Privacy Statement

This Privacy Statement applies to the use of our online offer https://www.inceconsult.com/

We place great importance on data protection. The collection and processing of your personal data will take place in compliance with the applicable data protection regulations, particularly the General Data Protection Regulation (GDPR).

1        Data controller

The person responsible for the collection, processing and use of your personal data within the meaning of Art. 4 no. 7 GDPR is

Mr Marc Elbrecht

Ince Consultancy LLP

Grosse Elbstrasse 45

22767 Hamburg

Fon:      +4940180632670

Fax:      +4940 84200207

E-mail:   dataprotection@inceconsult.com

 

In the event that you want to raise an objection against the collection, processing or use of your data by us according to these data protection regulations either as a whole or with respect to individual measures, you may address your objection to the data controller.

You are at any time allowed to store and print this Privacy Statement.

2        General purposes of data processing

We use personal data

  • for operating the website
  • for announcing marketing events
  • for application procedures
  • for newsletters
  • for establishing and maintaining attorney-client relationships

3        Data used by us and why

3.1       Hosting

The hosting services used by us serve to make the following services available: infrastructure and platform services, computing capacity, storage space and data base services, security services as well as technical maintenance services used for the operation of the website.

For this purpose, we or, as the case may be, our hosting provider processes inventory data, contact data, content data, contract data, usage data, metadata and communication data of clients, prospective clients and visitors of this website on the basis of our legitimate interests in an efficient and secure provision of our website in line with Art. 6 paragraph 1 sentence 1 f) GDPR in conjunction with Art. 28 GDPR.

3.2       Access data

We collect data concerning your person when you use this website. We automatically gather information on your user behaviour and your interaction with us and register data concerning your computer or mobile device. We collect, store and use data on each access to our website (so-called server log files). Such access data include:

  • name and URL of the accessed file
  • date and time of the retrieval
  • transmitted data volume
  • report on successful retrieval (HTTP response code)
  • type and version of browser
  • operating system
  • referer URL (i.e. the site visited before)
  • websites used by the system of the user via our website
  • internet service provider of the user
  • IP address and the enquiring provider

Without allocating  these log data to your person and without creating any other profile, we use these log data for statistical analyses serving the operation, security and optimisation of our website, but also in order to find out the number of visitors of our website (traffic) in an anonymous form and in order to obtain information on the scope and manner of the use of our website and services, furthermore for billing purposes and in order to measure the number of clicks received from cooperation partners. Based on such information, we are able to provide personalised and site-related contents and to analyse the data traffic, to locate and fix errors and to improve our services.

This is also our legitimate interest according to Art. 6 paragraph 1 sentence 1 f) GDPR.

We reserve the right to check the log data subsequently whenever there is, due to specific indications, a justified reason to suspect a use contrary to legal provision. IP addresses are stored by us in the log files for a limited period of time whenever this is necessary for security purposes or required for rendering or billing services, e.g. if you use one of our offers. Upon discontinuance of the ordering process or upon receipt of payment, we erase the IP address if we need it no longer for security purposes. ID addresses are also stored by us whenever there is a specific suspicion of a criminal offence in connection with the use of our website. In addition, we will, as a part of your account, store the date of your last visit (e.g. upon registration, login, clicking of links etc.).

3.3       Data for fulfilling our contractual obligations

We process personal data required by us for fulfilling our contractual duties, such as name, address, e-mail address, products ordered, invoice and payment data. The collection of such data is necessary for contract conclusion.

The data will be erased after expiry of the warranty terms and the statutory retention terms. Data connected to a user account (see below) will in any case be retained as long as the account is maintained.

Such data processing is legally based on Art. 6 paragraph 1 sentence 1 b) GDPR, because these data are required by us in order to be able to fulfil the contractual obligations owed by us towards you.

3.4       E-mail contact

When you contact us (e.g. via the contact form or via e-mail), we process the information rendered by you in order to process your enquiry and in order to be able to give you an answer to follow-up questions, if any.

If data processing takes place in order to perform pre-contractual measures taken in connection with your enquiry or, if you already belong to our clients, in order to implement the contract, Art. 6 paragraph 1 sentence 1b) GDPR shall form the legal basis for such data processing.

Other personal data will be processed by us only if you have given your consent in this respect (Art. 6 paragraph 1 sentence 1 a) GDPR) or if we have a legitimate interest in processing your data (Art. 6 paragraph 1 sentence 1 f) GDPR). A legitimate interest may, for instance, exist in our desire to respond to your e-mail.

4        Storage period

Unless specifically indicated, we store personal data only as long as it is necessary to fulfil the pursued purposes.

In some cases, legislation provides for retention of personal data, as it is, for instance, the case in tax and trade law. In such cases, the data will solely be stored by us for such statutory purposes, but not used for any other purposes, and erased upon expiry of the statutory retention term.

5        Your rights as data subject

According to applicable statutory provisions, you have various rights with respect to your personal data. If you want to exercise such rights, we kindly ask you to send your enquiry via e-mail or mail to the address mentioned in clause 1 by clearly identifying yourself.

Hereinafter, please find a survey of the rights you are entitled to.

5.1       Right to obtain confirmation and right of access

You are entitled to be provided with clearly presented information on the processing of your personal data.

In detail:

You are at any time entitled to obtain a confirmation from us as to whether we process your personal data. If so, you have the right to request information on the personal data stored by us without charge and to receive a copy of such data. Apart from that, you are entitled to be provided with the following information:

  1. the purposes of processing;
  2. the categories of personal data processed;
  3. the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
  4. where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  5. the existence of the right to request from the controller rectification or erasure of your personal data or restriction of processing of your personal data or to object to such processing;
  6. the right to lodge a complaint with a supervisory authority;
  7. where the personal data are not collected from you, any available information as to their source;
  8. the existence of automated decision-making, including profiling, referred to in Art. 22 paragraphs 1 and 4 GDPR and – at least in these cases – meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.

In the event that personal information is transmitted to a third country or to an international organisation, you have the right to be informed about the appropriate safeguards according to Art. 46 GDPR in connection with such transmission.

5.2       Right to rectification

You have the right to request us to rectify and, as the case may be, to complete your personal data.

In detail:

You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed – including by means of providing a supplementary statement.

5.3       Right to erasure (“right to be forgotten”)

In a number of cases, we are obliged to erase your personal data.

In detail:

According to Art. 17 paragraph 1 GDPR, you have the right to request us to erase your personal data without undue delay, and we are obliged to erase personal data without undue delay where one of the following grounds applies:

  1. The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
  2. You withdraw your consent on which the processing is based according to Art. 6 paragraph 1 sentence 1 a) GDPR or Art. 9 paragraph 2 a) GDPR, and there is no other legal ground for the processing.
  3. You object to the processing according to Art. 21 paragraph 1 GDPR and there are no overriding legitimate purposes for the processing, or you object to the processing pursuant to Art. 21 paragraph 2 GDPR.
  4. The personal data have been unlawfully processed.
  5. The personal data have to be erased for compliance with a legal obligation according to Community Law or the law of the member states to which we are subject.
  6. The personal data have been collected in relation to the offer of information society services according to Art. 8 paragraph 1 GDPR.

Where we have made the personal data public and are obliged to erase them according to Art. 17 paragraph 1 GDPR, we will, by taking account of the available technology and the costs of implementation, take reasonable steps, including technical measures, to inform the controller who is processing the personal data that you have requested the erasure by such controller of any links to, or copy or replication of, those personal data.

5.4       Right to restriction of processing

In a number of cases, you have the right to request us to restrict the processing of your personal data.

In detail:

You have the right to request us to restrict the processing of your personal data where one of the following applies:

  1. the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data;
  2. the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
  3. we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims, or
  4. you have objected to processing according to Art. 21 paragraph 1 GDPR pending the verification whether the legitimate grounds of our company override your legitimate grounds.

5.5       Right to data portability

You have the right to receive your personal data in a machine-readable form, to transmit them or to have them transmitted by us.

In detail:

You have the right to receive your personal data provided to us by you in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without any hindrance from us, where

  1. the processing is based on a consent pursuant to Art. 6 paragraph 1 sentence 1 a) GDPR or Art. 9 paragraph 2 a) GDPR or on a contract pursuant to Art. 6 paragraph 1 sentence 1 b) GDPR, and
  2. the processing is carried out by automated means.

In exercising your right to data portability according to paragraph 1, you have the right to have the personal data transmitted directly from us to another controller, where technically feasible.

5.6       Right to object

You have the right to object to our lawful processing of your personal data if this necessity arises from your specific situation and our interests in processing them does not override your interests.

In detail:

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based Art. 6 paragraph 1 sentence 1 e) or f) GDPR, including profiling based on those provisions. We will no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Where personal data are processed by us for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Art. 89 paragraph 1 GDPR, you have, on grounds relating to your particular situation, the right to object to processing of personal data concerning you, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

5.7       Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning your person or similarly significantly affects you.

Automated decision-making based on the collected personal data will not take place.

5.8       Right to withdraw a consent under data protection law

You have the right to withdraw consent to the processing of personal data at any time.

5.9       Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to your person infringes legal provisions.

6        Data security

We feel to a maximum degree committed to the security of your data within the framework of applicable data protection laws and technical possibilities.

Your personal data will be transmitted in an encrypted form. This applies to your orders or appointments and also to the client login. We use the SSL coding system (Secure Socket Layer), but draw attention to the fact that data transmissions on the Internet (e.g. when communicating by e-mail) may have security gaps. A complete data protection against access of third parties is not possible.

In order to safeguard your data, we maintain technical and organisational security measures complying with Art. 32 GDPR and continuously adjust them to the current state of the art.

Apart from that, we do not guarantee that our offers are available at certain times; malfunctions, interruptions or failures cannot be ruled out. The servers used by us are regularly and carefully secured.

7        Transfer of data to third parties, no data transfer to non-EU member states

As a rule, we will use your personal data exclusively within our company.

If and when we involve third parties within the framework of the fulfilment of contracts (such as providers of logistics services), such parties will receive such personal data only to the extent they must be transmitted in order to enable them to fulfil the respective tasks.

In the event that certain parts of data processing operations are sourced out by us („processing by third parties“), we will contractually oblige such third party processors to use personal data exclusively in compliance with the requirements of data protection laws and to guarantee the protection of the rights of the data subjects.

Data transmissions to locations or persons outside the EU which go beyond the case described in clause 4 of this Privacy Statement will not take place and are not planned.

8        Data Protection Officer

If you have any further questions or concerns with respect to data protection, please do not hesitate to contact our data protection officer:

Mr Marc Elbrecht

Ince Consultancy LLP

Grosse Elbstrasse 45

22767 Hamburg

Fon:      +4940180632670

Fax:      +4940 84200207

E-mail:  dataprotection@inceconsult.com