Data protection

Privacy policy

Everything about data protection at IBAK.

1. Preamble

We, IBAK Helmut Hunger GmbH & Co KG, appreciate your interest in our company and services. We take the protection of your personal data very seriously. This privacy policy provides information about the processing at IBAK Helmut Hunger GmbH & Co. KG (hereinafter called IBAK, we or us) of the personal data of people who visit or use our website and regarding our marketing activities on our website, third-party websites and social networks. In particular, we inform about the nature, scope, purpose, duration and legal basis of the processing of personal data in accordance with the General Data Protection Regulation (GDPR). The following provisions and terminology relate to the definitions given therein.

2. Controller

IBAK Helmut Hunger GmbH & Co. KG Wehdenweg 122 24148 Kiel Germany Phone: +49 (0)431 7270-0 Fax: +49 (0)431 7270-270 E-mail: info(at)ibak.de Registered office and registration court: Kiel / HRA 940

Personally liable partner: Elektro-Apparatebau Kiel GmbH Registered office and registration court: Kiel / HRB 394 VAT identification no. DE 134958228 WEEE no. DE 22217483

Managing directors: Daniel Hunger, Dorian Hunger

Data protection officer: IBAK Helmut Hunger GmbH & Co. KG - Data protection officer - Wehdenweg 122 24148 Kiel e-mail: privacy(at)ibak.de

3. Legal bases of the processing of personal data

Personal data is processed by us, i.e. collected, stored, organized, arranged, read out, queried, used and transmitted, only to the necessary extent. Personal data is information that relates to identified or identifiable natural persons. Regarded as identifiable is a natural person who can be identified in particular by means of assignment to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie, IP address) or one or more special characteristics. Processing is any operation that is performed automatically with or without assistance, or any such series of operations performed on personal data. A controller is the natural or legal person who determines the purposes and means of the processing of personal data. Collection, storage, transmission and use of your data is permitted, for example, if the processing of the data is legally necessary for the performance of a contract or is permittted on the basis of the GDPR or another legal provision.

In accordance with Art. 13 and Art. 6 of the GDPR, we draw your attention to the legal bases for the processing of personal data:

  • the legal basis for obtaining consent is Art. 6 (1) lit. a of the GDPR
  • the legal basis for processing for fulfilment of our services, implementation of contractual measures and answering inquiries is Art. 6 para. 1 lit. b of the GDPR.
  • the legal basis for processing for fulfilment of our legal obligations is Art. 6 para. 1 lit. c of the GDPR
  • the legal basis for processing to protect our legitimate interests is Art. 6 (1) lit. f of the GDPR

We consider the following to be in accordance with the aforementioned conditions in Art 6:

  • processing of orders and execution of contracts,
  • operation of our website and our social media profiles including their respective optimization,
  • advertising our products and services,
  • credit checks.

4. Processing of personal data

When carrying out our business activities, we use contact data provided to us (such as names, addresses, telephone numbers, e-mail addresses) and content data (such as contract data or inquiries). We need this data exclusively to process orders in the form of purchase orders, repair or service orders and software maintenance orders; to answer inquiries (Art. 6 para. 1 lit. b); to send information about products and services from our company or to make this available to users of our website and to commission suppliers and service providers (Art. 6 para. 1 lit. f).

5. Use of cookies

This website uses cookies. Cookies are small text files that are collected, processed and stored on the respective system by the web browser. Cookies allow systems and users to be identified and information about them to be stored. Cookies may contain the following information, for example: your IP address, a specific cookie identifier, login information, the browser type, the country and time zone.

You can use your browser settings to restrict or completely prevent the storage of certain cookies across websites and to delete cookies that have already been stored. For more detailed information on this subject, please refer to the instructions or help function of your browser.

The legal basis on which we process personal data with the help of cookies depends on whether the use is linked to your consent. If this is the case and you consent to the use of cookies, the legal basis for data processing is your declared consent.

With the "sgalinski Cookie Opt-in", we use a consent manager (cookie notice banner) to inform you in a legally compliant manner about the technical measures, cookies and third-party providers used on the website. For this purpose, when you call up the website, a cookie in which the consents you have given or refused are stored and logged is stored in your browser. The data will not be transferred to the provider of this technology (Stefan Galinski Internetdienstleistungen, Schramelweg 2, 85774 Unterföhring).

If you give your consent to the use of cookies, the following data will be logged automatically:

  • The anonymized IP number of the user
  • Date and time of the visit and consent
  • User agent of the end user's browser
  • The URL of the provider
  • An anonymous, random and encrypted key
  • The cookies allowed by the user (cookie status), which serves as proof of consent

If you refuse your consent, no cookies requiring consent are stored in your browser.

The data collected by the cookie banner for the purpose of consent management will be kept for one year, unless you delete this cookie yourself. Within this period, no renewed consent is required, unless new systems are introduced or if general legal conditions make it necessary to obtain consent again.

The legal basis for the use of the Consent Manager is Art. 6 para. 1 lit. f of the GDPR (balance of interests) in conjunction with Art. 6 para. 1 lit. c of the GDPR (obligation to provide evidence). For more information on cookie opt-in, please visit: https://www.sgalinski.de/typo3-produkte-webentwicklung/sgalinski-cookie-optin/

Click here to update your settings in the Consent Manager at any time.

Below, we give you the opportunity to make an informed decision for or against the use of technically unnecessary cookies of the website. Of course, the use of the website is only fully possible with the essential cookies. However, it is possible that if you reject non-essential cookies, they may contain advertising that is less tailored to your interests. Likewise, this may lead to restrictions in surfing behaviour and limited functionality, especially if you disable cookies completely. Cookies facilitate navigation on our websites and make them more user-friendly. These cookies allow us to recognize you during a session. This function is used, for example, for utilization of our login-protected partner portal and is stored for the duration of the browser session, i.e. the cookie is deleted when the browser is closed.

To enable you to define your desired privacy settings for visiting our website as individually as possible, we give you the opportunity below to assess your preferences with regard to the following categories and then set them individually:

Essential cookies Essential cookies are required for basic website functions. This ensures that the website functions properly. They are deleted after each session (e.g. when you close the browser) if you set the browser accordingly. To do this, end each session and close the browser.

Marketing and analytics Marketing/analytics cookies collect information anonymously. This information helps us understand how our visitors use our website. In some cases, marketing cookies are used by third-party vendors or publishers to display personalized advertising. They do this by tracking visitors across websites. In some cases, personal data is transferred to third countries and to the USA for this purpose. If you consent to Marketing and Analysis, you expressly agree to the transfer of your data to a third country, in particular to the USA. You can revoke your consent at any time with effect for the future. When personal data is transferred, this can be a risk with regard to data protection for the person whose data is transferred to the USA.

External media Content from social media and video platforms is blocked by default. If cookies from external media are accepted, access to this content no longer requires your manual consent.

Here you can make your personal settings for the storage of cookies.

Essential cookies

Namecookie_optin
ProviderIBAK
Duration1 year
PurposeThis cookie is used to store your cookie settings for this website.
  
Namebe_typo_user
ProviderIBAK
DurationSession
PurposeThis cookie is used to identify a backend session when a user logs into TYPO3.
  
Name_grecaptcha
ProviderGoogle
DurationSession
PurposeThis cookie is used to distinguish between humans and bots. This is beneficial for the website to generate valid reports about the use of its website.

Analysis and marketing

Name_hjFirstSeen
ProviderGoogle Tag Manager
Duration 1 day
PurposeThis cookie is used to determine whether the visitor has visited the website before or whether this is a new visitor to the website.
  
Name_gid
ProviderGoogle Analytics
Duration1 day
PurposeCookie to count and track page views.
  
Name_ga
ProviderGoogle Analytics
Duration2 years
PurposeCookie to count and track page views.
  
Name_gcl_au
ProviderGoogle Tag Manager
DurationPersistent
PurposeCookie to store and track conversions.
  
NameNID
ProviderGoogle
Duration6 months
PurposeThe NID cookie contains a unique ID that Google uses to store your preferred settings and other information. Read more: https: //policies.google.com/technologies/types?hl=de
  
NameCONSENT, 1P_JAR, DV, SIDCONSENT, 1P_JAR, DV, SID
ProviderGoogle
DurationMax. 2 years
PurposeThese cookies track how you use our website to show you advertisements that may be of interest to you. Read more: https: //policies.google.com/technologies/types?hl=de
  
Name1P_JAR
ProviderGoogle
Duration1 month
PurposeCookie to count and track page views.
  
NameANID
ProviderGoogle
Duration13 months
PurposeGoogle uses cookies for advertising displayed in various places on the web. The main cookie used for ad preferences for non-Google websites is called IDE. It is stored in browsers under the domain doubleclick.net. Another cookie is stored under the domain google.com and is called ANID. We also use other cookies, such as DSID, FLC, AID, TAID and exchange_uid.

External content

Name__Secure-3PAPISID
ProviderYouTube
Duration2 years
PurposeIs used to create a profile about the website user. With this information, relevant and personalized content can be displayed.
  
Name__Secure-3PSID
ProviderYouTube
Duration2 years
PurposeIs used to create a profile about the website user. With this information, relevant and personalized content can be displayed.
  
Name__Secure-3PSIDCC
ProviderYouTube
Duration1 year
PurposeIs used to create a profile about the website user. With this information, relevant and personalized content can be displayed.
  
NameYSC
ProviderYouTube
DurationSession
PurposeIs used to store user input and to reuse it at a later time.
  
NameGPS
ProviderYouTube
Duration1 day
PurposeIs used to store GPS data of the user.
  
NameVISITOR_INFO1_LIVE
ProviderYouTube
Duration6 months
PurposeIs used to estimate the bandwidth of the user.
  
NamePREF
ProviderYouTube
Duration8 months
PurposeIs used to store preferred settings of the user.

6. Matomo

On our website, the open source web analytics service Matomo is used for web analytics and statistical analysis of visits to our website. The provider is InnoCraft Ltd, 150 Willis St, 6011 Wellington, NZBN 6106769, New Zealand.

Matomo has been configured for use in such a way that no cookies are set and your IP address is only recorded in shortened form (to two octets, e.g. 90.123.XXX.XXX). This ensures that your data is only recorded anonymously and that it is not possible to draw any conclusions as to your identity.

The service is operated exclusively on the server of the responsible processor (p2 media GmbH & Co. KG, Simeonscarré, 32423 Minden), the data-protection-sensitive log files are stored exclusively on this server and are not passed on to third parties. Further information on the terms of use and data protection can be found at: https://matomo.org/privacy/

7. Google Analytics

On this website, the web analytics service Google Analytics is used to analyze and thus continuously improve the use of our website. The provider is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

The legal basis for the use of cookies for statistical purposes on the basis of your consent in this regard via the cookie settings or our cookie banner is Art. 6 para. 1 lit. a of the GDPR. The information obtained through the use of Google Analytics is used by us in particular to better understand the use of our website and to improve its content, functionality and findability. We, as the operator of the website, have an interest in analyzing your user behaviour in order to improve both our offer and its performance. Sessions are terminated after 30 minutes without activity. If Google Analytics is used to assist in the execution and evaluation of marketing campaigns, these are terminated after six months without activity. The maximum time limit for campaigns can be two years and data that would exceed this period is deleted at regular intervals.

Google Analytics uses cookies to assign data, sessions and interactions across multiple devices to an anonymized user ID and to make these activities analyzable across devices. The information generated by the cookie about your use of this website is transferred anonymously to Google servers and stored there. Data collection for usage statistics and transmission to Google takes place with the extended code gat._anonymizeIp();, so that collection of the IP address is anonymized for the protection of users via so-called IP masking. In this process, the IP address is shortened so that neither we nor Google gain insight into the actual identity of the users and no identity data is stored in this context.

Google will use this information for the purpose of evaluating website usage patterns, compiling reports on website activity for website operators, i.e. IBAK, and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf.

For more information on terms of use and data protection, please visit https://www.google.com/analytics/terms/de.html or https://policies.google.com/?hl=de.

8. Google Tag Manager

The Google Tag Manager is an organizational tool to integrate and manage marketing tools and scripts, such as Google Analytics, with so-called website tags centrally via a user interface. Tags are small sections of code that, for example, record user activity on our website. The provider is Google Ireland Limited, (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland).

No personal data is collected or accessed in the process. Only the services managed via this can store and process data in the form of cookies about user behaviour. For this, please read the privacy texts of the corresponding marketing tools used on this website.

Further information on the terms of use and data protection can be found at https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/ and https://policies.google.com/?hl=de.

9. Contact

When IBAK Helmut Hunger GmbH & Co. KG is contacted via the contact form, the user's details are processed for the purpose of handling and processing the contact request in accordance with Art. 6 (1) lit. b of the GDPR.

Data transmissions via e-mail can have security gaps. We therefore draw your attention to the fact that it is not technically possible to protect personal data from access by third parties.

10. Applications for jobs at IBAK

Online applications can be sent by e-mail to the address bewerbung(at)ibak.de. Online applications are transmitted unencrypted. Of course, job applications can also be sent by post. Personal data from job applications will be deleted no later than six months after the end of the application process. If an employment contract is concluded, we store such personal data as is required for organizational purposes. The basis for this is Section 26 (1) sub-section 1 of the BDSG (Federal Data Protection Act) in conjunction with Art 88 para. 1 of the GDPR. We comply with the statutory retention obligations and deletion periods.

11. Collection of access data and log files

When our website is visited, data is collected on the server. The access data includes, for example, the name of the website accessed, the files, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referring website (referrer URL), IP address and the requesting provider. The improvement, stability, functionality and security of our website are our legitimate interests according to Art. 6 para. 1 lit. f. of the GDPR. The accesses are stored in log files. This log file information is stored for security reasons (e.g. to clarify acts of abuse or fraud) for a maximum of 14 days and then automatically deleted. Data whose further storage is required for evidentiary purposes is excluded from deletion until the final clarification of the respective incident.

12. Hosting

For the provision of our website, we use the following hosting services:

  • Infrastructure and platform services
  • Computing capacity, storage space and database services
  • Security services and technical maintenance services
  • Collection of access data and log files

Our hoster (punkt.de GmbH, Kaiserallee 13a, 76133 Karlsruhe, Germany) is located in the Federal Republic of Germany. Data collected via our website is processed on its infrastructure. It serves the optimization and permanent and user-friendly design of our online presence.

13. YouTube

This website uses videos from the YouTube platform. The service belongs to the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. By means of the videos, we can more easily make many contents more understanble for interested parties and users. The provision of the videos is based on the design freedom of our Internet presence and is in our legitimate interest pursuant to Art. 6 para. 1 lit f.) of the GDPR. Before you use the videos provided, we draw your attention to the information on data protection and data processing by YouTube at: www.google.com/policies/privacy/

14. Facebook

We operate a company presence on Facebook for interaction with interested parties, prospective customers and customers. According to Art. 6 para. 1 lit. f of the GDPR, we have a legitimate interest in a platform on which customers, interested parties and IBAK employees can exchange information and news about our products. If the user is logged into his or her account at the time of access, Facebook Ireland Ltd. can link the data to the user account. If this is not desired, the account must be exited before using our website. If you are logged in, Facebook can associate your visit to our site with your user account through actions you perform (e.g. clicking the Like button and by linking our website to your profile). When you share posts, tag or write comments, the following data is processed: user name, profile picture, date and time of interaction. We fulfil your requests for interaction with reference to Art. 6 (1) lit. b of the GDPR. When our online presence is accessed, Facebook Ireland Ltd. processes in the EU user data such as user ID (only for logged-in customers) and creates user profiles, summary statistics and analyses of user behaviour, according to Facebook's own statement in compliance with the data protection provisions of the GDPR. The data is forwarded to servers in the territory of the USA. The processing of data by Facebook Ireland Ltd. via Facebook Inc., 1601 Willow Road, Menlo Park, California 94025 in the USA is not excluded. Likewise, U.S. law provides, for example, intelligence collection powers under Section 702 of the FISA and Executive Order 12 333 for the territory of the United States. As a matter of principle, you should carefully consider what personal data you wish to disclose on our Fanpage. You can find out what types of data Facebook Ireland Ltd. collects in Facebook's data policy: https://de-de.facebook.com/policy.php.

Facebook uses cookies. You can prevent the installation of these cookies by making the appropriate settings in your browser. However, this may mean that not all functions can be used. You can find information on this at: https://www.facebook.com/policies/cookies/

15. Instagram

We use the social network Instagram, Instagram LLC, USA on our website. When you visit our site, the visit is assigned to your user account via plugins and your IP address. If you want to prevent this, you must log out of Instagram before visiting our site and/or make the appropriate settings in your user account. As a matter of principle, you should carefully check which personal data you want to disclose on Instagram.

For the privacy policy of Instagram, go to: https://privacycenter.instagram.com/policy/

16. Twitter

We use the social network Twitter on our website to improve the quality as a legitimate interest according to Art 6 (1) lit. f of the GDPR. For technical reasons, Twitter processes the IP address and the date and time of visits to our website. The information collected by the plug-in is assigned to your user account when you visit our site. If this is to be prevented, you must log out of Twitter before visiting our site and/or make the appropriate settings in your user account. As a matter of principle, you should carefully check which personal data you want to disclose on Twitter.

For the privacy policy of Twitter, go to: https://twitter.com/de/privacy

17. Xing

The professional network Xing is used by us to provide information about our company, our products and related events. The provider is XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany. Information on the handling of your personal data can be found in Xing's privacy policy: https://privacy.xing.com/de/datenschutzerklaerung

18. LinkedIn

The LinkedIn networking platform is used to provide information about our company, our products and related events. The provider is the LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies. For details on how they handle your personal data, please refer to LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy

19. Video conferencing with MS Teams

IBAK uses the MS Teams software tool to conduct video conferences to ensure a comprehensive exchange of information about our products and to enable communication between customers, suppliers, service providers and our employees. This also includes the joint sharing of presentations or documents. When MS Teams is used, personal data is processed. Possible data are: last name and first name, mail address, IP address, image and sound transmission and the contents of the communications taking place. We work with as little personal data as possible and only inasmuch as it is necessary for the provision of the service. The data is accessible to all participants of the conferences and Microsoft 365 as the provider of the service software.

In the context of contractual relationships or for the fulfilment of contractual agreements, personal data may be collected and processed, in particular when training videos on our systems are recorded. The legal basis for this is Art. 6 (1) lit. b of the GDPR.

According to Art. 5 (1) lit. f of the GDPR, the transmission of conferences with MS Teams is encrypted. MS Teams is preset such that neither tracking nor the observation of user behaviour nor recording in whole or part of the conference are possible. Possible entries in the chat area are deleted when the conference ends, unless the data is required by law or serves to fulfil an existing contract. There is no intention to transfer data to third countries; an order processing agreement has been concluded with the operator Microsoft Ireland Operations Limited. The Microsoft Ireland Operations Ltd. group is based in the USA whose law does not correspond to the European standard. For the implementation of data subject rights in the event of access by American authorities for the purpose of investigating criminal offences, we draw your attention to the data protection declaration of Microsoft Ireland Operations Limited: https: //privacy.microsoft.com/de-de/privacystatement.

20. Google reCAPTCHA

We use the reCAPTCHA function to distinguish between input by a natural person or by machine and automated processing. The provider is Google Ireland Limited, (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland).

In the process, the IP address and possibly other data which is required for the reCAPTCHA service is collected by Google and transmitted to Google. The use of Google reCAPTCHA may also involve the transmission of personal data to servers of Google LLC in the USA.

For more information on terms of use and data protection, please visit: https://policies.google.com/?hl=de

21. CleverPush

The CleverPush service is used to send push notifications. This is operated by CleverPush GmbH, Brauhausstraße 15A, 22041 Hamburg, Germany. By agreeing to receive push notifications, recipients will receive regular information about newly published magazine articles on the website. These specialist articles bundle knowledge and case studies from the practice of sewer inspection and rehabilitation.

You can find further information and the scope of data collection by CleverPush at: https://cleverpush.com/de/gdpr/

22. Disclosure of personal data to order processors and third parties

If, in the course of our processing, we disclose personal data to other persons and companies (order processors or third parties), transmit it to them or otherwise grant them access to the data, this shall only be done on the basis of legal permission for the performance of contracts pursuant to Art. 6 (1) (b), for the performance of a legal obligation pursuant to Art. 6 (1) (c), the processing of data for the performance of a task which is in the public interest pursuant to Art. 6 (1) (e), or consent has been given pursuant to Art. 6 (1) (a).

On the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. of the GDPR, we use content or service offers from third-party providers in order to integrate their content and services. The IP addresses of users are transmitted through the use of third-party services. The IP address is required for the use of third-party services, as this is used for example to provide external content.

23. Rights of data subjects

Data subjects can assert their rights against the controller mentioned above. In accordance with Art. 15 of the GDPR, data subjects have the right to know which personal data is stored and processed. In accordance with Art. 16 of the GDPR, data subjects have the right to have inaccurate personal data concerning them corrected. Taking into account the purposes of processing, the data subject also has the right to have incomplete personal data completed. Consents granted pursuant to Art. 7 (3) of the GDPR can be revoked at any time. This does not affect the lawfulness of processing carried out on the basis of consent before revocation. The future processing of personal data can be objected to at any time in accordance with Art. 21 of the GDPR. In accordance with Art. 77 of the GDPR, data subjects have the right to lodge a complaint with the competent supervisory authority, should there be any doubt about the lawfulness of the processing of personal data.

24. Deletion of data

Data subjects can demand their personal data to be erased pursuant to Art. 17 of the GDPR or processing of their personal data to be restricted pursuant to Art. 18 of the GDPR. The personal data processed by IBAK GmbH & Co KG will be erased or its processing will be restricted on the basis of Art. 17 and 18 of the GDPR. Unless expressly stated within the scope of this data protection declaration, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations under commercial and tax laws. Within the deletion periods, personal data is blocked so that it cannot be used for other purposes. The legal requirements in Germany stipulate retention in particular for 6 years in accordance with Section 257 (1) of the HGB (German Commercial Code) for account books, inventories, opening balances, annual financial statements, commercial letters and accounting documents, etc. and 10 years in accordance with Section 147 (1) of the AO (German Fiscal Code) for books, records, management reports, accounting documents, commercial and business letters and documents relevant for taxation, etc.

25. Disclaimer

Despite careful control of the contents of our website, we do not assume any liability for external links to third-party Internet presentations or other external information, as we have no influence on the design and content of the information available there.

26. Currentness

This data privacy statement is current as of 27.11.2023.