Privacy Policy
*Last updated: October 3, 2024*

The following declaration about data protection applies to the use of the website https://www.intellegam.com/, hereinafter referred to as “Online Services”.

Intellegam GmbH attaches great importance to privacy. The collection and processing of your personal data is carried out in compliance with the applicable data protection regulations, in particular with the General Data Protection Regulation (GDPR). This Declaration describes how and for what purpose your personal data is collected and used, and what choices you have in connection with your data.

By using these ‚Online Services‘, you consent to the collection, use and transfer of your data in accordance with this Data Protection Declaration. If you wish to object to our collection, processing or use of your data completely or with regard to individual measures in accordance with this Data Protection Regulation, you can address your objection to the controller.

1 General

1.1 Controller

The controller who is the body responsible for the collection, processing and use of your personal data within the meaning of GDPR is

Intellegam GmbH Co. KG
Ammerseestr. 49
82061 Neuried
Germany

Represented by: Tobias Hetfleisch & Marc Gehring

Tel.: +49 (0) 179 3453961
E-Mail: [hetfleisch@intellegam.com]

1.2 Data protection officer

You can reach our data protection officer at:

Intellegam GmbH Co. KG
Ammerseestr. 49
82061 Neuried
Germany
Tel.: +49 (0) 174 2037473
E-Mail: [burrichter@intellegam.com]

1.3 Terminology

‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

‘processing’ means any handling of personal data, such as collection, storage, transmission, receipt, deletion, etc.

‘restriction of processing’ means the future processing of personal data to new mandatory limited requirements. Only a very few employees within our company may further view and process the data. Beyond that any processing is blocked.

‘deletion’ of personal data means both the definitive and therefore irrevocable, complete removal of data (destruction) and of the personal reference to them (anonymisation). In any case, after the deletion process a reference to specific persons can no longer be established.

‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

‘recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.

‘third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

2 Data processing

2.1 Types of processed data

- Name
- Contact data (e. g. email, phone numbers)

2.2 Categories of Data Subjects

Visitors and users of the Online Services. Hereinafter, we will refer to the Data Subjects also as “user”.

2.3 Purpose of processing

2.3.1 General data collection for Online Services

We do not track, collect, or store any personal or usage data from visitors to our website. Our website is designed to function without requiring user data. We do not share, sell, or publish any personal information.

2.3.2 Online Services

2.3.2.1 HubSpot (Online Services, Contact form)

We use HubSpot to manage our customer relationships and process personal data. By submitting your information through this contact form, you acknowledge that the data you provide will be transferred to HubSpot for processing in accordance with their Privacy Policy and Terms of Service. We collect and store your personal information to respond to your inquiries, provide our services, and improve your experience.

We use HubSpot, a digital marketing tool, for our website and on our website. The service provider is the American company HubSpot, Inc, 25 First Street, 2nd Floor Cambridge, MA, USA. The company also has a registered office in Ireland at 1 Sir John Rogerson's Quay, Dublin 2, Ireland. HubSpot also processes your data in the USA, among other places.

HubSpot is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. You can find more information on this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, HubSpot uses so-called standard contractual clauses (= Art. 46 (2) and (3) GDPR). Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, HubSpot undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among others: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32021D0914

The Data Processing Agreement, which corresponds to the standard contractual clauses, can be found at https://legal.hubspot.com/dpa. You can find out more about the data that is processed through the use of HubSpot in the Privacy Policy at https://legal.hubspot.com/de/privacy-policy.

2.3.2.2 Replying to contact requests and communication with users

When you contact us (e.g. via contact form or e-mail), we store your details (e.g. name, e-mail address, conversation history) to process your enquiry in accordance with Art. 6 sec. 1 lit. a GDPR and in the event that follow-up questions arise in relation to a subsequent contractual or business relationship in accordance with Art. 6 sec. 1 lit. b GDPR. In addition, we only use your personal data if you consent to this or if this is permitted by law without consent.

3 Legal bases and storage period

Unless specifically stated, we only store your personal data for as long as necessary to fulfil the purposes pursued in accordance with Art. 6 GDPR.

Furthermore, your data will be deleted if the data is no longer required to fulfil contractual or legal storage obligations in accordance with Art. 17 sec. 3 lit. b GDPR (e.g. tax and commercial law storage obligations) as well as dealing with possible warranty and comparable obligations.

In addition, we store your personal data for the purpose of asserting, exercising or defending legal claims according to Art. 17 sec. 3 lit. e GDPR.

If personal data may no longer be processed for the original purpose, but storage obligations still exist, the data will be archived from the productive processing or storage locations, completely deleted from the productive level and access restricted.

Once all storage obligations have been fulfilled, storage rights have lapsed and all deletion periods have expired, the corresponding data is routinely deleted.

4. Your rights as a Data Subject

Under applicable law, you have various rights regarding your personal data. If you wish to assert these rights, please send your request to the data protection officer by e-mail or by mail with a clear identification of your person (see Clause 1.2).

As a Data Subject, you have the following rights:

4.1 Right of access

According to Art. 12 and 13 you have the right to obtain from us a confirmation as to whether or not personal data concerning you is being processed. Where that is the case, you have the right to obtain free information from us about the personal data stored about you and a copy of this data.

4.2 Right to rectification

According to Art. 16 GDPR you have the right to obtain from us the immediate rectification of inaccurate personal data concerning you. In consideration of the purposes, you have the right to request the completion of incomplete personal data, including by means of a supplementary statement.

4.3 Right to erasure (“Right to be forgotten”)

According to Art. 17 GDPR you have the right to obtain from us the immediate erasure of the personal data concerning you and we are obliged to erase your personal data immediately, unless there are legal or contractual obligations to keep records. In this case the further processing of your data will be restricted.

Where we have made personal data public and we are required to erase it, we will take appropriate measures, taking into account available technology and implementation costs, also of technical nature, to inform the controllers who process the personal data that you have requested the deletion of any personal data or of copies or replications of such personal data according to Art. 19 GDPR.

4.4 Right to restriction of processing

According to Art. 18 GDPR you have the right to obtain from us restriction of processing. For example, you can oblige us to process only those personal data that are absolutely necessary for the provision of our services.

4.5 Right to data portability

According to Art. 20 GDPR You have the right to receive the personal data concerning you provided to us in a structured, commonly used and machine-readable format and you have the right to transmit those data to another controller without hindrance from us.

4.6 Right to object

According to Art. 21 GDPR you have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Art. 6 sec. 1 lit. e or f GDPR, including profiling based on those provisions. We do no longer process the personal data unless we can demonstrate compelling grounds, worthy of protection, for the processing which override your interests, rights and freedoms or the processing serves for the establishment, exercise or defense of legal claims.

4.7 Right of withdrawal of a declaration of consent given under data protection law

According to Art. 6 sec. 1 lit. a GDPR, you have the right to revoke the previously granted consent to data processing without giving reasons. If no other lawfulness of the processing within the meaning of Art. 6 sec. 1 GDPR justifies further data processing, your personal data must then be deleted immediately. Otherwise, the processing of the personal data of the data subject must be temporarily restricted (blocked).

4.8 Right to appeal to a supervisory authority

You have the right to appeal to a supervisory authority, in particular in the Member State of your home, work or at the place where the infringement has allegedly been committed, if you have the opinion that the processing of the data concerning you is unlawful.

For Intellegam the competent supervisory authority is the Bayerische Landesbeauftragte für den Datenschutz, Wagmüllerstraße 18, 80538 München.
e-mail: poststelle@datenschutz-bayern.de.
Website: https://www.datenschutz-bayern.de/vorstell/impressum.html

5. Data security

We endeavor to ensure the security of your personal data under the scope of applicable data protection laws and technical options.

We implement the following technical, physical and organizational measures to protect the security of your personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized use, unauthorized disclosure or access and against all other unlawful forms of processing.

We transmit your personal data in encrypted form. This applies to your orders and also to a customer login. We use the SSL (Secure Socket Layer) coding system, but point out that data transmission over the Internet (e.g. when communicating by e-mail) can have security gaps. It is not possible to protect such data completely against access by third parties.

When personal data is accessed by authorized personnel, access is only possible via an encrypted connection. When accessing data in a database, the IP number of the person accessing the data must also be pre-authorized to gain access.

All access to personal data is blocked by default. Access to personal data is restricted to individually authorized personnel. Our security and data protection officer issues authorizations and keeps a log of the authorizations granted. Authorized employees are granted only the minimum access they absolutely need for their tasks through our role and authorization concept.

Administrative processes, including system access, are logged to provide an audit trail when unauthorized or accidental changes are made.

System performance and availability is monitored by both internal and external monitoring services.

All data is stored on servers of Amazon Web Services in Frankfurt, Germany and Dublin, Ireland which are monitored by us. Databases are backed up continuously to enable recovery at any time within a 35-day retention period. Backups are stored in file storage in the same geographic location as the database.

To safeguard your data, we maintain technical and organizational security measures that we always adapt to state-of-the-art technology.

Furthermore, we do not warrant that our offer will be available at specific times; disturbances, interruptions or failures cannot be excluded.

In the event that your data is compromised, we will notify you and the relevant regulatory authorities by email within 72 hours of the extent of the breach, the data involved, any impact on the service and the plan of action to secure the data and limit any adverse effects on the data subject.

6. Automated decision-making

No automated decision-making will be done on the basis of the collected personal data.

7. Transfer of data to third parties, data transfer to non-EU/EEA countries

As a rule, we only use your personal data in our company.

In addition, your personal data will only be passed on if you have given your consent in accordance with Art. 6 sec. 1 lit. a GDPR, the transfer is necessary for the fulfilment of a contract in accordance with Art. 6 sec. 1 lit. b GDPR, we are subject to a legal obligation in accordance with Art. 6 sec. 1 lit. c GDPR (e.g. e.g. tax regulations, participation in the clarification of a criminal offence), or if this is necessary to protect our legitimate interests in accordance with Art. 6 sec. 1 lit. f GDPR, unless your interests or fundamental rights and freedoms that require the protection of personal data outweigh this.

If and insofar as we involve third parties in the fulfilment of contracts, these third parties will only receive personal data to the extent that the transmission is absolutely necessary for the corresponding service.

In the event that we outsource certain parts of data processing (“contract processing”), we contractually oblige our processors to use personal data only in accordance with the requirements of the data protection laws and this privacy policy and to ensure the protection of the rights of the data subject.

There currently is no data transfer to institutions or person outside the EU/EEA and outside the cases mentioned in this declaration. Furthermore, it is only permitted to transfer personal data to institutions or persons outside the EU/EEA under the conditions set out in Art. 44 following GDPR. In particular, adequate protection is then guaranteed by appropriate measures, such as standard contractual clauses of the EU Commission within the meaning of Art. 46 sec. 2 lit. d GDPR.

8. Data protection officer

Should you still have any questions relating to our data protection or to this Data Protection Declaration, or should you intend to exercise your rights named herein, kindly contact our data protection officer (contact details see point 1.2).

9. Changes to the Data Protection Declaration

Intellegam reserves the right to change the Privacy Policy in order to adapt it to changed legal situations, or in the event of changes in the service and data processing. However, this only applies to declarations about the processing of data. If the consent of the user is required or elements of the Data Protection Declaration contain provisions of the contractual relationship with the User, the changes are only made with the approval of the User.

Users are asked to inform themselves regularly about the content of the Data Protection Declaration. You can save and print this Data Protection Declaration at any time.