Privacy policy

Data protection at ista: The protection of your personal data is very important to ista.

ista has been a member of the German Society for Data Protection and Data Security (Gesellschaft für Datenschutz und Datensicherung e.V.(GDD)) since February 2002.

ista complies with the legal data protection regulations and does everything to keep your and your customer’s/tenant‘s data confidential. All personal data is collected, processed and used in accordance with the provisions of the General Data Protection Regulation (GDPR) and only for the purposes of contract processing, fulfilment of legal obligations or for safeguarding our own legitimate business interests with regard to the advice and support of the customers as well as the demand-oriented product design.

All service providers of ista dealing with the processing of personal data also comply with the provisions of the GDPR in accordance with Art. 28 GDPR. Compliance is monitored by our data protection officer.

1. Collection and processing of personal data

Each time a user accesses the ista website and each time a file is accessed, data about that activity is stored in a log file. These data are not related to a person; so ista cannot trace back which user has retrieved which data.

In detail, the following data record is saved for each call:

  • Name of the file
  • Date and time of access
  • Amount of data transferred
  • Message whether the call was successful
  • Anonymous IP-Address
  • If necessary, operating system and browser software on your computer
  • As well as the website from which you visited the ista website

Personal user profiles cannot be created.

The above-mentioned data are evaluated for statistical purposes only.

Personal data will only be collected if you give it to ista on your own - for example, when registering for a survey or conducting a contract. A transmission of your data to third parties does not take place, unless ista is legally obliged to do so. Insofar as external service providers come into contact with your personal data, ista has ensured that they comply with the provisions of data protection laws through legal, technical and organizational measures as well as regular checks.

Cookies:

ista uses so-called cookies on the ista website to recognize multiple use of the offer by the same user/internet connection owner. Cookies are small text files that your internet browser stores on your computer. They serve to optimize ista's internet presence and offers. The cookies are usually so-called "session cookies", which are deleted after the end of your visit.

In some cases, however, these cookies provide information in order to automatically recognize you. This recognition is based on the IP address stored in the cookies. The information obtained in this way serves to optimize ista's offers and to make it easier for you to access the ista website.

You may refuse the use of cookies by selecting the appropriate settings in your browser; however, ista points out that in this case you may not be able to use the full functionality of the ista website.

1.1 Webanalytics

1.1.2 Piwik PRO Analytics Suite

We use the analysis software Piwik PRO Analytics Suite (piwikpro.de) to analyse and optimise this website. The data collected with this software can be used to create user profiles under a pseudonym.  

Data processing purposes

This list contains the purposes for which data are collected and processed. Consent is valid only for the purposes specified. The data collected cannot be used or stored for purposes other than those listed below.  

  • Analysis
  • Optimisation

Technologies used

  • Cookies

Data collected

This list contains all (personal) data that are collected during or through the use of the service.

  • Anonymised shortened IP address
  • Usage data
  • User ID
  • Date and time of the visit
  • Referrer URL
  • Websites visited
  • Screen resolution
  • Geographic location
  • User agent
  • Visitor ID

Legal basis

The required legal basis for the processing of data is listed in the following:

  • Art. 6, para. 1 s. 1 lit. a GDPR

Location of processing

  • European Union

Retention period

The retention period is the period of time during which the data collected are stored for processing. The data must be deleted as soon as they are no longer needed for the stated processing purposes. The data are stored for up to 25 months.

Data recipient

  • Piwik PRO Sp. z o.o.
  • Piwik PRO GmbH

Data protection officer of the processing company 

Below you will find the email address of the data protection officer of the processing company.
gdpr@piwik.pro

Consent to the collection and storage of data can be withdrawn at any time with immediate future effect. 

Click here to read the privacy policy of the data processor https://piwik.pro/privacy-policy/

Click here to withdraw consent on all domains of the data processing company https://piwik.pro/opt-out/

1.1.3 Google Tag Manager

Google Tag Manager is a solution with which website tags can be managed via an interface (and thus, for example, integrate Piwik Pro into our online offering). The Tag Manager itself (which implements the tags) does not process any personal data of the users.

Data processing purposes

This list contains the purposes for which data are collected and processed. Consent is valid only for the purposes specified. The data collected cannot be used or stored for purposes other than those listed below.  

  • Functionality

Technologies used

  • Java Script

Data collected

  • None

Legal basis

The required legal basis for the processing of data is listed in the following:

  • Art. 6, para. 1 s. 1 lit. f  GDPR

Location of processing

  • Computer of the browser

Retention period

The retention period is the period of time during which the data collected are stored for processing. 
The data are deleted as soon as they are no longer needed for the processing purposes.

Data recipient

  • No data are disclosed to third parties

1.1.4 Google Ads and Conversion Measurement

On the basis of the consent of the users of our online offering within the meaning of Art. 6, para. 1, lit. a. and Art. 7 GDPR), we use the services provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").

For evaluation purposes, cookies are stored on your end device and through them information is collected, which is also stored on servers of our data processor Google LLC ("Google"). Access to the information by Google LLC ("Google"), a U.S.-based company, cannot be excluded so relevant EU standard data protection clauses have been agreed to offer adequate safeguards for data processing in non-European countries. You have the right to be informed about this standard contract as part of the information provided. We use the Google "Ads" online marketing process to place ads in the Google Advertising Network (e.g. in search results, in videos, on websites etc.) so that they are displayed to users who have a presumed interest in the ads. This allows us to display ads for and within our online offering in a more targeted manner in order to present users only with those ads that potentially match their interests. For example, if a user is shown ads for products in which he/she has shown an interest in other online offerings, this is referred to as “remarketing”. For these purposes, when our and other websites on which the Google Advertising Network is active are accessed, Google directly executes a code from Google and “(re)marketing tags” (invisible graphics or code, also known as “web beacons”) are incorporated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user's device (comparable technologies can also be used instead of cookies). This file records which websites the user visits, which content he/she is interested in and which offers the user has clicked on, as well as technical information on the browser and operating system, referring websites, the time of the visit and further information on the use of the online offering.

We also receive an individual “conversion cookie”. The information collected with the help of the cookie is used by Google to generate conversion statistics for us. However, we only receive information on the total number of anonymous users who clicked on our ad and were redirected to a page with a conversion tracking tag. We do not, however, receive any information that can be used to identify users personally.

The users' data is processed pseudonymously within the Google Advertising Network. This means that Google does not store and process, for example, the names or e-mail addresses of users, but processes the relevant data on a cookie-related basis within pseudonymous user profiles. Consequently, from Google's point of view, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who this cookie holder is. This does not apply if a user has expressly permitted Google to process the data without this pseudonymization. The information collected about the users is transmitted to Google and stored on Google's servers in the USA.

For more information about how Google uses your information, setting and opt-out options, please read Google's Privacy Policy (https://policies.google.com/technologies/ads) and the settings for the display of advertisements by Google (https://adssettings.google.com/authenticated).

1.4 Usercentrics

We use the Usercentrics Consent Management Platform for the collection and management of consents on this website.

Data processing purposes

This list contains the purposes for which data are collected and processed. Consent is valid only for the purposes specified. The data collected cannot be used or stored for purposes other than those listed below.  

  • Compliance with legal obligations
  • Storage of consent

Technologies used 

  • Local storage
  • Enable cookies

Data collected

This list contains all (personal) data that are collected during or through the use of the service.

  • Browser information
  • Opt-in and opt-out data
  • Request URLs of the webpage
  • Page path of the webpage
  • Geographic location
  • Date and time of the visit
  • Device information

Legal basis

The required legal basis for the processing of data is listed in the following:

  • Art. 6, para. 1 s. 1 lit. c  GDPR

Location of processing

European Union (consent database is located in Belgium)

Retention period

The retention period is the period of time during which the data collected are stored for processing. The data must be deleted as soon as they are no longer needed for the stated processing purposes.
The consent data (consent given and withdrawal of consent) are stored for three years. The data are then deleted immediately or given to the person responsible on request in the form of a data export.

Data recipient

  • Usercentrics GmbH

Data protection officer of the processing company 

Below you will find the email address of the data protection officer of the processing company.
datenschutz@usercentrics.com

Click here to read the privacy policy of the data processor:  

https://usercentrics.com/privacy-policy/

You can change your data privacy settings here 

<a href="#" onClick="UC_UI.showSecondLayer();">Privacy Settings</a>

2. Rights of data subjects

In accordance with the GDPR, ista takes appropriate measures to provide the data subject with all information and communications relating to processing in a precise, transparent, comprehensible and easily accessible form in clear and simple language. The information shall be transmitted in writing or in any other form, including, where appropriate, electronically.

Since ista processes personal data automatically, ista informs you of the following information in accordance with Art. 13 GDPR:

Mr. Thomas Zinnöcker, ista SE, Luxemburger Straße 1, 45131 Essen, is the person responsible for ista.

The contact details of ista's data protection officer are:

ista SE, data protection officer, Luxemburger Straße 1, 45131 Essen, Germany, e-mail: Datenschutz@ista.de

The purpose for which the personal data are to be processed and the legal basis for the processing are as follows: Optimization of customer satisfaction and the website, Art. 6 paragraph 1 f GDPR.

The legitimate interest in this is to be seen in particular in the pseudonymized processing for the optimization of the website.

Data deletion and duration of storage

The personal data of the data subjects will be deleted or blocked as soon as the purpose of storage ceases to apply. Furthermore, data may be stored if this has been provided for the European or national legislator in EU regulations, laws or other provisions to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

Newsletter

ista offers you the option to subscribe to a newsletter on the ista webpage. From this newsletter you will receive information on ista topics and offers at regular intervals. To receive this newsletter, you need a valid e-mail address. Your entered e-mail address will be checked by ista for accuracy and completeness. Your login data as well as your official IP address, date and time will be stored. This serves as security to prevent your e-mail address from being misused by unauthorized third parties. No other data will be stored by ista. The data collected will only be used for the newsletter dispatch. ista undertakes not to transmit the data collected to other third parties. You have the option of cancelling the newsletter at any time without giving reasons and requesting information from the ista site. The details are marked in each newsletter.

3. Use and disclosure of personal data and earmarking

Visitors to ista’s website are always informed if their information is transmitted to third parties. So you can decide whether you agree to a transfer of your personal information to third parties or not.

3.1 Social Media / Social Bookmarks

Social bookmarks from LinkedIn, Twitter, kununu, Xing and YouTube are integrated on the ista website. Social Bookmarks are internet bookmarks that allow users of such services to collect links and news messages. These are only included on the website as a link to the corresponding services. After clicking on the integrated graphic you will be forwarded to the page of the respective provider, i.e. only then will user information be transferred to the respective provider. For information on the handling of your personal data when using these websites, please refer to the respective data protection regulations of the provider.

Important Notice: This data protection information applies exclusively to ista's internet service offering. The ista website contains links to other websites. Please note that ista is not responsible for the data protection or the content of these other internet services. We recommend all internet users to inform themselves about the respective data protection notices of other internet services when leaving ista's website.

4. Rights of data subjects

In accordance with the GDPR, ista takes appropriate measures to provide the data subject with all information and communications relating to data processing in a precise, transparent, understandable and easily accessible form in clear and simple language. The information shall be transmitted in writing or in any other form, including, where appropriate, electronically.

5. Changes to this data protection information

ista reserves the right to amend this disclosures at any time in compliance with the applicable data protection regulations; current status is May 2018.

If you have any questions regarding the processing or security of your personal data, you can contact ista’s data protection officer/responsible directly.

6. Data Protection Policy for Applicants

In this external Data Protection Policy we would like to inform you about the processing of personal data as part of the application and/or appointment procedure.