Privacy information

In order for you to keep an overview

With this data protection notice we inform you about our handling of your personal data and about your rights according to the European Data Protection Regulation (DSGVO) and the German Federal Data Protection Act (BDSG). Responsible for the data processing is isento GmbH (hereinafter referred to as “we” or “us”).

Our privacy notice consists of two parts. Part A provides you with general information on data protection at isento and tells you, among other things, what rights you have and where you can assert them. Part B is dedicated to the various groups of data subjects and explains in detail what data we collect and process about you. In doing so, we address you in your role as:

a. Visitors:inside our websites,
b. Customers who use our services or purchase our goods,
c. Contact persons at B2B customers who enable their employees to use our service,
d. Newsletter subscribers, whom we keep up to date on a regular basis, as well as
e. Applicants:inside who would like to join our team,

A. General information

1. our contact details

If you have any questions or suggestions regarding this information, or if you would like to contact us about asserting your rights, please send your request to

isento GmbH
Ostendstrasse 242, 90482 Nuremberg
Tel.: 0911 21 7738 70
E-mail: team@pib.rocks

2. on what basis do we process your data?

The term “personal data” under data protection law refers to all information that relates to an identified or identifiable individual. We process personal data in compliance with the relevant data protection regulations, in particular the DSGVO and the BDSG. Data processing by us only takes place on the basis of a legal permission. We process personal data only with your consent (Art. 6(1)(a) DSGVO), for the performance of a contract to which you are a party or at your request for the performance of pre-contractual measures (Art. 6(1)(b) DSGVO), for compliance with a legal obligation (Art. 6(1)(c) DSGVO) or if the processing is necessary for the protection of our legitimate interests or the legitimate interests of a third party, unless your interests or fundamental rights and freedoms require protection. 1 letter c DSGVO) or if the processing is necessary to protect our legitimate interests or the legitimate interests of a third party, unless your interests or fundamental rights and freedoms which require the protection of personal data override (Art. 6 (1) letter f DSGVO).

If you apply for a vacant position in our company, we will also process your personal data for the purpose of deciding whether to establish an employment relationship (Section 26 (1) sentence 1 BDSG).

3. your rights

You control your data! As a data subject, you therefore have the right to assert your data subject rights against us. In doing so, you have the following rights under the data protection laws that apply to you:

  • In accordance with Art. 15 DSGVO and § 34 BDSG, you have the right to request information about whether and, if so, to what extent we are processing personal data relating to you or not.
  • You have the right to demand that we correct your data in accordance with Art. 16 DSGVO.
  • You have the right to demand that we delete your personal data in accordance with Art. 17 DSGVO and § 35 BDSG.
  • You have the right to have the processing of your personal data restricted in accordance with Art. 18 DSGVO.
  • You have the right, in accordance with Art. 20 DSGVO, to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format and to transfer this data to another controller.
  • If you have given us separate consent to data processing, you can withdraw this consent in accordance with Art. 7 para. 3 DSGVO at any time. Such revocation shall not affect the lawfulness of the processing that was carried out on the basis of the consent until the revocation.
  • If you believe that a processing of personal data concerning you violates the provisions of the GDPR, you have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR.

They shall, in accordance with Art. 21 para. 1 DSGVO the right to object to processing based on the legal basis of Art. 6 para. 1 letter e or f DSGVO, on grounds relating to your particular situation. If we process personal data about you for the purpose of direct marketing, you may object to such processing in accordance with Section 7 of the German Data Protection Act. Art. 21 par. 2 and para. 3 DSGVO file an objection.

If you exercise your rights under Articles 15 to 22 of the GDPR, we will process the personal data provided for the purpose of implementing these rights by us and to be able to provide evidence thereof. We will process data stored for the purpose of providing information and preparing it only for this purpose and for data protection control purposes and otherwise restrict processing in accordance with Art. 18 DSGVO.

These processing operations are based on the legal basis of Art. 6 para. 1 lit. c DSGVO in conjunction with. Art. 15 to 22 DSGVO and Section 34 para. 2 BDSG.

4. where do we process your data?

Basically, we process your data on European servers with the highest security standards. In the provision of our service, we are supported by external service providers to whom we send your data. Some data processing operations may involve the transfer of certain personal data to third countries, i.e. countries where the GDPR is not applicable law. Such a transfer is permissible if the European Commission has determined that an adequate level of data protection is warranted in such third country. This applies to all transmissions to countries, this listing: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en

If such an adequacy decision of the European Commission is not available, a transfer of personal data to a third country shall only take place if appropriate safeguards are in place in accordance with. Art. 46 GDPR or if one of the conditions of Art. 49 GDPR is met.

Unless an adequacy decision is in place and otherwise specified below, we use EU standard data protection clauses as appropriate safeguards for transfers of personal data from the scope of the GDPR to third countries. You have the possibility to receive a copy of these EU standard data protection clauses or to view them. To do so, please contact us at the address given under Contact.

If you consent to the transfer of personal data to third countries, the transfer will take place on the legal basis of Art. 49 para. 1 letter a DSGVO.

5. to whom and why do we share your personal data?

In order to provide our services and to be able to act economically as a company, we use various external companies to which we transfer personal data in some cases. If some groups of data subjects contain further specific recipients of personal data, we will inform you about this in Part B.

Receiver Reason for disclosure
Hosting provider We do not have our own servers, but hire certified service providers to host our admin portal and CRM system.
IT service provider and SaaS provider We engage the services of various service providers who act as processors to help us provide our services to you.
Affiliated companies isento GmbH and isento eCommerce solutions GmbH work with cross-company teams. Therefore, data transfers to our sister company may take place.
Authorities To comply with legal requirements or to respond to court orders or other similar governmental requests.
Other service providers In addition, we may transfer your personal data to agencies such as postal and delivery services, house banks, tax consulting or auditing companies or the tax authorities, as well as to service providers for file destruction.

6. how long do we store your data?

Unless otherwise stated in the following notes, we store the data only for as long as is necessary to achieve the purpose of the processing or to fulfill our contractual or legal obligations. Such statutory retention obligations may arise in particular from commercial or tax law provisions. From the end of the calendar year in which the data was collected, we will retain such personal data contained in our accounting records for ten years and retain personal data contained in commercial letters and contracts for six years. In addition, we will retain data in connection with consents requiring proof as well as with complaints and claims for the duration of the statutory limitation periods. We will delete data stored for advertising purposes if you object to processing for this purpose.

7. how do we use “cookies” and other tracking technologies?

We use cookies and similar technologies on our websites and in the provision of our services. We have compiled more information about how we use these technologies in our Cookie Banners (also called CMP, or “Consent Management Platform”). The banners can be accessed the first time you visit the website, via a link in the footer or via a badge on the side of the page. There you will also find the setting options to accept or reject certain types of cookies.

How can you reach our data protection officer?

You can reach our data protection officer at the following contact details:

E-mail: datenschutzbeauftragter@isento.de
Herting Oberbeck Data Protection GmbH
https://www.datenschutzkanzlei.de.

B. Special part – How and for what we process your data

1. visitors:inside our website

What do we capture? For what purposes do we use the collected data?
Data you provide to us in contact forms about yourself or the company you work for, such as your name, email address and telephone number.
  • Acquisition and customer acquisition;
  • Support and communication: answering inquiries.

Legal basis: Art. 6 para. 1 letter a) DSGVO

Pseudonymous information about the device and browser you are using, server log files, your network connection, and your IP address.
  • Ensuring the security, operability and stability of our services, including defense against attacks.

Legal basis: Art. 6 para. 1 letter f) DSGVO

Information about how you behave on the website. This includes the IP address as well as user IDs, which can also be assigned by third-party providers, provided you have given your consent to this via the cookie banners.
  • Reach measurement and analysis of user behavior to optimize our websites, increase customer satisfaction and error analysis;
  • (Conversion) tracking for reach measurement;
  • Remarketing to acquire new customers through personalized playout of our advertising.

Legal basis: Art. 6 para. 1 letter a) DSGVO

2. customers:inside

What do we capture? For what purposes do we use the collected data?
Data about you that you provide when entering into a contract, such as name, address and e-mail address, as well as payment or billing information.
  • Provision of service;
  • Processing of payment;
  • Customer management;
  • Support and communication: answering inquiries.

Legal basis: Art. 6 para. 1 letter b) DSGVO

  • Non-commercial communication on technical, security and contract-related topics (e.g. fraud alerts, account blocking or contract changes)
  • non-promotional communication on product updates, new features as well as motivation;
  • Advertising of similar products and services.

Legal basis: Art. 6 para. 1 letter f) DSGVO

  • Playing out product and satisfaction surveys.

Legal basis: Art. 6 para. 1 letter a) DSGVO

  • Compliance with legal requirements and retention obligations.

Legal basis: Art. 6 para. 1 lit. c) DSGVO

Feedback and information you provide to us in surveys and interviews. – Optimization of our products, increase in customer satisfaction and error analysis;

– Publication on our website and other marketing channels for promotional purposes.

Legal basis: Art. 6 para. 1 letter a) DSGVO

3. contact persons at B2B customers

What do we capture? For what purposes do we use the collected data?
Data you provide to us about yourself and the company you work for, such as name, email address and telephone number.
  • Fulfillment of the contract with your company, management of your account, billing;
  • Support and communication, responding to inquiries;
  • Non-promotional communications about product updates and new features.

Legal basis: Art. 6 para. 1 letter f) DSGVO

  • Playing out product and satisfaction surveys;
  • Advertising of products and services.

Legal basis: Art. 6 para. 1 letter a) DSGVO

  • To comply with legal requirements and retention obligations.

Legal basis: Art. 6 para. 1 lit. c) DSGVO

4. applicants:inside

What do we capture? For what purposes do we use the collected data?
Data that you provide to us in the course of your application or that a recruitment agency provides to us from you. This is information about your resume, work history, and other data that you provide.
  • Determine if employment is an option;
  • Initiation of an employment relationship.

Legal basis: Art. 6 para. 1 letter b) DSGVO

  • Fulfillment of legal retention obligations or defense of legal claims.

Legal basis: Art. 6 para. 1 lit. c) DSGVO

  • Upon request, inclusion in our talent pool for later renewed contact if no employment relationship is established for the time being.

Legal basis: Art. 6 para. 1 letter a) DSGVO

Name and contact information received during the application process.
  • To track who has applied to us in the past.

Legal basis: Art. 6 para. 1 letter f) DSGVO

If we are unable to offer you employment, we will retain the application materials you submit for up to six months after any rejection for the purpose of responding to questions related to your application and rejection. This does not apply if legal provisions prevent deletion, if further storage is necessary for the purpose of evidence or if you have expressly consented to longer storage. We store your name and contact information for three years to track who has applied to our company.

e. Newsletter subscriber

What do we capture? For what purposes do we use the collected data?
Name and contact details you provide when you subscribe to our newsletter
  • Sending promotional mailings with information and updates about our products, promotions and events for the purpose of sales promotions and new customer acquisition.

Legal basis: Art. 6 para. 1 letter a DSGVO

Pseudonymous information about the handling of our newsletter (click behavior, opening rate and time, dwell time).
  • Success measurement and optimization of our content

Legal basis: Art. 6 para. 1 letter f DSGVO

f. Social media visitors

Responsible Data processing More information
Social media provider When you visit our social media pages (Facebook, Instagram, LinkedIn, YouTube), through which we present our company or individual products from our range, certain information about you is processed. Facebook and Instagram:

LinkedIn:

Privacy Policy of LinkedIn Ireland Unlimited Company

YouTube:

Privacy policy of Google LLC

Social media provider and isento (joint controller) The social media providers provide us with anonymized statistics and insights for our pages, which we use to gain knowledge about the types of actions people take on our site (so-called “page insights”). These page insights are created based on certain information about people who have visited our site. Facebook and Instagram:

LinkedIn

  • Joint Controller Agreement
  • Data subject rights can be exercised via this contact form be asserted against LinkedIn. You can contact the data protection officer via this Link contact
  • We have agreed with LinkedIn that the Irish Data Protection Commission is the lead supervisory authority overseeing processing for Page Insights. You may lodge your complaint with the Irish Data Protection Commission (see at www.dataprotection.ie) or any other supervisory authority.

YouTube

isento GmbH We process information that you have provided to us via our social media page on the respective social media platform. Such information may be the username used, contact details or a message to us.

 

  • Support, communicate and respond to inquiries.

Legal basis: Art. 6 (1) f) DSGVO.

  • Data processing for participation in sweepstakes: to determine winners and send prize.

Legal basis: Art. 6 (1) b) DSGVO

 

Author