In the following, we inform you about the processing of your personal data by us and the claims and rights to which you are entitled according to the data protection regulations.
Personal data is all data that can be related to you personally, e.g. name, address, e‑mail addresses, user behavior. Which data is processed in detail and how it is used depends largely on the services used by us.
1. Who is responsible for data processing and whom can I contact?
Responsible entity is:
Monika Heimann, Michael Schütz
Poller Kirchweg 78–90
51105 Cologne, Germany
Phone: +49 (0)221 1699 6356
Fax: +49 (0) 221 9779 4045
You can reach our company data protection officer at:
Lawyer Asmus Eggert
mip Consult GmbH
10829 Berlin, Germany
Phone: +49 (0)221 1699 6356
2. What sources and data do we use?
We process personal data that we receive from you in the course of using our website and, if applicable, our business relationship.
In the case of purely informational use of the website, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. When you access our website, we collect the following access data, which is technically necessary for us to display our website to you and to ensure stability and security. The access data includes the IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (i.e. name of the specific website accessed), access status/HTTP status code, amount of data transferred in each case, referrer URL (previously visited page), browser type and version, operating system and its interface, language and version of the browser software, notification of successful retrieval.
Furthermore, we receive your personal data if you contact us by e‑mail. Personal data here are e.g. name, address, e‑mail, telephone number (hereinafter referred to as “contact data”).
3. What do we process your data for (purpose of processing) and on what legal basis?
We process personal data in accordance with the provisions of the General Data Protection Regulation (GDPR / DS-GVO) and the Bundesdatenschutzgesetz (BDSG) on the basis of the following legal grounds:
3.1 You have given consent to the processing of your personal data for one or more specific purposes (Art. 6 para. 1 lit. a DS-GVO)
Insofar as you have given us consent to process personal data for certain purposes (e.g. when contacting us by e‑mail for processing and handling the inquiry, sending newsletters, information on events, advertising approach by phone, e‑mail, SMS, etc.), the lawfulness of this processing is based on your consent. Consent given can be revoked at any time. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected.
3.2 Processing is necessary for the performance of a contract to which you are party or in order to take steps at the request of you prior to entering into a contract (Art. 6 Abs. 1 lit. b DS-GVO)
When contacting us (by e‑mail), your information will be processed in addition to any consent given for the processing of the contact request and its handling also on the basis of the implementation of pre-contractual measures, Art. 6 para. 1b DS-GVO.
3.3 Processing is necessary for the purposes of our legitimate interests (Art. 6 Abs. 1 lit. f DS-GVO)
So the extent necessary, we process your data to protect legitimate interests of us or of third parties. In particular, we pursue the following legitimate interests:
- Ensuring IT security, in particular the security of the website (see data listed above under point 2);
- Assertion of legal claims and defense in legal disputes;
- Advertising for our services, insofar as you have not objected to the use of your data.
4. Who gets my data?
Within the company, access to your data is granted to those departments that need it to fulfill our contractual and legal obligations.
Processors used by us (Art. 28 DS-GVO) may also receive data for the purposes mentioned above. These are companies in the IT services category (Internet service providers, video chat providers). Where we use processors to provide our services, we take appropriate legal precautions and corresponding technical and organizational measures to ensure the protection of personal data in accordance with the relevant legal requirements.
Data is only passed on to third parties as required by law. We only pass on users’ data to third parties if this is necessary, for example, on the basis of Art. 6 para. 1 lit. b DS-GVO for contractual purposes or on the basis of legitimate interests pursuant to Art. 6 para. 1 lit. f. DS-GVO in an economic and effective operation of our business or you have consented to the transfer of data. In the case of purely informational use of the website, we do not pass on any data to third parties as a matter of principle.
5. How long will my data be stored?
For security reasons (e.g. to clarify acts of abuse or fraud), log file information is stored for a maximum of seven days and then deleted (see point 2 above). Data whose further storage is required for evidentiary purposes is exempt from deletion until final clarification of the respective incident.
To the extent necessary, we process and store your personal data for the duration of our business relationship, which includes, for example, the initiation and execution of a contract by e‑mail.
In addition, we are subject to various storage and documentation obligations, which result, among other things, from the tax laws. The periods specified there for storage or documentation are two to ten years.
Finally, the storage period is also assessed according to the statutory limitation periods, which, for example, according to §§ 195 et seq. of the German Civil Code (BGB), generally amount to three years, but in certain cases can also be up to thirty years, whereby the regular limitation period is three years.
Insofar as you assert your rights as a data subject, we will store the information provided to you in this regard until the expiry of the statutory limitation period pursuant to Section 31 (2) No. 1 OWiG, Section 41 (1) BDSG, Article 83 (5) lit b DSGVO for 3 years. This period may be extended if the statutory limitation period is extended due to interruptions of the limitation period (e.g. in the context of inquiries by the supervisory authorities).
6. Is data transferred to a third country or to an international organization?
We do not transfer data to third countries (countries outside the European Union — EU).
If you communicate with us on social networks, then you leave our own pages. Then your data may also be processed outside the European Union (EU). You can find more information about this separately below in point 15.
7. What data protection rights do I have?
Every data subject has
- the right to request according to Art. 15 DSGVO (i.e. you have the right to request information about your personal data stored by us at any time),
- the right to rectification in accordance with Art. 16 DSGVO (i.e. in the event that your personal data is incorrect or incomplete, you may request that it be rectified),
- the right to erasure under Art. 17 DSGVO and the right to restriction of processing under Art. 18 DSGVO (i.e. you may have the right to request erasure or restriction of processing of your personal data if, for example, there is no longer a legitimate business purpose for such processing and legal retention obligations do not require continued storage),
- the right to data portability from Art. 20 DSGVO (i.e. you may have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format and to transfer this data to another controller without hindrance).
Furthermore, you may revoke consents, in principle with effect for the future.
Furthermore, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 DS-GVO in conjunction with § 19 BDSG).
In addition, we would like to point out your right of objection according to Art. 21 DS-GVO:
Information about your right to object according to Art. 21 DS-GVO
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Ar. 6 (1) (e) DS-GVO (data processing in the public interest) and Ar. 6 (1) (f) DS-GVO (data processing on the basis of a balance of interests); this also applies to profiling based on this provision within the meaning of Art. 4 No. 4 DS-GVO which we use for advertising purposes.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.
In individual cases, we process your personal data to conduct direct marketing. You have the right to object at any time to the processing of personal data concerning you for the purposes of such advertising; this also applies to profiling, insofar as it is related to such direct advertising. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.
The objection can be made form-free and no transmission costs other than those according to the prime rates will be incurred.
If possible, the objection should be addressed to:
Monika Heimann, Michael Schütz
Poller Kirchweg 78–90
51105 Cologne, Germany
Phone: 0221 1699 6356
8. To what extent is there automated decision-making in individual cases, including profiling?
In the context of accessing our website or in the context of contacting us by form or e‑mail, we do not use fully automated decision-making pursuant to Art. 22 DS-GVO. Should we use these procedures in individual cases, we will inform you about this separately if this is required by law.
We do not process your data automatically with the aim of evaluating certain personal aspects (profiling).
9. Is there an obligation for me to provide data?
Within the scope of our website, you must provide the personal data that is required for the use of our website for technical or IT security reasons. If you do not provide the aforementioned data, you will not be able to use our website.
When contacting us by e‑mail, you only have to provide the personal data that is required to process your inquiry. Otherwise, we will not be able to process your request.
10. Cookies & Google Analytics — are not used
11. Links to social media platforms via the “Shariff” solution
We offer you the option of using so-called “social media buttons” on our website. To protect your data, we rely on the “Shariff” solution for implementation. This means that these buttons are only integrated on the website as a graphic that contains a link to the corresponding website of the button provider. By clicking on the graphic, you are thus redirected to the services of the respective provider. Only then will your data be sent to the respective providers.
We have integrated the social media buttons of the following companies on our website:
- Facebook Inc. (1601 S. California Ave — Palo Alto — CA 94304 — USA)
- XING AG (Gänsemarkt 43 — 20354 Hamburg — Germany)
- Twitter Inc. (795 Folsom St. — Suite 600 — San Francisco — CA 94107 — USA)
- LinkedIn Corporation (2029 Stierlin Court — Mountain View — CA 94043 — USA)
12. Embedded YouTube videos via WP YouTube Lyte
We may use embedded YouTube videos. YouTube is a service of Google Inc, Amphitheatre Parkway, Mountain View, CA 94043, USA. We use the WP YouTube Lyte plug-in for this purpose. This means that on the pages where videos are embedded, you will only see a preview image that is stored on our own servers. This means that simply visiting a page on which videos are embedded does not pass on any personal data to YouTube.
The plugin only establishes a connection to YouTube when you as a user actively click the play button. Google itself is responsible for the data processing described below. When you click the play button, YouTube receives the information that you have accessed the corresponding subpage of our website and data on location (GPS data), IP address and devices used, including information about objects near your device, such as WLAN access points, radio masts and Bluetooth-enabled devices, as well as sensor data from your device. This is done regardless of whether you are logged in to Google or YouTube. If you are logged in, however, your data may be assigned to your account. If you do not want the assignment with your profile on YouTube, you must log out before activating a video. YouTube stores your data in the event that you are logged in as user profiles and uses them for purposes of providing the services, maintaining and improving the services, measuring performance, developing new services and providing personalized services, including content and advertisements. You have the right to object to the creation of these user profiles, and you must contact YouTube to exercise this right.
In accordance with Art. 6 Para. 1 lit. a DS-GVO, the data is only processed on the basis of your express consent.
The processing of data also takes place in the USA within the scope of this service. The information is usually transferred to a Google server in the USA and stored there. There are corresponding risks associated with the processing of your data in the USA. By giving your consent, by clicking on an embedded You-Tube video, you consent to the processing of your data in the USA, despite potential access by US authorities, Art. 49 para. 1 lit. a DS-GVO.
For more information on the purpose and scope of data collection and its processing by YouTube, please refer to Google’s privacy information at https://policies.google.com/privacy. An opt-out from personalized advertising is available under https://adssettings.google.com.
13. Online group discussions or one-on-one interviews, meetings, and webinars via Zoom
For online meetings (one-on-one, group meetings or workshops), online meetings and webinars, we use “Zoom Meetings” and “Zoom Webinars”, products of Zoom Video Communications Inc, 55 Almaden Blvd, Suite 600, San Jose, CA 95113, USA (https://zoom.us). We chose this processor after reviewing a great many vendors because it offers the best combination of quality, functionality, ease of use, and privacy friendliness.
- Zoom Video Communications Inc. undertakes to comply with all provisions in accordance with the European Data Protection Regulation (GDPR) (more information).
- There is a data processing agreement between INNCH and Zoom Video Communications Inc. based on the EU standard contractual clauses, which obligate the contractual partner to comply with the European level of data protection.
- As complementary safeguards, we have further configured our Zoom to process data only via European servers and secure third countries for the purpose of conducting online meetings and webinars.
When using “Zoom”, your login data (first name, last name, e‑mail address) is processed by Zoom. In addition, the processor only collects data that is necessary for the technical provision of the service. This may include your IP address, the operating system you use and other device details, as well as meeting metadata (e.g. date, time and duration of the meeting). However, the processor does not collect any information or content transmitted during conversations or chats.
You may have the option to use the chat or question and answer function in a webinar. The text input you provide may be picked up in the webinar (read aloud and answered by us) and used for the purpose of following up on the webinar.
For online group discussions and individual interviews, the legal basis for processing data via the processors is Art. 6 (1) lit. a DS-GVO, i.e. your express written consent. If the interviews are recorded — with your explicit and written consent — then they will be securely stored exclusively on our own computers and only used in accordance with the purposes agreed with you. They will be deleted as soon as the purpose has been fulfilled.
For online meetings, the legal basis is Art. 6 (1) lit. b DS-GVO, insofar as the meetings are held in the context of contractual relationships.
If no contractual relationships exist for online meetings or webinars, the legal basis is Art. 6 (1) lit. f DS-GVO. Here, our interest is in the effective implementation of online meetings and webinars.
14. Comment function
If you leave a comment in our blog Kul-Tick, in addition to your comment, the time of creation and, if applicable, the name or pseudonym voluntarily used by you will be stored and published on the website. In addition, your IP address is stored on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. DS-GVO will be stored for 7 days. This is done for our security in case someone leaves unlawful content in comments and posts (insults, prohibited political propaganda, etc.). In this case, we ourselves can be prosecuted for the comment or post and are therefore interested in the identity of the author.
The data provided in the context of comments and posts, will be stored by us until the objection of the user permanently.
15. Online offers on other websites and social networks
In addition to our own websites listed above in this statement, you will also find presences of our company on websites of other providers or in social networks. These include our profiles on Xing, LinkedIn, Instagram, YouTube, entries in online business directories such as Google Search/Google Maps and the decentralized network Mastodon (none of these services, however, is integrated into our own pages, so that no data is collected by the services/networks when you use our pages).
We use these services and networks on the basis of our legitimate interest pursuant to Art. 6 (1) lit. f DS-GVO to present our company publicly, to publish news and contact information about our company and to give users the opportunity to enter into a direct exchange with us. Under certain circumstances, you have given consent to the platform operator to process your data, in which case the legal basis is Art. 6 (1) lit. a DS-GVO.
Please note: If you use these services or social networks, then the providers may also use your data for their own purposes, including for their own advertising and market research purposes or to create usage profiles in order to play personalized advertising to you. For this purpose, cookies may also be stored on your computer when you browse the pages of these providers, with the help of which your usage behavior is recorded. Under certain circumstances, data processing may also affect persons who are not registered as users with the respective social media platform. The processing may also take place outside the European Union. This is associated with risks for users, as it may be more difficult to enforce their own rights. We have no influence over the type and scope of data processing by these services/platforms for their own purposes. US services/platforms that offer guarantees for a secure level of data protection undertake to comply with the standards of European data protection (DS-GVO).
In part, general statistical (anonymous) data is also retrievable for us. The use of this data is based on our legitimate interest according to Art. 6 para. 1 lit. f DS-GVO. For more information about data processing in connection with the use of our offers on social media platforms, your options to object (opt-out) and the assertion of your rights to information, please refer to the data protection statements of the relevant platform operators listed below. You are also welcome to contact us directly if you need help with this.
LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland
Instagram, Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Mastodon gGmbH, Mühlenstraße 8a, 14167 Berlin, Germany
mastodon.art, 302 Manhattan place, 130 Bree St, Cape Town, 8001, Western Cape, South Africa
If you do not wish your data to be processed by the providers of the aforementioned services/platforms, you can also communicate with us at any time by other means, e.g. directly by e‑mail or telephone, or via the comment function on our own pages.