The protection of personal data is important for IOTIQ GmbH. Data protection is intended to protect the right to informational self-determination. This fundamental right, as an expression of the general right to personal privacy according to Art. 2 sec. 1 GG in conjunction with Art. 1 sec. 1 GG, is the right of the individual to principally determine the disclosure and use of his personal data. For this purpose, regulations on the handling of data are needed.
Personal data shall be treated confidentially.
The aim of the data protection concept is to present the data protection aspects in a summary documentation. It can also be used as a basis for data protection audits, e. g. by clients in the context of order processing. The aim is not only to ensure compliance with the European General Data Protection Regulation (GDPR), but also to provide proof of compliance.
Data protection means trust. Trust is a top priority for IOTIQ GmbH. Therefore, the careful handling of personal information is particularly important to the company. Data collected will always be treated confidentially in strict compliance with the applicable data protection regulations. This applies in particular to the processing of personal data.
This guideline regulates the data protection compliant processing of information and the corresponding responsibilities at the IOTIQ GmbH. ALL employees are obliged to comply with this policy.
The EU has summarised the most important points in data protection in the GDPR. It’s called Principles. The principles can be found in Art. 5 of the GDPR. The GDPR requires that they be observed when handling personal data. The principles are like a foundation on which action in data protection is based.
The main points are:
Art. 4 of the GDPR defines numerous terms for data protection law. They help to understand the law. Essential points are described here in a simplified way.
A “data subject” is a natural person from whom data is processed. The data subject has rights (see XIII. ).
“Personal Data” means the information of a natural person. The data can be used to pinpoint the person. They say she’s identifiable. This can happen directly through the name. Individual information without a name can also point to a person, such as an address.
According to Art. 9 GDPR, the “Special Categories of Personal Data” include, inter alia, information on racial, ethnic, political opinions, religious or philosophical beliefs, trade union membership or health.
The “Responsible Body” means any person or body that collects, processes or uses personal data for themselves or has others do so on behalf of them.
“Processing” means the procedure in connection with the personal data. This can be digital or in paper form. This includes, for example, when working in the counselling centre, when personal data:
“Pseudonymisation” means that the personal data can no longer be uniquely assigned to a data subject without additional information (a type of key). This additional information must be kept in accordance with data protection requirements.
During “anonymisation”, personal data is changed in such a way that it can no longer be assigned to a person. Anonymized data is not subject to data protection.
The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection provisions is:
Managing Director: Özer Aydemir
E-Mail: [email protected]
Telephone: +49 341 219 194 47
The GDPR stipulates that, under certain conditions, a company data protection officer must be appointed. The conditions are specified in Art. 37 GDPR. Each company must appoint a data protection officer when it carries out activities that are subject to specific control.
An employee with the required expertise or an external data protection officer may be appointed. The corporate data protection officer of IOTIQ GmbH is:
E-Mail: [email protected]
Telephone: +49 341 219 194 47
The Data Protection Officer is responsible for raising employee awareness and/or for the organisation and:
In principle, we collect and use personal data of our users only to the extent necessary to provide a functioning website as well as our content and services. The collection and use of personal data of our users takes place regularly only with the consent of the user.
Insofar as we obtain the consent of the data subject for processing of personal data, Art.6 serves the purpose of 1 lit. EU General Data Protection Regulation (GDPR) as the legal basis.
In the processing of personal data necessary for the performance of a contract to which the data subject is a party, Art. 6 para. lit . b GDPR serves as the legal basis. This also applies to processing operations necessary for the implementation of pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.
If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for processing.
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Storage may also take place if this has been provided for by European or national legislators in EU regulations, laws or other regulations to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion of a contract or for the performance of a contract.
There is a binding instruction according to which every employee who has to handle personal data undertakes to observe data secrecy in writing (according to § 5 BDSG) and to comply with this policy when taking up their duties.
The IOTIQ GmbH has a list of procedures.
The register of procedures is an excellent means of creating transparency both within the company and vis-à-vis the parties concerned.
Once the appropriate processes have been put in place, the company data protection officer can assess very well whether planned procedures pose particular risks to the rights and freedoms of data subjects and are therefore subject to prior checking.
The procurement of work equipment and software is carried out by the company. Employees are advised of the careful use and undertake to do so in writing. When an employee leaves the company, the devices are returned to the company and the stored data is deleted.
The mobile devices provided by the company can be used privately. Professional data is backed up by the company’s mobile device management MobiVisor.
In the event of loss of a device, the data stored on it is immediately deleted by MobiVisor (MDM). The affected device is reset. In the event of a data breach, the obligation to report (see X.3) is followed up.
The password files must be protected against unauthorised access.
The software shall be designed in accordance with the state of the art in such a way that the following are checked and ensured:
According to the General Data Protection Regulation (according to Art. 33, 34 GDPR), data breaches must be reported in certain cases.
The personal data breach shall be reported to the competent data protection authority within 72 hours if the breach poses a risk to the rights and freedoms of a data subject.
The data subject shall be notified immediately if a high risk to the rights and freedoms of the data subjects is expected.
Recorded with each call-up of our website our system automates data and information from the computer system of the calling computer. The following data is collected:
The data is also stored in the log files of our system. This does not affect the user’s IP addresses or other data that allow the data to be assigned to a user. These data are not stored together with other personal data of the user.
The legal basis for the temporary storage of the data is Art. 6 para. f GDPR.
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must be stored for the duration of the session.
These purposes also include our legitimate interest in data processing pursuant to Art. 6 para. 1 lit. f GDPR.
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the event of the collection of data for the provision of the website, this is the case when the respective session has ended.
The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.
A contact form is available on our website, which can be used for electronic contact. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored.
Alternatively, you can contact us via the E-mail address provided. In this case, the user’s personal data transmitted with the E-mail will be stored.
In this context, the data will not be passed on to third parties. The data is used exclusively for the processing of the conversation.
The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR.
The legal basis for the processing of data transmitted in the course of a contact is Art. 6 para. 1 lit. f GDPR. If the purpose of the contact is to conclude a contract, the additional legal basis for the processing is Art. 6 para. b GDPR.
The processing of personal data from the input mask serves us solely to process the establishment of contact. In the event of contact by E-mail, this also constitutes the necessary legitimate interest in the processing of the data.
The other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by E-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been finally clarified.
The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.
The user has the option to revoke his consent to the processing of personal data at any time. If the user contacts us by E-mail, he or she may object to the storage of his or her personal data at any time. In such a case, the conversation cannot be continued.
All personal data stored in the course of contacting us will be deleted in this case.
(1) Google Analytics
We use Google Analytics, a web analysis service provided by Google Inc. (https://www.google.de/intl/de/about/) (Gordon House, Barrow Street, Dublin 4, Ireland; referred to as “Google”) for the purpose of designing and continuously optimizing our pages. On the other hand, we use tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you.
Google Analytics creates pseudonymised user profiles for us. The information generated by the Google Analytics cookie about your use of this website, such as:
are transmitted to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on the website activities and to provide other services related to the use of the website and the Internet for the purposes of market research and the needs-oriented design of these websites. This information may also be transferred to third parties if this is required by law or if third parties process this data on behalf. Under no circumstances your IP address will be merged with other Google data. The IP addresses are anonymized so that an assignment is not possible (IP masking).
You can prevent the installation of cookies at any time by selecting the appropriate settings in the browser software, even if you have given your prior consent; however, we would like to point out that in this case not all functions of this website can be used to their full extent.
You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de).
As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent the collection by Google Analytics by clicking on this link. An opt-out cookie is set which prevents the future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.
For more information on data protection in connection with Google Analytics, please refer to the Google Analytics Help (https://support.google.com/analytics/answer/6004245?hl=de).
Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
We also use the services of so-called lead generation tools. Lead generation is a term used in marketing. A lead is a qualified prospective customer who is interested in a company or a product on the one hand and who, on the other hand, gives the advertiser his address and similar contact data (lead = dataset) on his own initiative for further dialogue and therefore becomes a customer with a high probability. Generating high-quality leads is a fundamental task for acquiring new customers. Address data of potential interested parties can be generated online and offline with specific target groups and these purposes include our legitimate interest in data processing pursuant to Art. 6 (1) lit f GDPR. Leadfeeder accesses the list of IP addresses of website visitors provided by Google Analytics in the evaluation and links the list of IP addresses to information about the companies that can be found on the Internet under these IP addresses. Due to the shortening of the IP addresses of the website visitors already carried out during the use of Google Analytics, a direct reference to a person is not established. A reference to a person can only be made on the basis of a presumption when viewing the linked company information. Leadfeeder is integrated into our CRM-System & Email Marketing Tool. This is a service of Liidio Oy, Mikonkatu 17 C, Helsinki 00 100, Finland. The privacy statement of Leadfeeder can be found at https://www.leadfeeder.com/privacy, information on leadfeeder and compliance with the General Data Protection Regulation: https://www.leadfeeder.com/leadfeeder-and-gdpr/.
If your personal data is processed, you are the data subject within the scope of this Regulation. GDPR and you have the following rights vis-à-vis the controller:
You may request confirmation from the person responsible if your personal data is being processed by us.
If such processing takes place, you may request information from the person responsible about the following information:
(1) the purposes for which the personal data is processed;
(2) the categories of personal data that are processed;
(3) the recipients or categories of recipients to whom the personal data concerning you has been or will be disclosed;
(4) the planned duration of storage of the personal data concerning you or, if specific information is not possible, criteria for determining the duration of storage;
(5) the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
(6) the existence of a right of appeal to a supervisory authority;
(7) all available information on the source of the data, where the personal data are not collected from the data subject;
(8) the existence of automated decision-making including profiling pursuant to Art. 22 (1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
You have the right to request information about whether your personal data is transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transfer.
You have a right to rectification and/or completion vis-à-vis the person responsible if the processed personal data concerning you is incorrect or incomplete. The person in charge shall make the correction without delay.
Under the following conditions, you may request the restriction of the processing of personal data concerning you:
(1) if you dispute the accuracy of the personal data concerning you for a period that allows the controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you refuse the erasure of the personal data and instead request the restriction of the use of the personal data;
(3) the person responsible no longer needs the personal data for the purposes of processing, but you need it to assert, exercise or defend legal claims, or
(4) if you have lodged an objection to the processing pursuant to Art. 21 para. 1 GDPR and it is not yet clear whether the legitimate reasons of the controller outweigh your reasons.
If the processing of personal data concerning you has been restricted, such data may only be processed with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If the restriction of processing has been restricted according to the above conditions, you will be informed by the controller before the restriction is lifted.
You may request the person in charge to delete your personal data without undue delay, and he is obliged to delete such data without undue delay, if one of the following reasons applies:
(1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
(2) You revoke your consent, on which the processing is based pursuant to Art. 6 para. 1 lit. a) or Art. 9 (2) lit . a GDPR, and there is no other legal basis for processing.
(3) They shall, in accordance with Art. 21 (1) GDPR object to the processing and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 para. 2 GDPR.
(4) The personal data concerning you have been processed unlawfully.
(5) The erasure of personal data concerning you is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the controller is subject.
(6) The personal data concerning you were collected in relation to information society services offered in accordance with Art. 8 para. 1 GDPR.
If the person in charge has made the personal data concerning you public and is obliged to delete it in accordance with Art. 17 para. 1 GDPR, he shall take appropriate measures, including technical measures, taking into account the available technology and the costs of implementation, to inform data controllers who process the personal data that you, as the data subject of them, have deleted all links to such personal data or to obtain copies or replicates of such personal data.
The right to erasure does not exist if processing is necessary
(1) to exercise the right to freedom of expression and information;
(2) for the fulfilment of a legal obligation requiring processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) on grounds of public interest in the field of public health pursuant to Article 9 (2) lit. h and i and Art. 9 (3) GDPR ;
(4) for archival purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) GDPR, insofar as the right referred to in Section a) is likely to render impossible or seriously impair the achievement of the objectives of such processing, or
(5) to assert, exercise or defend legal claims.
If you have exercised your right to rectification, erasure or restriction of processing against the person in charge , he shall be obliged to notify all recipients to whom the personal data concerning you have been disclosed of such rectification or deletion of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.
You have the right vis-à-vis the controller to be informed about these recipients
You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. In addition, you have the right to transfer this data to another person in charge without hindrance from the person in charge to whom the personal data have been provided, provided that:
(1) processing on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit . a GDPR or on a contract pursuant to Art. 6 para. 1 lit . b GDPR is based on and
(2) the processing is carried out using automated methods.
In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another controller, insofar as this is technically feasible. The freedoms and rights of other persons may not be affected by this.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you, which is carried out on the basis of Art. 6 (1) lit. e or f GDPR, to lodge an objection; This also applies to profiling based on these provisions.
The person in charge will no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.
If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct advertising.
If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
In connection with the use of information society services – notwithstanding Directive 2002/58/EC – you have the possibility to exercise your right to object by means of automated procedures using technical specifications.
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
You have the right not to be subject to a decision based solely on automated processing, including profiling, which has legal effect on you or similarly significantly affects you. This shall not apply if the decision
(1) is necessary for the conclusion or performance of a contract between you and the controller,
(2) is permitted by Union or Member State legislation to which the controller is subject and that legislation contains appropriate measures to safeguard your rights and freedoms and legitimate interests; or
(3) with your express consent.
However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g GDPR applies and appropriate measures have been taken to protect your rights and freedoms as well as your legitimate interests.
With regard to the cases referred to in (1) and (3), the person in charge shall take appropriate measures to safeguard the rights and freedoms and your legitimate interests, including at least the right to obtain the intervention of a person on the part of the person in charge, to present his or her own point of view and to challenge the decision.
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your place of residence, your place of work or the place of the alleged infringement, if you believe that the processing of your personal data violates the GDPR.
The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
Peterssteinweg 14, 04107 Leipzig Deutschland
Telephone: +49 (0) 176 150 060 80
E-Mail: [email protected]
Managing Director authorised to represent: Özer Aydemir
Registering Court: Amtsgericht Leipzig
Registration number: HRB 33576
VAT identification number according to § 27a VAT law: DE311875635
Responsible for the content:
IOTIQ GmbH, Peterssteinweg 14, 04107 Leipzig, Deutschland
Disclaimer – legal notices
§ 1 Content Warning
The free and freely accessible contents of this website have been created with the greatest possible care. However, the provider of this website does not assume any liability for the accuracy and topicality of the provided free and freely accessible journalistic guides and news. Contributions marked by name reflect the opinion of the respective author and not always the opinion of the provider. By calling up the free and freely accessible content no contractual relationship between the user and the provider is established, insofar as the provider lacks the legal will to bind.
§ 2 External links
This website contains links to third party websites (“external links”). These websites are subject to the liability of their respective operators. When the external links were first linked, the provider checked the external content for possible legal violations. No violations of the law were apparent at the time. The provider has no influence whatsoever on the current and future design and content of the linked pages. The setting of external links does not mean that the provider makes the content behind the reference or link its own. Constant monitoring of external links is unreasonable for the provider without concrete indications of legal violations. However, if we become aware of any legal violations, such external links will be deleted immediately.
§ 3 Copyright and ancillary rights
The contents published on this website are subject to German copyright and ancillary copyright law. Any exploitation not permitted by German copyright and ancillary copyright law requires the prior written consent of the provider or the respective rights holder. This applies in particular to the reproduction, editing, translation, storage, processing or reproduction of content in databases or other electronic media and systems. Content and rights of third parties are marked as such. The unauthorized reproduction or distribution of individual contents or complete pages is prohibited and punishable. Only the production of copies and downloads for personal, private and non-commercial use is permitted.
§ 4 Special conditions of use
Insofar as special conditions for individual uses of this website deviate from the aforementioned paragraphs, this shall be expressly stated at the appropriate place. In this case, the special terms and conditions of use apply in each individual case. The imprint is valid for the company profiles of the IOTIQ GmbH.
Who we are
Our website address is: https://www.iotiq.de
What personal data we collect and why we collect it
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
Visitor comments may be checked through an automated spam detection service.
Google Web Fonts
For uniform representation of fonts, this page uses web fonts provided by Google. When you open a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.
For this purpose your browser has to establish a direct connection to Google servers. Google thus becomes aware that our web page was accessed via your IP address. The use of Google Web fonts is done in the interest of a uniform and attractive presentation of our plugin. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO.
If your browser does not support web fonts, a standard font is used by your computer.