Data Conditions

Data privacy

Introduction

We are delighted that you are visiting our website. Inxmail GmbH (hereinafter ‘Inxmail’, ‘we’ or ‘us’) attaches great importance to the security of users’ data and compliance with data protection provisions. Hereinafter, we would like to inform you about how your personal data is processed on our website.

Controller and data protection officer

Controller:

Inxmail GmbH Wentzigerstr. 17 79106 Freiburg
Tel.: +49 761 296979-0
Email: info@inxmail.de

External data protection officer:

DDSK GmbH
Stefan Fischerkeller
Tel.: 07542 949 21 - 01
Email: datenschutz@inxmail.de

Terms

The specialist terms used in this Privacy Policy are to be understood as legally defined in article 4 GDPR.

Information on data processing

Automated data processing (log files etc.)

You can visit our website without actively providing information about you as a person. However, every time our website is accessed, we automatically store access data (server log files), such as the name of your internet service provider, the operating system used, the website you visited us from, the date and duration of your visit and the name of the file accessed, as well the IP address of the computer used (for security reasons, such as to recognise attacks on our website) for a duration of 20 days. This data is solely evaluated for the purpose of improving our offering and does not enable conclusions to be drawn about you as a person. This data is not merged with other data sources. The legal basis for the processing of data is article 6 (1) (f) GDPR. We process and use the data for the following purposes: 1. to provide the website, 2. to improve our websites and 3. to prevent and identify errors/malfunctions and the abuse of the website. The processing enables us to pursue legitimate interests in ensuring the functionality of the website and its error-free, secure operation, as well as in adapting this website to suit users’ needs.

Contacting us

On our online offering, we offer the option of contacting us directly or requesting information via various contact options. We use a management tool for these enquiries so that we always have an overview of contact that has been made with us.

In the event of contact being made, we process the data of the person making the enquiry to the extent necessary for answering or handling their enquiry. The data processed can vary depending on the method via which contact is made with us.

  • Categories of data subjects: Individuals submitting an enquiry
  • Data categories: Master data (e.g. name, address), contact data (e.g. email address, telephone number), content data (e.g. text inputs, photographs, videos), metadata and communication data (e.g. device information, IP addresses), usage data (e.g. websites visited, interest in content, access times)
  • Purposes of processing: Processing requests
  • Legal bases:Consent (article 6 (1) (a) GDPR), performance of contract (article 6 (1) (b) GDPR)

Data transfer

We transfer the personal data of visitors to our online offering for internal purposes (e.g. for internal administration or to the HR department so we can meet statutory or contractual obligations). Internal data transfer or the disclosure of data only occurs to the extent necessary, under the pertinent data protection provisions.

In order to carry out contracts or to fulfill a legal obligation, we may have to pass on personal data. If the necessary data is not provided to us, it may not be possible to conclude the contract with the data subject.

We transfer data to countries outside the EEA (known as ‘third countries’). This occurs due to the above-mentioned purposes (transfer within the group and/or to other recipients). Transfer is only effected to fulfil our contractual and legal obligations, or on the basis of the consent that the data subject granted prior to this. In addition, this transfer takes place in compliance with the applicable data protection laws, and particularly in accordance with article 44 ff. GDPR, especially on the basis of adequacy decisions made by the European Commission or certain guarantees (e.g. standard protection clauses etc.).

Storage period

In principle, we store the data of visitors to our online offering for as long as needed to render our service or to the extent that the European body issuing directives and regulations or another legislator stipulates in laws and regulations to which we are subject. In all other cases, we delete personal data once the purpose has been fulfilled, with the exception of data that we need to continue to store to comply with legal obligations (e.g. if retention periods under tax law and trade law require us to keep documents such as contracts and invoices for a certain period of time).

Automated decision-making

We do not use automated decision-making or profiling.

Legal bases

The decisive legal bases primarily arise from the GDPR. They are supplemented by national laws from member states and can, if applicable, be applied alongside or in addition to the GDPR.

  • Consent: Article 6 (1) (a) GDPR serves as the legal basis for processing procedures regarding which we have sought consent for a particular purpose of processing.
  • Performance of a contract: Article 6 (1) (b) serves as the legal basis for processing required to perform a contract to which the data subject is a contractual party or for taking steps prior to entering into a contract, at the request of the data subject.
  • Legal obligation: Article 6 (1) (c) GDPR is the legal basis for processing that is required to comply with a legal obligation.
  • Vital interests: Article 6 (1) (d) GDPR serves as the legal basis if the processing is necessary to protect the vital interests of the data subject or another natural person.
  • Public interest: Article 6 (1) (e) GDPR serves as the legal basis for processing that is necessary to perform a task in the public interest or to exercise public force that is transferred to the controller.
  • Legitimate interest: Article 6 (1) (f) GDPR serves as the legal basis for processing that is necessary to protect the legitimate interests of the controller or a third party, provided this is not outweighed by the interests or fundamental rights and fundamental freedoms of the data subject that require personal data to be protected, particularly if the data subject is a child.

Rights of the data subject

  • Right of access: Pursuant to article 15 GDPR, data subjects have the right to request confirmation as to whether we process data relating to them. They can request access to their data, along with the additional information listed in article 15 (1) GDPR and a copy of their data.
  • Right to rectification: Pursuant to article 16 GDPR, data subjects have the right to request that data relating to them, and that we process, be rectified or completed.
  • Right to erasure: Pursuant to article 17 GDPR, data subjects have the right to request that data relating to them be erased without delay. Alternatively, they can request that we restrict the processing of their data, pursuant to article 18 GDPR.
  • Right to data portability: Pursuant to article 20 GDPR, data subjects have the right to request that data made available to us by them be provided and transferred to another controller.
  • Right to lodge a complaint: In addition, data subjects have the right to lodge a complaint with the supervisory authority responsible for them, under article 77 GDPR.
  • Right to object: If personal data is processed on the basis of legitimate interests pursuant to article 6 (1) (1) (f) GDPR, under article 21 GDPR data subjects have the right to object to the processing of their personal data, provided there are reasons for this that arise from their particular situation or the objection relates to direct advertising. In the latter case, data subjects have a general right to object that is to be put into effect by us without a particular situation being stated.

Withdrawal of consent

Some data processing procedures can only be carried out with the express consent of the data subject. Once granted, you are able to withdraw consent at any time. To do so, sending an informal note or email to datenschutz@inxmail.de is sufficient. The legality of the data processing carried out up to the point of withdrawal shall remain unaffected by the withdrawal.

External links

Our website includes links to online offerings from other providers. We note that we have no influence over the content of the online offerings linked to and over whether their providers comply with data protection provisions.

Amendments

We reserve the right to amend this information on data protection, in compliance with the applicable data protection provisions, if changes are made to our online offering so that it complies with the legal requirements.

This Privacy Policy was drawn up by the Deutsche Datenschutzkanzlei – Tettnang office

This data protection declaration relates to our online help. The complete data protection declaration of Inxmail GmbH can be found at: https://www.inxmail.com/data-conditions.