1 Data controller
The data controller responsible for the collection, processing and use of your personal data as defined by the GDPR is:
iSAM AG, Bernd Jotzo, Alexanderstraße 46, 45472 Mülheim an der Ruhr, Germany
If you do not wish us to collect, process or use your personal data, either in general or for specific purposes, please contact us at the above address.
2 General use of our website
2.1 Access data
When you visit our website, we automatically collect a range of information, including details of how you use our website, about your interaction with us and about your computer or mobile device. Data is collected, stored and used each time you visit our website. Recorded in server log files, it includes the name and URL of the requested content, the date and time of your request, the volume of data transmitted, notification of successful transmission (HTTP response code), your browser type and version, your operating system, the previously visited web page (referrer URL), your IP address and the requesting provider.
The server log data is used for statistical evaluation, without it being linked to you as an individual, i.e. to help us improve the operation, security and quality of our website, as well as for anonymised recording of our website traffic, details of how our website and services are used, and for billing purposes (to measure clicks received via cooperation partners). This information allows us to provide personalised and location-specific content, to analyse our website traffic, to locate and resolve faults, and to improve our services. We reserve the right to review the server log data if there is reasonable suspicion that our website is being used unlawfully. Your IP address is recorded in the server log files for a limited period if required for security purposes or for provision/billing of a service. If you cancel an order or complete payment for a service, we will delete your IP address, provided it is no longer required for security purposes. We also store IP addresses if there is reasonable suspicion that our website is being used unlawfully. In addition, we store the date of your most recent visit (e.g. registration, login, use of links, etc.) as part of your account.
2.2 E-mail contact
If you contact us via e-mail or our contact form, we will store the content of your message in order to process your request and deal with potential follow-up questions. We will only collect and use other personal data if you give your specific consent or if this consent is not required by law.
2.3 Legal basis and retention period
The legal basis for our processing of data as specified above is point (f) of Article 6(1) of the General Data Protection Regulation (GDPR). Our legitimate interests in processing your personal data are primarily to optimise the operation and security of our website, to analyse traffic and to make our website easier to use.
Unless specifically stated otherwise, we will only store your personal data for as long as we need it for the purposes described.
3 Your rights as the data subject
Under law, you have certain rights regarding your personal data. If you would like to exercise these rights, please contact us by e-mail or letter at the address given in Section 1. When doing so, please identify yourself clearly.
The following is an overview of your rights.
3.1 Right to be informed
You have the right to obtain confirmation of whether or not your personal data is being processed by us. If it is, you have the right to receive the corresponding information and to obtain a copy of your personal data, free of charge. You also have a right to the following additional information:
- Purpose(s) of processing
- Categories of personal data processed
- Any recipients or categories of recipient to whom your personal data has been or will be disclosed, in particular recipients in third countries or international organisations
- The retention period or, if that is not possible, the criteria used to determine the retention period
- The existence of the right to rectify or erase your personal data or to restrict or object to the processing of your personal data
- The right to lodge a complaint with a supervisory authority
- If your personal data was not collected from you directly, all available information on the source of that data
- The existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of this processing with respect to you
Where personal data is transferred to a third country or to an international organisation, you have the right to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.
3.2 Right to rectification
If your personal data is inaccurate, you have the right to have us rectify it without undue delay. If your personal data is incomplete, you have the right to have us complete it, e.g. by providing us with supplementary information – subject to the purpose(s) of the processing.
3.3 Right to erasure (“right to be forgotten”)
You have the right to have us erase your data, without undue delay, and we are obligated to erase your personal data without undue delay if one of the following grounds applies:
- Your personal data is no longer necessary in relation to the purpose(s) for which it was collected or processed.
- You withdraw your consent to the processing pursuant to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR, and there is no other lawful basis for processing the data.
- You object to the processing pursuant to Article 21(1) GDPR and there is no overriding legal basis, or you object to the processing pursuant to Article 21(2) GDPR.
- Your personal data has been unlawfully processed.
- Your personal data must be erased in order to comply with a legal obligation under Union or Member State law to which we are subject.
- Your personal data has been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
Where we have made your personal data public and are obliged to erase it pursuant to Article 17 GDPR, we will take all reasonable steps, including technical measures, subject to available technology and the cost of implementation, to inform other controllers who may be processing your personal data that you have requested erasure of all links to, or copies or replications of, your data.
3.4 Right to restrict processing
You can ask us to restrict the processing of your personal data in the following scenarios:
- If you want to establish the data’s accuracy (we will suspend processing while we verify the accuracy of your personal data).
- Where our use of the data is unlawful but you do not want us to erase it.
- Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
- You have objected to our use of your data pursuant to Article 21(1) GDPR but we need to verify whether we have overriding legitimate grounds to use it.
3.5 Right to data portability
You have the right to obtain your personal data from us in a structured, commonly used and machine-readable format and to transfer your data to another data controller of your choosing without hindrance, where:
- the processing is based on consent pursuant to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR or on a contract pursuant to point (b) of Article 6(1) GDPR; and
- the processing is carried out by automated means.
When exercising your right to data portability pursuant to Paragraph 1, you have the right to have your personal data transmitted directly from us to another data controller, if technically feasible.
3.6 The right to object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. We will stop processing your personal data unless we can demonstrate compelling legitimate grounds that override your interests, rights and freedoms, or if processing is necessary to establish, exercise or defend legal claims.
If your personal data is being processed by us for direct marketing purposes, including profiling, you have the right to object at any time.
You may also object to the processing of your personal data for scientific or historical research or statistical purposes pursuant to Article 89(1) GDPR, unless this processing is necessary for the performance of a task carried out in the public interest.
3.7 Rights in relation to automated decision-making and profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, that has legal or other significant effects on you.
3.8 Right to revoke consent
You have the right to revoke your consent to the processing of your personal data at any time.
3.9 Right to complain to a supervisory authority
If you believe the processing of your personal data is unlawful, you have the right to complain to a supervisory authority, in particular in the Member State where you habitually reside or work, or where the alleged infringement took place.
4 Data security
We are committed to protecting your personal data in accordance with the law, subject to technical feasibility.
Your personal data is always encrypted before transfer using the Secure Sockets Layer (SSL) security protocol. This protection applies to both your order details and your customer login. However, please note that other means of sharing data via the Internet have inherent security risks, e.g. e-mail. It is not possible to guarantee total protection against unauthorised third-party access.
To secure your data, we use a range of technical and organisational measures that we continuously update as new solutions emerge.
We make no representations and provide no warranties that our website will be available at any specific time, i.e. access may be restricted due to power outages, system failures or other interruptions. The servers we use are regularly and carefully secured.
5 Automated decision-making
We do not use your personal data for the purpose of automated decision-making.
6 Disclosure of data to third parties, no data transfer to non-EU countries
Your personal data will normally be used exclusively within our company.
If we require the assistance of a third party, e.g. a logistics service provider, we will only share your personal data to the extent required for the respective service.
If we outsource part of our data processing, we will contractually oblige the outsourcing processor to perform the respective service in accordance with the law and to protect the rights of the persons concerned.