Legal

This is an English translation provided for your convenience. The legally binding version is the German Datenschutzerklärung.

Privacy Policy

Information obligation pursuant to Art. 12 et seq. EU GDPR

Name and Address of the Controller

Your contact as the controller within the meaning of the European General Data Protection Regulation (“EU GDPR”) and other national data protection laws of the member states as well as other data protection regulations is:

ICS Software GmbH
c/o IPAI Spaces
Im Zukunftspark 11/13
74076 Heilbronn

Email:

ICS Software GmbH (hereinafter ICS Software or publisher) is a company of the ICS Group. The ICS Group provides consulting, software, technology and services for the digitalization of business processes.

Our products, solutions and services offer high customer value. This is based on trusting business relationships with customers, suppliers and partners as well as the trustworthy handling of prospective customers, employees and other stakeholders.

In order to provide our services, it is sometimes necessary to collect and process personal data. ICS Software has always taken the protection of personal data very seriously and strictly complies with legal standards – such as, among others, the General Data Protection Regulation GDPR 2016/679 and the German Federal Data Protection Act (BDSG) that additionally applies in Germany.

Personal data is only collected, processed and used by ICS Software to the extent necessary. The following statement provides you with an overview of how we ensure data protection and what type of data is collected for what purpose.

Contents

  1. 1) Scope & Note regarding children
  2. 2) Collection & Processing of Personal Data
    1. 2.1) General
    2. 2.2) Processing on behalf by external service providers
    3. 2.3) Processing in the customer database
    4. 2.4) Processing in the workflow management system
    5. 2.5) Categories of personal data
  3. 3) Data Collection When Using Our Website and Digital Services
    1. 3.1) General
    2. 3.2) Website hosting & FTP services
    3. 3.3) Email communication
    4. 3.4) Google Analytics
    5. 3.5) Cookies
    6. 3.6) Newsletter
    7. 3.7) Social media presences
    8. 3.8) Embedded YouTube videos
    9. 3.9) Use of tracking and marketing tools
    10. 3.10) Contact form
    11. 3.11) Links to other websites and third-party applications
    12. 3.12) Live chat function and website heat map
    13. 3.13) Microsoft Office services “Bookings” and “Teams”
    14. 3.14) Review platform Proven Expert
    15. 3.15) Surveys
    16. 3.16) Mobile apps (Google Play Store)
  4. 4) Use of Personal Data
    1. 4.1) General
    2. 4.2) Recruitment / application process
    3. 4.3) Credit check and scoring
    4. 4.4) Data security and retention
  5. 5) Your Rights under the GDPR
  6. 6) Changes to This Privacy Policy
  7. 7) Further Information / Data Protection Contact

1) Scope & Note regarding children

This privacy policy applies to all websites and digital services operated by ICS Software, including all associated content, functions, tools, products and services (“Services”).

Our Services are not directed at children under the age of 16. We do not knowingly collect personal data from children who have not yet reached the age of 16, unless this is necessary due to an application or an employment relationship.

Should we nevertheless become aware that we have processed the personal data of a child without the required consent of the parents or legal guardians, we will delete this data without undue delay.

2) Collection & Processing of Personal Data

2.1) General

We collect and process data about you in the following cases:

  • When you contact us directly, e.g. via our website, via our customer service / the telephone hotline, and you are interested in our products and services or have another concern.
  • When you register as a participant / visitor for ICS Software professional events, such as events and trade fair appearances, and/or voluntarily provide us with your contact details at such events.
  • When you purchase or request products and services directly from us.
  • When you respond to our direct marketing activities, e.g. by submitting a response card from a mailing campaign.
  • When affiliated companies (pursuant to Section 15 AktG) as well as individual business partners lawfully transmit data about you to us.
  • When you provide us with data in the context of recruitment and application procedures (online / offline).

We do not pass on your data to third parties without your consent. Exceptions exist where we are obliged to provide information within the framework of legal requirements, where the transfer of data is legally permissible and necessary (e.g. for fraud prevention), or where affiliated companies (pursuant to Section 15 AktG) need to be involved in processing your concern / request.

2.2) Processing on behalf by external service providers

To provide our Services, we use selected external service providers who process personal data on our behalf. A data processing agreement pursuant to Art. 28 GDPR has been concluded with all processors.

In doing so, we ensure that personal data is processed exclusively in accordance with our instructions and is protected by appropriate technical and organizational measures (TOM). Processing generally takes place within the European Union (EU) or the European Economic Area (EEA). If, in exceptional cases, data is transferred to a third country (e.g. the USA), this is only done on the basis of appropriate safeguards, such as the Standard Contractual Clauses (SCC) of the European Commission or equivalent legal instruments.

Examples of processors we use within the EU:

  • Hosting and IT service providers (e.g. server locations in the EU)
  • CRM systems (e.g. Zoho CRM, location: Netherlands)
  • Newsletter service providers (e.g. Zoho Campaigns, location: Netherlands)
  • Logistics and shipping partners within the EU

2.3) Processing in the customer database

We store and use contact data and information received (such as business communication histories) from customers and prospective customers for the purpose of handling or initiating the business relationship. Processing is carried out on the basis of Art. 6(1)(b) GDPR (contract performance) and/or Art. 6(1)(f) GDPR (legitimate interest in efficient customer management).

Personal data is collected and stored exclusively in accordance with the provisions of the General Data Protection Regulation GDPR 2016/679 and the German Federal Data Protection Act (BDSG) that additionally applies in Germany, as amended.

We and our affiliated companies (pursuant to Section 15 AktG) use Zoho CRM as our customer database. The provider is Zoho Corporation B.V., Beneluxlaan 4B, 3527 HT Utrecht, Netherlands (hereinafter: Zoho). The data is stored on Zoho's servers in the Netherlands / in the EU. To fulfil the service, we and our affiliated companies (pursuant to Section 15 AktG) have concluded a data processing agreement with Zoho.

You have the right at any time to obtain information about the data stored about you in the customer database and can request a change to the data or its deletion.

Further information on data protection at Zoho CRM can be found online at: https://www.zoho.com/de/crm/gdpr/. For information on the safeguards at Zoho CRM, please refer to the following website: https://www.zoho.com/security.html.

2.4) Processing in the workflow management system

For certain business processes (e.g. ticket management, support requests, workflow automation) we use the collaboration platform ServiceNow. The provider is ServiceNow Netherlands B.V., Hoogoorddreef 54D, 1101 BE Amsterdam, Netherlands. The parent company is ServiceNow, Inc., 2225 Lawson Lane, Santa Clara, CA 95054, USA.

As part of the use, the following personal data in particular may be processed: master data (e.g. surname, first name, company, email address, telephone number), communication content (e.g. support requests, ticket histories, attachments), usage data (e.g. time of the request, IP address, log files).

Processing is carried out exclusively for handling support requests, for providing our services and for internal process optimization. The legal basis is Art. 6(1)(b) GDPR (contract performance), insofar as the data processing is necessary to handle your request. Furthermore, processing is carried out on the basis of our legitimate interest pursuant to Art. 6(1)(f) GDPR in the efficient and secure handling of support and business processes.

ServiceNow generally stores data on servers within the EU/EEA. A transfer to third countries (in particular the USA) cannot be ruled out in individual cases. Where a transfer to third countries takes place, this is done on the basis of the Standard Contractual Clauses of the EU Commission (Art. 46 GDPR). Further information on data protection at ServiceNow can be found here: https://www.servicenow.com/privacy-statement.html.

2.5) Categories of personal data

Depending on your use of our Services, we process in particular the following categories of personal data:

  • Contact data: name, address, billing and delivery address, telephone number, email address
  • Financial data: payment information, transaction details, payment confirmations
  • Account information: username, passwords, settings, security questions
  • Transaction information: items viewed, ordered, returned or cancelled, order history
  • Communication data: content of enquiries, support contacts, feedback
  • Device information: device type, browser, IP address, unique identifiers
  • Usage information: interactions with our websites, services and shops

3) Data Collection When Using Our Website and Digital Services

3.1) General

While you visit our website, personal data is generally only processed to the extent necessary to provide a functional website as well as our content and services. Insofar as personal data (e.g. name, address or email address in contact forms) is collected on our pages, this is always done on a voluntary basis. Your data is transmitted in encrypted form using SSL/TLS.

Your data is processed in accordance with European and German data protection regulations (GDPR and BDSG) as well as our internal guidelines.

Personal data is used in particular for the purpose of order processing and handling your enquiries. Depending on the type and content of your enquiry, your data may be passed on to affiliated companies (pursuant to Section 15 AktG), insofar as this is necessary for processing.

3.2) Website hosting & FTP services

Our website is hosted by IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany. When you access our website, IONOS automatically collects information in so-called server log files. This data includes, among other things, the IP address, date and time of access, address of the requested page / file, referrer URL, browser type and version, and the operating system used. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in operational and system security).

In addition, we use FTP and SFTP servers of IONOS SE for uploading, managing and exchanging files. When accessing the FTP server, log files are recorded for technical reasons (IP address, username, date and time, files accessed, status messages). The processing is necessary to ensure the operation and security of the file server.

A data processing agreement (DPA) pursuant to Art. 28 GDPR exists with IONOS. Further information can be found in the IONOS privacy notice: https://www.ionos.de/terms-gtc/datenschutzerklaerung/.

3.3) Email communication

For sending and receiving emails, we use Microsoft 365 (Outlook) from Microsoft Ireland Operations Limited as our email service. To ensure IT security (spam, phishing and malware protection), we additionally use security/filtering services from Cisco.

In the context of email communication, we process in particular the following personal data: sender/recipient address, names, technical header and protocol data, timestamps, IP addresses as well as the content of messages and attachments. The legal basis is Art. 6(1)(b) GDPR (communication for contract performance and handling of enquiries) as well as Art. 6(1)(f) GDPR (legitimate interest in efficient communication).

Data processing agreements (Art. 28 GDPR) exist with Microsoft and Cisco. The relevant privacy notices can be found, among others, at: https://www.microsoft.com/de-de/privacy/privacystatement.

3.4) Google Analytics

Our website uses Google Analytics, a web analytics service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics uses cookies that enable an analysis of your use of the website. The information generated by the cookies (including your IP address) is generally transferred to Google servers and stored there.

We have extended Google Analytics with the “anonymizeIP” function, so that your IP address is shortened within the EU/EEA before transmission. Only in exceptional cases is the full IP address transferred to a Google LLC server in the USA and shortened there.

On behalf of the operator of this website, Google will use the information obtained to evaluate your use of the website, to compile reports on website activity and to provide us with further services associated with website use.

This may result in a transfer of personal data to Google LLC servers in the USA. An adequacy decision of the European Commission (EU–US Data Privacy Framework) is in place for the USA. Google is certified under this framework and undertakes to comply with European data protection standards.

Google Analytics is used exclusively on the basis of your consent (Art. 6(1)(a) GDPR in conjunction with Section 25 TTDSG). Consent is obtained via our cookie banner and can be withdrawn or adjusted there at any time with effect for the future.

Further information on Google data protection: https://policies.google.com/privacy
Google Analytics Help: https://support.google.com/analytics/answer/6004245?hl=de.

3.5) Cookies

Our website uses cookies. Cookies are small text files that are stored on your device and contain certain information. They serve to make our website overall more user-friendly, more effective and more secure.

We distinguish the following categories of cookies:

  • Essential cookies: These are technically necessary to provide the website and its functions. They cannot be deselected.
  • Functional cookies: These enable advanced functions and a more comfortable use of our website.
  • Statistics cookies: These collect information about the use of our website, e. g. which pages are accessed most frequently (e. g. Google Analytics).
  • Marketing cookies: These make it possible to display interest-based advertising to users based on their surfing behaviour.

Consent management tool: When you first access our website, you are informed about the use of cookies via a cookie banner. Using this tool, you can determine which categories of cookies you wish to allow. Essential cookies are preset. You can withdraw or adjust your consent at any time via the settings of the consent tool with effect for the future.

The legal basis for the use of cookies is, depending on the category, Art. 6(1)(f) GDPR for essential cookies (legitimate interest in a functional website) as well as Art. 6(1)(a) GDPR in conjunction with Section 25 TTDSG for all other cookie categories (consent). Further information on the cookies used and their storage duration can be found in the settings of our consent management tool.

3.6) Newsletter

We and our affiliated companies (pursuant to Section 15 AktG) use Zoho Campaigns for sending newsletters (Zoho Corporation B.V., Netherlands). The data is stored on Zoho's servers in the EU. ICS Software is responsible for the data processing towards you. Processing is carried out exclusively with your consent (Art. 6(1)(a) GDPR).

3.6.1) Registration

For the newsletter we require a valid email address and, if applicable, optional information (e.g. name, salutation). Registration takes place via a double opt-in procedure. With your consent, you agree to the measurement of open and click rates.

3.6.2) Data processing

We have concluded a data processing agreement with Zoho. Zoho processes your data exclusively for sending our newsletters.

3.6.3) Further information

Further information on Zoho Campaigns and data protection can be found at: https://www.zoho.com/de/campaigns/terms.html, https://www.zoho.com/de/crm/gdpr/ and https://www.zoho.com/security.html.

3.6.4) Withdrawal

You can withdraw your consent at any time without affecting the lawfulness of the processing carried out to date. If consent is withdrawn, we will stop the corresponding data processing. If you no longer wish to receive our newsletter in the future, you can also simply unsubscribe at any time, e.g. via the unsubscribe link at the end of each newsletter or by email to . Your data for the newsletter dispatch will be deleted after you stop receiving the newsletter, unless statutory retention obligations prevent deletion.

3.7) Social media presences

We maintain publicly accessible profiles on the following social networks: Facebook, Instagram, LinkedIn, Xing, X (formerly Twitter) and YouTube. We link to our social profiles on our website and, in addition, sometimes also use functions (social plugins) of the social platforms.

3.7.1) Links to our social profiles

On our website you will find links to our presences on the social networks Facebook, Instagram, LinkedIn, Xing, X (formerly Twitter) and YouTube.

These are merely external links; visiting our website does not transfer any data to the operators of these networks. Only when you click on the respective link are you redirected to the provider's platform. There, personal data may be processed over which we have no influence.

Information on data processing by the providers can be found in the privacy notices of the respective platforms:

3.7.2) Functions (social plugins)

On our website we sometimes use functions of the social platforms, such as the like, follow or share button. When you access a page with such a plugin, your browser establishes a direct connection to the servers of the respective provider. In doing so, personal data (in particular IP address, browser information, time of the page visit) may be transmitted to the provider – even if you do not have an account with this provider or are not logged in there.

The legal basis for the use of such plugins is your consent pursuant to Art. 6(1)(a) GDPR. Consent is given via our cookie banner and can be withdrawn at any time. Without your consent, the plugins are not used.

Some providers also process your data in the USA or other third countries. For the USA, an adequacy decision of the European Commission has been in place since 10 July 2023 (EU-US Data Privacy Framework). Providers certified under this framework offer an adequate level of data protection. For other providers, data is transferred on the basis of the Standard Contractual Clauses of the EU Commission (Art. 46(2)(c) GDPR) as well as, where applicable, supplementary measures to protect your data.

Further information on the purpose and scope of data processing can be found in the providers' privacy policies, including:

3.8) Embedded YouTube videos

We occasionally embed videos from YouTube on our website, a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

When you play an embedded YouTube video, a connection to YouTube's servers is established. The YouTube server is informed which of our pages you have visited. If you are logged into your YouTube or Google account, you enable Google to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account beforehand.

We use YouTube in extended data protection mode. This means that YouTube initially does not set any cookies as long as you do not play the video. Only when the video is started are data processing operations triggered over which we have no influence. This may also result in a transfer of personal data to Google LLC servers in the USA.

An adequacy decision of the European Commission is in place for the USA (EU–US Data Privacy Framework). Google is certified under this framework and undertakes to comply with European data protection standards.

Processing is carried out on the basis of your consent (Art. 6(1)(a) GDPR), which you give via our cookie banner. You can withdraw this consent at any time with effect for the future. Further information can be found in Google's privacy policy: https://policies.google.com/privacy?hl=de.

3.9) Use of tracking and marketing tools

3.9.1) Meta Pixel (Facebook/Instagram)

On our website we may use the Meta Pixel (formerly Facebook Pixel) from the provider Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland, within marketing campaigns. With the help of the pixel, Meta is able to determine the visitors to our website as a target group for displaying ads (“Facebook Ads” / “Instagram Ads”). In addition, we can track the effectiveness of our advertisements for statistical and market research purposes.

This may result in a transfer of personal data to servers of Meta Platforms Inc. in the USA. An adequacy decision of the European Commission is in place for the USA (EU–US Data Privacy Framework). Meta is certified under this framework and undertakes to comply with European data protection standards.

Processing is only carried out with your express consent (Art. 6(1)(a) GDPR). Consent is obtained via our cookie banner and can be withdrawn at any time. Without your consent, the Meta Pixel is not used.

Further information: https://www.facebook.com/privacy/policy/, https://www.facebook.com/business/tools/meta-pixel.

3.9.2) LinkedIn Insight Tag

Our website may also use the LinkedIn Insight Tag of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, on a campaign basis. The Insight Tag enables us to create statistical evaluations of the use of our website by LinkedIn members and to measure the effectiveness of our LinkedIn advertising. In addition, we can create target groups for ads (“Matched Audiences”).

This may result in a transfer of personal data to servers of LinkedIn Corporation in the USA. An adequacy decision of the European Commission is in place for the USA (EU–US Data Privacy Framework). LinkedIn is certified under this framework and undertakes to comply with European data protection standards.

Processing is only carried out with your express consent (Art. 6(1)(a) GDPR). Consent is obtained via our cookie banner and can be withdrawn at any time. Without your consent, the LinkedIn Insight Tag is not used.

Further information: https://www.linkedin.com/legal/privacy-policy, https://www.linkedin.com/help/linkedin/answer/a427660.

3.10) Contact form

If you send us enquiries via our contact form, the information you provide in the form, including the contact details you provide there, will be stored by us for the purpose of processing the enquiry and in case of follow-up questions. Depending on the type and content of your enquiry, your data may be passed on to affiliated companies (pursuant to Section 15 AktG), insofar as this is necessary for processing.

3.11) Links to other websites and third-party applications

In order to interact with other websites where you are registered as a user (e.g. Facebook etc.), we may provide links for this or integrate third-party applications. In addition, we may provide you with general links to other providers' websites. The use of such links and applications is governed by the providers of these sites and is subject to their privacy policies. ICS Software is not responsible for the privacy policies or the content of these sites.

3.12) Live chat function and website heat map

Our website uses the services Zoho SalesIQ and Zoho PageSense of Zoho Corporation B.V., Beneluxlaan 4B, 3527 HT Utrecht, Netherlands (EU headquarters). Data collected via these services is stored on Zoho's servers in the EU.

Zoho SalesIQ enables the analysis of user behaviour and the provision of a live chat function on our website. Cookies may be used that enable an analysis of the use of our website. You can use the chat anonymously by simply entering your enquiry in the text field. Providing personal data (e.g. name, email address) is voluntary. If you provide this information, it will be stored together with the chat history in our Zoho CRM system, insofar as this is necessary to process your concern.

Furthermore, when you visit our website, we collect anonymized usage data using Zoho PageSense. This service merely records visits and clicks on our website completely anonymously and enables us, in the form of a heat map, to review the general use of our website and subsequently optimize content. No usage data or personal data is collected or stored with Zoho PageSense.

The use of Zoho SalesIQ and Zoho PageSense is carried out exclusively on the basis of your consent (Art. 6(1)(a) GDPR in conjunction with Section 25 TTDSG). Consent is obtained via our consent management tool (cookie banner) and can be withdrawn there at any time.

For further information, please refer to Zoho's privacy policy: https://www.zoho.com/de/privacy.html as well as the security information: https://www.zoho.com/security.html.

3.13) Microsoft Office services “Bookings” and “Teams”

We use the services Microsoft Bookings and Microsoft Teams, provided by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. The parent company is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

Microsoft Bookings enables simple and user-friendly appointment scheduling (e.g. consulting, support, sales). Microsoft Teams enables online meetings, video conferences and chats. When using these services, in particular name, contact data, appointment details as well as communication content and metadata are processed.

Data processing is carried out exclusively for the purpose of scheduling, managing and conducting appointments as well as for communicating with you. The legal basis is Art. 6(1)(b) GDPR (contract performance) as well as Art. 6(1)(f) GDPR (legitimate interest in an efficient and secure appointment and communication solution).

Microsoft stores most customer data from the EU in European data centres. However, it cannot be ruled out that in certain cases personal data is transferred to third countries (in particular the USA). To safeguard such transfers, Microsoft uses Standard Contractual Clauses (Art. 46(2)(c) GDPR) as well as, where applicable, additional measures. Microsoft is also certified under the EU–US Data Privacy Framework.

For further information, please refer to the Microsoft privacy statement: https://privacy.microsoft.com/de-de/privacystatement as well as the security information: https://www.microsoft.com/de-de/microsoft-365/business/data-security-privacy-germany.

3.14) Review platform Proven Expert

Our website uses functions of the review platform Proven Expert, a service of Expert Systems AG, Quedlinburger Str. 1, 10589 Berlin, Germany. We use Proven Expert to display customer reviews and to give you the opportunity to submit your own review. This serves transparency and the quality assurance of our services (Art. 6(1)(f) GDPR).

If you voluntarily submit a review and enter personal data in the process, processing is carried out on the basis of your consent (Art. 6(1)(a) GDPR). As a rule, your email address and technical connection data are stored. Optionally, you can provide your first and last name.

The data you transmit is processed by Proven Expert. For further information, please refer to the provider's privacy policy: https://www.provenexpert.com/de-de/datenschutzbestimmungen/.

3.15) Surveys

We and our affiliated companies (pursuant to Section 15 AktG) use the service Zoho Survey of Zoho Corporation B.V., Beneluxlaan 4B, 3527 HT Utrecht, Netherlands, to conduct surveys. The data is stored on Zoho's servers in the EU. We have concluded a data processing agreement (Art. 28 GDPR) with Zoho.

Participation in surveys is always voluntary. As a rule, our surveys are conducted anonymously; no personal data is collected and no conclusions can be drawn about the responding person. Insofar as a survey optionally allows personal information, this information is based on your voluntary decision.

Processing serves exclusively our own market research, the optimization of our products and services as well as – in individual cases – contacting you if you voluntarily provide us with personal data for this purpose. The legal basis is Art. 6(1)(f) GDPR (legitimate interest) as well as Art. 6(1)(a) GDPR (consent), insofar as you voluntarily provide personal data.

Further information on Zoho Survey and data protection can be found at https://www.zoho.com/privacy.html and https://www.zoho.com/security.html.

3.16) Mobile apps (Google Play Store)

We also offer individual software solutions for download as a mobile app via the Google Play Store. The following notes apply in addition to the general provisions of this privacy policy and inform you about the processing of personal data in connection with the use of our mobile apps.

3.16.1) Controller and scope

ICS Software is responsible for the processing of personal data in connection with our mobile apps. These notes apply regardless of whether the apps are used by end users in a B2B environment (e.g. employees of our customers) or for test and demo purposes.

3.16.2) Download via the Google Play Store

When downloading our apps from the Google Play Store, certain information is transmitted to the operator of the store, Google Ireland Limited (or Google's affiliated companies). ICS Software has no influence over this processing; it is carried out exclusively under the responsibility of the Google Play Store. Further information can be found in Google's privacy policy: https://policies.google.com/privacy?hl=de.

3.16.3) Data processed when using the app

When using our apps, we process – depending on the app and configuration – among other things usage and log data (time of use, functions accessed, technical log files), contact data and user account data (name, business email address, roles and permissions) as well as content and transaction data in connection with the business processes represented within the app.

3.16.4) App permissions

Depending on the app version, technical permissions of your device may be required (e.g. access to camera, storage, network). Before using such a function for the first time, you will be asked by the operating system to grant the corresponding permission. You can revoke granted permissions at any time in the system settings of your device; certain functions of the app may then no longer be available or only available to a limited extent.

3.16.5) Legal bases of processing

Data processing in the context of using our apps is generally carried out on the basis of Art. 6(1)(b) GDPR (performance of a contract or implementation of pre-contractual measures) as well as Art. 6(1)(f) GDPR (legitimate interest in a secure, stable and efficient provision of the app). Insofar as certain functionalities require consent (e.g. optional usage analysis or push notifications), processing is carried out on the basis of Art. 6(1)(a) GDPR.

3.16.6) Analytics data and crash reports

To ensure stability, for error analysis and to improve our apps, technical crash reports and anonymized or pseudonymized usage statistics may be processed. Insofar as third-party services are used for this, this is only done in compliance with data protection requirements and, where applicable, subject to your consent.

3.16.7) Deletion of data / uninstalling the app

The data processed in the app is deleted as soon as it is no longer required for the stated purposes and no statutory retention periods prevent this. Simply uninstalling the app does not automatically lead to the deletion of all data stored at the operator or in our backend systems. If you wish to request deletion or information, please contact us using the contact details provided in the section “Further Information / Data Protection Contact”.

4) Use of Personal Data

4.1) General

We use the data you provide to fulfil and process your order or to respond to your concern, as well as to initiate and maintain the business relationship. When you register for the newsletter, your email address is used for our own advertising purposes until you unsubscribe from the newsletter.

Where necessary and legally permissible, we use your data before conclusion of the contract and, if required, during the course of the business relationship as part of contract management and processing for the purposes of credit checks or obtaining information.

We assure you that we will not pass on your personal data to third parties unless we are legally entitled or obliged to do so or you have given us your prior consent. Disclosure may take place in connection with legal proceedings or for fraud prevention.

We may pass on your personal data to affiliated companies (pursuant to Section 15 AktG), insofar as this is necessary to process your concern.

4.2) Recruitment / application process

We and our affiliated companies (pursuant to Section 15 AktG) collect and use your personal data in connection with recruitment (online and offline). To receive and manage applications, we use the recruiting tool “Zoho Recruit” (Zoho Corporation B.V., Netherlands).

The provider collects your application data on our behalf (e.g. salutation, name, contact details, documents). We can access a secured area of Zoho Recruit and use the data to document the application process and to communicate with you. The legal basis is Art. 88(1) GDPR in conjunction with Section 26(1) BDSG.

Applicant data is stored in accordance with statutory retention periods and subsequently deleted, unless there is consent to longer storage (talent pool). Any consent given can be withdrawn at any time.

Further information on Zoho and data protection can be found at https://www.zoho.com/de/privacy.html and https://www.zoho.com/security.html.

4.3) Credit check and scoring

If we make advance payments (e.g. purchase on account), we may obtain a credit report from the Verband der Vereine Creditreform e. V. and/or from Allianz Trade Deutschland (formerly Euler Hermes) in order to protect our legitimate interests.

For this purpose, we transmit the personal data required for this and use the information received (including score values) for a balanced decision on the establishment, performance or termination of the contractual relationship. The legal basis is Art. 6(1)(b) and (f) GDPR.

4.4) Data security and retention

We take technical and organizational measures pursuant to Art. 32 GDPR to protect your data against loss, manipulation or unauthorized access (e.g. SSL encryption, access restrictions, backups, firewalls). Nevertheless, no transmission or storage can guarantee absolute security.

Personal data is only stored for as long as is necessary to fulfil the purpose of processing or for as long as statutory retention periods exist.

Examples:

  • Data relevant under contract and tax law: 6–10 years (under the German Commercial Code (HGB) and Fiscal Code (AO))
  • Applicant data: usually 6 months after completion of the application process, longer storage only with consent (talent pool)
  • Newsletter data: until you withdraw your consent
  • Log files and technical data: usually 14 days, at most 30 days

5) Your Rights under the GDPR

Under the General Data Protection Regulation (GDPR), you have the right to free information about your stored data as well as the right to rectification, blocking or erasure of this data, or the right to be forgotten.

As a data subject, you have the following rights in detail:

  • Access (Art. 15 GDPR) & data portability (Art. 20 GDPR): You can request a copy of the personal data we have stored about you. On request, we will also provide this to you in a machine-readable format.
  • Rectification (Art. 16 GDPR): You can request the correction of inaccurate data or the completion of incomplete data.
  • Erasure / “right to be forgotten” (Art. 17 GDPR): You can request the erasure of your personal data, insofar as no statutory retention obligations prevent this.
  • Restriction of processing (Art. 18 GDPR) & objection (Art. 21 GDPR): You can request the restriction of processing or object to processing if there are special reasons.
  • Withdrawal of your consent (Art. 7(3) GDPR): Insofar as we process your data on the basis of consent, you can withdraw it at any time with effect for the future.
  • Right to lodge a complaint (Art. 77 GDPR): You have the right to lodge a complaint with a data protection supervisory authority. An overview of the authorities can be found at https://edpb.europa.eu/about-edpb/about-edpb/members_de.

To exercise your rights, please contact us using the contact details provided at the end of this privacy policy. Where legally required, we reserve the right to verify your identity before processing requests.

6) Changes to This Privacy Policy

We reserve the right to change or update this privacy policy at any time in order to adapt it to changed legal situations or to changes in our services and data processing. Please check this page regularly for updates.

7) Further Information / Data Protection Contact

Your trust is important to us. Therefore, upon request, we would be happy to answer any questions regarding the processing of your personal data. If you would like information about your stored personal data or have questions that this privacy policy could not answer, or if you would like more detailed information on a particular point, please contact our data protection officer at any time: datenschutz@ics-group.eu.

Alternatively, you can reach us at the following address:

ICS Software GmbH
Data Protection Officer
c/o IPAI Spaces
Im Zukunftspark 11/13
74076 Heilbronn

Data protection requests are usually answered within a maximum of 30 days of receipt.