.This also applies to processing operations required to carry out pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 (1) (c) GDPR serves as the legal basis. In the event that vital interests of the data subject or any other natural person require the processing of personal data, Art. 6 (1) (d) GDPR serves as the legal basis. If processing is necessary to safeguard the legitimate interests of our company or a third party, and if interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1) (f) GDPR serves as the legal basis for the processing.
3/ Deletion of Data and Duration of Storge
The personal data of the affected person will be deleted or blocked as soon as the purpose of the storage ceases to exist. In addition, storage may also occur if this storage is intended by the European or national legislator in EU regulations, laws or other guidelines to which the responsible authority is subject. Blocking or deletion of the data also occurs upon the expiration of a storage period prescribed by the aforementioned standards, unless there is a need for further storage of the data for conclusion or fulfilment of a contract.
4/ Cooperation with contract processors and third parties
Insofar as we transfer data to other persons and companies (contract processors or third parties) within the scope of our processing or otherwise grant them access to the data, this shall only take place on the basis of legal permission, you have consented, a legal obligation this provides or on the basis of our legitimate interest (e.g. when using agents, web hosts, etc.). If we commission third parties with the processing of data on the basis of a so-called "order processing contract", this is done on the basis of Art. 28 DGPR.
5/ Company profiles in social media
We operate company profiles within social networks and platforms in order to communicate with the customers, interested parties and users active there and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply. Unless otherwise stated in our private policy, we process the data of users who communicate with us within the social networks and platforms, e.g. write articles on our online presences or send us messages.
Provision of the website and creation of log files
Every time our website is visited, information is automatically sent to the server of our website by the browser used on your end device. This information is temporarily stored in a so-called log file. The following information is recorded without your intervention and stored until it is automatically deleted:
- Information about the browser type and the version used
- The IP address of the user
- Date and time of access
- Websites from which the user's system reached our website
- Websites called up by the user's system via our website
- Amount of the delivered data in bytes
The mentioned data will be processed by us for the following purposes:
- Ensuring a smooth connection of the website,
- Ensuring a comfortable use of our website,
- Evaluation of system security and stability as well as
- for other administrative purposes.
The data processed by cookies is required for the purposes mentioned to protect our legitimate interests and those of third parties in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR. Most browsers automatically accept cookies. However, you can configure your browser in such a way that no cookies are stored on your terminal devices or that a message always appears any time a new cookie is about to be created. However, the complete disablement of cookies may result in you not being able to use all the functions of the website.
On our website you have the possibility to subscribe to a free newsletter. When registering for the newsletter, the following data from the input mask is transmitted to us:
- First name (optional)
- Last name (optional)
- E-mail address
We use Brevo as a third-party service to send out our e-newsletters and administer our newsletter mailing lists (Processing Company: Sendinblue SAS, 106 boulevard Haussmann, 75008 Paris, France).
Brevo attaches particular importance to the respect for the privacy of the Users and of the confidentiality of their personal data, and is thus committed to processing the data in compliance with the applicable laws and regulations, and in particular Law No. 78-17 of 6 January 1978 relating to Information Technology, Data Files and Civil Liberties (hereafter referred to as the “Data Protection Act”), and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereafter referred to as the “GDPR”). For more information on the purpose and scope of data processing at Brevo, please visit: https://www.brevo.com/legal/privacypolicy/
Legal basis for the processing of data after registration for the newsletter by the user is Art. 6 Para. 1 lit. a GDPR if the user has given his consent. The collection of the user's e-mail address serves to deliver the newsletter. The collection of other personal data during the registration process serves to prevent misuse of the services or the e-mail address used. The data is deleted as soon as it is no longer required for the purpose of its collection. The user's e-mail address is therefore stored as long as the subscription to the newsletter is active.
Users may at any time revoke their consent to receiving the newsletter and unsubscibe from the latter. The revocation can be made by clicking on the corresponding link in every newsletter. This also enables a revocation of the consent to the storage of personal data collected during the registration process. Alternatively, you can send your revocation request at any time by sending an e-mail to firstname.lastname@example.org.
Our website uses the Consent Management Platform (CMP) Usercentrics, a service of Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany. The CMP is used for the purpose of consent management. We use a CMP to comply with the legal obligation under Art. 6 (1) p. 1 lit. c) DSGVO to provide proof of consent. Usercentrics GmbH is used on the website as a processor for the purpose of consent management. Local storage is used and the following data is processed: Opt-in and opt-out data, referrer URL, user agent, user settings, consent ID, time of consent, consent type, template version, banner language.
The processing of the data takes place in the European Union (the consent database is located in Belgium). The consent data (consent and withdrawal of consent) are stored for one year. After that, the data will be deleted immediately. For more information about Usercentrics, please visit: https://usercentrics.com/privacy-policy/.
The tracking measures listed below and used by us are carried out on the basis of Art. 6 Para. 1 sentence 1 lit. f GDPR. The tracking tool are used in order to ensure that our website is user-oriented and constantly optimised. We also use tracking tools to statistically record and evaluate the use of our website in order to optimise our services for you. These interests are to be considered legitimate in terms of the aforementioned regulation. The respective data processing purposes and data categories can be derived from the corresponding tracking tools.
1/ Google Tag Manager
This website uses the Google Tag Manager of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). This service allows website tags to be managed via an interface. The Google Tag Manager only implements tags. This means that no cookies are used and only the user's IP address is transmitted to Google to establish the connection. The Google Tag Manager triggers other tags, which in turn may collect data. However, the Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, it remains in place for all tracking tags, insofar as these are implemented with the Google Tag Manager.
We use the Google Tag Manager on the basis of your consent pursuant to Art. 6 (1) lit. a DSGVO.
Since a transfer of the IP address to Google takes place in the USA, further protection mechanisms are required to ensure the level of data protection of the DSGVO. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 (2) lit. c DSGVO. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even through this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the USA.
2/ Google analytics
For the purpose of designing our website to meet your needs and continuously optimizing it, we use Google Analytics, a web analysis service by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). In this context, pseudonymised user profiles are created and cookies (see section V) are used. The information generated by the cookie about your use of this website such as
- browser type/version,
- the operating system used,
- referrer URL (the previously visited page),
- host name of the accessing computer (IP address),
- time of the server request,
are transmitted to a Google server in the USA and stored there. The information is used in order to evaluate the use of the website in order to compile reports on the website activities and to provide further services associated with the use of the website and the Internet for the purposes of market research and demand-oriented design of these Internet pages. This information may also be transferred to third parties where required by law or as far as third parties process this data on our behalf. Under no circumstances will your IP address be combined with other data of Google. The IP addresses are rendered anonymous, so that an assignment is not possible (IP masking). You may refuse the generation of cookies by selecting the appropriate settings on your browser; however, please note that in case of refusing such cookies you may not be able to make full use of all website functions. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a Browser Add-on. As an alternative to the Browser Add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from collecting the data by clicking on this link. An opt-out cookie will be set to prevent the collection of your data during your visit to the website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you will have to reinstall opt-out cookie. Further information on data protection in connection with Google Analytics can be found in the Google Analytics Help.
3/ Facebook and Instagram Ads using Facebook Pixel
We use "Facebook Pixel" on our website, a service of Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour Dublin 2, Ireland (hereinafter referred to as: "Facebook / Instagram").
If you have given us your consent in accordance with Art. 6 Para. 1 lit. a DSGVO, we use Facebook Pixel for marketing and optimisation purposes, in particular to place relevant and interesting ads for you on Facebook and Instagram and thus improve our offer, make it more interesting for you as a user and avoid annoying ads.
Facebook Pixel makes it possible to display our ads on Facebook and Instagram, so-called "Facebook/ Instagram ads", only to those Facebook and Instagram users who were visitors to our website, in particular who have shown interest in our online offer. In this case, Facebook Pixel also makes it possible to check whether a user was redirected to our website after clicking on our Facebook/ Instagram ads. Facebook Pixel uses, among other things, cookies, i.e. small text files that are stored locally in the cache of your web browser on your end device. If you are logged into your user account on Facebook or Instagram, your visit to our website will be recorded in your user account. The data collected about you is anonymous for us, so it does not allow us to draw any conclusions about the identity of the user. However, this data can be linked by Facebook or Instagram to your user account there. If you have a user account with Facebook or Instagram and are registered, Facebook or Instagram can assign the visit to your user account.
Since personal data is transferred to the USA, further protection mechanisms are required to ensure the level of data protection of the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 Para. 2 lit. c DSGVO. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even through this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the USA.
Further information from the third-party provider on data protection can be found on the following Facebook or Instagram website: https://www.facebook.com/about/privacy or https://help.instagram.com/519522125107875.
Information on the Facebook pixel can be found on the following Facebook website: https://www.facebook.com/business/help/651294705016616
You can make the relevant settings as to which types of advertisements are displayed to you within Facebook or Instagram on the following Facebook or Instagram website: https://www.facebook.com/settings?tab=ads or https://help.instagram.com/245100253430454.
Please note that this setting will be deleted when you delete your cookies. In addition, you can deactivate cookies that are used for range measurement and advertising purposes via the following websites: http://optout.networkadvertising.org/ , http://www.aboutads.info/choices , http://www.youronlinechoices.com/uk/your-ad-choices/Please note that this setting will also be deleted when you delete your cookies.
4/ LinkedIn Tracking Pixel
We use the conversion tracking technology and the retargeting function of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland on our website. This enables us to play personalised advertisements on LinkedIn to visitors to our website. For this purpose, a cookie, LinkedIn Insight-Tag, is set in your browser with a validity of 120 days, which enables LinkedIn to recognise you if you visit this website and are logged into your LinkedIn account at the same time. LinkedIn uses this data to create anonymous reports on the performance of the advertisements as well as information on website interaction. The information generated by the cookie is usually transferred to a server in the USA and stored there.
The legal basis for the processing is your consent in accordance with Art. 6 para. 1 lit. a DSGVO.
Since a transfer of personal data to the USA takes place, further protection mechanisms are required to ensure the level of data protection of the DSGVO. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 (2) lit. c DSGVO. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even through this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the USA.
You can deactivate LinkedIn Insight conversion tracking and interest-based personalised advertising by opting out at the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out. Further information on data protection at LinkedIn can be found at https://www.linkedin.com/legal/privacy-policy.
Rights of the data subject
If personal data are processed by you, you are the data subject within the meaning of the GDPR and entitled to the following rights in relation to the person responsible:
1/ Right of access by the data subject
You can request confirmation from the person responsible as to whether personal data concerning you are being processed by us. If personal data are processed, you may request the following information from the data controller:
- the purposes of processing;
- the categories of personal data concerned;
- the recipients or categories of recipients to whom the personal data have been or will be disclosed;
- the envisaged duration of the storage of personal data or, if it is not possible, to give specific details and criteria used to determine the storage duration;
- the existence of a right of rectification or erasure of personal data concerning you, a right to have the processing limited by or a right to object to such processing;
- the right to lodge a complaint with a supervisory authority
- any available information as to their source, if the personal data are not collected from the data subject;
- the existence of automated decision-making, including profiling, referred to in Art. 22 Para. 1 and 4 GDPR and, at least in those cases, meaningful information on the logic involved, as well as the scope and the envisaged consequences of such processing for the data subject.
You are entitled to the right to access information as to whether your personal data is being transferred to a third country or to an international organisation. In this context and pursuant to Art. 46 GDPR, you may request to be informed of the appropriate safeguards in connection with the transfer.
2/ Right to rectification
You have the right to obtain from the data controller the rectification and/or integration of your personal data if it is incorrect or incomplete. The data controller shall make the rectification without delay.
3/ Right to restriction of processing
Under the following conditions, you shall request that the processing of personal data concerning you be restricted:
- If the accuracy of the personal data concerning you are contested for a period enabling the controller to verify the accuracy of the personal data;
- the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
- the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
- you have objected to processing pursuant to Art. 21 Para. 1 GDPR pending the verification whether the legitimate grounds of the controller override yours.
Where the processing of personal data relating to you has been restricted, such data may be processed, with the exception of storage, only with your consent or for the purpose of pursuing, exercising or defending legal claims or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or of a Member State. If you have obtained restriction of processing in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.
4/ Right to erasure
a) Duty to delete
You shall have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
- The personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
- You withdraw consent on which the processing is based according to Art. 6 Para. 1 lit. a or Art 9 Para. 2 lit. a GDPR, and where there is no other legal ground for the processing;
- You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 Para. 2 GDPR.
- The personal data concerning you have been unlawfully processed.
- the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
- The personal data concerning you have been collected in relation to the offer of information society services referred to in Art. 8 Para. 1 GDPR.
The right of cancellation does not exist in so far as the processing is necessary
- for exercising the right of freedom of expression and information;
- or compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- for reasons of public interest in the field of public health pursuant to Art. 9 Para. 2 lit. h and i and Art. 9 Para. 3 GDPR;
- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89 Para. 1 GDPR in so far as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
- for the establishment, exercise or defence of legal claims.
5/ Right to information
The controller shall communicate any rectification or erasure of personal data or restriction of processing carried out to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform the data subject about those recipients if the data subject requests it.
6/ Right to object
You have the right to object, on grounds relating to your particular situation, at anytime to processing of personal data concerning you which is based on point (e) or (f) Art. 6 Para. 1 of GPDR, including profiling based on those provisions. The controller no longer processes the personal data concerning you, unless he can demonstrate compelling legitimate grounds for processing which are worthy of protection and which outweigh your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Where personal data relating to you are processed for direct marketing, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
7/ Right to revoke the declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of your consent does not affect the legality of the processing carried out on the basis of your consent until you revoke it.
8/ Right to lodge a complaint with supervisory authority
Without prejudice to any other administrative or judicial remedy, you are entitled to the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or the place of aalleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant of the progress and the outcome of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.
It is possible to contact us via the provided e-mail address email@example.com. In this case the personal data of the user transmitted with the e-mail will be stored. In this context, the data will not be passed on to third parties. The data will be used exclusively for processing the conversation.
The legal basis for the processing of the data transmitted in the course of sending an e-mail is Art. 6 Para. 1 lit. f GDPR. If the e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 Para. 1 lit. b GDPR.
The processing of the personal data from the e-mail serves us solely to process the contact. This also includes the necessary legitimate interest in the processing of the data.The data will be deleted as soon as they are no longer required for the purpose of their collection. For personal data sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is terminated when it can be concluded from the circumstances that the matter in question has been finally clarified.
The user has the possibility to revoke his or her consent to the processing of personal data at any time. If the user contacts us by e-mail, he/she can object to the storage of his/her personal data at any time. In such a case the conversation cannot be continued. All personal data stored in the course of the contact will be deleted in this case.
Status: October 2023