de en
Data protection

Data protection

Data protection notice

 

We take the protection of your privacy very seriously and compliance with data protection laws is a matter of course for us. With this privacy policy we would like to inform you how personal information is collected and processed. You can use our website without disclosing your identity.

The content available on these pages is for general information only. They are not geared to the specific situation of individual clients. We make every effort to be up-to-date, accurate and complete, but we can not guarantee this and exclude all liability to the extent permitted by law.

The contents of these pages can not replace the professional advice that is tailored to the particular circumstances of the individual case. Therefore, before taking any concrete action, you should seek professional advice. Mandate relationships are only justified by a written declaration of acceptance with IT AUDIT and do not arise through reading, downloading or other use of the information provided.

E-mails sent by IT AUDIT are intended solely for the addressed person or organization. They may contain confidential and / or privileged material and are part of the legally protected communication between consultant and client. Persons or organizations for whom this information is not intended are not permitted to read, retransmit, disseminate, otherwise use, or have them cause to take any action whatsoever.

If you receive such messages by mistake, we ask that you contact the sender and delete the material from your computer. We point out that emails can be lost, changed or falsified by third parties with or without assistance. Traditional e-mails are not protected against access by third parties and therefore the confidentiality may not be respected.

We recommend that you do not send confidential data via email without encryption. We are not responsible for the integrity of emails after they have left our domain and can not compensate you for resulting damages. We reasonably take anticipated precautions to prevent the risk of transmission of computer viruses.

Should a virus enter your system despite the virus protection programs we use by sending emails, we are not liable for any resulting damage. This disclaimer applies only to the extent permitted by law. Please check emails for viruses yourself, especially before opening file attachments to emails. The receipt of emails may be disrupted for technical or operational reasons.

The sending of e-mails to us therefore has no time-keeping effect and can not set any legally binding deadlines. We also recommend sending time-critical or urgent messages by post, courier or fax. If you want to be sure that your email has been properly received, please request a written acknowledgment of receipt from the recipient.

The communication via email is uncertain, as there is always the possibility of knowledge and manipulation by third parties. As far as other Internet pages are referenced (hyperlinks), we have no influence on the design and content of these pages. These pages do not constitute content or opinions of IT AUDIT. IT AUDIT endeavors to respect the copyrights of the graphics and texts used in the entire online offer.

The use of self-created graphics and texts or license-free graphics and texts is top priority. All brand names and trademarks mentioned within the online offer and possibly protected by third parties are subject without restriction to the provisions of the applicable trademark law and the ownership rights of the respective registered owners. Reproduction or use of such graphics and texts in other electronic or printed publications is not permitted without the express consent of the respective owner. We take the protection of your privacy very seriously and compliance with data protection laws is a matter of course for us. With this privacy policy we would like to inform you, how personal information is collected and processed.

 

Privacy Policy <//span>

I Name and address of the person responsible

The person responsible within the meaning of the basic data protection regulation and other national data protection laws of the member states as well as other data protection regulations is the:

IT AUDIT GmbH 
auditing company

In Mediapark 5a 
50670 Cologne 
Germany

Telephone + 49 221 952681-190 
Fax + 49 221 952681-114 

E-Mail: info @ it-audit .com
Website: www.it-audit.com

 

II Name and address of the data protection officer

The data protection officer of the responsible persons is:

Peter Lohmüller 
IT AUDIT GmbH 
Auditing Company 
Im MediaPark 5a 
50670 Cologne 
Germany

Tel .: 0221 952681-190 
E-Mail: peter.lohmueller @ it-audit .com

III General information on data processing

1. Scope of processing of personal data

In principle, we process personal data of our users only insofar as this is necessary to provide a functioning website and our content and services. The processing of personal data of our users takes place regularly only with the consent of the user. An exception applies to cases in which prior consent can not be obtained for reasons of fact and the processing of the data is permitted by law.

2. Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) as legal basis.

In the processing of personal data necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b DSGVO as legal basis. This also applies to processing operations required to carry out pre-contractual actions.

Insofar as processing of personal data is required to fulfill a legal obligation that is subject to our company, Art. 6 para. 1 lit. c DSGVO as legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d DSGVO as legal basis.

If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not prevail over the first interest, Art. 6 para. 1 lit. f DSGVO as legal basis for processing.

3. Data deletion and storage duration

The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage is deleted. In addition, such storage may be provided for by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. Blocking or deletion of the data also takes place when a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for conclusion of a contract or fulfillment of the contract.

 

IV Provision of the website and creation of logfiles

1. Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the calling computer.

The following data is collected here:

(1) Information about the browser type and the version used 
(2) The user's operating system 
(3) The user's IP address 
(4) Date and time of access 
(5) Websites from which the user's system accesses our website

The data is also stored in the log files of our system. A storage of this data together with other personal data of the user does not take place.

2. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f DSGVO.

3. Purpose of the data processing

The temporary storage of the IP address by the system is necessary to allow delivery of the website to the computer of the user. To do this, the user's IP address must be kept for the duration of the session.

Storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

For these purposes, our legitimate interest in the processing of data according to Art. 6 para. 1 lit. f DSGVO.

4. Duration of storage

The data will be deleted as soon as it is no longer necessary for the purpose of its collection. In the case of collecting the data for providing the website, this is the case when the respective session is completed.

In the case of storing the data in log files, this is the case after no more than seven days. An additional storage is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.

5. Opposition and removal possibility

The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. There is consequently no contradiction on the part of the user.

 

V Use of cookies

We use cookies on our site. These are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our site. Cookies do not harm your device, do not contain viruses, Trojans or other malicious software.

In the cookie information is stored, each resulting in connection with the specific terminal used. However, this does not mean that we are immediately aware of your identity.

On the one hand, the use of cookies serves to make the use of our offer more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages on our website. These are automatically deleted after leaving our page.

In addition, to improve usability, we also use temporary cookies that are stored on your device for a specified period of time. If you visit our site again to take advantage of our services, it will automatically recognize that you have already been with us and what inputs and settings you have made, so you do not have to re-enter them.

On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer (see Section VI). These cookies allow us to automatically recognize when you visit our site again that you have already been with us. These cookies are automatically deleted after a defined time.

The data processed by cookies are for the purposes mentioned in order to safeguard our legitimate interests as well as third parties according to Art. 6 para. 1 sentence 1 lit. f DSGVO required.

Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or always a hint appears before a new cookie is created. However, disabling cookies completely may mean that you can not use all features of our website.

 

VI analysis tools

1. Tracking tools

The tracking measures listed below and used by us are based on Art. 6 para. 1 sentence 1 lit. f DSGVO. With the tracking measures to be used, we want to ensure a needs-based design and the continuous optimization of our website. On the other hand, we use the tracking measures to statistically record the use of our website and evaluate it for the purpose of optimizing our offer for you. These interests are to be regarded as justified within the meaning of the aforementioned provision.

The respective data processing purposes and data categories can be found in the corresponding tracking tools.

2. Google Analytics

We use Google Analytics, a web analytics service provided by Google Inc, for the purpose of customizing and continually optimizing our pages . (https://www.google.com/intl/en/about/) (1600 Amphitheater Parkway, Mountain View, CA 94043, USA, hereafter "Google"). In this context, pseudonymised usage profiles are created and cookies (see under point V) are used. The information generated by the cookie about your use of this website such as

(1) browser type / version, 
(2) operating system used, 
(3) referrer URL (the previously visited page), 
(4) host name of the accessing computer (IP address), 
(5) time of server request,

are transmitted to a Google server in the US and stored there. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage for the purposes of market research and tailor-made website design. This information may also be transferred to third parties if required by law or if third parties process this data in the order. Under no circumstances will your IP address be merged with any other data provided by Google. The IP addresses are anonymized, so that an assignment is not possible (IP masking).

You can prevent the installation of cookies by setting the browser software accordingly; however, we point out that in this case not all features of this website may be fully exploited.

You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on ( https: //tools.google.com/dlpage/gaoptout?hl=en ).

As an alternative to the browser add-on, especially for browsers on mobile devices, you can prevent the collection by Google Analytics by clicking on this link. An optout cookie will be set which prevents the future collection of your data when visiting this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.

For more information about privacy related to Google Analytics, see the Google Analytics Help Center (https://support.google.com/analytics/answer/6004245?hl=en).

 

VII social media plug-ins

1. <//span>Facebook

We rely on our website on the basis of Art. 6 para. 1 sentence 1 lit. DSGVO the social plug-in of the social network Facebook to make our company better known. The underlying commercial purpose is to be regarded as a legitimate interest within the meaning of the GDPR. Responsibility for the operation compliant with data protection is to be guaranteed by their respective providers. The integration of this plug-in by us is done by means of the so-called two-click method to protect visitors to our website as best as possible. For this we use the "Follow us on Facebook" button. It is an offer from Facebook.

If you visit a page of our website that contains such a plugin, your browser establishes a direct connection to the Facebook servers. The content of the plugin is transmitted by Facebook directly to your browser and incorporated by him into the website.

By integrating the plugins, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook account or are currently not logged in to Facebook. This information (including your IP address) is transmitted from your browser directly to a Facebook server in the US and stored there.

If you are logged in to Facebook, Facebook can assign the visit to our website directly to your Facebook account. If you interact with the plugins, for example by pressing the "LIKE" or "SHARE" button, the corresponding information is also transmitted directly to a Facebook server and stored there. The information will also be posted on Facebook and displayed to your Facebook friends.

Facebook may use this information for the purpose of advertising, market research and tailor-made Facebook pages. For this purpose, Facebook uses user, interest and relationship profiles, eg. For example, to evaluate your use of our website in relation to the advertisements displayed on Facebook, to inform other Facebook users about your activities on our website, and to provide other services related to the use of Facebook.

If you do not want Facebook to assign the data collected via our website to your Facebook account, you must log out of Facebook before visiting our website.

The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as your related rights and settings options for the protection of your privacy, please refer to the privacy policy ( https://www.facebook.com/about/privacy/ ) of Facebook.

2. <//span>YouTube

For integration and presentation of video content, our website uses plugins from YouTube. Provider of the video portal is the YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA.

When you visit a page with an integrated YouTube plug-in, it will connect to YouTube's servers. YouTube will find out which of our sites you've visited.

YouTube may associate your browsing behavior directly with your personal profile should you be logged into your YouTube account. By logging out beforehand you have the option to prevent this.

The use of YouTube is in the interest of an attractive presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO.

For details on how to handle user information, please refer to the YouTube Privacy Policy at https://www.google.com/intl/en/policies/privacy .

 

VIII Newsletter

1. Description and scope of data processing

On our website you can subscribe to a free newsletter. The data from the input mask are transmitted to us when registering for the newsletter. The following data is recorded:

(1) E-mail (required) 
(2) Salutation (optional) 
(3) First and last name (optional) 
(4) Firm / firm (optional) 
(5) Street, number (optional) 
(6 ) Postcode, city (optional)

In addition, when registering, the date and time of registration will be charged.

For the processing of the data, your consent is obtained during the registration process and reference is made to this privacy policy.

In connection with the processing of data for the sending of newsletters, there is no disclosure of the data to third parties. The data will be used exclusively for sending the newsletter.

2. Legal basis for data processing

The legal basis for the processing of the data after the user has registered for the newsletter is the consent of the user Art. 6 para. 1 lit. a GDPR.

3. Purpose of the data processing

The collection of the user's e-mail address serves to deliver the newsletter.

The collection of other personal data in the context of the registration process serves to prevent misuse of the services or the email address used.

4. Duration of storage

The data will be deleted as soon as it is no longer necessary for the purpose of its collection. The e-mail address of the user is therefore stored as long as the subscription to the newsletter is active.

The other personal data collected during the registration process will normally be deleted after a period of seven days.

5. Opposition and removal possibility

Subscription to the newsletter may be terminated at any time by the user concerned. For this purpose, there is a corresponding link in each newsletter.

This also allows a revocation of the consent to the storage of the personal data collected during the registration process.

 

IX contact form and e-mail contact

1. Description and scope of data processing

On our website is a contact form available, which can be used for electronic contact. If a user realizes this option, the data entered in the input mask will be transmitted to us and saved. These data are:

(1) Title (required) 
(2) First and last name (required) 
(3) Company (optional) 
(4) Street, number (optional) 
(5) Postal code, city (optional) 
(6) Telephone ( optional) 
(7) Fax (optional) 
(8) E-mail (required) 
(9) Contact by (optional)

At the time of sending the message, the following data is also stored:

(1) Time to fill in the form 
(2) User Agent of the sender 
(3) Date and time

For the processing of the data in the context of the sending process your consent is obtained and referred to this privacy statement.

Alternatively, contact via the provided e-mail address is possible. In this case, the user's personal data transmitted by e-mail will be stored.

In this context, there is no disclosure of the data to third parties. The data is used exclusively for processing the conversation.

2. Legal basis for data processing

Legal basis for the processing of the data is in the presence of the consent of the user Art. 6 para. 1 lit. a GDPR.

The legal basis for the processing of the data transmitted in the course of sending an e-mail is Article 6 (1) lit. f DSGVO. If the e-mail contact aims to conclude a contract, then additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO.

3. Purpose of the data processing

The processing of the personal data from the input mask serves us only to process the contact. In the case of contact via e-mail, this also includes the required legitimate interest in the processing of the data.

The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. Duration of storage

The data will be deleted as soon as it is no longer necessary for the purpose of its collection. For the personal data from the input form of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the relevant facts have been finally clarified.

The additional personal data collected during the sending process will be deleted at the latest after a period of seven days.

5. Opposition and removal possibility

The user has the possibility at any time to revoke his consent to the processing of the personal data. If the user contacts us by e-mail, he may object to the storage of his personal data at any time. In such a case, the conversation can not continue.

All personal data stored in the course of contacting will be deleted in this case.

 

X rights of the person concerned

If personal data is processed by you, you are the person concerned within the meaning of the DSGVO and you have the following rights towards the responsible person:

1. Right to information

You may ask the person in charge to confirm if personal data concerning you is processed by us.

If such processing is available, you can request information from the person responsible about the following information:

(1) the purposes for which the personal data are processed; 
(2) the categories of personal data being processed; 
(3) the recipients or categories of recipients to whom the personal data relating to you have been disclosed or are still being disclosed; 
(4) the planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the duration of storage; 
(5) the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
(6) the existence of a right of appeal to a supervisory authority; 
(7) all available information on the source of the data if the personal data is not collected from the data subject; 
(8) the existence of automated decision-making including profiling under Article 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved, and the scope and intended impact of such processing on the data subject.

You have the right to request information about whether your personal information relates to a third country or an international organization. In this connection, you can request the appropriate guarantees in accordance with. Art. 46 GDPR in connection with the transfer.

2. Right to rectification

You have a right to rectification and / or completion to the controller, if the personal data you process is incorrect or incomplete. The responsible person must make the correction without delay.

3. Right to restriction of processing

You may request the restriction of the processing of your personal data under the following conditions:

(1) if you contest the accuracy of your personal information for a period of time that enables the controller to verify the accuracy of your personal information; 
(2) the processing is unlawful and you refuse the deletion of the personal data and instead demand the restriction of the use of the personal data; 
(3) the controller no longer needs the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or 
(4) you have objected to processing in accordance with Art. 21 (1) GDPR and it is not yet clear whether the legitimate reasons of the person responsible outweigh your reasons.

If the processing of personal data concerning you has been restricted, this data may only be used with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest Union or a Member State.

If the restriction on processing has been restricted in accordance with the above conditions, the person responsible will inform you before the restriction is lifted.

4. Right to cancellation

a) Obligation to delete

You may require the controller to delete your personal information without delay, and the controller is required to delete that information immediately if one of the following is true:

(1) Personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed. 
(2) You revoke your consent, to which the processing acc. Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. DSGVO and there is no other legal basis for processing. 
(3) According to. Art. 21 para. 1 DSGVO objection to the processing and there are no prior justifiable reasons for the processing, or you lay gem. Art. 21 para. 2 DSGVO Opposition to processing. 
(4) Your personal data have been processed unlawfully.
(5) The deletion of personal data concerning you shall be required to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject. 
(6) The personal data concerning you were collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.

b) information to third parties

If the person in charge has made the personal data concerning you public and is acc. Article 17 (1) of the GDPR, it shall take appropriate measures, including technical means, to inform data controllers who process the personal data that you have been identified as being affected, taking into account available technology and implementation costs Persons requesting deletion of all links to such personal data or of copies or replications of such personal data.

c) Exceptions

The right to erasure does not exist if the processing is necessary

(1) to exercise the right to freedom of expression and information; 
(2) to fulfill a legal obligation that requires processing under Union or Member State law to which the controller is subject or for the performance of a task of public interest or in the exercise of official authority conferring on the controller has been; 
(3) for reasons of public interest in the field of public health pursuant to Art. 9 (2) lit. h and i and Art. 9 (3) GDPR;
(4) for archival purposes of public interest, scientific or historical research purposes or for statistical purposes acc. Article 89 (1) GDPR, to the extent that the right referred to in subparagraph (a) is likely to render impossible or seriously affect the achievement of the objectives of that processing, or 
(5) to assert, exercise or defend legal claims.

5. Right to information

If you have the right of rectification, erasure or restriction of processing to the controller, he / she is obliged to notify all recipients to whom your personal data have been disclosed of this correction or deletion of the data or restriction of processing, unless: this proves to be impossible or involves a disproportionate effort.

You have a right to the person responsible to be informed about these recipients.

6. Right to Data Portability

You have the right to receive personally identifiable information you provide to the controller in a structured, common and machine-readable format. In addition, you have the right to transfer this data to another person without hindrance by the person responsible for providing the personal data, provided that

(1) the processing on a consent acc. Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a DSGVO or on a contract acc. Art. 6 para. 1 lit. b DSGVO is based and 
(2) the processing is carried out using automated procedures.

In exercising this right, you also have the right to obtain that your personal data relating to you are transmitted directly from one person to another, insofar as this is technically feasible. Freedoms and rights of other persons may not be affected.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the controller.

7. Right to object

You have the right at any time, for reasons that arise from your particular situation, against the processing of your personal data, which pursuant to Art. 6 para. 1 lit. e or f DSGVO takes an objection; this also applies to profiling based on these provisions.

The controller will no longer process the personal data concerning you unless he can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcing, exercising or defending legal claims.

If the personal data relating to you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct mail.

If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

Regardless of Directive 2002/58 / EC, you have the option, in the context of the use of information society services, of exercising your right to object through automated procedures that use technical specifications.

8. Right to revoke the data protection consent declaration

You have the right to revoke your data protection declaration at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.

9. Automated decision on a case-by-case basis, including profiling

You have the right not to be subjected to a decision based solely on automated processing - including profiling - that will have legal effect or similarly affect you in a similar manner. This does not apply if the decision

(1) is required for the conclusion or performance of a contract between you and the controller; 
(2) permitted by Union or Member State legislation to which the controller is subject; and such legislation shall provide for reasonable safeguards of your rights and freedoms; Your legitimate interests or 
(3) with your express consent.

However, these decisions must not be based on special categories of personal data under Art. 9 (1) GDPR, unless Art. 9 (2) lit. a or g DSGVO applies and reasonable measures have been taken to protect the rights and freedoms as well as your legitimate interests.

With regard to the cases referred to in (1) and (3), the person responsible shall take appropriate measures to uphold the rights and freedoms and their legitimate interests, including at least the right to obtain the intervention of a person by the controller, to express his / her own position and heard on challenge of the decision.

10. Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of its residence, place of work or place of alleged infringement, if you believe that the processing of the personal data concerning you is against the DSGVO violates.

The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.

11. Copyright notice

This website is protected by copyright. Without our prior written consent, no content of the website, in particular no texts, images, graphics, logos, may be reproduced, distributed, publicly displayed or otherwise exploited. All content on our site is copyright © 2018. All rights reserved.

Where to find us:
Im Mediapark 5a
50670 Cologne
Germany
Phone+49 221 952681-190
Fax+49 221 952681-114
E-Mail infoit-auditcom