Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:
The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to the Ironshark GmbH. By means of this data protection declaration, our enterprise would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed, by means of this data protection declaration, of the rights to which they are entitled.
The data protection officer of IronShark GmbH is:
E-Mail: [email protected]
For all questions and suggestions on data protection, you can directly contact our data protection officer.
1. Collection of general data and information
The website of the Ironshark GmbH collects a series of general data and information when a data subject or automated system calls up the website. This general data and information are stored in the server log files. Collected may be (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrers), (4) the sub-websites, (5) the date and time of access to the Internet site, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) any other similar data and information that may be used in the event of attacks on our information technology systems.
When using these general data and information, the Ironshark GmbH does not draw any conclusions about the data subject. Rather, this information is needed to (1) deliver the content of our website correctly, (2) optimize the content of our website as well as its advertisement, (3) ensure the long-term viability of our information technology systems and website technology, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack. Therefore, the Ironshark GmbH analyzes anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.
Disclosure of data
A transfer of your personal data to third parties for purposes other than those listed below does not take place.
We only disclose your personal information to third parties if:
- You according to Article 6(1) lit. f GDPR have expressly consented to this,
- the disclosure pursuant to Article 6(1) lit. f GDPR is required to assert, exercise or defend legal claims and there is no reason to assume that you have a predominantly legitimate interest in not disclosing your data,
- in the event that disclosure pursuant to Article 6(1) lit. f GDPR there is a legal obligation,
- as permitted by law and in accordance with Article 6(1) lit. f GDPR is required for the settlement of contractual relationships with you.
The data subject may, at any time, prevent the setting of cookies through our website by means of a corresponding setting of the Internet browser used, and may thus permanently deny the setting of cookies. Furthermore, already set cookies may be deleted at any time via an Internet browser or other software programs. This is possible in all popular Internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be entirely usable.
Integration of services and content of third parties
This website incorporates content from third-party providers. These services or contents can be, for example, Youtube videos or graphics of other websites. In such case, the third party will use your IP address to enable the presentation of that content.
On the website of the Ironshark GmbH, users are given the opportunity to subscribe to our enterprise’s newsletter. The input mask used for this purpose determines what personal data are transmitted, as well as when the newsletter is ordered from the controller.
The Ironshark GmbH informs its customers and business partners regularly by means of a newsletter about enterprise offers. The enterprise’s newsletter may only be received by the data subject if (1) the data subject has a valid e-mail address and (2) the data subject registers for the newsletter shipping. A confirmation e-mail will be sent to the e-mail address registered by a data subject for the first time for newsletter shipping, for legal reasons, in the double opt-in procedure. This confirmation e-mail is used to prove whether the owner of the e-mail address as the data subject is authorized to receive the newsletter.
During the registration for the newsletter, we also store the IP address of the computer system assigned by the Internet service provider (ISP) and used by the data subject at the time of the registration, as well as the date and time of the registration. The collection of this data is necessary in order to understand the (possible) misuse of the e-mail address of a data subject at a later date, and it therefore serves the aim of the legal protection of the controller.
The personal data collected as part of a registration for the newsletter will only be used to send our newsletter. In addition, subscribers to the newsletter may be informed by e-mail, as long as this is necessary for the operation of the newsletter service or a registration in question, as this could be the case in the event of modifications to the newsletter offer, or in the event of a change in technical circumstances. There will be no transfer of personal data collected by the newsletter service to third parties. The subscription to our newsletter may be terminated by the data subject at any time. The consent to the storage of personal data, which the data subject has given for shipping the newsletter, may be revoked at any time. For the purpose of revocation of consent, a corresponding link is found in each newsletter. It is also possible to unsubscribe from the newsletter at any time directly via e-mail: [email protected].
When using the e-mail distribution list, the e-mail address of the user is initially stored in the “MailChimp” directory. Storage is solely for the purpose of confirming the registration under the “double opt-in” – process. If the e-mail address has been confirmed, it will be permanently stored by MailChimp. The storage takes place until the e-mail address is deleted by the user (owner of the e-mail address) or by the operator of this website. It also saves the date of registration and the IP address of the user. This storage takes place for the purpose of proof against the allegation of unsolicited sending of e-mails. Any other use of the IP address does not occur.
Contact possibility via the website
The website of the Ironshark GmbH contains information that enables a quick electronic contact to our enterprise, as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If a data subject contacts the controller by e-mail or via a contact form, the personal data transmitted by the data subject are automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the data controller are stored for the purpose of processing or contacting the data subject. There is no transfer of this personal data to third parties.
Comments function in the blog on the website
The Ironshark GmbH offers users the possibility to leave individual comments on individual blog contributions on a blog, which is on the website of the controller. A blog is a web-based, publicly-accessible portal, through which one or more people called bloggers or web-bloggers may post articles or write down thoughts in so-called blogposts. Blogposts may usually be commented by third parties.
If a data subject leaves a comment on the blog published on this website, the comments made by the data subject are also stored and published, as well as information on the date of the commentary and on the user’s (pseudonym) chosen by the data subject. In addition, the IP address assigned by the Internet service provider (ISP) to the data subject is also logged. This storage of the IP address takes place for security reasons, and in case the data subject violates the rights of third parties, or posts illegal content through a given comment. The storage of these personal data is, therefore, in the own interest of the data controller, so that he can exculpate in the event of an infringement. This collected personal data will not be passed to third parties, unless such a transfer is required by law or serves the aim of the defence of the data controller.
2. Social Media
We use social network plug-ins. A social network is generally a platform or app that allows users to communicate with each other, share opinions, or share content such as pictures with other users or in the social network. Users typically have the ability to create private or business profiles, network with each other, or provide private or business-related information.
We use the “Google +” button of the social network Google Plus on this website. Google Plus is operated by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, United States.
By calling up a single site of this website, which contains a “Google +” button, a connection will be established to Google’s servers. The content of the button is transmitted by Google directly to the browser of the user and incorporated into the website. At the same time, Google receives information about which specific sub-page of our website users are visiting, regardless of whether you click on a button or not. More detailed information about Google+ is available at https://developers.google.com/+/.
If you are logged in to Google+ during your visit to our website, Google recognizes which specific subpage you visit each time and during the entire visit. This information is collected through the Google+ button. Google maps this information to your Google Plus account. If you press a Google Plus button while visiting our website and submit a Google + 1 recommendation, Google also assigns this information to your personal account and saves it. Google stores and processes this information along with other information, such as your name, search results, photos. Google is able to link this information together, and uses that data to improve its services.
If you are a Google Plus member and do not wish to have such data collection and / or linking, you can prevent the transfer by logging out of the respective Google Plus account.
Use of the Facebook-Plugin
On this website, plugins of the social network Facebook (Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA) are integrated. If you live outside of Canada or the United States, the Responsible for processing of personal data is Facebook Ireland Ltd., (4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland).
Facebook plugins can be recognized by the Facebook logo or the “Like-Button” (“Like”). An overview of the Facebook plug-ins can be found at http://developers.facebook.com/docs/plugins/?locale=en_US.
When loading a page of this website containing a Facebook plugin, a connection with the Facebook servers is established. The contents of the button is transmitted from Facebook directly to the user’s browser and integrated into the website. At the same time, Facebook receives information about which specific sub-page of our website you are visiting, regardless of whether you click on a button or not.
An assignment of the visit of this Internet appearance by Facebook to the Facebook user account does not take place, if the user logs out of his Facebook account.
Use of the Twitter-Plugins
This website integrates the functions of Twitter services. These features are provided by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA. By using Twitter and the function “Re-Tweet”, the websites visited by the user are linked to the respective Twitter account and made known to other users. This data is also transmitted to Twitter.
The privacy settings on Twitter can be changed by the user in their account settings.
Use of the XING Share button
This website uses plug-ins of the social network LinkedIn of LinkedIn Corporation (2029 Stierlin Court, Mountain View, CA 94043), based in the US. With the LinkedIn plugin, users of this website can share content through their LinkedIn account. The user must be logged in to LinkedIn. The content is shared by clicking on the LinkedIn button. The LinkedIn button can be recognized by the corresponding LinkedIn logo.
The LinkedIn plugin will connect to and transfer data between the user’s Internet browser and the LinkedIn server when visiting this website. If the user is signed in to LinkedIn, LinkedIn will link the visit to the user’s website and LinkedIn account.
The provider of this website has no knowledge of which data is transmitted to LinkedIn.
This site uses plugins from Instagram, Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA. The Instagram plugins can be recognized by the Instagram logo.
If the user logs out of Instagram, there is no assignment of the visit of this website by Instagram to the user account.
Google Analytics (with anonymization function)
This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”), Google Analytics component is Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA. Google Analytics uses so-called “cookies”. These are text files that are stored on the user’s computer and that allow an analysis of the user’s use of the website. The information generated by the cookie about the use of this website (including the IP address) is transmitted to a Google server in the USA and stored there. Your IP address will be shortened and processed further anonymously with the method _anonymizeIp (), if the access to this website is from a member state of the European Union or another contracting state of the Agreement on the European Economic Area. A person-related ability can thus be excluded. As far as the collected data of the user has a personal reference, this is therefore immediately excluded. The personal data will be deleted immediately.
Google will use the information to evaluate the use of the website, to compile reports on website activity for website operators and to provide other services related to website activity and internet usage. Google may also transfer this information to third parties if required by law or as far as third parties process this data on behalf of Google. Google will not associate IP address of the user with other data held by Google.
This website uses Google Universal Analytics. This enables a cross-device analysis of user behavior. The evaluation takes place via a user ID. You can disable the cross-device analysis of your usage under “My Account”, “Personal Information” in your customer account.
We use HubSpot, a service of HubSpot Ireland Limited, Ground Floor, Two Dockland Central, Guild Street, Dublin 1, Ireland.
HubSpot allows us to optimize marketing, customer service and customer management and to digitalize various services. For example, we use HubSpot to analyze visitor behavior from our website, to generate leads, for newsletter marketing and to manage our contacts.
When using HubSpot, certain personal data – such as IP address, location or time of page view – is collected and processed. This information is stored on servers of HubSpot and evaluated on our behalf.
Legal basis for this data processing is Art. 6 para. 1 lit. a DSGVO, if the data is processed for marketing purposes such as website tracking or newsletter. If we process the data as part of customer service and customer management the legal basis is Art. 6 para. 1 lit. b DSGVO.More information about data processing by HubSpot can be found at https://legal.hubspot.com/de/datenschutz
Notice about the use of Hotjar
This website uses Google Adwords for online advertising. Cookies are used by Google as well as by third-party providers (eg double-click cookies) – if necessary also combined. This allows the circuit of optimized ads on websites of Google and third-party due to the previous visits of the user of this website.
This website uses the following Google AdWords features:
- Interest categories
- Similar target groups
- Conversion Tracking
- Other types of interest-based advertising
Users of this website may object to data collection and storage at any time with effect for the future. The deactivation of cookies is possible via the following links
Conversion Tracking with Google
This website uses conversion tracking as part of Google AdWords. This is an analysis service provided by Google Inc. (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; “Google”).
When you click on an ad delivered by Google a cookie for conversion tracking is stored on the user’s computer. These cookies are valid for 30 days, do not contain any personal data. Personal identification is therefore not possible.
If you visit this website before the cookie expires, both Google and we may recognize that the user clicked on a particular ad and was redirected to that page. Cookies can not be tracked on the Webseites of Adwords customer, as each AdWords customer receives a separate cookie.
5. Rights of the data subject
- Right to withdraw data protection consent
Each data subject shall have the right granted by the European legislator to withdraw his or her consent to processing of his or her personal data at any time. If the data subject wishes to exercise the right to withdraw the consent, he or she may, at any time, contact any employee of the Ironshark GmbH.
- Right of access
Each data subject shall have the right granted by the European legislator to obtain from the controller free information about his or her personal data stored at any time and a copy of this information. Furthermore, the European directives and regulations grant the data subject access to the following information:
- the purposes of the processing;
- the categories of personal data concerned;
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- the existence of the right to request from the controller rectification or erasure of personal data, or restriction of processing of personal data concerning the data subject, or to object to such processing;
- the existence of the right to lodge a complaint with a supervisory authority;
- where the personal data are not collected from the data subject, any available information as to their source;
- the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.
Furthermore, the data subject shall have a right to obtain information as to whether personal data are transferred to a third country or to an international organisation. Where this is the case, the data subject shall have the right to be informed of the appropriate safeguards relating to the transfer.
If a data subject wishes to avail himself of this right of access, he or she may, at any time, contact any employee of the controller.
- Right to rectification;
Each data subject shall have the right granted by the European legislator to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.If a data subject wishes to exercise this right to rectification, he or she may, at any time, contact any employee of the controller.
- Right to erasure (Right to be forgotten)
Each data subject shall have the right granted by the European legislator to obtain from the controller the erasure of personal data concerning him or her without undue delay, and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies, as long as the processing is not necessary:
- The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
- The data subject withdraws consent to which the processing is based according to point (a) of Article 6(1) of the GDPR, or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing.
- The data subject objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR.
- The personal data have been unlawfully processed.
- The personal data must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
- The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.
If one of the aforementioned reasons applies, and a data subject wishes to request the erasure of personal data stored by the Ironshark GmbH, he or she may, at any time, contact any employee of the controller. An employee of Ironshark GmbH shall promptly ensure that the erasure request is complied with immediately.
Where the controller has made personal data public and is obliged pursuant to Article 17(1) to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers processing the personal data that the data subject has requested erasure by such controllers of any links to, or copy or replication of, those personal data, as far as processing is not required. The employees of the Ironshark GmbH will arrange the necessary measures in individual cases.
- Right of restriction of processing
Each data subject shall have the right granted by the European legislator to obtain from the controller restriction of processing where one of the following applies:
- The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
- The processing is unlawful and the data subject opposes the erasure of the personal data and requests instead the restriction of their use instead.
- The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims.
- The data subject has objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.
If one of the aforementioned conditions is met, and a data subject wishes to request the restriction of the processing of personal data stored by the Ironshark GmbH, he or she may at any time contact any employee of the controller. The employee of the Ironshark GmbH will arrange the restriction of the processing.
- Right to data portability
Each data subject shall have the right granted by the European legislator, to receive the personal data concerning him or her, which was provided to a controller, in a structured, commonly used and machine-readable format. He or she shall have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, as long as the processing is based on consent pursuant to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR, or on a contract pursuant to point (b) of Article 6(1) of the GDPR, and the processing is carried out by automated means, as long as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.Furthermore, in exercising his or her right to data portability pursuant to Article 20(1) of the GDPR, the data subject shall have the right to have personal data transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.In order to assert the right to data portability, the data subject may at any time contact any employee of the Ironshark GmbH.
- Right to object
Each data subject shall have the right granted by the European legislator to object, on grounds relating to his or her particular situation, at any time, to processing of personal data concerning him or her, which is based on point (e) or (f) of Article 6(1) of the GDPR. This also applies to profiling based on these provisions.The Ironshark GmbH shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.If the Ironshark GmbH processes personal data for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing. This applies to profiling to the extent that it is related to such direct marketing. If the data subject objects to the Ironshark GmbH to the processing for direct marketing purposes, the Ironshark GmbH will no longer process the personal data for these purposes.In addition, the data subject has the right, on grounds relating to his or her particular situation, to object to processing of personal data concerning him or her by the Ironshark GmbH for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.In order to exercise the right to object, the data subject may contact any employee of the Ironshark GmbH. In addition, the data subject is free in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, to use his or her right to object by automated means using technical specifications.If you would like to exercise your right of revocation or objection, please send an e-mail to [email protected]
6. Data security
During the visit of this website, the Secure Socket Layer (SSL) method is used in conjunction with the highest level of encryption supported by the user’s browser. This is usually a 256 bit encryption. If the user’s browser does not support 256-bit encryption, a 128-bit v3 technology is used. The encrypted transmission of a page of this website can be recognized by the key or lock symbol in the status bar of the browser.
In addition to the SSL encryption technical and organizational security measures are used to protect the data against accidental or intentional manipulation, loss, destruction or against unauthorized access by third parties. These security measures are continuously being improved in line with technological developments.
A regulatory opinion on the use of Universal Analytics is not yet available. This leaves a certain amount of legal uncertainty until either an opinion or, if necessary, a court ruling is available.
In any case, the data subject must be informed about the extended use and be shown the possibility to opt-out.