Data Safety & Security

1      Data protection and data security

Internal data protection and data backup are described in the following explanations. Finally, the system of internal controls is described.

1.1             General statements on data protection

InMotion will not pass on any personal data to third parties unless this is expressly requested. Specific confidentiality agreements are usually also agreed within projects.

1.2             EU Data Protection Directive

Copy of the data protection declaration according to the homepage:

Personal data (hereinafter mostly referred to as “data”) are processed by us only to the extent necessary and for the purpose of providing a functional and user-friendly website, including its content and the services offered there.

According to Art. 4 Number 1 of Regulation (EU) 2016/679, i.e. the General Data Protection Regulation (hereinafter only referred to as “GDPR”), “processing” means any process or series of processes carried out with or without the help of automated processes with personal data, such as the collection, collection, organization, organization, storage, adaptation or modification, reading, querying, use, disclosure through transmission, distribution or another form of provision, comparison or the link, the restriction, the deletion or the destruction.

With the following data protection declaration, we inform you in particular about the type, scope, purpose, duration and legal basis of the processing of personal data, insofar as we either alone or together with others decide on the purposes and means of the processing. In addition, we will inform you below about the third-party components we use for optimization purposes and to increase the quality of use, insofar as third parties process data on their own responsibility.

Our data protection declaration is structured as follows:

I. Information about us as responsible

II. Rights of users and data subjects

III. Information on data processing

I. Information about us as responsible

The responsible of this website in the sense of data protection law is:

– Torsten Buchmann-von der Heyden; Heisterweg 13: 31275 Lehrte; Germany

– Telephone: 0163-2630067; Email: tb@inmotion.expert

Data protection officer at the provider is:

– Torsten Buchmann-von der Heyden

II. Rights of users and data subjects

With regard to the data processing described in more detail below, users and data subjects have the right

– on confirmation of whether data relating to them are processed, information about the processed data, further information about data processing and copies of the data (see also Art. 15 GDPR);

– to correct or complete incorrect or incomplete data (see also Art. 16 GDPR);

– Immediate deletion of the data concerning you (cf. also Art. 17 GDPR) or, alternatively, if further processing in accordance with Art. 17 Para. 3 GDPR is required, restriction of processing in accordance with Art. 18 GDPR;

– on receipt of the data concerning them and provided by them and on the transmission of this data to other providers / responsible persons (cf. also Art. 20 GDPR);

– on a complaint to the supervisory authority, provided they believe that the data concerning them will be processed by the provider in violation of data protection regulations (see also Art. 77 GDPR).

In addition, the provider is obliged to inform all recipients to whom data have been disclosed by the provider about any correction or deletion of data or the restriction of processing that takes place on the basis of Articles 16, 17 (1), 18 GDPR teaching. However, this obligation does not exist if this communication is impossible or involves disproportionate effort. Notwithstanding this, the user has the right to information about these recipients.

According to Art. 21 GDPR, users and data subjects also have the right to object to the future processing of their data, provided that the data is provided by the provider in accordance with Art. 6 Para. 1 lit. f) GDPR are processed. In particular, an objection to data processing for the purpose of direct advertising is permitted.

III. Information on data processing

Your data processed when you use our website will be deleted or blocked as soon as the purpose of storage no longer applies, the deletion of the data does not conflict with any statutory retention requirements and no other information on individual processing methods is given below.

Server Data

For technical reasons, in particular to ensure a secure and stable website, data is transmitted to us or our web space provider through your internet browser. With these so-called server log files, i.a. Type and version of your internet browser, the operating system, the website from which you switched to our website (referer URL), the website (s) of our website that you visit, the date and time of the respective access and the IP address of the Internet connection from which our website is used.

This data is temporarily stored, but not together with other data from you.

This storage takes place on the legal basis of Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in the improvement, stability, functionality and security of our website.

The data will be deleted after seven days at the latest, provided that no further storage is required for evidence purposes. Otherwise, all or part of the data will be excluded from deletion until an incident has been finally clarified.

Contract management

The data transmitted by you to use our range of goods and / or services will be processed by us for the purpose of contract execution and is required in this respect. Conclusion of contract and contract execution are not possible without providing your data.

The legal basis for processing is Art. 6 Para. 1 lit. b) GDPR.

We delete the data with complete contract processing, but must observe the tax and commercial retention periods.

As part of the contract processing, we pass on your data to the transport company commissioned with the delivery of goods or to the financial service provider, insofar as the transfer is necessary for the delivery of goods or for payment purposes.

The legal basis for the transfer of the data is then Art. 6 Para. 1 lit. b) GDPR.

LinkedIn

We maintain an online presence at LinkedIn to present our company and our services and to communicate with customers / interested parties. LinkedIn is a service of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, a subsidiary of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA.

In this respect, we would like to point out that there is a possibility that data of users outside the European Union, especially in the USA, will be processed. This can result in increased risks for the user to the extent that e.g. later access to user data can be made more difficult. We also have no access to this user data. Access is exclusively with LinkedIn. LinkedIn Corporation is certified under the Privacy Shield and is committed to complying with European data protection standards

https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active

You can find LinkedIn’s data protection information at

https://www.linkedin.com/legal/privacy-policy

Facebook

We operate a company presence on the Facebook platform to advertise our products and services and to communicate with interested parties or customers.

On this social media platform, we are jointly responsible with Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2 Ireland.

Facebook’s data protection officer can be reached via a contact form:

https://www.facebook.com/help/contact/540977946302970

We have regulated the shared responsibility in an agreement regarding the respective obligations within the meaning of the GDPR. This agreement, from which the mutual obligations arise, is available at the following link:

https://www.facebook.com/legal/terms/page_controller_addendum

The legal basis for the processing of personal data that follows and is reproduced below is Art. 6 Para. 1 lit. f GDPR. Our legitimate interest is in the analysis, communication, sales and advertising of our products and services.

The legal basis can also be the user’s consent in accordance with Art. 6 Para. 1 lit. a GDPR towards the platform operator. The user can revoke his consent to this in accordance with Art. 7 Para. 3 GDPR at any time by notifying the platform operator for the future.

When you access our online presence on the Facebook platform, Facebook Ireland Ltd. as the operator of the platform in the EU data of the user (e.g. personal information, IP address etc.) processed.

This user data is used for statistical information about the use of our company presence on Facebook. Facebook Ireland Ltd. uses this data for market research and advertising purposes as well as to create user profiles. Based on these profiles, it is Facebook Ireland Ltd. For example, it is possible to advertise users inside and outside of Facebook based on interests. If the user is logged into his account on Facebook at the time of the call, Facebook Ireland Ltd. also link the data to the respective user account.

If the user contacts us via Facebook, the user’s personal data entered on this occasion will be used to process the request. The user’s data will be deleted by us, provided that the user’s request has been answered in the end and there are no legal retention requirements, such as with a subsequent contract execution.

To process the data, Facebook Ireland Ltd. possibly also set cookies.

If the user does not consent to this processing, it is possible to prevent the installation of cookies by setting the browser accordingly. Cookies that have already been saved can also be deleted at any time. The settings for this depend on the respective browser. In the case of flash cookies, processing cannot be prevented via the settings of the browser, but rather through the corresponding setting of the flash player. If the user prevents or restricts the installation of cookies, this can mean that not all of Facebook’s functions can be used to their full extent.

More information on the processing activities, their prevention and the deletion of the data processed by Facebook can be found in the Facebook data policy:

https://www.facebook.com/privacy/explanation

It is not excluded that the processing by Facebook Ireland Ltd. also via Facebook Inc., 1601 Willow Road, Menlo Park, California 94025 in the USA.

Facebook Inc. has submitted to the “EU-US Privacy Shield” and thereby declares compliance with EU data protection regulations when processing data in the USA.

https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

Linking social media via graphics or text link

We also advertise on our website presences on the social networks listed below. The integration takes place via a linked graphic of the respective network. The use of this linked graphic prevents a connection to the respective server of the social network from being automatically established when a website with a social media application is called up in order to display a graphic of the respective network itself. The user is only forwarded to the service of the respective social network by clicking on the corresponding graphic.

After the user has been forwarded, information about the user is recorded by the respective network. It cannot be ruled out that the data collected in this way will be processed in the USA.

First of all, this includes data such as IP address, date, time and page visited. If the user is logged into his user account of the respective network, the network operator may be able to assign the information collected from the specific visit of the user to the user’s personal account. If the user interacts via a “share” button of the respective network, this information can be saved in the user’s personal user account and published if necessary. If the user wants to prevent the information collected from being directly assigned to his user account, he must log out before clicking on the graphic. It is also possible to configure the respective user account accordingly.

The following social networks are integrated into our website by linking:

LinkedIn

LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, a subsidiary of the LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085 USA.

Data protection declaration: https://www.linkedin.com/legal/privacy-policy

EU-US data protection certification (“EU-US Privacy Shield”) https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active

Facebook

Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA.

Data protection declaration: https://www.facebook.com/policy.php

EU-US data protection certification (“EU-US Privacy Shield”) https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

1.3             Internal controls

For all offers, contracts, invoices and orders, cross-checks are carried out by a second partner (four-eyes principle).

The distribution of income and the annual accounts are checked by all partners.