1. General information about the processing of personal data
(1) We regard the protection of your personal data as being one of our main priorities. Below you will find detailed information about which of your personal data are processed when you use our website and take advantage of our offers.
(2) The data controller pursuant to Art. 4 No. 7 of the General Data Protection Regulation (GDPR) is
IBG Beteiligungsgesellschaft Sachsen-Anhalt mbH
Tel.: +49 (0)391 53281 40/41
(hereinafter referred to as ‘IBG’). For further details, see our Imprint
(3) We only process personal data in compliance with the relevant data protection regulations. This means that the data are only processed if we have legal authorisation to do so. We have the necessary authorisation if, in particular, the data processing is necessary and/or required by law for the provision of our contractual services and online services; consent has been granted; or our legitimate interests also provide us with such authorisation (i.e. our interests in analysing, optimising, efficiently operating and ensuring the security of our online presence within the meaning of Art. 6 Para. 1 Letter f GDPR, especially for the purpose of reach measurement, creating profiles for advertising and marketing purposes, collecting access data and using the services of third-party suppliers).
(4) The legal basis for this authorisation is provided by Art. 6 Para. 1 Letter a and Art. 7 GDPR; the legal basis for processing in order to provide our services and for carrying out contractual measures is Art. 6 Para. 1 Letter b GDPR; the legal basis for processing in order to comply with our legal obligations is Art. 6 Para. 1 Letter c GDPR; and the legal basis for processing in order to protect our legitimate interests is Art. 6 Para. 1 Letter f GDPR.
2. Data processing for visitors to our website
(1) If you use our website purely for information purposes, i.e. you do not make an enquiry or transfer personal information to us in any other way, we process the data transferred by your browser to our server and which is required from a technical standpoint to display our website to you and to ensure its stability and security:
- IP address,
- date and time of your enquiry,
- duration of your visit to the website,
- time zone difference vis-à-vis Greenwich Mean Time (GMT),
- content of the request (actual pages),
- access status/HTTP status code,
- quantity of data transmitted,
- website from which the request originates,
- pages of our website visited by you,
- internet service provider,
- browser type,
- server log files,
- operating system and user interface,
- language and version of the browser software.
(2) The legal basis for this is Art. 6 Para. 1 Sent. 1 Letter f GDPR, our legitimate interest being the presentation of the pages accessed.
(1) In addition to the data referred to above, cookies are stored on your terminal equipment when you use our website. Cookies are small text files which are stored on your hard disc and assigned to your browser, and which provide us with information. They help make our web content more user-friendly and efficient. The legal basis for this is Art. 6 Para. 1 Sent. 1 Letter f GDPR; our legitimate interest lies in improving the user-friendliness of our website and evaluating our online marketing activities.
(2) You are able to configure your browser settings as you wish, which means that you can refuse to accept cookies. Please note that if you do so, however, you may not be able to use all of the functions of our website.
4. Data processing when you contact us
If you contact us by email or phone or via a contact form, the data you supply to us (e.g. your email address, name, telephone number or the content of your enquiry) will be processed by us in order to answer your questions and/or process your request. The legal basis for this is Art. 6 Para. 1 Letter b) GDPR.
Google Web Fonts
For a uniform representation of fonts, this site uses Web Fonts provided by Google. When you open a page, your browser loads the required web fonts into your browser cache so that texts and fonts can be displayed correctly.
For this purpose, your browser has to establish a connection to Google servers. Google thus becomes aware that our web page was accessed via your IP address. The use of Google Web Fonts serves the interests of a uniform and attractive presentation of our website. This constitutes a legitimate interest within the meaning of Art. 6 Para. 1 Letter f GDPR.
If your browser does not support Web Fonts, a standard font is used by your computer.
Further information about Google Web Fonts can be found at: https://developers.google.com/fonts/faq and in Google’s privacy statement at:
5. Your rights
(1) You have the following rights with respect to our use of your personal data:
- Right to information (Art. 15 GDPR),
- Right to rectification and erasure (Arts. 16 and 17 GDPR),
- Right to restriction of processing (Art. 18 GDPR),
- Right to object to processing (Art. 21 GDPR),
- Right to data portability (Art. 20 GDPR).
(2) You are also entitled to complain to the regulatory body for data protection about our processing of your data.
(3) Please note that if you have granted us consent under data protection legislation, you may withdraw this consent at any time with future effect. The same applies if you consent to us approaching you for marketing purposes. Your best option is to send an informal request by email to: firstname.lastname@example.org. If you withdraw your consent, you may find that you are no longer receiving all of our offers, or that the scope of these offers is restricted.
(4) Where the processing of your personal data is based on weighing up different interests (Art. 6 Para. 1 Sent. 1 Letter f GDPR), you may lodge an objection to such processing. If you exercise your right to object, please tell us why we should not process your personal data in the way that we do. If there are reasonable grounds for your objection, then we will consider the circumstances and either stop processing your data or alter the way in which we do so, or else explain to you why there are compelling legitimate reasons for us continuing to process your data.
8. Transfer of data to third parties and/or third-party suppliers
(1) We shall only transfer your data to third parties if this is necessary for contractual purposes, for instance on the basis of Art. 6 Para. 1 Letter b GDPR, or if it can be justified on the basis of legitimate interests pursuant to Art. 6 Para. 1 Letter f GDPR.
(2) If we employ subcontractors to provide our services, we shall take suitable legal, technical and organisational measures in order to ensure that personal data is protected in accordance with the relevant legislation.
(3) If reference is made to third-party suppliers in this privacy statement and their named headquarters are in a third country, then you should assume that data will be transferred to the country of domicile of the third-party supplier. We shall only process your data in a third country if this is necessary in order to fulfil our (pre-)contractual obligations (Art. 6 Para. 1 Letter b GDPR), on the basis of your consent (Art. 6 Para. 1 Letter a GDPR), because of a legal obligation (Art. 6 Para. 1 Letter c GDPR) or on the basis of our legitimate interests (Art. 6 Para. 1 Letter f GDPR). The same shall apply to the processing of data by third parties working on our behalf, and to the disclosure or transfer of your personal data to third parties.
9. Deletion of data
(1) The data we store shall be deleted as soon as they are no longer required for their intended purpose and provided there are no statutory retention obligations which prevent their deletion. If the data are not deleted because they are required for other, legally admissible purposes, we shall restrict their processing, i.e. the data will be blocked and not processed for other purposes. This applies, for instance, to data which must be retained in accordance with commercial or tax legislation.
(2) Legal regulations require some data to be retained for six years pursuant to Art. 257 Para. 1 HGB (Commercial Code) (trading books, inventories, commercial letters, booking documents, etc.) and others for ten years pursuant to Art. 147 Para. 1 AO (Tax Code) (books, records, status reports, booking documents, commercial and business letters, documents relevant to taxation, etc.).
10. Final provisions
(1) We take technical and organisational security precautions in order to protect your data, especially against accidental or deliberate manipulation, loss or destruction, and against unauthorised access. We are constantly improving our security measures in line with advances in technology.
(2) We will update our privacy statement from time to time as our offerings become more technically sophisticated. As long as changes to the privacy statement do not relate to the use of existing data, the new privacy statement shall be valid from the time it was updated on our website. Any changes to the privacy statement with implications for the use of data we have already collected shall be made only if you could reasonably be expected to find these acceptable. In such cases, we shall notify you in good time beforehand by email, on our website, in our application, or in some other form. You are entitled to object to the validity of the new privacy statement within four weeks of receipt of notification. Should you object, we reserve the right to terminate our contractual relationship with you. If no objection is lodged by the aforementioned deadline, you will be deemed to have accepted the amended privacy statement. When we notify you of any changes, we shall draw your attention to your right to object and to the significance of the objection deadline.