Data privacy

1.1. For compliance with a legal obligation (Article 6(1)(c) GDPR)

The purposes of processing follow from statutory requirements in the individual case. Such legal obligations include, e.g., complying with retention and identification obligations, e.g., in the context of anti-money laundering requirements, tax monitoring and reporting requirements and data processing in the context of requests from authorities.

1.2. For the purposes of legitimate interests (Article 6(1)(f) GDPR)

Legitimate interests in this case include, in particular, selecting suitable business partners, conducting research on prospective business partners, e.g., to ensure that compliance requirements and the like are met, asserting legal claims, defending against liability claims, avoiding legal risks and financial detriment (including for third parties), protecting our IT infrastructure, managing system physical and access authorizations, data access controls, other internal administrative purposes (such as optimizing processes and workflows, ensuring data quality), facilitating communication and contact via our Group-wide user directory, clarifying potential compliance violations, preventing crimes and settling claims arising out of the business relationship.

In addition, we occasionally process personal data to document key milestones and events in the development of Ipai in order to chronicle its corporate history.

Within our company, access to the data provided by you will be granted to those departments that require such data for the purposes of complying with legal obligations or serving legitimate interests.

The personal data will be stored for as long as necessary for fulfilling the above-mentioned purposes. Particularly relevant in this context are the statutory retention obligations under the German Commercial Code (Handelsgesetzbuch – HGB) and the German Fiscal Code (Abgabenordnung – AO), which provide for retention periods of up to 12 years.

Data in the corporate history will be stored on a permanent basis, to the extent it remains relevant for that purpose.

We treat all personal data that we receive from you by e-mail/telephone/mail/contact form confidentially. We use your data solely for the limited purpose of processing your inquiry.

The legal basis for the processing is Article 6(1)(f) GDPR. Our legitimate interest arises from the interest in responding to your inquiries so that the satisfaction of our customers, business partners and/or website users alike is ensured and promoted.

If we ask for your consent to data processing in advance when communicating with you, e.g., when you use our contact form, the legal basis is Article 6(1)(a) of the EU General Data Protection Regulation (GDPR).

When you send us personal data by contacting us for purposes of initiating or performing an existing contractual relationship, Article 6(1)(b) GDPR is the legal basis for data processing.

As a rule, we do not transfer the data to third parties outside of Ipai Management GmbH. In exceptional cases, we will have a processor process the data on our behalf. Such processors are carefully selected and bound by contract in accordance with Article 28 GDPR.

You are under no statutory or contractual obligation to provide personal data to us. However, if you do not provide us with the data required to process your request, we will not be able to process or respond to it.

We delete or securely anonymize all personal data we receive from you when you make inquiries no later than 90 days after the final response is sent to you. The information is retained for 90 days in case you contact us again after a receiving a response from us on the same matter and we need to refer to our previous correspondence. Based on experience, we generally do not receive any questions concerning our responses after 90 days. If you assert your rights as a data subject, your personal data will be stored for three years after the final response in order to document the fact that we provided you with comprehensive information and that the legal requirements have been met.

If you send us personal data for purposes of initiating or performing a contract, statutory retention obligations require us to store that data for up to 12 years.

When you visit our websites, log files are generated containing the following information:

• the website from which you accessed our site (referrer URL);
• the IP address;
• the date and time of access;
• the client request;
• the http response code;
• the data volume transmitted;
• the name and URL of the requested file;
• information about the type of browser and operating system you are using.
• the name of your Internet service provider.

The legal basis for the processing is Article 6(1)(f) GDPR. Our legitimate interest arises from our interest in protecting our systems and preventing improper and/or fraudulent activity each time that a user accesses this website.

Where processing of the aforementioned data is necessary for preparing or performing a contractual relationship, we process your data on the basis of Article 6(1)(b) GDPR.

As a rule, we do not transfer the data to third parties outside of IPAI Management GmbH. In exceptional cases, we will have a processor process the data on our behalf. Such processors are carefully selected and bound by contract in accordance with Article 28 GDPR.

You are under no statutory or contractual obligation to provide personal data to us. However, such data will be processed for technical reasons as soon as you access our site. The only way to prevent your data from being processed is to stop using our website.

We store the aforementioned data for a period of seven days.

Cookies and the other technologies used to process usage data are deployed for the following purposes, depending on the categories of cookie/other technologies:

• Necessary: these cookies help to make a website usable by enabling basic functions such as site navigation and access to secure pages. The website cannot function properly without these cookies.
• Preferences: using these methods, we can take into account your actual or perceived preferences to enhance the user experience. For example, we can use your settings to display our website in a language relevant to you. They also mean we can avoid displaying products that may not be available in your region.
• Statistics: these methods enable us to tailor the design of our services by producing anonymized statistics about how they are used. For example, we can use them to determine how better to adapt our websites to user habits.
• Marketing: these enable us to display relevant advertising content based on an analysis of your usage behavior. Your usage behavior can also be tracked over various websites, browsers or devices via a user ID (unique identifier).

Depending on the purpose, the use of cookies and similar technologies to process usage data involves processing the following types of personal data in particular:

Necessary:

• user inputs, in order to remember inputs across multiple sub-pages;
• authentication data to identify a user after signing in, enabling you to access authorized content on subsequent visits (e.g., access to the customer portal);
• security-related events (e.g., identifying repeat failed sign-in attempts);
• required data.

Preferences:

• settings to customize the user interface that are not linked to a permanent identifier.

Statistics:

• pseudonymized usage profiles containing information on the use of our website. These contain in particular:
• browser type/browser version;
• operating system used;
• referrer URL (i.e., the previously visited page);
• host name of the accessing computer (IP address);
• time of the server request;
• individual user ID; and
• events triggered on the website (web browsing behavior).
• The IP address is routinely anonymized, which in principle means it is no longer possible to identify you.
• We only store the user ID together with other data you provide (e.g., name, e-mail address) if you give us express permission to do so. In itself, we cannot use the user ID to identify you.

Marketing:

• pseudonymized usage profiles containing information on the use of our website. These contain in particular:
• IP address;
• individual user ID;
• products potentially of interest;
• events triggered on the website (web browsing behavior).
• IP addresses are routinely anonymized, which in principle means it is no longer possible to identify you.
• We only store the user ID together with other data you provide (e.g., name, e-mail address) if you give us express permission to do so. In itself, we cannot use the user ID to identify you. We may potentially share the user ID and associated usage profiles with third parties via providers of advertising networks.

The legal basis for using preferences, statistics and marketing cookies and similar technologies is your consent given pursuant to Article 6(1)(a) GDPR and section 25 (1) sentence 1 of the TDDDG. The legal basis for using technically necessary cookies and similar technologies is your consent given pursuant to Article 6(1)(f) GDPR and section 25 (2) no. 2 TDDDG. We have a legitimate interest in ensuring the technical stability and security of website operation.

You may withdraw/modify your consent at any time with effect for the future without this affecting the lawfulness of the processing based on consent before its withdrawal.

To change your consent for cookies and similar technologies we use on ip.ai, click hereand make your selection.

For an overview of the cookies and other technologies we use, including the respective purposes of processing, storage periods and any third party providers involved, see our cookie policy.

When using cookies and similar technologies to process usage data, we may on occasion retain specialized service providers, particularly from the field of online marketing, to process data. These service providers process data on our behalf.

If you have consented to processing for marketing purposes, we may potentially share your User ID and the associated user profiles with third parties via the providers of advertising networks.

For information about other recipients in connection with using cookies to process data, see our cookie policy under the heading “Providers”.

Our websites use the “Google Analytics” service offered by Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA. Cookies and similar technologies, in particular JavaScript, are used to store and analyze data on your end device.

In the European Union and in the European Economic Area (EEA), the “Google Analytics” service is offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, which assists us a processor in accordance with Article 28 GDPR.

“Google Analytics” creates user profiles on the basis of pseudonyms (recognition attributes from cookies and device ID and further data on the end device used or the “browser fingerprint”) and usage data (e.g., name and address of the website content requested by your browser, referral links, description of the web browser and operating system used, and the IP address of the requesting end device). Demographic data, such as the age, gender and interests of the users, and interactions, such as button clicks, scroll depth and length of stay, are collected, analyzed and merged with existing anonymized data.

We have configured “Google Analytics” in a such way that your IP address is processed and truncated within the EU using the “_anonymizeIp()” feature before it is transmitted to Google’s servers in the USA.

We transmit your data in connection with our use of “Google Analytics” to Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as well as Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA. In principle, we have no influence on further data processing by the third-party provider. For further information on how Google handles personal data, please visit https://policies.google.com/privacy?hl=en. By virtue of the fact that we use “Google Analytics” on our web pages, data is transmitted to the aforementioned recipients and stored there for a period of 26 months.

As a rule, we do not transfer your data to recipients located outside of the European Union or the European Economic Area. To the extent that you have consented to the use of the relevant cookies, your data will only be transferred to the servers of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, if it is processed using Google Analytics, Google AdWords and YouTube. Some of these servers are located in the USA. The EU does not currently have an adequacy decision in place for the USA, which means that a lower level of data protection than in the EU must be assumed. This could mean that you may not be able to adequately exercise your rights as a data subject. In addition, we have no control over the extent to which Google uses your data for its own purposes. However, we have concluded standard contractual clauses with Google, which contractually oblige Google to comply with European data protection standards.

You are under no statutory or contractual obligation to provide personal data to us. You may prevent cookies from being stored by adjusting the aforementioned settings, selecting the categories of cookies accordingly or withdrawing or modifying any consent you may have given.

For information on the duration of storage for cookies, see our cookie policy. If “persistent” is entered in the “expiration” column, the cookie will be stored permanently until the corresponding consent is withdrawn.

We offer you the opportunity to subscribe to our newsletter. If you give your consent to receive newsletters tailored to your needs, we will use your data (e-mail address, salutation, first and last name, optionally company name and position) to send you information about IPAI. These include, for example, information on new features, support options and news in connection with IPAI and our associated services.

The legal basis for such processing is your consent pursuant to Article 6(1)(a) GDPR.

To ensure that no mistakes are made when entering the e-mail address, we use the “double opt-in” procedure: once you enter your e-mail address in the registration field, we will send you a confirmation link. Your e-mail address will not be added to our distribution list until you click on the confirmation link.

You may withdraw your consent to receive the newsletter at any time with effect for the future, e.g., by unsubscribing from the newsletter on our website. The link to the unsubscribe page is provided at the bottom of every newsletter. When you unsubscribe, we consider your consent to a newsletter subscription and the receipt of newsletter based thereon as withdrawn. We will delete your usage data. The lawfulness of the processing carried out until such time as we receive your notice of withdrawal shall not be affected.

The data you send us to subscribe to the newsletter cannot be accessed by any third parties. In exceptional cases, we will have a processor process the data on our behalf. Such processors are carefully selected and bound by contract in accordance with Article 28 GDPR.

You are under no statutory or contractual obligation to provide personal data to us. Subscribing to our newsletter is voluntary and always subject to your consent.

Your e-mail address and your name (if provided by you) will be deleted as soon as you unsubscribe from our newsletter.

The party responsible for the collection and processing of data described below (the controller) is in some cases us, IPAI Management GmbH, and in some cases the operator of the relevant social media platform. For certain types of processing, we and the platform operator act as joint controllers as defined in Article 26 GDPR.

We use the following social media sites:

LinkedIn: https://www.linkedin.com/company/ipaihn/
YouTube: https://www.youtube.com/channel/UC-1bPh4-xpE79xvJ-bsHF6g
Twitter: https://twitter.com/ipaihn
Instagram: https://www.instagram.com/ipaihn/

We have only limited control over the processing of data by the operators of social media platforms (e.g., the management of members and the information shared). In the situations in which we are able to have influence and can set parameters for the data processing, we endeavor to ensure within the confines of the options available to us that the social media platform operator deals with the data in accordance with data protection law requirements. In many cases, however, we are unable to influence the way in which social media platform operators process data and also do not know exactly which data they process.

Platform operators operate the entire IT infrastructure of the service, have their own privacy policies and maintain their own user agreements with you (where you are a registered user of the social media service). The operator is also solely responsible for all questions relating to the data that makes up your user profile, which we as a company have no access to.

You will find further information about the data processing performed by social media platform operators and your rights to object in the privacy policies of the operators.

LinkedIn: https://de.linkedin.com/legal/privacy-policy?trk=d_org_guest_company_overview_footer-privacy-policy

YouTube: https://policies.google.com/privacy?hl=en&gl=en

Twitter: https://twitter.com/en/privacy

Instagram: https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect

6.1.2.1. Purposes and Legal Basis of Data Processing

We process data on our social media sites for the purpose of providing information to users about services, promotions, prize draws, specific topics and latest company news, to interact with visitors to our social media sites on these topics, and to respond to relevant inquiries and positive or negative feedback.

We merely reserve the right to delete content if it becomes necessary to do so. We may share your content on our site if this is one of the functions of the social media platform, and communicate with you through the social media platform. Article 6(1)(f) GDPR is the legal basis for this. The processing is carried out for the purpose of our public relations work and communications. Operators have no ability to influence our processing of your data in connection with customer communications or prize draws.
As already mentioned, where social media platform operators give us the option, we make sure we design our social media sites to be as compliant as possible with data protection laws.

6.1.2.2. Recipients/Categories of Recipients

The data entered by you on our social media sites, such as comments, videos, images, likes, public messages, etc., is published by the social media platforms and is not used or processed by us for other purposes at any time. We merely reserve the right to delete unlawful content if it becomes necessary to do so. This would be the case, for example, for posts that infringe rights or violate the law, comments that incite hatred, offensive comments (sexually explicit content) or attachments (e.g., images or videos), which may be in violation of copyright laws, moral rights/rights of publicity or criminal law.

We may share your content on our site if this is one of the functions of the social media platform, and communicate through the social media platform. If you post an inquiry on the social media platform, we may also, depending on the required response, refer you to other more secure modes of communication that guarantee confidentiality. You always have the option of sending confidential inquiries to us at our address listed under no. 1 above or in the “legal notice” section of our website.

6.1.2.3. Obligation to Provide Your Data

You are under no statutory or contractual obligation to provide personal data to us. When you use our social media sites for purely informational purposes, we do not collect any personal data. You can still visit our sites even if you do not wish to provide us with any personal data, but you will not be able to use any enhanced features such as the news function and the function allowing you to post images or comments.

6.1.2.4. Storage Time

All public posts that you put on our social media sites remain in the timeline for an indefinite period, unless we delete them as part of updating the information on the topic, they violate the law or breach our guidelines or policies, or you delete the post yourself. We have no control over the deletion of your data by the operator itself. The privacy policy of the relevant operator therefore also applies in relation to the storage period.

In some cases, we and the operator of the social media service act as joint controllers as defined in Article 26(1) GDPR:

We and the platform operator act as joint controllers with regard to the web tracking methods used by the social media platform operator. Web tracking can occur regardless of whether you are logged in or registered on the social media platform. As already explained, unfortunately we have almost no control over the web tracking methods used by social media platforms. We are unable, for example, to switch web tracking off.

The legal basis for the web tracking methods is Article 6(1)(f) GDPR. Optimizing social media platforms and the relevant fan pages is seen as a legitimate interest for the purpose of the above provision.

For further information about recipients and categories of recipients and the duration of data storage and the criteria for determining the storage period, please refer to the privacy policies of the platform operators. We do not have any control over this.

You will find information on the rights available to you to prevent these web tracking methods in the privacy policies of the platform operators. You can also contact the platform operators about this using the contact details provided in the legal notice section of their respective websites.

We have only a very limited ability to influence and prevent the provision of statistics to us by social media platform operators. However, we do make sure that we do not receive any additional optional statistics.

Please be aware that it is possible that social media platforms will use your profile and user behavior data in order to analyze, for example, your habits, personal relationships and preferences, etc. IPAI Management GmbH has no control over the processing or disclosure of your data by social media platform operators.