We are very pleased about your interest in our company. Data protection is of a particularly high priority for the management of Irori. The use of the Irori website is possible without any indication of personal data. However, if an affected person wishes to use our company’s special services via our website, processing of personal data may be required. If the processing of personal data is necessary and there is no statutory basis for such processing, we will generally seek the consent of the affected person.
Irori has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. However, Internet-based data transmissions may have security gaps, so absolute protection may not be guaranteed. For this reason, every affected person is free to transmit personal data to us via alternative means, for example by telephone.
b) Affected person
d) Restriction of processing
g) Controller or the controller responsible for processing
j) Third party
Name and Address of the Controller
The controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in EU member states, and other provisions related to data protection is:Kerstin Bauer
76829 Ranschbach GermanyPhone: +49 176 702 67 305
- Collection of General Data and InformationIrori’s website collects a series of general data and information with each call to the website by a data subject or an automated system. This general data and information are stored in the server’s log files. The following may be recorded: (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrer), (4) the sub-websites which are accessed via an accessing system on our website, (5) the date and time of access to the website, (6) an Internet Protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) other similar data and information used to fend off attacks on our information technology systems.When using this general data and information, Irori does not draw conclusions about the data subject. Instead, this information is needed to (1) correctly deliver the contents of our website, (2) optimize the content of our website and advertisements, (3) ensure the continued functionality of our IT systems and website technology, and (4) provide law enforcement authorities with the necessary information for prosecution in case of a cyber attack. The anonymous data and information collected by Irori are evaluated statistically and with the aim of increasing data protection and security in our company. The anonymous server log file data are stored separately from any personal data provided by a data subject.
- Contact via the WebsitePersonal data is collected when you contact us (e.g., via contact form or email). The specific data collected in a contact form is apparent from the respective form. This data is stored and used exclusively to respond to your request or for contact and the associated technical administration. The legal basis for processing the data is our legitimate interest in responding to your request according to Art. 6 (1) lit. f DSGVO. If your contact aims at concluding a contract, an additional legal basis for processing is Art. 6 (1) lit. b DSGVO. Your data will be deleted once your request is resolved, assuming no legal retention obligations apply.
- Administration, Financial Accounting, Office Organization, Contact ManagementWe process data as part of administrative tasks and the organization of our operations, financial accounting, and compliance with statutory obligations, such as archiving. The processing bases are Art. 6 (1) lit. c. DSGVO and Art. 6 (1) lit. f. DSGVO. The purpose and our interest in processing lie in administration, financial accounting, office organization, and archiving of data – all tasks that serve to maintain our business activities. Data will be deleted in line with contractual and legal obligations.
- Contacting UsWhen contacting us (e.g., via contact form, email, phone, or social media), the user’s information is processed for handling and processing the contact request based on Art. 6 (1) lit. b) DSGVO. We may store user details in a Customer-Relationship-Management system (“CRM system”) or a similar request organizer.
- NewsletterThe subsequent information clarifies our newsletter’s content, subscription, dispatch, and statistical evaluation procedures. By subscribing to our newsletter, you agree to receive it and to the described procedures.
- Newsletter – Measurement of SuccessThe newsletters contain a so-called “web-beacon”, i.e., a pixel-sized file, which is retrieved from our server when opening the newsletter, or if we use a dispatch service provider, from its server. During this retrieval, technical information, such as browser and system details, as well as your IP address and the time of retrieval, are collected.This information is used for the technical improvement of services based on the technical data or target groups and their reading behavior determined by the retrieval locations (which can be determined using the IP address) or access times. The statistical surveys also determine whether the newsletters are opened, when they are opened, and which links are clicked. Although for technical reasons this information can be attributed to individual newsletter recipients, it is neither our intention nor, if used, that of the dispatch service provider, to observe individual users. Instead, the evaluations help us recognize our users’ reading habits and tailor our content accordingly or send different content based on our users’ interests.
- HostingThe hosting services we utilize aim to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, security services, and technical maintenance services that we use to operate this online offering.In this context, we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta- and communication data of customers, prospects, and visitors to this online offering based on our legitimate interest in efficiently and securely providing this online offering according to Art. 6 Para. 1 lit. f DSGVO in conjunction with Art. 28 DSGVO (conclusion of a contract processing agreement).
- Collection of Access Data and Log FilesWe, or our hosting provider, based on our legitimate interests as per Art. 6 Para. 1 lit. f. DSGVO, collect data on every access to the server hosting this service (so-called server log files). Access data includes the name of the retrieved website, file, date and time of retrieval, transferred data volume, notification of successful retrieval, browser type and version, the user’s operating system, referrer URL (previously visited page), IP address, and the requesting provider.Log file information is stored for security reasons (e.g., to investigate abuse or fraud) for a maximum of 7 days and then deleted. Data required for further retention as evidence is exempted from deletion until the respective incident is finally clarified.
- Routine Deletion and Blocking of Personal DataThe data controller processes and stores personal data of the data subject only for the period necessary to achieve the storage purpose or as provided by the European directive and regulation provider or another legislator in laws or regulations to which the data controller is subject.If the storage purpose is omitted or a storage period prescribed by the European directive and regulation provider or another competent legislator expires, personal data will routinely be blocked or deleted in accordance with legal requirements.
- Rights of the data subjecta) Right to confirmationEvery data subject has the right granted by the European legislator to require the data controller to confirm whether or not personal data concerning them is being processed. If a data subject wishes to exercise this right of confirmation, they can contact our data protection officer or any other employee of the data controller at any time.b) Right to informationEvery person affected by the processing of personal data has the right granted by the European legislator to receive free information from the data controller about the personal data stored about them and to obtain a copy of this information. The European legislator also grants the data subject access to the following information:
- the purposes of processing
- the categories of personal data being processed
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, especially in third countries or international organizations
- if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration
- the existence of a right to rectification or deletion of the personal data concerning them, or to limitation of processing by the controller, or to object to such processing
- the existence of a right to lodge a complaint with a supervisory authority
- if the personal data is not collected from the data subject: all available information about the origin of the data
- the existence of automated decision-making, including profiling, under Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved and the implications and desired effects of such processing for the data subject
Furthermore, the data subject has the right to know whether personal data has been transferred to a third country or to an international organization. If this is the case, the data subject also has the right to obtain information about the appropriate guarantees related to the transfer.
c) Right to rectification
Every person affected by the processing of personal data has the right granted by the European legislator to demand the immediate rectification of incorrect personal data concerning them. Furthermore, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary statement.
d) Right to deletion (Right to be forgotten)
Every person affected by the processing of personal data has the right granted by the European legislator to require the controller to delete personal data concerning them immediately if one of the following reasons applies and insofar as the processing is not necessary:
- The personal data was collected or otherwise processed for purposes for which they are no longer necessary.
- The data subject revokes their consent, upon which the processing was based according to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR, and there is no other legal basis for processing.
- The data subject objects to processing under Art. 21(1) GDPR and there are no overriding legitimate reasons for processing, or the data subject objects to processing under Art. 21(2) GDPR.
- The personal data was processed unlawfully.
- The deletion of personal data is necessary to fulfill a legal obligation under Union or Member State law to which the controller is subject.
- The personal data was collected in relation to information society services according to Art. 8(1) GDPR.
e) Right to restriction of processing
Every person affected by the processing of personal data has the right granted by the European legislator to require the controller to restrict processing if one of the following conditions is met:
- The accuracy of the personal data is contested by the data subject for a period that allows the controller to verify the accuracy of the personal data.
- The processing is unlawful; the data subject refuses to delete the personal data and instead requests the restriction of the use of the personal data.
- The controller no longer needs the personal data for processing purposes, but the data subject needs them to assert, exercise, or defend legal claims.
- The data subject has objected to processing according to Art. 21(1) GDPR, and it has not yet been determined whether the legitimate reasons of the controller outweigh those of the data subject.
f) Right to data portability
Every person affected by the processing of personal data has the right granted by the European legislator to receive personal data concerning them, which they have provided to a controller, in a structured, commonly used, and machine-readable format. They also have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, as long as the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR and processing is carried out by automated means unless processing is necessary for the performance of a task in the public interest or in the exercise of public authority conferred on the controller.
Furthermore, when exercising their right to data portability pursuant to Art. 20(1) GDPR, the data subject has the right to have personal data transmitted directly from one controller to another, insofar as this is technically feasible and if this does not affect the rights and freedoms of others.
g) Right to object
Every person affected by the processing of personal data has the right granted by the European legislator to object at any time, for reasons arising from their particular situation, to the processing of personal data concerning them, which is carried out based on Art. 6(1)(e) or (f) GDPR. This also applies to profiling based on these provisions.
- Legal basis for processingArt. 6 I lit. a GDPR serves our company as the legal basis for processing operations where we obtain consent for a specific processing purpose. If the processing of personal data is necessary to fulfill a contract, the contracting party of which is the person concerned, such as is the case for processing operations necessary for the delivery of goods or the provision of other services or consideration, then processing is based on Art. 6 I lit. b GDPR. The same applies to processing operations required to carry out pre-contractual measures, such as inquiries about our products or services. If our company is subject to a legal obligation requiring the processing of personal data, such as to fulfill tax obligations, the processing is based on Art. 6 I lit. c GDPR. On rare occasions, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our business was injured and their name, age, health insurance information, or other vital information would have to be passed on to a doctor, hospital, or other third parties. Then processing would be based on Art. 6 I lit. d GDPR. Ultimately, processing operations could be based on Art. 6 I lit. f GDPR. Processing operations that are not covered by any of the aforementioned legal grounds are based on this legal ground if processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights, and freedoms of the data subject do not prevail. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. He believed that a legitimate interest could be assumed if the data subject is a customer of the controller (Recital 47, second sentence, GDPR).
- Legitimate interests pursued by the controller or a third partyIf the processing of personal data is based on Article 6 I lit. f GDPR, our legitimate interest is the conduct of our business for the benefit of all our employees and shareholders.
- Duration for which personal data will be storedThe criterion for the duration of the storage of personal data is the respective statutory retention period. After this period expires, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfillment or initiation of a contract.
- Legal or contractual provisions for providing personal data; necessity for the conclusion of the contract; obligation of the data subject to provide personal data; possible consequences of non-provisionWe inform you that the provision of personal data is partly required by law (e.g., tax regulations) or can also result from contractual provisions (e.g., details of the contractual partner). Sometimes it may be necessary for a contract to be concluded that a data subject provides us with personal data, which must subsequently be processed by us. The data subject, for example, is obliged to provide us with personal data when our company concludes a contract with them. Failure to provide personal data would mean that the contract with the person concerned could not be concluded.Before providing personal data, the data subject must contact our data protection officer. Our data protection officer clarifies, on a case-by-case basis, whether the provision of personal data is required by law or contract, or necessary for the conclusion of the contract, whether there is an obligation to provide the personal data, and what consequences non-provision of the personal data would have.
- Existence of automated decision-makingAs a responsible company, we refrain from automatic decision-making or profiling.