Search

Privay policy

Information Obligation under Art. 12 et seq. EU GDPR
Name and Address of the Controller

Your point of contact as the controller within the meaning of the European General Data Protection Regulation (“EU GDPR”) and other national data protection laws of the member states as well as other applicable data protection regulations is:

 

ICS International GmbH
Identcode-Systeme
Donaustr. 1
65451 Kelsterbach
Germany

 

Email: info@ics-group.eu

 

ICS International GmbH Identcode-Systeme (hereafter: ICS or editor) is a company of the ICS Group. The ICS Group provides consulting, software, technology, and services for the digitalization of business processes.

 

Our products, solutions, and services deliver significant value to customers. The foundation for this is strong, trust-based relationships with customers, suppliers, partners, as well as with prospective clients, employees, and other stakeholders.

 

In order to provide our services, it is at times necessary to collect and process personal data. ICS has always taken the protection of personal data very seriously and strictly complies with legal requirements – currently including, among others, the General Data Protection Regulation GDPR 2016/679 and, in Germany, the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG).

 

Personal data is collected, processed, and used by ICS only to the extent necessary.

The following statement provides you with an overview of how we ensure data protection and what type of data is collected for which purpose.

 


Table of Contents

1) Scope & Notice Regarding Children
2) Collection & Processing of Personal Data
3) Data Collection When Using Our Website and Digital Services
4) Use of Personal Data
5) Your Rights under the GDPR
6) Changes to This Privacy Policy
7) Further Information / Data Protection Contact


1) Scope & Notice Regarding Children

This Privacy Policy applies to all websites and digital services operated by ICS, including all related content, functions, tools, products, and services (“Services”).

 

Our Services are not directed to children under the age of 16. We do not knowingly collect personal data from children under the age of 16 unless required in connection with an application or an employment relationship.

 

If we become aware that we have processed personal data of a child without the necessary consent of the parents or legal guardians, we will promptly delete such data.

 

2) Collection & Processing of Personal Data

2.1) General

 

We collect and process data about you in the following cases:

 

  • When you contact us directly, e.g., via our website, through our customer service / telephone hotline, and you are interested in our products or services, or if you have any other inquiry.
  • When you register as a participant/visitor for professional events of ICS, such as trade shows and exhibitions, and/or voluntarily provide us with your contact details at such events.
  • When you purchase or request products and services directly from us.
  • When you respond to our direct marketing activities, e.g., by returning a response card from a mailing campaign.
  • When affiliated companies (pursuant to Section 15 of the German Stock Corporation Act – Aktiengesetz, AktG) or individual business partners lawfully transfer data about you to us.
  • When you provide us with data as part of recruitment and application processes (online/offline).

 

We do not share your data with third parties without your consent. Exceptions apply if:

 

  • We are legally required to disclose information.
  • The transfer of data is legally permissible and necessary, e.g., for fraud prevention.
  • Affiliated companies (pursuant to Section 15 of the German Stock Corporation Act – Aktiengesetz, AktG) need to be involved in processing your request/inquiry.

 

2.2) Data Processing by External Service Providers

 

To provide our Services, we rely on selected external service providers that process personal data on our behalf. With all data processors, a data processing agreement has been concluded in accordance with Art. 28 of the EU General Data Protection Regulation (GDPR).

 

We ensure that the processing of personal data is carried out exclusively in accordance with our instructions and is protected by appropriate technical and organizational measures (TOM).

 

Processing generally takes place within the European Union (EU) or the European Economic Area (EEA). If, in exceptional cases, data is transferred to a third country (e.g., the United States), this is done only on the basis of appropriate safeguards, such as the Standard Contractual Clauses (SCC) of the European Commission or equivalent legal instruments.

 

Examples of processors we use within the EU include:

 

  • Hosting and IT service providers (e.g., server locations in the EU)
  • CRM systems (e.g., Zoho CRM, located in the Netherlands)
  • Newsletter service providers (e.g., Zoho Campaigns, located in the Netherlands)
  • Logistics and shipping partners within the EU.

 

2.3) Processing in the Customer Database

 

We store and use received contact details and information (such as business communication histories) from customers and prospects for the purpose of managing or initiating business relationships. Processing is carried out on the basis of Art. 6 (1) lit. b GDPR (performance of a contract), and/or Art. 6 (1) lit. f GDPR (legitimate interest in efficient customer management).

 

Personal data is collected and stored strictly in accordance with the provisions of the General Data Protection Regulation (GDPR 2016/679) and the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) in its current version.

 

For our customer database, we and our affiliated companies (pursuant to Section 15 of the German Stock Corporation Act – Aktiengesetz, AktG) use Zoho CRM. The provider is Zoho Corporation B.V., Beneluxlaan 4B, 3527 HT Utrecht, Netherlands (hereinafter: “Zoho”). The data is stored on Zoho’s servers located in the Netherlands / within the EU. To fulfill the service, we and our affiliated companies (pursuant to Section 15 of the German Stock Corporation Act – AktG) have concluded a data processing agreement with Zoho.

 

You have the right at any time to request information about the data stored about you in the customer database, as well as to request corrections or deletion of such data.

 

Further information on data protection at Zoho CRM is available online at: https://www.zoho.com/crm/gdpr/.
Details on Zoho CRM’s security measures can be found here: https://www.zoho.com/security.html.

 

2.4) Processing in the Workflow Management System

 

For certain business processes (e.g., ticket management, support requests, workflow automation), we use the ServiceNow collaboration platform. The provider is ServiceNow Netherlands B.V., Hoogoorddreef 54D, 1101 BE Amsterdam, Netherlands. The parent company is ServiceNow, Inc., 2225 Lawson Lane, Santa Clara, CA 95054, USA.

 

In the course of use, the following categories of personal data may be processed in particular:

 

  • Master data (e.g., first name, last name, company, email address, telephone number)
  • Communication content (e.g., support requests, ticket histories, attachments)
  • Usage data (e.g., time of request, IP address, log files)

 

Processing is carried out solely for handling support requests, providing our services, and optimizing internal processes.

 

The legal basis is Art. 6 (1) lit. b GDPR (performance of a contract), insofar as the data processing is necessary for handling your request, and Art. 6 (1) lit. f GDPR (legitimate interest) in the efficient and secure processing of support and business processes.

 

ServiceNow generally stores data on servers within the EU/EEA. However, a transfer to third countries (in particular the United States) cannot be completely ruled out. If such a transfer occurs, it is based on the European Commission’s Standard Contractual Clauses (SCC) in accordance with Art. 46 GDPR.

 

Further information on data protection at ServiceNow is available here: https://www.servicenow.com/privacy-statement.html

 

2.5) Categories of Personal Data

 

Depending on your use of our Services, we process in particular the following categories of personal data:

 

  • Contact data: name, address, billing and shipping address, telephone number, email address
  • Financial data: payment information, transaction details, payment confirmations
  • Account information: username, passwords, settings, security questions
  • Transaction information: items viewed, ordered, returned, or canceled; order history
  • Communication data: contents of inquiries, support contacts, feedback
  • Device information: device type, browser, IP address, unique identifiers
  • Usage information: interactions with our websites, services, and online shops.

 

3) Data Collection When Using Our Website and Digital Services

3.1) General

 

When you visit our website, personal data is generally processed only to the extent necessary to provide a functional website as well as our content and services. Whenever personal data is collected on our pages (e.g., name, address, or email address in contact forms), this is always done on a voluntary basis. Your data is transmitted in encrypted form using SSL/TLS.

 

The processing of your data is carried out in accordance with European and German data protection regulations (GDPR and the German Federal Data Protection Act – Bundesdatenschutzgesetz, BDSG) as well as our internal policies.

 

Personal data is used in particular for the purpose of order processing and handling your inquiries. Depending on the type and content of your inquiry, your data may be shared with affiliated companies (pursuant to Section 15 of the German Stock Corporation Act – Aktiengesetz, AktG) if this is necessary to process your request.

 

3.2) Website Hosting, FTP Services, and Email Communication

 

Our website is hosted by IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany. When you access our website, IONOS automatically collects information in so-called server log files. These data include:

 

  • IP address of the requesting device
  • Date and time of access
  • Address of the accessed page/file
  • Referrer URL (the previously visited page)
  • Browser type and version
  • Operating system used

 

The log files are used to ensure operational reliability and system security as well as to prevent attacks. The legal basis for this processing is our legitimate interest in accordance with Art. 6 (1) lit. f GDPR (ensuring IT security and the functionality of our website).

 

In addition, we use FTP and SFTP servers (File Transfer Protocol) from IONOS SE for uploading, managing, and exchanging files. When accessing the FTP server, log files are automatically generated for technical reasons, including:

 

  • IP address of the requesting device
  • Username used (FTP login)
  • Date and time of access
  • Accessed or transferred files
  • Server status messages (e.g., successful/failed login attempts)

 

Processing of these data is necessary to ensure the operation and security of the file server, to trace access (e.g., for error analysis or to prevent misuse), and to enable authorized users to securely exchange files.

 

The legal basis for this processing is Art. 6 (1) lit. f GDPR (legitimate interest in secure and stable operation of the FTP service), and Art. 6 (1) lit. b GDPR (performance of a contract), insofar as the data exchange occurs within the scope of contractual relationships.

 

We also use IONOS for sending and receiving emails. In this context, the personal data you transmit (e.g., name, email address, message content) is stored and processed on IONOS servers. The legal basis is Art. 6 (1) lit. b GDPR (performance of a contract) for inquiries, orders, or communication.

 

A data processing agreement (DPA) pursuant to Art. 28 GDPR has been concluded with IONOS to ensure GDPR-compliant use.

 

Further information can be found in the IONOS privacy policy: https://www.ionos.com/terms-gtc/privacy-policy/.

 

3.3) Google Analytics

 

Our website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

 

Google Analytics uses cookies to enable an analysis of your use of the website. The information generated by the cookies (including your IP address) is usually transmitted to Google servers and stored there.

 

We have extended Google Analytics with the “anonymizeIP” function, so that your IP address is shortened within the EU/EEA before transmission. Only in exceptional cases is the full IP address transmitted to a Google LLC server in the United States and shortened there.

 

On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compile reports on website activity, and provide us with other services related to website usage.

 

In this context, personal data may be transferred to servers of Google LLC in the United States. For the US, an adequacy decision of the European Commission (EU–US Data Privacy Framework) exists. Google is certified under this framework and is committed to complying with European data protection standards.

 

The use of Google Analytics is based solely on your consent (Article 6 (1) (a) GDPR in conjunction with Section 25 of the German Telecommunications and Telemedia Data Protection Act – TTDSG). Consent is obtained through our cookie banner and can be withdrawn or adjusted there at any time with effect for the future.

Further information regarding the Google Privacy Policy: https://policies.google.com/privacy.
Google Analytics Help: https://support.google.com/analytics/answer/6004245?hl=en.

 

3.4) Cookies

 

Our website uses cookies. Cookies are small text files stored on your device that contain certain information. They help make our website more user-friendly, effective, and secure overall.

 

We distinguish between the following categories of cookies:

 

  • Essential cookies: Technically required to provide the website and its functions. These cannot be disabled.
  • Functional cookies: Enable enhanced features and a more convenient use of our website.
  • Statistics cookies: Collect information about how our website is used, such as which pages are visited most frequently (e.g., Google Analytics).
  • Marketing cookies: Allow interest-based advertising to be displayed to users based on their browsing behavior.

 

Consent Management Tool: When you first access our website, you will be informed via a cookie banner about the use of cookies. Through this tool, you can decide which categories of cookies you want to allow. Essential cookies are preselected. You can withdraw or adjust your consent at any time with effect for the future via the settings in the consent tool.

 

Change consent Cookie declaration

 

3.5) Newsletter

 

We and our affiliated companies (pursuant to Section 15 of the German Stock Corporation Act – Aktiengesetz, AktG) use Zoho Campaigns to send newsletters. The provider of this application is Zoho Corporation B.V., Beneluxlaan 4B, 3527 HT Utrecht, Netherlands (hereinafter: “Zoho”). Zoho Campaigns is a service for creating, sending, and managing marketing emails and newsletters. Data is stored on Zoho’s servers in the Netherlands / within the EU. ICS is responsible for the data processing in relation to you. Processing is carried out solely on the basis of your consent (Article 6 (1) (a) GDPR).

 

3.5.1) Subscription

 

On our website, you can subscribe to our newsletter. If you would like to receive the newsletter offered on the website, we require a valid email address from you as well as information that allows us to verify that you are the owner of the provided email address, or that the owner agrees to receive the newsletter.

 

You may optionally provide your last name and form of address when subscribing. No further data is collected. The personal data collected is used solely to send you our email newsletter. Consent is granted through the legally required double opt-in procedure.

 

With your consent, you can subscribe to our newsletter. The data you enter for newsletter subscription (e.g., email address) is stored on Zoho’s servers. Processing takes place based on Article 6 (1) (a) GDPR. By subscribing, you also consent to our tracking of your click and open behavior in order to optimize our newsletter offering.

 

3.5.2) Data Processing Agreement

 

We and our affiliated companies (pursuant to Section 15 AktG) have entered into a data processing agreement with Zoho and fully comply with European and German data protection requirements when using Zoho Campaigns. We transfer the data you provide during subscription to Zoho solely for the purpose of sending marketing emails and newsletters on our behalf. Data is stored by Zoho in a way that prevents other Zoho customers or third parties from accessing it.

 

3.5.3) Further Information on Zoho Campaigns

 

The terms of service applicable to us for Zoho Campaigns can be viewed at the following link: https://www.zoho.com/campaigns/terms.html. Detailed information on data protection in connection with Zoho Campaigns is available online at: https://www.zoho.com/crm/gdpr/. Information about security measures at Zoho Campaigns can be found at the following webpage: https://www.zoho.com/security.html.

 

3.5.4) Withdrawal

 

You may withdraw your consent at any time without affecting the lawfulness of processing carried out before the withdrawal. If consent is withdrawn, we will stop the corresponding data processing. If you no longer wish to receive the newsletter in the future, you may unsubscribe at any time, e.g., via the unsubscribe link at the end of each newsletter or by emailing marketing@ics-group.eu. Your data used for newsletter distribution will be deleted once you unsubscribe, provided that no statutory retention obligations prevent deletion.

 

3.6) Social Media Presence

 

We maintain publicly accessible profiles on the following social networks: Facebook, Instagram, LinkedIn, Xing, X (formerly Twitter), and YouTube. On our website, we link to our social media profiles and, in some cases, also use functions (social plugins) provided by these platforms.

 

3.6.1) Links to Our Social Media Profiles

 

On our website, you will find links to our profiles on the social networks Facebook, Instagram, LinkedIn, Xing, X (formerly Twitter), and YouTube.

 

These are external links only; no data is transmitted to the operators of these networks simply by visiting our website.

 

Personal data may only be processed once you click on the respective link and are redirected to the provider’s platform. We have no influence over this processing. Information on how these providers handle personal data can be found in the privacy policies of the respective platforms:

 

 

3.6.2) Functions (Social Plugins)

 

On our website, we also use certain functions provided by social platforms, such as the Like, Follow, or Share buttons. When you visit a page that contains such a plugin, your browser establishes a direct connection to the servers of the respective provider.

 

In this process, personal data (in particular IP address, browser information, time of page access) may be transmitted to the provider – even if you do not have an account with the provider or are not logged in.

 

The legal basis for the use of such plugins is your consent in accordance with Article 6 (1) (a) GDPR. Consent is obtained through our cookie banner and can be withdrawn at any time.

 

Some providers may also process your data in the United States or other third countries. Since July 10, 2023, an adequacy decision of the European Commission (EU–US Data Privacy Framework) has been in place for the United States. Providers certified under this framework offer an adequate level of data protection. For other providers, data transfers are carried out based on the European Commission’s Standard Contractual Clauses (Article 46 (2) (c) GDPR) and, where applicable, additional measures to protect your data.

 

Please note that we have no knowledge of the content of the transmitted data or how it is used by the respective social media platform.

 

Further information on the purpose and scope of data processing can be found in the privacy policies of the respective providers.

Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, for Facebook: https://www.facebook.com/privacy/policy/.
and Instagram: https://privacycenter.instagram.com/policy.

 

LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland:
https://www.linkedin.com/legal/privacy-policy.

 

New Work SE (Xing), Am Strandkai 1, 20457 Hamburg, Germany:
https://privacy.xing.com/en/privacy-policy.

 

X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA (EU Representative:
X International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, Ireland): https://x.com/en/privacy

 

Google Ireland Limited (YouTube), Gordon House, Barrow Street, Dublin 4, Irland:
https://policies.google.com/privacy?hl=en

 

3.7) Embedded YouTube Videos

 

We occasionally embed videos from YouTube on our website, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

 

When you play an embedded YouTube video, a connection is established to YouTube’s servers. In doing so, the YouTube server is informed which of our pages you have visited. If you are logged into your YouTube or Google account, you allow Google to directly associate your browsing behavior with your personal profile. You can prevent this by logging out of your YouTube account beforehand.

 

We use YouTube in enhanced privacy mode. This means that YouTube does not set cookies until you start playing the video. Only when the video is started are data processing activities triggered, over which we have no control.

 

In this process, personal data may also be transferred to servers of Google LLC in the United States. For the US, an adequacy decision of the European Commission (EU–US Data Privacy Framework) is in place. Google is certified under this framework and is committed to complying with European data protection standards.

 

Processing is carried out on the basis of your consent (Article 6 (1) (a) GDPR), which you provide via our cookie banner. You may withdraw this consent at any time with effect for the future.

 

Further information on the purpose and scope of data processing can be found in YouTube/Google’s privacy policy: https://policies.google.com/privacy?hl=en.

 

3.8) Use of Tracking and Marketing Tools

 

3.8.1) Meta Pixel (Facebook/Instagram)

 

On our website, we may use the Meta Pixel (formerly Facebook Pixel) provided by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland, as part of marketing campaigns.

 

The pixel enables Meta to identify visitors to our website as a target group for displaying ads (Facebook Ads / Instagram Ads). It also allows us to track the effectiveness of our advertising campaigns for statistical and market research purposes.

 

In this process, personal data may also be transferred to servers of Meta Platforms Inc. in the United States. For the US, an adequacy decision of the European Commission (EU–US Data Privacy Framework) is in place. Meta is certified under this framework and is committed to complying with European data protection standards.

 

Processing takes place only with your explicit consent (Article 6 (1) (a) GDPR). Consent is obtained through our cookie banner and can be withdrawn at any time. Without your consent, the Meta Pixel will not be used.

 

Further information:

 

 

3.8.2) LinkedIn Insight Tag

 

Our website may also use the LinkedIn Insight Tag provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, in connection with specific campaigns.

 

The Insight Tag allows us to create statistical analyses of website usage by LinkedIn members and measure the effectiveness of our LinkedIn advertising. It also enables us to create audiences for ads (Matched Audiences).

 

In this process, personal data may also be transferred to servers of LinkedIn Corporation in the United States. For the US, an adequacy decision of the European Commission (EU–US Data Privacy Framework) is in place. LinkedIn is certified under this framework and is committed to complying with European data protection standards.

 

Processing takes place only with your explicit consent (Article 6 (1) (a) GDPR). Consent is obtained through our cookie banner and can be withdrawn at any time. Without your consent, the LinkedIn Insight Tag will not be used.

 

Further information:

 

 

3.9) Contact Form

 

If you send us inquiries via our contact form, the information you provide in the form, including the contact details you enter, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. Depending on the type and content of your inquiry, your data may be shared with affiliated companies (pursuant to Section 15 of the German Stock Corporation Act – Aktiengesetz, AktG) if this is necessary for processing.

 

3.10) Links to Other Websites and Third-Party Applications

 

To interact with other websites where you are registered as a user (e.g., Facebook, etc.), we may provide links or integrate third-party applications. We may also provide general links to websites of other providers. The use of such links and applications is governed by the providers of those websites and is subject to their privacy policies. ICS is not responsible for the privacy practices or the content of these websites.

 

3.11) Live Chat Function and Website Heat Map

 

Our website uses the services Zoho SalesIQ and Zoho PageSense, provided by Zoho Corporation B.V., Beneluxlaan 4B, 3527 HT Utrecht, Netherlands (EU headquarters). Data collected through these services is stored on Zoho’s servers in the Netherlands / within the EU.

 

Zoho SalesIQ enables the analysis of user behavior as well as the provision of a live chat function on our website. Cookies may be used that allow an analysis of website usage. You may use the chat anonymously by simply entering your inquiry into the text field. Providing personal data (e.g., name, email address) is optional. If you do provide such information, it will be stored together with the chat history in our Zoho CRM system (see section Processing in the customer database of this Privacy Policy). Storage only occurs to the extent necessary to process your inquiry.

 

In addition, when visiting our website, we collect anonymized usage data via Zoho PageSense. This service records visits and clicks on our website completely anonymously and provides us with a heat map that helps us review general website usage and optimize our content accordingly. No usage data or personal data is collected or stored by Zoho PageSense.

 

The use of Zoho SalesIQ and Zoho PageSense is based solely on your consent (Article 6 (1) (a) GDPR in conjunction with Section 25 of the German Telecommunications and Telemedia Data Protection Act – TTDSG). Consent is obtained through our consent management tool (cookie banner). When you first visit our website, you can choose which categories of cookies (e.g., “Statistics,” “Marketing”) you wish to allow. Without your consent, the corresponding cookies will not be set, and no data will be transmitted to Zoho. You may withdraw or change your consent at any time with effect for the future via the settings in the cookie banner.

 

Further information is available in the Zoho Privacy Policy: https://www.zoho.com/privacy.html and Zoho’s Security Information: https://www.zoho.com/security.html

 

3.12) Microsoft Office Services “Bookings” and “Teams”

 

We use the Microsoft Bookings and Microsoft Teams services, provided by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. The parent company is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

 

Microsoft Bookings enables simple and user-friendly appointment scheduling (e.g., consulting, support, sales). Microsoft Teams enables online meetings, video conferences, and chats. When using these services, the following data may be processed:

 

  • Microsoft Bookings: name, email address, telephone number (if applicable), appointment details (date, time, purpose), and any other voluntary information you may provide.
  • Microsoft Teams: user account information (name, email, profile picture), communication content (chats, files, shared content), metadata (IP address, device information, connection data).

 

Data processing is carried out exclusively for the purpose of scheduling, managing, and conducting appointments, as well as for communication with you. The legal basis is Article 6 (1) (b) GDPR – where processing is necessary for the performance of (pre-)contractual measures (e.g., appointment scheduling, conducting meetings), and Article 6 (1) (f) GDPR – where we have a legitimate interest in an efficient and secure appointment and communication solution.

 

We may share your data with affiliated companies (pursuant to Section 15 of the German Stock Corporation Act – Aktiengesetz, AktG) and, if necessary, other third parties, insofar as this is required to prepare and/or carry out an appointment with you. Beyond this, data will only be shared with third parties if we are legally required to do so.

 

We and our affiliated companies (pursuant to Section 15 AktG) take appropriate technical and organizational measures to protect your personal data from unauthorized access, loss, or misuse. This includes encryption of data transfers, access restrictions, and regular reviews of our security measures. Other third parties to whom we transmit personal data are contractually obliged to implement adequate data protection measures.

 

Data is stored for as long as it is required for the respective appointment or communication purpose, or as long as statutory retention periods apply. In the case of a subsequent business relationship, statutory retention obligations also apply. Data will only be shared with third parties if necessary for conducting the appointment or if required by law.

 

Microsoft stores most customer data from the EU in European data centers. However, it cannot be ruled out that, in certain cases, personal data may be transferred to third countries (particularly the United States), for example in connection with support and maintenance services. To safeguard such transfers, Microsoft uses the European Commission’s Standard Contractual Clauses (Article 46 (2) (c) GDPR) and, where applicable, additional protective measures. In addition, since July 10, 2023, an adequacy decision of the European Commission (EU–US Data Privacy Framework) applies for the United States. Microsoft is certified under this framework.

 

Further information can be found in Microsoft’s Privacy Statement https://privacy.microsoft.com/en-us/privacystatement as well as Microsoft’s Security Information: https://www.microsoft.com/en-us/microsoft-365/business/data-security-privacy.

 

3.13) Review Platform Proven Expert

 

Our website uses functions of the review platform Proven Expert, a service of Expert Systems AG, Quedlinburger Str. 1, 10589 Berlin, Germany.

 

We use Proven Expert to display customer reviews and to provide you with the opportunity to leave your own review. This serves transparency and quality assurance of our services. The integration of Proven Expert on our website is based on Article 6 (1) (f) GDPR (legitimate interest in transparency and external representation). If you voluntarily submit a review and provide personal data, processing takes place on the basis of your consent (Article 6 (1) (a) GDPR).

 

When submitting a review, your email address and technical connection data (IP address, browser type/version, time of access) are generally stored. Optionally, you may provide your first and last name so your review can be displayed in a personalized manner. Reviews may also be submitted anonymously.

 

The data you transmit is processed by Proven Expert. Further information can be found in the provider’s privacy policy:
https://www.provenexpert.com/en-us/privacy-policy/.

 

3.14) Surveys

 

We and our affiliated companies (pursuant to Section 15 of the German Stock Corporation Act – Aktiengesetz, AktG) use the service Zoho Survey, provided by Zoho Corporation B.V., Beneluxlaan 4B, 3527 HT Utrecht, Netherlands, to conduct surveys. Data is stored on Zoho’s servers in the Netherlands / within the EU. We have concluded a data processing agreement with Zoho (Article 28 GDPR) to ensure compliance with European data protection standards. ICS is responsible for data processing in relation to you.

 

Participation in surveys is always voluntary, as is the choice to answer or not answer individual survey questions. As a rule, our surveys are conducted anonymously; no personal data is collected, and responses cannot be traced back to the participant.

 

If a survey optionally allows you to provide personal information (e.g., name, email address), doing so is entirely at your discretion.

 

Processing is carried out solely for our own market research, for optimizing our products and services, and—in individual cases—for contacting you if you voluntarily provide us with personal data (e.g., name, email address). The legal basis for conducting anonymous surveys is Article 6 (1) (f) GDPR (legitimate interest in market research and product optimization). Where you voluntarily provide personal data (e.g., for contact purposes), processing is based on your consent (Article 6 (1) (a) GDPR).

 

If you have voluntarily submitted personal data to us through a survey, you have the right at any time to access, correct, or request deletion of such data.

 

For more details, please refer to the Zoho Privacy Policy: https://www.zoho.com/privacy.html.

 

4) Use of Personal Data

4.1) General

 

We use the data you provide to fulfill and process your order, respond to your inquiries, and initiate and maintain business relationships. When you subscribe to our newsletter, your email address will be used for our own marketing purposes until you unsubscribe. You may unsubscribe at any time (e.g., via the unsubscribe link in the newsletter or by emailing marketing@ics-group.eu).

 

Where necessary and legally permissible, we may use your data prior to entering into a contract and, if needed, throughout the business relationship in the context of contract management and execution for purposes such as credit checks or obtaining references. For this, we use selected service providers and credit agencies. Information on payment behavior and creditworthiness may also be provided in the form of score values based on mathematical-statistical methods.

 

We assure you that we do not disclose your personal data to third parties unless we are legally authorized or obligated to do so, or you have given us your prior consent. We may share your personal data in connection with ongoing or future legal proceedings—for example, to establish, exercise, or defend our legal rights (including the sharing of information with third parties for the purposes of fraud prevention and reducing credit risk).

 

We may also share your personal data with affiliated companies (pursuant to Section 15 of the German Stock Corporation Act – Aktiengesetz, AktG) where this is necessary to handle your inquiry.

 

4.2) Recruitment / Application Process

 

We would like to inform you that we and our affiliated companies (pursuant to Section 15 of the German Stock Corporation Act – Aktiengesetz, AktG) collect and use your personal data in connection with recruitment (both online and offline).

 

Where we use service providers to carry out and manage processing activities, contractual relationships are governed by the provisions of the General Data Protection Regulation (GDPR).

 

To receive and manage applications and thereby for the purpose of establishing a potential employment relationship, we and our affiliated companies (pursuant to Section 15 AktG) use the recruiting tool Zoho Recruit.

 

The provider of this application is Zoho Corporation B.V., Beneluxlaan 4B, 3527 HT Utrecht, Netherlands (hereinafter: “Zoho”). Data is stored on Zoho’s servers in the Netherlands / within the EU.

 

You can find Zoho’s privacy policy here: https://www.zoho.com/privacy.html. Further information on the security measures in Zoho Recruit is available at: https://www.zoho.com/security.html.

 

ICS is responsible for the processing operations in relation to you.

 

When you apply to us, the following happens: The provider collects the following data from you on our behalf: your title, first and last name, contact details, and other information from your application. ICS and our affiliated companies (pursuant to Section 15 AktG) can then access a secure internal area of Zoho Recruit, view your applicant data, and use/process it for documenting the application process and communicating with you.

 

The legal basis for processing applicant and application data is Article 88 (1) GDPR in conjunction with Section 26 (1) of the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG). The service relationship between Zoho and ICS (or its affiliated companies) is based on Article 28 GDPR and the concept of data processing on behalf of a controller.

 

Applications from young people aged 16 and above (e.g., for apprenticeships, student internships, or working student positions) are expressly welcome. In this context, we process the personal data you provide solely for the purpose of conducting the application procedure (Article 6 (1) (b) GDPR in conjunction with Section 26 BDSG).

 

ICS and its affiliated companies (pursuant to Section 15 AktG) store applicant data in Zoho Recruit in accordance with statutory retention periods. After this period, applicant data is fully and lawfully deleted. Applicants also have the right to request full deletion of their data at any time upon request.

 

If ICS and its affiliated companies wish to retain applicant data in Zoho Recruit beyond the statutory retention period (e.g., for inclusion in a talent pool), this will only occur with the applicant’s written consent. Such consent can be withdrawn at any time.

 

4.3) Credit Check and Scoring

 

If we provide services in advance (e.g., purchase on account), we may, in order to safeguard our legitimate interests, obtain a credit report based on mathematical-statistical methods from Creditreform, Hellersbergstr. 12, 41460 Neuss, Germany, and/or Euler Hermes Deutschland AG, Friedensallee 254, 22763 Hamburg, Germany.

 

This is done in accordance with Article 6 (1) (b) GDPR (performance of a contract) and Article 6 (1) (f) GDPR (legitimate interest in risk minimization). For this purpose, we transmit the personal data necessary for a credit check to Creditreform / Euler Hermes and use the information received about the statistical probability of a payment default to make a balanced decision on whether to establish, carry out, or terminate a contractual relationship.

 

The credit report may include probability values (score values) that are calculated using scientifically recognized mathematical-statistical methods, which may also include address data in the calculation. Your rights and legitimate interests are protected in accordance with legal requirements.

 

4.4) Data Security and Retention

 

We take technical and organizational measures in accordance with Article 32 GDPR to protect your data from loss, manipulation, or unauthorized access. These measures include, in particular, SSL encryption, access restrictions, backups, firewalls, and regular reviews of our security concepts. Nevertheless, no transmission or storage can ever be guaranteed to be absolutely secure.

 

Personal data is only stored for as long as necessary to fulfill the purpose of processing or as long as statutory retention periods require. After the purpose no longer applies, the data is deleted. Examples of retention periods:

 

  • Contract- and tax-relevant data: 6–10 years (in accordance with the German Commercial Code – Handelsgesetzbuch, HGB – and the German Fiscal Code – Abgabenordnung, AO)
  • Applicant data: generally 6 months after completion of the application process; longer storage only with consent (talent pool)
  • Newsletter data: until withdrawal of your consent
  • Log files and technical data: generally 14 days, maximum 30 days

 

5) Your Rights under the GDPR

Under the General Data Protection Regulation (GDPR), you have the right to obtain free information about the data we have stored about you, as well as the right to correction, restriction, or deletion of this data, including the “right to be forgotten.”

 

According to Article 21 (1) sentences 2 and 3 GDPR, we are obliged, depending on the circumstances, to provide information to you in writing, electronically, or – upon request – verbally. You also have a comprehensive right to object at any time (Article 21 (2) GDPR). Any consent you have already given remains valid. All of our communication channels meet appropriate security requirements.

 

As a data subject, you have the following specific rights:

 

  • Access (Article 15 GDPR) & Data Portability (Article 20 GDPR): You may request a copy of the personal data we have stored about you. Upon request, we will also provide this in a machine-readable format.
  • Rectification (Article 16 GDPR): You may request correction of inaccurate data or completion of incomplete data.
  • Erasure / “Right to be Forgotten” (Article 17 GDPR): You may request the deletion of your personal data, provided no statutory retention obligations prevent this.
  • Restriction of Processing (Article 18 GDPR) & Objection (Article 21 GDPR): You may request restriction of processing or object to processing if special reasons apply.
  • Withdrawal of Consent (Article 7 (3) GDPR): Where we process your data based on consent, you may withdraw this consent at any time with effect for the future.
  • Right to Lodge a Complaint (Article 77 GDPR): You have the right to lodge a complaint with the data protection supervisory authority responsible for you. An overview of supervisory authorities can be found here: https://edpb.europa.eu/about-edpb/about-edpb/members_en.

 

To exercise your rights, please contact us using the details provided at the end of this Privacy Policy. Where legally required, we reserve the right to verify your identity before processing any requests.

 

6) Changes to This Privacy Policy

We reserve the right to change or update this Privacy Policy at any time. Please check this page regularly for updates.

 

7) Further Information / Data Protection Contact

Your trust is important to us. Therefore, we are available to answer your questions regarding the processing of your personal data. If you would like information about the personal data we have stored about you, if you have questions that are not answered in this Privacy Policy, or if you would like more detailed information on a specific point, please contact our Data Protection Officer at any time: datenschutz@ics-group.eu. Alternatively, you can reach us at the following address:

 

ICS International GmbH
Identcode-Systeme
Data protection officer
Donaustr. 1
65451 Kelsterbach
Germany

 

We generally respond to data protection inquiries within a maximum of 30 days of receipt.