Privacy Policy – Intermail




Last updated: 10 July 2020
Name and contact details of the data controller
The ‘controller’, as defined by the GDPR and other national data protection legislation enacted by EU member states, as well as other regulations governing data protection, is:
INTERMAIL AG
Flughafenstraße 9
64347 Griesheim, Germany
+49 6155-8225–0
info@intermail.ag
www.intermail.ag
Contact details of the Data Protection Officer
The Data Protection Officer for the controller is:
Mr Jürgen Rosenow
All-in-Media GmbH Gesellschaft für Datenschutz und Datensicherheit
Markwaldstrasse 11
63073 Offenbach am Main, Germany
Tel. +49 69 5699922-0
www.all-in-media.com
datenschutz@inter-mail.biz
Legal basis for the processing of personal data
Insofar as we obtain consent for processing operations involving the personal data of a data subject, the legal basis is point (a) of art. 6(1) of the General Data Protection Regulation (GDPR). In cases where the processing of personal data is necessary for the fulfilment of a contract and the data subject is the party to this contract, point (b) of art. 6(1) of the GDPR serves as the legal basis. This also applies to processing operations required in order to take steps prior to entering into a contract. If the processing of personal data is required for the fulfilment of a legal obligation to which our company is subject, point (c) of art. 6(1) of the GDPR serves as the legal basis. If processing is necessary to protect the legitimate interests of our company or a third party, and the interests or fundamental rights and freedoms of the data subject do not override these aforementioned legitimate interests, point (f) of art. 6(1) of the GDPR serves as the legal basis.
Data erasure and duration of storage
The personal data of the data subject is erased or made unavailable once the purpose of data storage no longer applies. In addition, personal data may continue to be stored if such a retention is provided for by EU or national legislation—including Regulations, laws or other legislative instruments—and the controller is subject to this legislation. The personal data is also made unavailable or erased if a retention period prescribed by the aforementioned standards expires, except in such cases where there is a need for the continued storage of the data for reasons of contract conclusion or contractual fulfilment.
Sharing data with third parties
Our data processing is supported by service providers such as the technical operator of the website (hosting company), with whom we have concluded commissioned data processing contracts. Data is not otherwise shared with other third parties unless we have concluded a commissioned data processing contract with them, there is a specific legal basis or this sharing is otherwise explicitly mentioned.
Use of cookies
Description and scope of data processing
Our website uses cookies. ‘Cookies’ is a term used to describe small text files stored in the user’s web browser or stored by this web browser on the user’s computer system. When a user accesses a web page, a cookie may be accordingly stored on the user’s operating system. This cookie contains a specific character string that enables the unambiguous identification of the browser if this browser accesses the web page at a later date.
Use of cookies for technical reasons
We use cookies in order to make our website more user-friendly. Some of our website features depend on being able to identify the accessing browser even when the user switches from one page to another. The following types of data are stored and transferred in the cookies:
A list of the specific data stored:
Language settings (‘pll_language’)
‘Cookie Accept’ cookie
Legal basis for data processing
The legal basis for the processing of personal data when making use of cookies is point (f) of art. 6(1) of the GDPR.
Purpose of data processing
The purpose of using technically essential cookies is to simplify the use of websites for their users. Some of the features of our websites cannot be offered without the use of cookies. For these features, it is essential that the browser remains identifiable even after a page change. We require cookies for the following applications:
Language settings
Acceptance of the use of cookies
The user data collected by technically essential cookies is not used to create user profiles.
Duration of storage, opportunities for objection and remediation
Cookies are stored on the user’s computer and their data is sent from this computer to our site. As the user, you therefore have full control over the use of these cookies. You can change the settings in your web browser to deactivate or restrict the use and storage of cookies. Any cookies already stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it is possible that some or all of the features on our website may no longer be usable (in full).
Purpose of data processing
Links are used to enable access to the corresponding pages. The collection of other personal data as part of the procedure is intended to avoid misuse of the services.
Duration of storage
All data is erased once it is no longer required to achieve the purpose for which it was originally collected. Other personal data collected as part of the registration procedure is typically erased after a seven-day period.
Contact form and email contact
Description and scope of data processing
Our website includes a contact form that can be used for contacting us via an electronic channel. If a user makes use of such a form, the data entered into the form fields will be sent to us and saved on our servers. This data is as follows:
Name
Company name
Email
Phone
Subject
Message
In order to process this data, your consent is obtained as part of the form submission process and you are referred to this Privacy Policy. Alternatively, contact can also be made by using the email address provided. In this case, the user’s personal data as supplied in the email will be stored. No other data is shared with third parties as part of this process. All data is used exclusively for the processing of the communication.
Legal basis for data processing
The legal basis for processing the data is point (a) of art. 6(1) of the GDPR, with the user’s consent having been obtained. The legal basis for processing the data provided by sending an email is point (f) of art. 6(1) of the GDPR. If the contact via email is intended to conclude a contract, then an additional legal basis is provided for processing by point (b) of art. 6(1) of the GDPR.
Purpose of data processing
Personal data is processed from the contact form for the sole purpose of handling the contact request. In the case of a contact request sent via email, this supplies a legitimate interest for the processing of this data. Any other types of personal data processed during the form submission process serve to prevent misuse of the contact form and to safeguard the security of our IT systems.
Duration of storage
All data is erased once it is no longer required to achieve the purpose for which it was originally collected. For personal data from the input screen used for the contact form and for data sent via email, this is the case once the respective communication with the user has been completed successfully. This communication is considered completed once the circumstances make it clear that the matter in question has been adequately clarified. Additional items of personal data collected during the dispatching procedure are erased no later than after a seven-day period.
Opportunities for objection and remediation
Users may withdraw their consent to the processing of personal data at any time. If a user contacts us by email, they can withdraw their consent to the storage of their personal data at any time. In such a case, further communication will no longer be possible. You can object or withdraw your consent to this storage at any time by sending us an email. In this case, all personal data stored in the context of this contact request will be erased.
Legal basis for the processing of personal data
The legal basis for the processing of personal data from users is point (a) of art. 6(1) of the GDPR.
Purpose of data processing
Processing personal data from users enables us to analyse the browsing behaviour of our users. Thanks to the analysis of the data collected, we are able to compile information about the usage of the individual components that make up our website. This also helps us to continually improve our website and its usability. These purposes also grant us a legitimate interest in the processing of data pursuant to point (f) of art. 6(1) of the GDPR. Since the IP address is anonymised, this complies with user interests regarding the provision of adequate protection for personal data.
Duration of storage
Data is deleted as soon as it is no longer required for our record-keeping purposes. In our case, this period is seven days.
Opportunities for objection and remediation
Cookies are stored on the user’s computer and their data is sent from this computer to our site. As the user, you therefore have full control over the use of these cookies. You can change the settings in your web browser to deactivate or restrict the use and storage of cookies. Any cookies already stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it is possible that some or all of the features on our website may no longer be usable (in full).
Website optimisation tools
Script libraries, Google Web Fonts
To ensure our content is presented correctly and in a graphically appealing manner across all browsers, we use script libraries and font libraries on this website such as Google Web Fonts (https://www.google.com/webfonts/). Google Web Fonts is a service provided by Google Inc. (‘Google’). Google Web Fonts are used to avoid the need for multiple loading into your browser’s cache. These web fonts are embedded by making a call to a server—typically to a server operated by Google in the USA. In doing so, the server is informed about the web pages you have visited on our website. Google also stores the IP address of the browser running on the device of the person visiting these web pages. For more information, please consult Google’s privacy policy, which can be accessed from the following URL: https://policies.google.com/privacy?hl=en. If your browser does not support Google Web Fonts or blocks access, content is instead displayed using a standard font.
Script libraries, Font Awesome
To ensure our content is presented correctly and in a graphically appealing manner across all browsers, we use script libraries and font libraries on this website such as Font Awesome (https://fontawesome.com), a service provided by Fonticons, Inc. These web fonts are embedded by making a call to a server—typically to a server operated by Fonticons in the USA. In doing so, the server is informed about the web pages you have visited on our website. Fonticons also stores the IP address of the browser running on the device of the person visiting these web pages. For more information, please consult Fonticons’s privacy policy, which can be accessed from the following URL: https://fontawesome.com/privacy. If your browser does not support Font Awesome or blocks access, content is instead displayed using a standard font.
Yoast SEO
We use the WordPress plugin Yoast SEO. The use of this tool involves the transfer of personal data such as your IP, language environment and browser version to third parties. This tool is embedded by making a call to a server—typically to a server operated in the USA. In doing so, the server is informed about the web pages you have visited on our website. The IP address of the browser running on the device of the person visiting these web pages is also transferred.
Google Maps
This website deploys the Google Maps mapping service via an API. The service is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Your IP address has to be stored in order to use the functions offered by Google Maps. The information is usually transferred to a Google server in the USA and stored there. The provider of this website has no influence over this data transfer.
Google Maps is utilised in the interests of ensuring the appealing presentation of our online services and to ensure that we can be located easily at the locations specified on the website. This constitutes a legitimate interest in the sense of point (f) of art. 6(1) of the EU GDPR.
Google LLC has Privacy Shield certification. Collaboration with Google LLC in terms of data protection law is based on a contract concluded concerning joint responsibility pursuant to art. 26 of the GDPR. This contract can be accessed at https://privacy.google.com/intl/en/businesses/mapscontrollerterms/.
For more information about the handling of user data, please consult Google’s privacy policy, which can be accessed at: https://policies.google.com/privacy?hl=en.
By using Google Maps, the user also enters into a direct usage relationship with Google.
Rights of the data subject
In cases where your personal data is processed, you are a ‘data subject’ as defined by the GDPR and you are granted the following rights vis-à-vis the controller.
Right of access
You have the right to obtain from the controller confirmation as to whether or not we are processing personal data where you are the data subject. If this kind of processing is taking place, you have the right to obtain the following information from the controller:
The purposes for which the personal data is being processed.
The categories of personal data that are being processed.
The recipients or categories of recipient to whom the personal data where you are the data subject have been or will be disclosed.
The envisaged period for which the personal data where you are the data subject will be stored or, if specific details are not available, the criteria used to determine the storage period.
The existence of a right to request from the controller rectification or erasure of personal data concerning you as a data subject, or a right to restrict the processing of such personal data or a right to object to such processing.
The right to lodge a complaint with a supervisory authority.
All available information concerning the origin of the data, if the personal data is not collected directly from the data subject.
You have the right to obtain information about whether the personal data concerning you as a data subject is being transferred to a third country or an international organisation. In this context, you can request to be informed about the appropriate safeguards in accordance with art. 46 of the GDPR in connection with this transfer.
Right to rectification
You are granted a right to the rectification and/or completion of incomplete data vis-à-vis the controller, in cases where your personal data that is processed is inaccurate or incomplete. The controller must make such rectifications without undue delay.
Right to restriction of processing
Under the following conditions, you can request the restriction of processing for the personal data affecting you as a data subject:
If you contest the accuracy of the personal data concerning you as a data subject for a period enabling the controller to verify the accuracy of the personal data.
If the processing is unlawful and you oppose the erasure of the personal data, and request that the use of this personal data is restricted instead.
If the controller no longer needs the personal data for the purposes of the processing, but you require this data for the establishment, exercise or defence of legal claims.
If you have objected to processing pursuant to art. 21(1) of the GDPR pending the verification of whether the legitimate grounds of the controller override your own grounds.
If the processing of the personal data affecting you as a data subject is restricted, then this data, with the exception of its storage, can only be processed as follows: with your consent being given; or for the establishment, exercise or defence of legal claims; or to protect the rights of another natural person or legal entity; or for reasons of an important public interest of the European Union or of an EU Member State. If processing has been restricted according to one or more of the abovementioned provisions, you will be informed by the controller before the restriction(s) is/are lifted.
Right to erasure (‘right to be forgotten’)
Compulsory erasure
You can request that the controller erases personal data concerning you as a data subject without undue delay. The controller is accordingly obliged to erase this data without undue delay if one of the following grounds applies:
The personal data affecting you as a data subject is no longer needed for the purposes for which it was collected or otherwise processed.
You withdraw the consent you gave, on which the processing was based according to point (a) of art. 6(1) of the GDPR or point (a) of art. 9(2) of the GDPR, and there is no other legal basis for the processing.
You object to the processing pursuant to art. 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to art. 21(2) of the GDPR.
The personal data affecting you as the data subject has been unlawfully processed.
The personal data affecting you as a data subject must be erased in order to ensure compliance with a legal obligation in European Union or EU Member State law to which the controller is subject.
The personal data affecting you as a data subject has been collected in relation to the offer of information society services pursuant to art. 8(1) of the GDPR.
Erasure of information held by third parties
If the controller has made the personal data affecting you as a data subject public and the controller is obliged to erase this data pursuant to art. 17(1) of the GDPR, the controller shall take the following steps: the controller shall—taking into account the available technology and implementation costs for reasonable measures (including technical measures) required to do so—inform the controllers who are processing the personal data that you, as the data subject, have requested the erasure by these parties of all links to this personal data, as well as all copies or replications of this personal data.
Exceptions to erasure
A right to erasure is not granted in the following cases:
If processing is required to exercise the right to freedom of expression and information.
If processing is required for compliance with a legal obligation that requires processing by European Union or EU Member State law to which the controller is subject or for the performance of a task carried out in the public interest, or in the exercise of official authority vested in the controller.
If processing is required for reasons of public interest in the area of public health, in accordance with points (h) and (i) of art. 9(2) as well as art. 9(3) of the GDPR.
If processing is required for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with art. 89(1) of the GDPR, insofar as the right referred to in section (a) above is likely to render impossible or seriously impair the achievement of the objectives of that processing.
If processing is required for the establishment, exercise or defence of legal claims.
Right to be informed
If you have exercised your right to rectification, erasure or restriction of processing vis-à-vis the controller, the controller is required by law to notify all recipients to whom personal data about you has been disclosed about this rectification, erasure or restriction of processing, except in cases where this notification proves to be impossible or would involve a disproportionate amount of effort on the part of the controller. You have the right to obtain information about these recipients from the controller.
Right to data portability
You have the right to receive the personal data concerning you as a data subject that you have provided to the controller in a structured, commonly used and machine-readable format. You also have the right to transfer this data to another controller without hindrance from the controller to whom the personal data was originally provided, in the event that
processing is based on consent being given pursuant to point (a) of art. 6(1) of the GDPR or point (a) of art. 9(2) of the GDPR, or because of a contract pursuant to point (b) of art. 6(1) of the GDPR; and
processing involves the use of automated procedures.
In exercising this right, you also have the right to have your personal data transmitted directly from one controller to another, insofar as this is technically feasible. Exercising this right of data portability must not adversely affect the rights and freedoms of others. This right to data portability is not granted if the processing of personal data is required for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data about you, where such processing is based on point (e) or (f) of art. 6(1) of the GDPR; this right also includes profiling based on these provisions. The controller will no longer process the personal data affecting you as a data subject unless this controller can demonstrate compelling legitimate grounds for this processing that override your interests, rights and freedoms, or where this processing is required for the establishment, exercise or defence of legal claims. If the personal data affecting you as a data subject is processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data affecting you as a data subject for this kind of marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to the processing for direct marketing purposes, the personal data affecting you as a data subject will no longer be processed for such purposes. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you have the option of exercising your right to object by automated means using technical specifications.
Right to withdraw consent as given under data protection law
You have the right to withdraw your consent as given under data protection law at any time. Withdrawal of consent does not affect the legitimacy of processing completed on the basis of this consent until the point in time of withdrawal.
Automated individual decision-making, including profiling
No automated decision-making of any kind is conducted in the sense as defined by art. 22 of the GDPR.
Right to lodge a complaint with a supervisory authority
Without prejudice to other legal remedies provided under administrative law or by a court order, you have the right to lodge a complaint with a supervisory authority, whether in the member state of your place of residence, your workplace or the place of the alleged violation, if you believe that the processing of your personal data was done in violation of the provisions of the GDPR. The supervisory authority with whom the complaint is lodged informs the plaintiff about the progress and results of the complaint, including the possibility of obtaining an effective judicial remedy on the basis of art. 78 of the GDPR.