Thank you very much for your interest in our company. The protection of your personal data has a particularly high priority for IFA Technology GmbH. A use of our web presence is therefore basically possible without providing any personal data.
The processing of personal data (such as name, address, e-mail address or telephone number) on our website is carried out in accordance with the provisions of the DS-GVO and in accordance with the country-specific data protection regulations applicable to our company.
With this data privacy statement, we would like to inform you about the type, scope and purpose of the personal data processed by us. In addition, data subjects are informed of the rights to which they are entitled by means of this data privacy statement.
As the data controller, we have implemented extensive technical and organisational measures to ensure that the personal data processed via this website is protected as comprehensively as possible. Nevertheless, internet-based services and data transmissions can generally involve risks and security gaps, so that absolute protection cannot be guaranteed. You are therefore free at any time to transmit personal data to us in any other way, e.g. by telephone, letter or fax.
Our data privacy statement uses the terms that were used when the General Data Protection Regulation (DS-GVO) was issued and should therefore be easy to read and understand for the public as well as for our customers and partners. Therefore, we would like to briefly explain the terms used:
a) Personal data
Personal data is any information that could lead to or contribute to the identification of a natural per-son (hereinafter referred to as "data subject"). This includes data such as name, address, telephone or identification number, location data, online identifier or special features that identify the physical, psychological, economic, cultural, social, religious, political or genetic identity of the data subject.
b) Data subject
The term "data subject" refers to any natural person whose personal data are processed by the data controller.
Processing means any operation such as the collection, sorting and storage, the modification or adaptation, the readout and retrieval, the use, disclosure by transmission, dissemination or any other form of making available, the alignment, linking, restriction, deletion or destruction of personal data.
d) Restriction of processing
A restriction of processing is the marking of personal data with the aim of reducing their future processing. A restriction is always necessary, for instance, if a final deletion is not permitted due to legal requirements, but further processing is not desired by the data subject.
Profiling is any type of automated processing of personal data by which personal aspects of natural persons can be evaluated. For instance, it can be used to analyse or predict the preferences and interests, reliability, behaviour, economic and financial situation, health, whereabouts and movement profiles of these natural persons.
Pseudonymisation is the processing of personal data in such a way as to ensure that the personal data can no longer be attributed to a specific data subject without recourse to additional information. The prerequisite is that this additional information is stored separately and is subject to technical and organisational measures that prevent misuse by third parties in the best possible way.
g) Data controller / person responsible for processing
The data controller is the natural or legal person, public authority, agency or other body who alone or jointly with others determines the purposes and means of processing personal data. Where these purposes and means of processing are laid down by Union law or by the law of the Member States, the data controller or the specific criteria for his designation can be provided for in accordance with those legal bases.
h) Data processor
The data processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller.
i) Data recipient
The data recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed. It does not matter whether the data recipient is a third party or not. An exception to this are authorities which receive personal data within the framework of legal bases, as these are not considered to be data recipients.
j) Third parties
Third party means any natural or legal person, public authority, agency or body other than the data subject, the data controller, the data processor and the persons authorised to process the personal data under the direct responsibility of the data controller or data processor.
Consent is any voluntary, purpose-specific, explicit and informed expression by the data subject of his/her will, in the form of a statement or other unequivocal consenting act or gesture indicating that he/she consents to the processing of personal data concerning him/her.
The data controller within the meaning of the DS-GVO is:
The data protection officer of the data controller is:
Any data subject can contact our data protection officer directly at any time with any questions or suggestions regarding data protection.
Our website or the server of the provider on which our website is stored collects a series of general data and information with each call, which are stored in the log files of the server. The following can be collected:
When using this general data and information, we do not draw any conclusions about the data subject. However, this information is required in order to
These anonymously collected data are therefore evaluated by us statistically and with the aim of increasing data protection and data security in our company, so that an optimal level of protection for the personal data processed by us can be guaranteed. The anonymous data of the server log files are stored separately from all other data.
The decisive criterion for the duration of the storage of personal data is the respective legal retention period. After expiry of this period, the corresponding data are routinely deleted if they are no longer necessary for the performance or initiation of a contract.
We process personal data of data subjects only for the period of the purpose limitation or on the basis of legal requirements of the European Union or other legal bases and regulations the data controller is subject to.
If this purpose limitation is dispensed with or if a storage period prescribed by legal requirements of the European Union or other legal bases and regulations expires, the personal data will be blocked or deleted routinely and in accordance with the statutory provisions.
The DS-GVO gives rise to the following rights for the data subjects:
a) Right to confirmation:
Every data subject has the right to obtain from the data controller confirmation as to whether personal data concerning him/her will be processed. If a data subject wishes to exercise this right, he/she can contact our data protection officer or another employee of our company at any time.
b) Right to information:
Every data subject has the right to obtain at any time and free of charge from the data controller information about the personal data stored about him/her and a copy of this information. This information includes the following items of information:
If a data subject wishes to exercise this right to information, he/she can contact our data protection officer or another of our employees at any time.
c) Right to correction:
Every data subject has the right to demand the immediate rectification of false personal data concerning him/her and the correction or completion of incomplete personal data, in compliance with the purpose limitation of the processing.
If a data subject wishes to exercise this right to information, he/she can contact our data protection officer or another of our employees at any time.
d) Right to deletion and right to be forgotten:
Every data subject has the right to demand that the data controller delete his/her personal data immediately if one of the following reasons applies or if processing is not necessary:
If one of the above reasons applies and the data subject wishes to arrange for the deletion of personal data stored by us, he/she can contact our data protection officer or another employee of our company at any time. We will then arrange for the deletion request to be complied with immediately.
The following also applies to the right to deletion and the right to be forgotten: If the personal data have been made public by us and if our company is obliged to delete the personal data pursuant to Art. 17 para. 1 DS-GVO, we will take appropriate technical and organisational measures, taking into account the economic efficiency and the available technology, to inform other data controllers who process the published personal data that the data subject has requested the deletion of these personal data as well as all links to these personal data, insofar as their processing is no longer necessary. Our data protection officer or another employee will take the necessary steps in each individual case.
e) Right to restriction of processing:
Every data subject has the right to request the data controller to restrict the processing if one of the following conditions is met:
If one of the above conditions is met and a data subject wishes to request the restriction of personal data stored by us, he/she can contact our data protection officer or another employee of our company at any time. The data protection officer or another employee will immediately arrange for the processing to be restricted.
f) Right to data transferability:
Every data subject has the right to obtain the personal data concerning him/her that the data subject has provided to the data processor in a common, structured and machine-readable format. He also has the right to transmit these data to another data controller. This may not be impeded by the data controller to whom he/she has provided the personal data if the processing was carried out on the basis of a consent (Art. 6 (1) a DS-GVO or Art. 9 (2) a DS-GVO Regulation) or a contract (Art. 6 (1) b DS-GVO) and processing is carried out by automated procedures, unless the processing is necessary for the performance of a task in the public interest or in the exercise of official authority assigned to the data controller.
Furthermore, in exercising his/her right to data transferability pursuant to Art. 20 (1) DS-GVO, the data subject has the right to demand a direct transmission of the personal data from one data controller to another data controller, insofar as this is technically feasible and the rights and freedoms of other persons are not affected.
In order to assert the right to data transferability, the data subject can contact our data protection officer or another employee at any time.
g) Right to object:
Each data subject has the right to object at any time to the processing of his/her personal data carried out pursuant to Art. 6 (1) e or f DS-GVO. This also applies to profiling based on these provisions.
In the event of objection, we will no longer process the personal data unless it is possible to prove compelling grounds for processing worthy of protection which outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.
If we process personal data for the purpose of direct advertising, the data subject has the right to object to such processing at any time. This also applies to profiling when it is linked to this direct advertising. If the data subject objects to our processing for direct advertising purposes, we will no longer process the personal data for these purposes.
In addition, the data subject has the right to object to processing of personal data relating to him/her by us for scientific, historical or statistical purposes pursuant to Art. 89 (1) DS-GVO, unless such processing is necessary for the performance of a task in the public interest.
To exercise the right to object, the data subject can contact our data protection officer or another employee directly.
h) Automated decisions in individual cases including profiling
Decisions based on the processing of personal data in an exclusively automated processing or profiling operation and which have legal effects on or significantly impair the data subject are not lawful if the decision
If the decision
we will take appropriate measures to protect the rights and freedoms as well as the legitimate interests of the data subject. This also includes the right to present the position of the data subject vis-à-vis the data controller and to challenge the decision.
If the data subject wishes to assert his/her rights with regard to automated decisions, he/she can contact our data protection officer or another employee at any time.
i) Right to revoke consent under data protection law:
Every data subject has the right to revoke consent to the processing of personal data at any time.
If the data subject wishes to assert his/her right to revoke his/her consent, he/she can contact our data protection officer or another of our employees at any time.
j) Right of appeal to the supervisory authority:
Every data subject has the right to appeal to a supervisory authority if he/she is of the opinion that the processing of his/her personal data violates the DS-GVO.
Art. 6 (1) a DS-GVO represents the legal basis for processing operations in our company where we obtain the consent of the data subject for a specific processing purpose.
If the processing of personal data is necessary to perform a contract with the data subject, Art. 6 (1) b DS-GVO applies. This may be the case, for example, with a delivery of goods, an on-site service, the answering of enquiries or the preparation of offers.
In the event of legal obligations to which our company may be subject, processing will take place on the basis of Art. 6 (1) c DS-GVO. These obligations can for instance be tax requirements or reporting obligations.
Should the case arise that the processing of personal data is necessary to safeguard vital interests of data subjects, this will be done on the basis of Art. 6 (1) d DS-GVO. This would be the case, for instance, if visitors were to have an accident on the company's premises. In this case, we would need to disclose data such as name, age, health insurance and insurance data and other vital information to a physician, hospital or other third party.
Finally, the processing of personal data could also be based on our legitimate interests, which means that Art. 6 (1) f DS-GVO is applied. A legitimate interest could be that the data subject is a customer of the data controller and that the processing is meaningful and useful for the company. In addition, our legitimate interest is to conduct our business activities for the benefit of the company and its owners, shareholders and employees. However, the interests, basic rights and fundamental freedoms of the data subject must be adequately considered.
We hereby inform you that the provision of personal data is partly stipulated by law (e.g. by tax and reporting regulations) or may result from contractual conditions. For instance, it may happen that a data subject provides us with personal data, which we must then subsequently process. If you have any questions about the necessity of providing personal data, our data protection officer is available to you at any time to clarify whether a legal or contractual basis exists in the individual case and what the consequences would be if the personal data were not provided.
In accordance with statutory provisions, our website contains information that enables quick electronic contact with our company, whether by telephone, fax or e-mail. When a data subject contacts the data controller by e-mail or via a contact form, the personal data transmitted by the data subject is automatically stored. Such personal data transmitted voluntarily by a data subject to the data processor will be stored for the purpose of processing or contacting the data subject. This personal data will not be passed on to third parties.
If you use the contact form on our website, we will ask you for your name and other personal information. With the exception of a few mandatory fields, you are free to decide whether you wish to enter this data or not. We store your data on servers in Germany for the purpose of processing the request you have made.
We collect and process the personal data of applicants for the purpose of processing the application procedure. This processing can also take place completely or partially by electronic means. This is particularly the case if an applicant submits his/her application documents to us, for example by e-mail or via a web form on the website.
If an employment contract is concluded with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions.
If we are interested in an application, although there is currently no vacancy for the qualifications offered, we will obtain consent for the storage of the application documents from the data subject. If this consent is given, the data will be kept for up to 6 years unless the data subject objects in the meantime. Otherwise a deletion takes place after 2 months.
If we do not conclude an employment contract with the applicant, the application documents will be automatically deleted 2 months after notification of the refusal decision, provided that this deletion does not conflict with any other legitimate interests on our part. These interests could consist, for instance, in a burden of proof in proceedings under the General Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz - AGG).
Note: We kindly ask you to submit your application electronically by e-mail if possible - for the sake of the environment. To protect your personal data, we offer you the option of sending us your application in encrypted form. After expiry of the above-mentioned retention periods, electronic applications will be deleted and paper-based applications destroyed.
Our website offers users the opportunity to subscribe to our company newsletter. The personal data transmitted to the data controller when ordering the newsletter can be determined from the input mask used for this purpose.
We inform our customers and business partners at regular intervals about offers and news of our company by means of a newsletter. In principle, the newsletter can only be received by the data subject if
For legal reasons, a confirmation e-mail will be sent to the e-mail address entered by a data subject for the first time for the newsletter dispatch using the double opt-in procedure. The data subject must react to this confirmation e-mail and a reply is generated which serves to check whether the owner of the e-mail address has authorised the receipt of the newsletter as the data subject.
Upon registration for the newsletter, we also store the IP address assigned by the Internet Service Provider (ISP) to the computer system used by the data subject during registration, together with the date and time of registration. The collection of these data is necessary so as to be able to trace a possible misuse of the e-mail address of a data subject at a later point in time and thus serves to legally safeguard the data controller.
The personal data collected during registration for the newsletter will be used exclusively for dispatching the newsletter. Apart from the actual newsletter, information about the newsletter itself, e.g. changes to the newsletter offer, can also be sent to the data subject by e-mail. Under no circumstances will this data be passed on to third parties.
The data subject can cancel the subscription at any time on the homepage or by clicking on the cancellation link in the newsletter and revoke the associated consent to the storage of personal data. Finally, there is of course the possibility of informing the data controller of this wish in another way.
14. DATA PROTECTION REGULATIONS WHEN USING FACEBOOK
We have integrated components of the social network Facebook on our website.
Facebook is a social network that enables its users to form online communities with the goal of communicating with each other and sharing opinions, experiences and media files. Operator is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If the data subject lives outside of Canada or the USA, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland is responsible.
Each time one of the individual pages of our homepage is accessed, on which a Facebook component (Facebook plug-in) has been integrated, the Internet browser on the computer of the data subject is prompted to download a representation of the corresponding Facebook component from Facebook. A complete overview of all Facebook plug-ins can be found at
This provides Facebook with information about which of our subpages of the homepage is accessed by the data subject.
If the affected person is logged in to Facebook at the same time, Facebook therefore recognises which subpage is accessed by the data subject each time the data subject accesses our website and during the entire stay on our homepage. This information is collected by Facebook and associated with the data subject's Facebook account. If the data subject clicks on one of the Facebook buttons integrated into our website (e.g. the "Like" button) or comments on this page, Facebook assigns this information to the data subject's user profile and saves this personal data.
If the data subject is logged on to Facebook when visiting our homepage, Facebook always receives information via this Facebook component that the data subject has visited our website, regardless of whether the data subject clicks on the Facebook component or not. If the data subject does not wish this transmission to Facebook, he/she can prevent it by logging out of his/her Facebook account before accessing our homepage.
Facebook's published data policy, which can be accessed at
provides information about the collection, processing and use of personal data by Facebook. In addition, it is explained which settings options Facebook offers to protect the privacy of the data subject. In addition, third-party applications are available that prevent data from being transmitted to Facebook.
The data controller has integrated LinkedIn Corporation components into this website. LinkedIn is an Internet-based social network that allows users to connect with existing business contacts and establish new business contacts. Over 400 million registered people use LinkedIn in more than 200 countries. This makes LinkedIn currently the largest platform for business contacts and one of the most visited websites in the world.
Each time you visit our website, which is equipped with a LinkedIn component (LinkedIn plug-in), this component causes the browser used by the data subject to download a corresponding representation of the LinkedIn component. Further information on the LinkedIn plug-ins can be found at developer.linkedin.com/plugins. As part of this technical process, LinkedIn obtains information as to which specific subpage of our website is visited by the data subject.
If the data subject is logged in to LinkedIn at the same time, LinkedIn recognises which specific subpage of our website the data subject is visiting each time the data subject accesses our website and during the entire stay on our website. This information is collected by the LinkedIn component and assigned by LinkedIn to the respective LinkedIn account of the data subject. If the data subject clicks on an integrated LinkedIn button on our website, LinkedIn assigns this information to the personal LinkedIn user account of the data subject and saves this personal data.
If the data subject is logged in to LinkedIn when accessing our website, LinkedIn always receives information via the LinkedIn component that the data subject has visited our website, regardless of whether the data subject clicks on the LinkedIn component or not. If such a transmission of this information to LinkedIn is not desired by the data subject, he/she can prevent the transmission by logging out of his/her LinkedIn account before accessing our website.
We have integrated the component Matomo on our website. Matomo is an open source tool for web analysis. Web analysis is the acquisition, collection and evaluation of data on the behaviour of visitors to websites. We collect data such as the website from which a data subject accessed our website (the socalled referrer address), which subpages of our website are accessed or how often and for how long a subpage is viewed. A web analysis is used to optimise a website and to analyse the costs and benefits of Internet advertising. Operator is Innocraft Ltd.,150 Willis St, 6011 Wellington, New Zealand. The Matomo Analytics server is operated as a component on our web server.
We have installed Google Maps on our website as a component for displaying our company on a map. With Google Maps, it is also possible for a data subject to calculate and display possible routes to us. Operator is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. Every time our contact and directions page is called up, Google receives information that the data subject is interested in our company and may want to have a route to us calculated. In the case of route calculation, Google receives additional location information about the data subject. More detailed in-formation about Google Maps can be found at the URL
If the data subject is logged in to Google+ at the same time, Google receives information about route directions, locations and possible intermediate destinations for route planning each time the data subject accesses our contact and directions page. This information is collected by Google and assigned to the respective Google+ account of the data subject.
If the data subject does not wish his/her personal data to be transmitted to Google, he/she can prevent this by logging out of his Google+ account before accessing our website. In addition, for many browsers there is the possibility of using appropriate plug-ins such as Noscript for Firefox (https://noscript.net) to allow or block the execution of script programs such as Google Maps domain-related using blacklists and whitelists.
We have integrated Google Ads on our website. Google Ads is an online advertising service for ads in the Google search engine and the Google advertising network. Operator is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The purpose of Google Ads is to promote our website by including interest-related advertisements on third-party websites and in Google search results. A so-called conversion cookie, which has a maximum validity of 30 days, is stored on the computer of the data subject via our website. This cookie can be used to track whether certain subpages on our website have been accessed if these pages were accessed by clicking on an Adword ad. This information is used by Google to compile visitor statistics and is made available to us for the purpose of evaluating and verifying the success of Google ads and thus enabling us to optimise them. This data is currently stored on servers in the USA; Google does not exclude the possibility that it may be passed on to third parties.
Every data subject can prevent the storage of cookies through our website at any time by means of the appropriate setting of his Internet browser and thus permanently object to this use. In addition, a cookie already set by Google Ads can be deleted at any time via the Internet browser or other programs.
In addition, a data subject may object to the interest-related advertising by Google. The selected set-tings are made by calling up the links https://www.google.de/settings/ads in the browser used in each case. Another possibility is the installation of a browser plugin, which can be downloaded under https://www.google.com/settings/ads/plugin
Further information on Google's current data protection regulations can be found at https://www.google.de/intl/de/policies/privacy
We do not use any profiling or automatic decision making measures.