Privacy Policy

Information obligations pursuant to Art. 12 et seq. EU-GDPR

Name and address of the controller

Your contact as controller within the meaning of the European General Data Protection Regulation (“EU-GDPR”), other national data protection laws of the Member States and other data protection provisions is:

ICS Software GmbH c/o IPAI Spaces Im Zukunftspark 11/13 74076 Heilbronn Germany

E-mail: software@ics-group.eu

ICS Software GmbH (hereinafter “ICS Software” or “publisher”) is a company of the ICS Group. The ICS Group provides consulting, software, technology and services for the digitalisation of business processes.

Our products, solutions and services offer high value to our customers. The basis for this is a trust-based relationship with customers, suppliers, partners and a trustworthy handling of data of prospects, employees and other stakeholders.

In order to provide our services, it is partly necessary to collect and process personal data. ICS Software takes the protection of personal data very seriously and strictly complies with statutory regulations – currently in particular the General Data Protection Regulation (GDPR) 2016/679 and, additionally in Germany, the Federal Data Protection Act (BDSG).

Personal data is only collected, processed and used by ICS Software to the extent necessary.

The following statement provides you with an overview of how we ensure data protection and what type of data is collected for which purpose.

1) Scope & notice regarding children

This Privacy Policy applies to all websites and digital services operated by ICS Software, including all related content, features, tools, products and services (“Services”).

Our Services are not directed at children under the age of 16. We do not knowingly collect personal data from children under the age of 16, unless this is required in the context of an application or employment relationship.

If we become aware that we have processed personal data of a child without the required consent of the parents or guardians, we will delete such data without undue delay.

2) Collection & processing of personal data

2.1) General

We collect and process data about you in the following cases, for example:

when you contact us directly, e.g. via our website, by contacting our customer service / hotline and you are interested in our products and services or have any other request;
when you register as a participant / visitor for ICS Software professional events such as trade shows and conferences and/or voluntarily provide us with your contact details at such events;
when you purchase or request products and services directly from us;
when you respond to our direct marketing activities, e.g. by submitting a response card from a mailing campaign;
when affiliated companies (pursuant to Sec. 15 German Stock Corporation Act – AktG) and individual business partners lawfully transfer data about you to us;
when you provide us with data in the context of recruitment and application processes (online / offline).

We do not disclose your data to third parties without your consent, unless:

we are obliged to do so by law or by binding official or court order,
the data transfer is legally permissible and required, e.g. for fraud prevention,
affiliated companies (pursuant to Sec. 15 AktG) must be involved in order to process your request.

2.2) Processing by external processors

To provide our Services we use carefully selected external service providers who process personal data on our behalf. We have concluded data processing agreements pursuant to Art. 28 GDPR with all processors.

We ensure that the processing of personal data is carried out exclusively in accordance with our instructions and is protected by appropriate technical and organisational measures (TOMs).

As a rule, processing takes place within the European Union (EU) or the European Economic Area (EEA). If data is exceptionally transferred to a third country (e.g. the USA), this is only done on the basis of appropriate safeguards, such as the EU Standard Contractual Clauses (SCC) or equivalent legal instruments.

Examples of processors we use within the EU include:

hosting and IT service providers (e.g. servers located in the EU),
CRM systems (e.g. Zoho CRM, location: Netherlands),
newsletter providers (e.g. Zoho Campaigns, location: Netherlands),
logistics and shipping partners within the EU.

2.3) Processing in the customer database

We store and use contact data and information received (such as business communication history) from customers and prospects for the purpose of handling or initiating the business relationship. Processing is based on Art. 6 (1) (b) GDPR (performance of a contract) and/or Art. 6 (1) (f) GDPR (legitimate interest in efficient customer management).

Personal data is collected and stored exclusively in accordance with the provisions of the General Data Protection Regulation (GDPR 2016/679) and the Federal Data Protection Act (BDSG) as applicable in Germany.

We and our affiliated companies (pursuant to Sec. 15 AktG) use Zoho CRM as our customer database. The service provider is Zoho Corporation B.V., Beneluxlaan 4B, 3527 HT Utrecht, Netherlands (“Zoho”). Data is stored on Zoho servers located in the Netherlands / in the EU. We and our affiliated companies have concluded a data processing agreement with Zoho.

You may request information about your stored data in the customer database at any time and may also request its rectification or deletion.

Further information about data protection at Zoho CRM can be found at: https://www.zoho.com/de/crm/gdpr/. Information on security measures at Zoho CRM can be found at: https://www.zoho.com/security.html.

2.4) Processing in the workflow management system

For certain business processes (e.g. ticket management, support requests, workflow automation) we use the collaboration platform ServiceNow. Provider is ServiceNow Netherlands B.V., Hoogoorddreef 54D, 1101 BE Amsterdam, Netherlands. The parent company is ServiceNow, Inc., 2225 Lawson Lane, Santa Clara, CA 95054, USA.

In the course of using this platform, in particular the following personal data may be processed:

master data (e.g. first and last name, company, e-mail address, telephone number),
communication content (e.g. support requests, ticket history, attachments),
usage data (e.g. time of the request, IP address, log files).

Processing takes place exclusively for the purpose of dealing with support requests, providing our services and optimising internal processes. The legal basis is Art. 6 (1) (b) GDPR (performance of a contract) where processing is required to handle your request. In addition, processing is based on our legitimate interests pursuant to Art. 6 (1) (f) GDPR in efficient and secure handling of support and business processes.

ServiceNow generally stores data on servers within the EU/EEA. A transfer to third countries (in particular the USA) cannot be ruled out in individual cases. Where such transfer occurs, it is based on the EU Standard Contractual Clauses pursuant to Art. 46 GDPR.

Further information on data protection at ServiceNow is available at: https://www.servicenow.com/privacy-statement.html.

2.5) Categories of personal data

Depending on how you use our Services, we process in particular the following categories of personal data:

Contact details: name, address, billing and delivery address, telephone number, e-mail address;
Financial data: payment information, transaction details, payment confirmations;
Account information: username, passwords, settings, security questions;
Transaction information: items viewed, ordered, returned or cancelled, order history;
Communication data: contents of enquiries, support contacts, feedback;
Device information: device type, browser, IP address, unique identifiers;
Usage information: interactions with our websites, services and shops.

3) Data collection when using our website and digital services

3.1) General

When you visit our website, personal data is generally processed only to the extent necessary to provide a functional website and our content and services. Where personal data (e.g. name, address or e-mail address in contact forms) is collected on our pages, this is always done on a voluntary basis. Your data is transmitted using SSL/TLS encryption.

Your data is processed in accordance with European and German data protection law (GDPR and BDSG) as well as our internal policies.

Personal data is in particular used for the purpose of processing orders and dealing with your enquiries. Depending on the type and content of your request, your data may be passed on to affiliated companies (pursuant to Sec. 15 AktG) insofar as this is necessary for processing.

3.2) Website hosting & FTP services

Our website is hosted by IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany. When you access our website, IONOS automatically records information in server log files. This includes:

IP address of the requesting device,
date and time of access,
address of the page / file accessed,
referrer URL (previously visited page),
browser type and version,
operating system used.

Log files are used to ensure operational security and system security and to defend against attacks. The legal basis for this processing is our legitimate interest pursuant to Art. 6 (1) (f) GDPR.

We also use FTP and SFTP servers (File Transfer Protocol) provided by IONOS SE for uploading, managing and exchanging files. When accessing the FTP server, log files are generated for technical reasons, including:

IP address of the requesting device,
username used (FTP login),
date and time of access,
files accessed or transferred,
server status messages (e.g. successful / failed login attempts).

Processing this data is necessary to ensure operation and security of the file server, to reconstruct access (e.g. for error analysis or misuse prevention) and to enable authorised users to securely exchange files.

The legal basis is Art. 6 (1) (f) GDPR (legitimate interest in secure and stable operation of the FTP service) and Art. 6 (1) (b) GDPR (performance of a contract) where file exchange occurs in the context of contractual relationships.

We have concluded a data processing agreement pursuant to Art. 28 GDPR with IONOS, which ensures compliant processing. Further details can be found in the IONOS privacy notice: https://www.ionos.de/terms-gtc/datenschutzerklaerung/.

3.3) E-mail communication

For sending and receiving e-mails we use Microsoft 365 (Outlook) provided by Microsoft Ireland Operations Limited. To ensure IT security (spam, phishing and malware protection) we additionally use security / filter services from Cisco (Cisco Systems).

In the context of e-mail communication we process in particular: sender / recipient address, names, technical header and protocol data, timestamps, IP addresses as well as contents of messages and attachments.

The legal basis is Art. 6 (1) (b) GDPR (communication for contract performance and processing of enquiries) and, where not directly contract-related, Art. 6 (1) (f) GDPR (legitimate interest in efficient communication).

E-mails are usually transmitted in transit with TLS encryption (if supported by the recipient server). Incoming and outgoing messages are automatically scanned for malware, spam and phishing.

A transfer of personal data to third countries, in particular to the USA, may occur (e.g. in the context of support or security services). In such cases, appropriate safeguards are in place, including participation of service providers in the EU-US Data Privacy Framework (DPF) and/or conclusion of EU Standard Contractual Clauses (SCCs). We will provide further details upon request.

We have concluded data processing agreements (Art. 28 GDPR) with Microsoft and, where applicable, with Cisco. Further information can be found in the Microsoft Privacy Statement: https://www.microsoft.com/de-de/privacy/privacystatement.

3.4) Google Analytics

Currently, our "Under Construction" website does not use any integration of Google Analytics.

3.5) Cookies

We are currently not using any cookies of our own on this "Under Construction" website. However, our hosting provider may set technically necessary cookies to ensure the proper operation and security of the website. We do not use any additional cookies (e.g. for analytics or marketing).

3.6) Newsletter

We and our affiliated companies (pursuant to Sec. 15 AktG) use Zoho Campaigns to send newsletters. Provider is Zoho Corporation B.V., Beneluxlaan 4B, 3527 HT Utrecht, Netherlands (“Zoho”). Zoho Campaigns is a service for creating, sending and managing marketing e-mails and newsletters.

Data is stored on Zoho servers in the Netherlands / EU. ICS Software is responsible for processing your data in this context. Processing is carried out exclusively on the basis of your consent (Art. 6 (1) (a) GDPR).

3.6.1) Subscription

You can subscribe to our newsletter on our website. To receive the newsletter, we require a valid e-mail address and information allowing us to verify that you are the owner of the e-mail address provided or that its owner agrees to receive the newsletter.

You may optionally provide your surname and salutation when subscribing. No further mandatory data is collected. The personal data collected is used exclusively for sending newsletters. Consent is granted using the legally compliant double-opt-in procedure.

By subscribing you consent to us storing your data (e.g. e-mail address) on Zoho servers for the purpose of sending newsletters and to us analysing your open and click behaviour in order to optimise our newsletter offering. Processing is based on Art. 6 (1) (a) GDPR.

3.6.2) Data processing agreement

We and our affiliated companies have concluded a data processing agreement with Zoho and fully comply with European and German data protection requirements when using Zoho Campaigns. Your subscription data is transmitted to Zoho solely for the purpose of sending marketing e-mails and newsletters on our behalf. Zoho stores data in a way that prevents other Zoho customers and third parties from accessing it.

3.6.3) Further information on Zoho Campaigns

The Zoho Campaigns terms of use applicable to us can be found at: https://www.zoho.com/de/campaigns/terms.html. Further information on data protection at Zoho Campaigns is available at: https://www.zoho.com/de/crm/gdpr/. Information on Zoho’s security safeguards is available at: https://www.zoho.com/security.html.

3.6.4) Withdrawal of consent

You can withdraw your consent at any time without affecting the lawfulness of processing carried out prior to your withdrawal. If you withdraw consent, we will cease the corresponding processing. If you no longer wish to receive our newsletter, you can unsubscribe at any time, e.g. via the unsubscribe link in each newsletter or by sending an e-mail to marketing@ics-group.eu. Your data used for newsletter dispatch will be deleted after you unsubscribe, unless statutory retention obligations require longer storage.

3.7) Social media presences

We maintain publicly accessible profiles on the following social networks: Facebook, Instagram, LinkedIn, Xing, X (formerly Twitter) and YouTube. We link to our social profiles from our website and in some cases use social platform features (social plugins).

3.7.1) Links to our social profiles

Our website contains links to our profiles on Facebook, Instagram, LinkedIn, Xing, X (formerly Twitter) and YouTube.

These are simple external links. No data is transmitted to the operators of these networks when you visit our website.

Only when you click on a respective link will you be forwarded to the provider’s platform. Personal data may then be processed, which is outside of our control. Information on data processing by these providers can be found in their privacy policies:

Facebook: https://www.facebook.com/privacy/policy/
Instagram: https://privacycenter.instagram.com/policy
LinkedIn: https://de.linkedin.com/legal/privacy-policy
Xing: https://privacy.xing.com/de/datenschutzerklaerung
X (formerly Twitter): https://x.com/de/privacy
YouTube / Google: https://policies.google.com/privacy?hl=en

3.7.2) Social plugins

We may use functions of the social platforms on our website, such as Like, Follow or Share buttons. When you access a page containing such a plugin, your browser establishes a direct connection to the servers of the respective provider.

In doing so, personal data (in particular IP address, browser information, time of page access) may be transmitted to the provider – even if you do not have an account with the provider or are not logged in.

The legal basis for the use of such plugins is your consent pursuant to Art. 6 (1) (a) GDPR. Consent is obtained via our cookie banner and can be withdrawn at any time.

Some providers also process your data in the USA or other third countries. For the USA, an adequacy decision (EU-US Data Privacy Framework) has been adopted. Providers certified under this framework offer an adequate level of data protection. For other providers, data transfer is based on the EU Standard Contractual Clauses pursuant to Art. 46 (2) (c) GDPR, as well as any additional safeguards.

Please note that we have no knowledge of the exact content of the data transmitted to the respective social media platform or of how it is used there.

Further information on the purpose and scope of data processing can be found in the privacy policies of the respective providers:

Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (Facebook & Instagram): https://www.facebook.com/privacy/policy/ and https://privacycenter.instagram.com/policy
LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland: https://de.linkedin.com/legal/privacy-policy
New Work SE (Xing), Am Strandkai 1, 20457 Hamburg, Germany: https://privacy.xing.com/de/datenschutzerklaerung
X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA (EU representative: X International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, Ireland): https://x.com/de/privacy
Google Ireland Limited (YouTube), Gordon House, Barrow Street, Dublin 4, Ireland: https://policies.google.com/privacy?hl=en

3.8) Embedded YouTube videos

We occasionally embed videos from YouTube on our website, a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

When you start a YouTube video embedded on our site, a connection to YouTube’s servers is established. The YouTube server is informed which of our pages you visited. If you are logged in to your YouTube or Google account, Google can associate your surfing behaviour directly with your personal profile. You can prevent this by logging out beforehand.

We use YouTube in “Privacy-Enhanced Mode”. This means that YouTube will not store cookies before you play a video. Only when you start the video will data processing operations be triggered, which are beyond our control.

A transfer of personal data to servers of Google LLC in the USA may occur.

For the USA, an adequacy decision (EU-US Data Privacy Framework) exists. Google is certified under this framework and undertakes to comply with European data protection standards.

Processing is based on your consent (Art. 6 (1) (a) GDPR), which you grant via our cookie banner. You may withdraw your consent at any time with effect for the future.

Further information on data processing can be found in the YouTube / Google Privacy Policy: https://policies.google.com/privacy?hl=en.

3.9) Use of tracking and marketing tools

3.9.1) Meta Pixel (Facebook / Instagram)

As part of marketing campaigns, we may use the Meta Pixel (formerly Facebook Pixel) on our website, provided by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland.

The Meta Pixel enables Meta to determine the visitors of our website as a target group for displaying ads (“Facebook Ads” / “Instagram Ads”). It also allows us to track the effectiveness of our advertising for statistical and market research purposes.

In this context, personal data may be transferred to servers of Meta Platforms Inc. in the USA. For the USA, an adequacy decision (EU-US Data Privacy Framework) has been adopted. Meta is certified under this framework and undertakes to comply with European data protection standards.

Processing takes place only with your explicit consent (Art. 6 (1) (a) GDPR). Consent is obtained via our cookie banner and can be withdrawn at any time. Without your consent, the Meta Pixel will not be used.

Further information:

Meta Privacy Policy: https://www.facebook.com/privacy/policy/
Information on Meta Pixel: https://www.facebook.com/business/tools/meta-pixel

3.9.2) LinkedIn Insight Tag

Our website may also use the LinkedIn Insight Tag of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, in relation to specific campaigns.

The Insight Tag allows us to create statistical analyses on website usage by LinkedIn members and to measure the effectiveness of our LinkedIn advertising. It also enables us to create target groups for ads (“Matched Audiences”).

Personal data may be transferred to servers of LinkedIn Corporation in the USA. For the USA, an adequacy decision (EU-US Data Privacy Framework) exists. LinkedIn is certified under this framework and undertakes to comply with European data protection standards.

Processing takes place only with your explicit consent (Art. 6 (1) (a) GDPR). Consent is obtained via our cookie banner and can be withdrawn at any time. Without your consent, the LinkedIn Insight Tag will not be used.

Further information:

LinkedIn Privacy Policy: https://www.linkedin.com/legal/privacy-policy
Information on Insight Tag: https://www.linkedin.com/help/linkedin/answer/a427660

3.10) Contact form

If you submit enquiries to us using the contact form, the information you provide, including your contact details, will be stored by us for the purpose of processing the enquiry and in case of follow-up questions. Depending on the nature of your enquiry, your data may be passed on to affiliated companies (pursuant to Sec. 15 AktG) insofar as this is necessary for processing.

3.11) Links to other websites and third-party applications

To interact with other websites where you are a registered user (e.g. Facebook, etc.), we may provide links or integrate third-party applications. We may also provide general links to websites of other providers. The use of such links and applications is governed by the providers of these sites and is subject to their privacy policies. ICS Software is not responsible for the privacy practices or content of these sites.

3.12) Live chat function and website heat map

Our website uses the services Zoho SalesIQ and Zoho PageSense from Zoho Corporation B.V., Beneluxlaan 4B, 3527 HT Utrecht, Netherlands (EU headquarters). Data collected via these services is stored on Zoho servers in the EU.

Zoho SalesIQ enables analysis of user behaviour and provides a live chat function on our website. Cookies may be used which allow an analysis of website usage.

You can use the chat anonymously by simply entering your request in the text field. Providing personal data (e.g. name, e-mail address) is voluntary. If you provide such information, it will be stored together with the chat history in our Zoho CRM system (see section “Processing in the customer database” in this Policy). Data is stored only to the extent necessary to process your request.

We also collect anonymised usage data of visitors to our website using Zoho PageSense. This service records visits and clicks on our website in anonymised form and provides us with a heat map to review general usage and optimise content. No personal usage data is collected or stored with Zoho PageSense.

Zoho SalesIQ and Zoho PageSense are used exclusively on the basis of your consent (Art. 6 (1) (a) GDPR in conjunction with Sec. 25 TTDSG). Consent is obtained via our consent management tool (cookie banner). There you can choose which cookie categories (e.g. “Statistics”, “Marketing”) you wish to allow. Without your consent, the corresponding cookies will not be set and no data will be transmitted to Zoho. You can withdraw or change your consent at any time with effect for the future using the cookie banner settings.

Further information can be found in Zoho’s Privacy Policy: https://www.zoho.com/de/privacy.html and in Zoho’s security information: https://www.zoho.com/security.html.

3.13) Microsoft Office services “Bookings” and “Teams”

We use Microsoft Bookings and Microsoft Teams, provided by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. The parent company is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

Microsoft Bookings enables simple and user-friendly appointment scheduling (e.g. consulting, support, sales). Microsoft Teams enables online meetings, video conferences and chats. When using these services, the following data is processed:

Microsoft Bookings: name, e-mail address, if applicable telephone number, appointment details (date, time, purpose), any further optional information you provide;
Microsoft Teams: account information (name, e-mail, profile picture), communication content (chats, files, shared content), metadata (IP address, device information, connection data).

Data is processed solely for the purpose of scheduling, managing and holding appointments and for communication with you. The legal basis is Art. 6 (1) (b) GDPR where processing is required for performing (pre-)contractual measures (e.g. appointment scheduling, meetings) and Art. 6 (1) (f) GDPR where we have a legitimate interest in an efficient and secure communication and booking solution.

We may pass on your data to affiliated companies (pursuant to Sec. 15 AktG) and, where necessary, other third parties to the extent required for preparing and/or holding an appointment with you. In all other respects, data is only passed on if we are legally obliged to do so.

We and our affiliated companies take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss or misuse. This includes encryption of data transfers, access restrictions and regular reviews of our security measures. Other third parties to whom we transfer personal data are contractually obliged to implement adequate data protection measures.

Data is stored for as long as required for the respective appointment or communication purpose, or as long as statutory retention periods apply. Where a subsequent business relationship arises, statutory retention obligations apply. Data is only passed on to third parties if this is necessary for fulfilling the appointment or required by law.

Microsoft stores most customer data from the EU in European data centres. However, it cannot be ruled out that personal data may be transferred to third countries (in particular the USA) in certain cases, for example for support and maintenance purposes. For such transfers, Microsoft uses the EU Standard Contractual Clauses (Art. 46 (2) (c) GDPR) and additional safeguards where appropriate. For the USA, an adequacy decision (EU-US Data Privacy Framework) has existed since 10 July 2023. Microsoft is certified under this framework.

Further information can be found in the Microsoft Privacy Statement: https://privacy.microsoft.com/de-de/privacystatement and in Microsoft’s security information: https://www.microsoft.com/de-de/microsoft-365/business/data-security-privacy-germany.

3.14) Rating platform Proven Expert

Our website uses functions of the rating platform Proven Expert, a service of Expert Systems AG, Quedlinburger Str. 1, 10589 Berlin, Germany.

We use Proven Expert to display customer reviews and to allow you to submit your own review. This serves transparency and quality assurance of our services. Integration of Proven Expert on our website is based on Art. 6 (1) (f) GDPR (legitimate interest in transparency and external presentation). If you voluntarily submit a review and provide personal data, processing is based on your consent (Art. 6 (1) (a) GDPR).

When submitting a review, your e-mail address and technical connection data (IP address, browser type / version, time of access) are usually stored. You may optionally state your first and last name so that your review can be displayed in a personalised way. Reviews can also be submitted anonymously.

Data you submit is processed by Proven Expert. Further information can be found in the provider’s Privacy Policy: https://www.provenexpert.com/de-de/datenschutzbestimmungen/.

3.15) Surveys

We and our affiliated companies (pursuant to Sec. 15 AktG) use the service Zoho Survey, provided by Zoho Corporation B.V. (Zoho), Beneluxlaan 4B, 3527 HT Utrecht, Netherlands, to conduct surveys. Data is stored on Zoho servers in the Netherlands / EU. We have concluded a data processing agreement (Art. 28 GDPR) with Zoho, ensuring compliance with European data protection standards. ICS Software is responsible for data processing towards you.

Participation in surveys is always voluntary, as is answering individual questions. As a rule, our surveys are conducted anonymously; no personal data is collected and no conclusions can be drawn about the responding person.

If a survey optionally allows you to provide personal details (e.g. name, e-mail address), this is done based on your voluntary decision.

Processing is carried out exclusively for internal market research, optimisation of our products and services and – in individual cases – for contacting you if you voluntarily provide personal data (e.g. name, e-mail address). The legal basis for anonymous surveys is Art. 6 (1) (f) GDPR (legitimate interest in market research and optimisation), and Art. 6 (1) (a) GDPR (consent) if you voluntarily provide personal data (e.g. for being contacted). If you have voluntarily provided personal data within a survey, you may request access to, rectification or deletion of such data at any time.

Information on Zoho’s privacy policy is available at: https://www.zoho.com/privacy.html. Information on security measures at Zoho Survey is available at: https://www.zoho.com/security.html.

3.16) Mobile Apps (Google Play Store)

We offer certain software solutions as mobile apps via the Google Play Store for download. The following provisions apply in addition to the other sections of this Privacy Policy and explain how personal data is processed in connection with the use of our mobile apps.

3.16.1) Controller and scope

The controller for the processing of personal data in connection with our mobile apps is ICS Software. These notes apply irrespective of whether the apps are used by end users in a B2B context (e.g. employees of our customers) or for testing and demo purposes.

3.16.2) Download via the Google Play Store

When downloading our apps from the Google Play Store, certain information is transmitted to the store operator, Google Ireland Limited (and other Google group companies). This may in particular include:

your Google account or the account used for the store,
device information (e.g. device type, operating system version),
time of download and, where applicable, payment information (for paid apps),
store-specific identifiers (e.g. transaction or order numbers).

ICS Software has no influence over this data processing, which is carried out under the sole responsibility of the Google Play Store. For further details, please refer to Google’s Privacy Policy: https://policies.google.com/privacy?hl=en.

3.16.3) Data processed when using the app

When using our apps we process – depending on the specific app and the configuration chosen by our customer – in particular the following categories of personal data:

Usage and log data: e.g. time of use, features accessed, technical log files for error analysis and to ensure stability and security of the app;
Contact and user account data: e.g. name, username, business e-mail address, role and authorisation information, where you log in with a user account;
Content and transaction data: e.g. business data recorded or displayed within the app (depending on the specific purpose of the software solution).

The concrete data processed depends on the functions of the respective app and on the contractual arrangements with our customer. Our apps are generally designed for use in a business environment (B2B). Nevertheless, personal data of natural persons in the sense of the GDPR may be processed (e.g. employees of our customers).

3.16.4) App permissions (e.g. camera, storage, network)

Depending on the app version, certain technical permissions on your device may be required (e.g. access to the camera, storage, notifications or network) in order to provide specific functions. Before first use of such a function, the operating system will ask you to grant the relevant permission.

The app only accesses the respective resource to the extent required for the specific function. No further use (e.g. for other purposes or permanently in the background) takes place. You can revoke granted permissions at any time in your device settings. Please note that certain app features may no longer function or may only be available to a limited extent afterwards.

3.16.5) Legal bases for processing

Data processing in connection with the use of our apps is usually based on Art. 6 (1) (b) GDPR (performance of a contract or taking steps prior to entering into a contract) in relation to our customer (e.g. provision and operation of the software solution) and on Art. 6 (1) (f) GDPR (legitimate interest) in providing a secure, stable and efficient app.

Where specific features require your consent (e.g. optional usage analytics or push notifications, insofar as these are not technically necessary), processing is based on Art. 6 (1) (a) GDPR. Consent can be withdrawn at any time with effect for the future, e.g. in the app settings or via your device settings.

3.16.6) Analytics data and crash reports

In order to ensure stability, to analyse errors and to continuously improve our apps, we may – depending on the app – process technical crash reports and anonymised or pseudonymised usage statistics. If third-party services (e.g. Google Firebase, Crashlytics or similar) are used for this purpose, they will only be implemented in compliance with applicable data protection requirements and, where necessary, on the basis of your consent.

Where personal data is transferred to third countries (in particular the USA), this is done solely on the basis of appropriate safeguards within the meaning of Art. 44 et seq. GDPR (e.g. EU Standard Contractual Clauses, adequacy decision).

3.16.7) Deletion of data / uninstallation of the app

Data processed in the app is deleted as soon as it is no longer required for the purposes described and there are no statutory retention obligations. Merely uninstalling the app from your device does not automatically lead to deletion of all data stored by the app provider or in our backend systems. For deletion or access requests, please contact the data protection contact specified in the section “Further information / data protection contact” below or – if you are using the app as an employee of one of our customers – your internal contact person first.

4) Use of personal data

4.1) General

We use the data you provide to perform and process your order and to respond to your enquiry, as well as to initiate and maintain the business relationship. If you subscribe to our newsletter, your e-mail address is used for our own marketing purposes until you unsubscribe. You can unsubscribe at any time (e.g. via the unsubscribe link in the newsletter or by e-mail to marketing@ics-group.eu).

Where necessary and legally permissible, we may use your data prior to concluding a contract and, if necessary, during the business relationship for contract management and for credit checks or obtaining information. For this purpose, we use selected service providers and credit agencies, and information on payment behaviour and creditworthiness may be obtained in the form of score values based on mathematical-statistical procedures.

We assure you that we will not transfer your personal data to third parties unless we are legally entitled or obliged to do so or you have given your prior consent. We may disclose your personal data in connection with ongoing or future legal proceedings, for example to establish, exercise or defend legal claims (including disclosure of information to third parties for the purpose of fraud prevention and reduction of credit risk).

We may transfer your personal data to affiliated companies (pursuant to Sec. 15 AktG) where this is necessary to process your request.

4.2) Recruitment / application process

We inform you that we and our affiliated companies (pursuant to Sec. 15 AktG) collect and use your personal data in connection with recruitment (online and offline).

Where we use service providers to perform and process data processing operations, contractual relationships are based on the GDPR.

For receiving and managing applications and thus for the purpose of potentially establishing an employment relationship, we and our affiliated companies use the recruiting tool “Zoho Recruit”.

This service is provided by Zoho Corporation B.V., Beneluxlaan 4B, 3527 HT Utrecht, Netherlands (“Zoho”). Data is stored on Zoho servers in the Netherlands / EU.

Zoho’s Privacy Policy is available at: https://www.zoho.com/de/privacy.html.

Further information on security at Zoho Recruit is available at: https://www.zoho.com/security.html.

ICS Software is responsible for processing towards you.

If you apply to us, the following applies: Zoho collects, on our behalf, the following data from you: salutation, first and last name, contact details and other data from your application. ICS Software and its affiliated companies can then access an internal, protected area of Zoho Recruit, view your applicant data and use / process it for documenting the recruitment process and for communication with you.

The legal basis for processing applicant data is Art. 88 (1) GDPR in conjunction with Sec. 26 (1) BDSG. The service relationship between Zoho and ICS Software and its affiliated companies is based on Art. 28 GDPR (data processing agreement).

Applications from young people from the age of 16 (e.g. for apprenticeships, student internships or working student positions) are expressly welcome. In this context, we process the personal data you provide solely for the purpose of conducting the application process (Art. 6 (1) (b) GDPR in conjunction with Sec. 26 BDSG).

ICS Software and its affiliated companies store applicant data in Zoho Recruit in accordance with statutory retention periods. After expiry of these periods, applicant data is deleted in a secure and data protection-compliant manner. In addition, applicants have the right to request deletion of their data at any time.

If ICS Software and its affiliated companies wish to store applicant data in Zoho Recruit beyond the statutory retention periods (e.g. for a talent pool), this is done solely with the applicant’s express written consent. Such consent can be withdrawn at any time.

4.3) Credit checks and scoring

Where we provide services in advance (e.g. purchase on account), we may, to protect our legitimate interests, obtain credit information on the basis of mathematical-statistical procedures from Verband der Vereine Creditreform e.V., Hellersbergstraße 12, 41460 Neuss (and its local offices) and/or Allianz Trade Deutschland, branch of Allianz Trade SA (formerly Euler Hermes), Gasstr. 29, 22761 Hamburg.

For this purpose, we transmit the personal data required for a credit check to Creditreform (and its local offices) and/or Allianz Trade Deutschland. We use the information received on the statistical probability of default to make a balanced decision on the establishment, conduct or termination of the contractual relationship. The credit report may contain probability values (score values) calculated on the basis of scientifically recognised mathematical-statistical methods, which include address data. Your legitimate interests are taken into account in accordance with legal provisions.

4.4) Data security and retention

We implement technical and organisational measures pursuant to Art. 32 GDPR to protect your data against loss, manipulation or unauthorised access. This includes in particular SSL encryption, access restrictions, backups, firewalls and regular reviews of our security concepts. Nevertheless, no transmission or storage method can guarantee absolute security.

Personal data is stored only for as long as necessary for fulfilling the processing purpose or as long as statutory retention periods apply. After the purpose ceases to exist, the data is deleted. Examples of retention periods:

contract and tax-relevant data: 6–10 years (under the German Commercial Code – HGB – and Fiscal Code – AO),
applicant data: generally 6 months after completion of the recruitment process, longer storage only with consent (talent pool),
newsletter data: until you withdraw your consent,
log files and technical data: generally 14 days, no longer than 30 days.

5) Your rights under GDPR

Under the General Data Protection Regulation (GDPR), you have the right to obtain information on your stored data free of charge and, where applicable, the right to rectification, restriction of processing, erasure (“right to be forgotten”) and data portability.

We are obliged under Art. 12 and Art. 21 GDPR to provide information in writing, electronically or – on request – orally, depending on the circumstances of the case. You have a comprehensive right to object at any time (Art. 21 (2) GDPR). Any consent you have given remains effective until withdrawn. All our communication channels meet appropriate security requirements.

As a data subject you have in particular the following rights:

Right of access (Art. 15 GDPR) & right to data portability (Art. 20 GDPR): you may request a copy of the personal data we hold about you. On request, we will provide it in a machine-readable format where technically feasible.
Right to rectification (Art. 16 GDPR): you may have inaccurate data corrected or incomplete data completed.
Right to erasure / “right to be forgotten” (Art. 17 GDPR): you may request the deletion of your personal data where no statutory retention obligations prevent this.
Right to restriction of processing (Art. 18 GDPR) & right to object (Art. 21 GDPR): you may request restriction of processing or object to processing where particular reasons apply.
Right to withdraw consent (Art. 7 (3) GDPR): where we process your data on the basis of consent, you may withdraw this consent at any time with effect for the future.
Right to lodge a complaint (Art. 77 GDPR): you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement. An overview of supervisory authorities is available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en.

To exercise your rights, please contact us using the contact details provided at the end of this Privacy Policy. Where legally required, we reserve the right to verify your identity before processing your request.

6) Changes to this Privacy Policy

We reserve the right to amend or update this Privacy Policy at any time. Please review this page regularly for updates.

7) Further information / data protection contact

Your trust is important to us. We therefore remain at your disposal to answer questions regarding the processing of your personal data. If you would like information on your stored personal data or have questions that this Privacy Policy could not answer, or if you wish to receive more detailed information on a specific point, please contact our Data Protection Officer at any time: datenschutz@ics-group.eu.

Alternatively, you can reach us at the following address:

ICS Software GmbH Data Protection Officer c/o IPAI Spaces Im Zukunftspark 11/13 74076 Heilbronn Germany

Data protection enquiries are usually answered within a maximum of 30 days of receipt.

Last updated: