Data protection statement of io-key.com
1. Scope, controller, data protection officer, definitions
1.1 The present data protection statement informs about how and what kinds of personal data of the user (in the following “you”) are processed by us, autosen gmbh, when you visit our websites.
Phone: +49 (0)201 749 189 21
Fax: +49 (0)201 749 189 22
is the controller pursuant to Article 4 no. 7 EU General Data Protection Regulation (GDPR) for the processing of personal data on our websites according to this Data Protection Regulation (cf. our Legal notice).
You can also directly contact our Data Protection Officer:
Data Protection Officer
Herr Arndt Halbach
Wetterauer Str. 6
1.3 Personal data means any data relating to you personally such as name, address, email addresses, the information about your use of our websites (see under number 2).
Processing means any operation performed on personal data such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.
2. Processing of personal data when visiting our websites or contact via email; purpose and basis
2.1 Informatory use of our websites
If the websites are used for information only, i.e. if you do not register or transmit information in any way, we only collect the personal data your browser transmits to our server. If you want to look at our websites, we collect the following data:
- IP address,
- date and time of the request,
- time zone difference to Greenwich Mean Time (GMT),
- content of the request (specific site),
- access status/HTTP status code,
- transferred amount of data,
- website from which the request is sent,
- operating system and its user interface,
- language and version of the browser software and
- your approximate location data which we derive from the above-mentioned data.
Purpose and basis
The purpose of the processing of this data is to show you our websites and to ensure stability and protection. Basis is Article 6 paragraph (1) sentence 1 (point f) GDPR. According to this paragraph the processing of personal data for the purposes of our legitimate interests is lawful except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.
This personal data is only stored for the time you visit our websites.
2.2 Contact by email or use of the contact form our websites
If you contact us by email or use a contact form, we process
- your advised request,
- the company you work for,
- your sex (title),
- your first and last names,
- your business contact data (email address, address and telephone number, the indication of your customer number is optional).
The purpose of the processing of this data is to answer your questions. We will delete the data collected in this context when storage is no longer necessary or restrict the processing if there is a legal obligation to retain data. The basis for the processing is Article 6 paragraph (1) sentence 1 point f GDPR except where there are legal obligations to retain data. In this case the basis for storage is Article 6 paragraph (1) sentence 1 point (c) GDPR; according to this the processing is lawful for compliance with a legal obligation.
Furthermore you have the possibility to receive regular information from us (newsletter, see below number 2.6 point (c)) irrespective of filling in the contact form and the reply to your request.
a) In addition to the previously mentioned data cookies are stored on your PC when you use our websites. Cookies are small text files which are stored on your hard disk assigned to the browser you use and by means of which the person setting the cookie (here: us) receives certain information. Cookies cannot execute any programs or transfer viruses to your computer. Their purpose is to make the websites more user-friendly and effective. The basis is your explicit consent you give when you start visiting our website and which can be revoked at any time pursuant to Article 6 paragraph (1) sentence 1 point (a) GDPR or Article 6 paragraph (1) sentence 1 point (f) GDPR.
b) These websites use the following types of cookies the scope and function of which are explained below:
- transient cookies (see a)
- persistent cookies (see b).
aa) Transient cookies are automatically deleted when you close the browser. They are in particular session cookies. They store a session ID by means of which several requests from your browser can be assigned to the common session. This allows your computer to be recognised when you return to our websites. The session cookies are deleted when you log out or close the browser.
bb) Persistent cookies are automatically deleted after a time defined by us. This time may vary according to the cookies. You can delete the cookies in the security settings of your browser at any time. With this deletion you also withdraw your consent to process the respective cookie.
c) You can configure the browser according to your wishes and for example reject the acceptance of third-party coolies or all cookies. Please note, that in such a case you may not be able to use all functions of our websites.
2.4. Google Analytics
a) This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files stored on your computer making it possible to analyse the way you use the websites. As a rule, the information about your use of these websites generated by means of cookies is transmitted to a Google server in the USA and stored there. If IP anonymisation is activated on these websites, your IP address is shortened beforehand by Google in countries in the European Union and other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. On behalf of the website owner, Google will use this information to evaluate your use of the websites, create reports about website activities and provide further services related to website and internet use to the website owner.
b) The IP address transferred by your browser in the context of Google Analytics will not be combined with other Google data.
c) You can prevent the storage of cookies by adjusting your browser settings accordingly; however, we point out that if you do so, you might not be able to use all functions of this Websites. Besides, you can prevent the transmission of data about your use of the websites generated by cookies (incl. your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available at:
d) These websites use Google Analytics with the extension “_anonymizeIp()”. IP addresses are then processed in a shortened form; reference to a person can thus be excluded. If a reference to a person is possible by means of the data collected for you, this reference is excluded at once and the personal data is deleted immediately.
e) We use Google Analytics to analyse the use of our websites and to be able to improve them regularly. By means of the statistics we can improve our websites and make them more interesting for you, the user. For exceptional cases in which personal data is transmitted to the USA, Google has submitted to comply with the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The basis for the use of Google Analytics is Article 6 paragraph 1 sentence 1 point (f) GDPR.
f) Information of the third party: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User conditions: http://www.google.com/analytics/terms/de.html, Übersicht zum Datenschutz: http://www.google.com/intl/de/analytics/learn/privacy.html, sowie die Datenschutzerklärung: http://www.google.de/intl/de/policies/privacy.
2.5 Integration of YouTube videos and videos via Movingimage
a) We have integrated YouTube videos in our online service which are stored at http://www.YouTube.com and can be played directly from our websites.
b) When you visit the websites, YouTube gets the information that you have accessed the respective sub-site of our websites. In addition, the data indicated under section 2.1 of this statement is transmitted. This happens irrespective of the fact if YouTube provides a user account via which you are logged in or if a user account does not exist. If you are logged in with Google, your data is directly assigned to your account. If you do not agree to this assignment to your profile at YouTube, you have to log out before the button is activated. YouTube stores your data as usage profiles and uses them for advertising and market research purposes and/or for a design tailored to suit the needs. Such an evaluation is made in particular (even for users who are not logged in) to enable advertising tailored to the needs and to inform other users of the social network about your activities on our websites. You have the right to object creation of these user profiles. In this case you have to address this right to object to YouTube.
c) Any other information for the purpose and scope of data collection and their processing by YouTube are given in the Data Protection Statement. There you also get further information about your rights and setting options to protect your privacy: https://www.google.de/intl/de/policies/privacy. Google processes your personal data also in the USA and has submitted to comply with the EU-US-Privacy-Shield, https://www.privacyshield.gov/EU-US-Framework.
2.6 Registration and newsletter
a) If you want to use certain services of our websites, for example the download of data, a registration of the following data concerning you is required:
- indication if you or the company you work for are an existing customer,
- sex (title),
- first name, last name,
- company you work for,
- your business contact data (email address, address and telephone number, the indication of your customer number is optional).
You have to assign a sufficiently secure password for this data.
b) We use the double-op-in process for registration. That means that we send an email to the indicated email address after entry of your registration data in which we ask you to confirm your registration data. If you do not confirm your registration, your information is blocked and deleted after the statutory storage period has elapsed (in any case up to the end of the period of limitation for any claims). Moreover, we store your used IP addresses and the times of entering your registration data and the confirmation. The purpose of the process is to evidence your registration and to solve a possible misuse of your personal data, if need be. The basis for this is Article 6 paragraph (1) sentence 1 point (f) GDPR.
On our websites you can register for our newsletter with current information about our company and our services.
Your consent to receive the newsletter is always freely given. You can withdraw your consent at any time. You can use all other functions of our websites irrespective of your consent to receive the newsletter. This also includes the functions in the context of the registration or the contact form.
After our registration for the newsletter we carry out the double-opt-in process as described above under point (b). If you have also registered for the newsletter during your registration, you confirm by means of the double-opt-in process your consent to receive the newsletter.
To send you the newsletter we only process your name, your sex (title) and your email address so that we can address you personally. The basis for the use of this processing of your personal data is Article 6 paragraph 1 sentence 1 point (a) GDPR. You can withdraw your consent to send you the newsletter at any time and unsubscribe from the newsletter. You can state your withdrawal by email to firstname.lastname@example.org or by sending a message to the contacts indicated in the Legal notice.
2.7 On the autosen webshop
a) If you want to place an order in our webshop, a requirement necessary to enter into a contract is that you indicate the personal data asked for which we need to process your order. Mandatory information necessary to process the contracts is marked separately; any other information is given freely. The data you indicate is used by us to process your order. The basis for this is Article 6 section (1) sentence 1 point (b) GDPR. If you are our customer but the company you work for, we process your business contact data on the basis of Article 4 paragraph (1) sentence 1 point (f) GDPR for the purpose of enabling and facilitating the communication with our customers to execute the contract.
b) Due to trade and tax laws we are obliged to store your address, payment and order data for a period of ten years. After the end of the period of limitation we limit processing, i.e. your data is only used to comply with the legal obligations.
2.8 Technical chat
To use our technical chat we process your email address, the company you work for and your technical questions.
We use this data to process your chat requests or to enable answers by other chat participants and to execute our respective web offer; the basis for this is Article 6 paragraph (1) sentence 1 point (f) GDPR. Your data will only be stored for the period it takes to answer your chat.
2.9 Applicant data
a) We process the following data of people applying for a job using the application form on our websites or any other means:
first name, last name, email address, address, telephone number (if indicated) and the application documents transmitted to us.
b) Subject to a separately given consent we only process the data to carry out the application process on which the respective application is based. Without this consent the data will not be stored after the end of the application process and the relevant storage periods.
2.10 Cloud-based sensor data collection
If you use io-key to save sensor data in our cloud, we store the personal data requested there to this end. We require this data to process the contract. The legal basis is Art. 6 section (1) sentence 1 letter b) GDPR. Insofar as you are not personally our Client, rather the business for whom you work is the Client, we process your business contact data on the legal basis of Art. 6 section (1) sentence 1 letter f) GDPR for the purpose of enabling and simplifying communication with our Client to carry out the contract. Owing to regulations under commercial and fiscal law, we are duty bound to save your address, payment and order data for a duration of ten years. The legal basis in this regard is Art. 6 section (1) sentence 1 letter c) GDPR. However, we restrict processing once the limitation periods have expired, meaning that your data is then used to adhere to statutory obligations only.
To render this Service, we have engaged a service provider: Software AG, Uhlandstr. 12, 64297 Darmstadt (Germany), as well as its cooperation partner of Software AG. Suitable order processing agreements were concluded pursuant to Art. 28 GDPR to ensure that your data is protected. Insofar as data is hereby transmitted to third-party countries, this takes place exclusively according to the 5th chapter of GDPR.
3. Transfer and communication of your data to a third party
We never transfer your data to a third party without your consent.
We partly use the support of a third party for electronic data processing. This is a reliable service provider we have selected very carefully so that they process your data according to our order. The basis is Article 28 GDPR. Our service providers are, of course, committed to handle the data carefully and only according to our instructions and the applicable data-protection regulations, in particular neither to use the data for their own purposes nor to transfer them to a third party.
Moreover, there may be individual cases in which we are legally obliged to forward your data by order from an official authority if this is required for the purpose of law enforcement or danger prevention by police or other authorities. The basis for transmission in such cases is Article 6 section (1) paragraph (1) point (c).
Finally there may be cases in which your data is transmitted to companies associated with autosen gmbH (subsidiaries or affiliates) for one of the purposes mentioned in number 2 due to the work distribution within the autosen group of companies.
The purpose of this transmission is to structurally fulfil the tasks arising in the course of pursuit of corporate goals within a group of companies within our group of companies according to our work distribution; the basis for this is Article 6 paragraph (1) sentence 1 point (f) GDPR.
If in this context personal data is processed outside the states of the European Economic Area (“EEA”), we protect your personal data by transmitting and processing your personal data within our group of companies only according to the standard contractual clauses defined by the EU Commission following Article 46 paragraph (2) point (c). The standard contractual clauses can be viewed and downloaded at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_de.
4. Your rights
4.1 You have the following rights against us with regard to the personal data concerning you:
- the right of information if and which of your personal data is processed by us,
- right to rectification or erasure of your data,
- right to restriction of processing,
- right to object processing if the basis for this processing is Article 6 paragraph (1) sentence 1 point (f) GDPR and
- right to data portability.
4.2 You also have the right to file a complaint with the data protection supervisory authorities about the processing of your personal data by us.
5. Amendment of this data protection statement
We reserve the right to amend this data protection statement at any time with future effect. The current version can be accessed on our websites. Please visit our websites regularly and inform yourself about the data protection regulations in effect.
Date: 25 November 2019