1. Who is responsible for data processing and with whom can I get in touch?
85748 Garching (b. München)
Phone: +49 89 321 981-70
Fax: +49 89 321 981-89
Authorized representative: Dr.-Ing. Rainer Stetter, Dr.-Ing. Bernd Spiegelberger
You can get in touch with our corporate Data Protection Officer at:
RA Wolfgang Steger, certified data protection officer DSB – TÜV
Am Neuen Weg 21
Phone: +49 178 771 4857
2. What type of sources and data are being used?
We process personal data that we receive from our customers as part of our business relationship. In addition, insofar as this is necessary for the provision of our services, we process personal data which we gain from publicly available sources (e.g. debtor directories, land registers, trade and association registers, press, internet) or which we receive from other companies of the Stetter group.
Relevant personal data are:
Personal details (name, address, e-mail, telephone number and other contact details, gender, marital status, date and place of birth, nationality as well as data on legal capacity);
Legitimacy data (e.g. ID data), non-EU nationals residence and / or work permit;
Authentication data (e.g. signature sample); Tax ID;
Other data (project number, customer number, contract identification characteristics, information on the contractual relationship, technical data on fulfillment of the contract).
In addition, we may also process the following personal data:
Order data (e.g. payment order);
Data resulting from the fulfillment of our contractual obligations (e.g. sales data in payment transactions, IBAN etc.);
Data in connection with the initiation of business and during the ongoing business relationship (including date, time, cause / purpose, channel of communication, copies of correspondence (if necessary also in electronic form), recording of telephone calls and results of communication).
In this context, we also receive so-called IT data, i.e. IP address(es), assignment characteristics of your technical devices with which you access our websites and/or services, cookies.
3. What type of purpose for data processing and which legal basis is being referred to?
We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG):
a. Fulfillment of contractual obligations (Art. 6, 1 lit. b GDPR)
The processing of data is carried out to provide the services offered by ITQ GmbH within the context of the implementation of our contracts with our customers or to carry out pre-contractual measures, which are made on request.
The purposes of data processing are primarily based on the respective, agreed services and may include, among others, the technical testing and provision of services, preparation, implementation and quality assurance of pilot projects and integrated product forms. Please refer to further details of the data processing purposes the relevant contract documents and terms and conditions of the respective services.
b. In the context of balance of interests (Art. 6, 1 lit. f GDPR) – Examples:
- Consultation and data exchange with credit agencies (e.g. SCHUFA Holding AG) for the determination of creditworthiness or default risks;
- Risk management within the Stetter Group;
- Asserting legal claims and defense in legal disputes;
- Ensuring IT security and IT operations;
- Prevention and investigation of criminal offenses;
- Video surveillance for the maintenance of domiciliary right;
- Measures for building and plant safety (e.g. access control);
- Measures to ensure the home ownership;
- Business management and service development measures;
- Testing and optimization of requirements analysis procedures for direct customer approach;
- Advertising or market and opinion research, provided that you have not objected to the use of your data.
c. Based on your declaration of consent (Art. 6, 1 lit. a GDPR)
Taking into account that you have given us consent for the processing of personal data for specific purposes (e.g. disclosure of data within the Stetter group), the legality of this processing is based on your consent. A given consent can be revoked at any time. This also applies to the revocation of declarations of consent, which were issued before the GDPR came into force on May 25, 2018. The revocation of consent does not affect the legality of the data processed until the revocation.
d. Based on legal requirements (Art. 6, 1 lit. c GDPR) or for public benefit (Art. 6, 1 lit. e GDPR)
In addition, we are subject to various legal obligations, i.e. legal requirements. The purposes of the processing include, among other things, the creditworthiness check, identity and age checks, prevention of fraud and money laundering, the fulfillment of tax control and reporting obligations as well as the assessment and management of risks within the Stetter group.
4. Who is receiving your personal data?
Within the organization, only those departments gain access to your data that need your personal data in order to fulfill our contractual and legal obligations. Our service providers may also receive data for these purposes if they maintain data secrecy.
With regard to the transfer of data to third parties, it should be noted that we are contractually bound to secrecy about all customer-related facts and valuations from which we obtain knowledge. We may only disclose information about you if required by law, if you have given your consent.
Under these conditions, recipients of personal data may be, for example:
Companies of the categories:
- Consulting and Consulting
- Printing services
- Debt collection
- IT services
- Banking services
Public bodies and institutions (e.g. tax authorities, law enforcement authorities) in the presence of a legal or regulatory obligation.
Other companies within the Stetter Group for risk management due to legal or regulatory obligations.
Processing in this context is for the following reasons / purposes:
- Settlement of bank information
- Document processing
- Data destruction
- Purchasing / Procurement
- Customer management
- Lettershops Marketing
- Media technology
- Reporting system
- Risk Control
- Security management
- Support / maintenance of EDP / IT applications
- Video legitimacy
- Website management
5. Is my personal data being transferred to third countries or to any international organisations?
A transfer of your personal data to third countries is not being carried out nor planned in the near future.
6. For how long will my personal date be stored?
We process and store your personal data as long as it is necessary for the fulfillment of our contractual and legal obligations. It should be noted that our business relationship is a continual obligation, which has a duration of (several) years.
If personal data is no longer required for the fulfillment of contractual or legal obligations, these data are deleted on a regular basis, unless their (temporary) further processing is necessary for the following purposes:
Fulfillment of commercial and tax-related retention obligations, which are determined inter alia by the German Commercial Code (HGB), the German Tax Code (AO), the Banking Act (KWG) and the Money Laundering Act (GwG). The deadlines for storage and documentation vary between two and ten years.
Preservation of evidence in the context of the statutory statute of limitations. According to §§ 195 ff. of the Civil Code (BGB), these limitation periods can be up to thirty years, whereby the regular limitation period is three years.
7. Which data protection rights do I have?
Each party has the right to information on the categories of processed data, processing purposes, storage period and any recipients according to Article 15 GDPR, the right of correction according to Article 16 GDPR, the right to cancellation according to Article 17 GDPR, the right to restriction of processing according to Article 18 GDPR, the right to opposition of processing, if this was based on a legitimate interest (Article 21 (1) GDPR). A right to revoke a given consent with effect for the future (Article 7 (3) GDPR) and the right to data portability according to Article 20 GDPR. With regard to the right to information and the right to deletion, the restrictions under §§ 34 and 35 BDSG apply. In addition, there is a right to appeal to a competent data protection supervisory authority (Article 77 DSGVO in conjunction with Section 19 BDSG).
You may revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent that were issued to us prior to the General Data Protection Regulation that came into force on May 25, 2018. Please note that the revocation only applies to the future; processing that took place before the revocation is not affected.
8. Is there any obligation for me to provide personal data?
As part of our business relationship, you must provide the personal information necessary to establish a business relationship and to perform its contractual obligations or we are required to collect it by law. Without this information we will generally not be able to conclude or execute a contract with you.
9. Other notices and additions
Some of the internet pages use so-called cookies. Cookies do not cause any damage on your computer and do not contain any viruses. Cookies serve to make our pages more user-friendly, more effective, and safer. Cookies are small text files saved on your computer by your browser.Most of the cookies used by us are so-called “session cookies”. They are automatically deleted after your visit is over. Other cookies remain on your computer until you delete them. These cookies allow us to recognize your browser when you visit again.You can configure your browser to inform you about the creation of cookies and to allow cookies only in special cases, or to forbid cookies altogether or for specific cases, or to automatically delete cookies when you close the browser window. The functionality of this website can be limited when cookies are deactivated.
The provider of these pages automatically collects and saves information in so-called server log files your browser automatically sends us. These are:
- Browser type and version
- Operating system
- Referrer URL
- Host name of the accessing computer
- Time of server access
These data cannot be matched to specific persons. These data will not be combined with other data sources. We reserve the right to check these data subsequently if concrete evidence of illegal use emerges.
If the IP anonymization on this website is activated, Google will cut off your IP address within European Union member states or in other signatories of the European Economic Area treaty. In exceptional cases, the full IP address will be sent to a Google server within the USA, then cut off there. Google will use this information, by order of the website operator, to evaluate your use of the website, to create reports about the website activities, and to perform other services connected with the use of the website and the internet, for the website operator. The IP address sent by your browser in connection with Google Analytics will not be combined with other Google data.
With the application of the GDPR 2018 webmasters are obligated to follow the basic regulation published under https://eu-datenschutz.org/ and to inform users accordingly about the collection and evaluation of data. The lawfulness of the processing is justified in chapter 2, Art. 6 GDPR.
You can prevent the collection by Google Analytics by clicking on the following link. An opt-out cookie will be set that will prevent the future collection of your data when you visit this website: disable Google Analytics.
This website uses Google’s external map service “Google Maps”. Google Maps is designed to provide an interactive map on this website that shows you how to find and reach us. This service allows us to present our website in an attractive way by loading maps from an external server. The required data is usually requested from a Google server in the US.
This request usually translates the following information to a Google server in the US and stores it for several months: the web pages you have visited and the IP address of your device. The legal basis for the processing of your data in relation to Google Maps is Art. 6 (1) (f) GDPR (legitimate interest in data processing). The legitimate interest results from our need for an appealing presentation of our online offer and an easy access of the places listed on this homepage.
ITQ GmbH runs several accounts on various social networks and platforms in order to communicate with the active customers and users and to inform them about the latest news.
We point out that data of the users outside of ??the European Union can be processed. This may result in risks to users, e.g. the enforcement of user rights could become more difficult. With respect to US providers certified according to the Privacy Shield, we point out that they are committed to adhering to the European GDPR standards.
Furthermore, the data of the users are usually processed for market research and advertising purposes. Thus, e.g. user profiles are created based on the user´s behaviour and the resulting interests of the user. The usage profiles may in turn be used to e.g. place advertisements inside and outside the platforms that are allegedly in line with the user´s interests. For these purposes, cookies are usually stored on the computers of the user, in which the user behaviour and the interests of the user are stored. Furthermore, in the usage profiles, data can also be stored independently of the devices used by the user (in particular if the user is member of the respective platforms and logged onto them).
The processing of personal data of users is based on the legitimate interest of an thorough information of users and communication with users in accordance with art. 6 (1) f. DSGVO. If the users are asked by the respective providers of the platforms for a consent to the above described data processing, the legal basis of the processing is art. 6 (1) a., Art. 7 GDPR.
For a detailed description of the respective processing and the possibilities of contradiction (opt-out), we refer to the following linked information of the provider.
Also in case of requests for information and the assertion of user rights, we point out that these can be claimed most effectively from the providers directly. Only the providers have access to user data and can directly take appropriate measures and provide information. If you still need help, you can also contact us.
- Facebook (1601 South California Avenue, Palo Alto, CA 94304, USA) – Data Privacy Statement/ Opt-Out: https://en-gb.facebook.com/policy.php
- Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) – Data Privacy Statement/ Opt-Out: https://instagram.com/about/legal/privacyGoogle/
- LinkedIn (LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA) – Data Privacy Statement/ Opt-Out: https://www.linkedin.com/legal/privacy-policy
- Twitter (Twitter Inc., 795 Folsom Street, Suite 600, San Francisco, CA 94107, USA) – Data Privacy Statement/ Opt-Out: https://twitter.com/account/settings
- YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland) – Data Privacy Statement: https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
- Xing (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Deutschland) – Data Privacy Statement/ Opt-Out: https://privacy.xing.com/en
Last updated on April 15, 2019.