Datenschutz
1. Principles
Our privacy policy provides you with an overview of the type, scope and purpose of the personal data processed by i-ROM GmbH and your rights to protect your data.
When processing personal data, we comply with the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and other statutory provisions (e.g. the Act against Unfair Competition (UWG)).
I-ROM GmbH does not sell or rent your data. We only pass on your data to third parties within the narrow limits described in this declaration.
For the protection of sensitive, non-personal data, e.g. data on your products (design data, development status, functional models, simulation results), which you entrust to us as a customer of the services we offer (support, consulting, order calculation), we undertake to maintain confidentiality by means of a separate contract.
Which personal data we process and for what purposes is very individual and depends on the contracts concluded between us. Therefore, not all parts of this privacy policy will apply to you in the same way.
2. Questions for the data protection officer
If you have any questions about data protection, please send us an e-mail or contact the person responsible for data protection in our organization directly. You can reach them at:
Phone +49 371 2361524
The privacy policy applies to data processing by
i-ROM GmbH
Main street 130
09221 Neukirchen
Germany
3. Your rights as a data subject
You can exercise the following rights at any time using the contact details provided for our data protection officer:
Information about your data stored by us and its processing,
Correction of incorrect personal data,
Deletion of your data stored by us,
Restriction of data processing if we are not yet permitted to delete your data due to legal obligations,
Objection to the processing of your data by us and
Data portability, provided that you have consented to the data processing or have concluded a contract with us.
If you have given us your consent, you can revoke it at any time with effect for the future.
You can contact the supervisory authority responsible for you at any time with a complaint. Your competent supervisory authority depends on the federal state of your place of residence, your work or the alleged infringement. A list of supervisory authorities (for the non-public sector) with addresses can be found at
https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
You can contact the Saxon Data Protection Officer at:
E-Mail: saechsdsb@slt.sachsen.de
Tel. 0351/493 5401
4. Purposes of data processing by i-ROM GmbH and by third parties
We process your personal data for the following purposes:
to provide our products, service and support
to offer consulting and training services
to process your service orders
to organize seminars, trade fairs and other events
for authentication in the context of license management
to manage and improve our products and services and our website
to conduct customer satisfaction surveys
to inform you about new products, updates, seminars, etc.
to provide you with important contract renewal information, version upgrades and other notifications about products you use
to process employment-related applications
to enforce our contracts and claims and
to comply with our legal or regulatory obligations.
Third parties only process your personal data provided to us to a limited extent
as a provider of web and system infrastructure
as a provider of services for business operations (e.g. for payment processing)
as a partner or distributor
as an organizer or service provider of online or telephone conferences, web seminars and training courses
If we pass on personal data to third parties, we oblige the recipient to protect the data received in accordance with legal requirements.
Your personal data will not be transferred to third parties for purposes other than those mentioned above.
5. Legal basis for the processing of personal data
i-ROM GmbH processes personal data only if
you have given your express consent,
the processing is necessary for the performance of a contract with you,
the processing is necessary for compliance with a legal obligation (this includes in particular compliance with export restrictions and compliance with commercial and tax regulations) or
the processing is necessary to safeguard legitimate interests and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data.
6. Sources of the processed personal data
We process personal data that we lawfully obtain directly from you (see sections 6.1 and 6.2) or from publicly admissible sources (e.g. internet, press).
If we do not collect data relating to you directly from you, we will inform you of this within a reasonable period of time, at the latest within one month. If we use your personal data to communicate with you, you will be notified at the latest when we first contact you.
6.1 Contact by e-mail and telephone
If you contact us by e-mail or telephone, we assume that you consent to the use of your personal data. We use the personal data you provide (name, company, telephone number/e-mail address/postal address) to process your request and store it in our Customer Relationship Management (CRM), stating the date of receipt, purpose and legal basis.
After answering the request, we will delete your personal data, provided that no further contractual relationship is initiated or already exists and the deletion does not conflict with Section 17 (3) GDPR. Reference is made to point 3.
6.2 Website with our online offers and contact form
6.2.1 Collection of general information when visiting our website
When you access our website, we process your access data on our server. Server log files are created which contain the following information:
Names of the websites and files accessed
Date and time of the call
Amount of data transferred
Browser type used including its version
Operating system used
Referrer URL
Your IP address and your provider
This information is technically necessary in order to display the web pages correctly and is mandatory when using the Internet. It is processed in particular for the following purposes:
Ensuring a smooth connection to the website,
Ensuring the smooth use of our website,
Evaluation of system security and stability.
The processing of your personal data is based on our legitimate interest from the aforementioned purposes for data collection. We do not use your data to draw conclusions about your person. Recipients of the data are only the controller and, if applicable, processors.
Anonymous information of this kind may be statistically evaluated by us in order to optimize our website and the technology behind it.
The server log files relating to you are stored for a maximum of seven days and then deleted, unless longer storage is necessary for evidence purposes.
6.2.2. Cookies
Like many other websites, we also use so-called "cookies". These are small text files that are stored on your computer and saved by your browser. They are used to make navigation easier for you, to enable our website to be displayed correctly and to make the website more secure.
The cookies we use are automatically deleted at the end of your visit to our website. They do not contain any viruses and do not cause any damage to your computer.
6.2.3. Data transfers to countries outside the European Economic Area
If you have given your consent, your personal data may be transmitted to servers of a third-party provider (e.g. Google, LinkedIn, etc.) whose servers are located in the USA or another third country. We would like to point out that the USA and other third countries do not have an adequate level of data protection comparable to that in the EU. You therefore run the risk of access to this data by government authorities. This risk may also exist with regard to other third countries. The permissibility of these data transfers to the USA and other third countries concerned requires your express consent in accordance with Art. 49 para. 1 sentence 1 a) GDPR after you have been informed of the risks.
6.2.4. Use of Google Analytics
We use Google Analytics, a web analysis service of Google Inc. (hereinafter: Google) on our websites. Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site.
The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. Your IP address used when visiting our website is only stored in anonymized form, i.e. by means of an irreversible shortening of the IP address.
You can prevent the collection of data by Google cookies (including your IP address) and their processing by Google Analytics by downloading and installing the browser plug-in available at the following link: Use of Google Analytics http://tools.google.com/dlpage/gaoptout?hl=de .
You can also prevent data collection by Google Analytics by clicking on the following link: https://tools.google.com/dlpage/gaoptout. Your objection will be implemented by an opt-out cookie that prevents the future collection of your data when using the current browser when visiting our websites. Please note that the objection is only effective as long as the opt-out cookie remains set. If the cookie is deleted or you use a different browser, the objection will lose its effect.
Your personal data will be transferred to the USA, where there is no adequate level of data protection comparable to that in the EU. You are therefore at risk of access to this data by government authorities.
The legal basis for data processing is Art. 6 para. 1 sentence 1 a) GDPR in conjunction with Art. 49 para. 1 sentence 1 a) GDPR.
6.2.5. Google Ads
We use the online advertising system Google Ads from Google LLC. ("Google"). The responsible service provider in the EU and Switzerland is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). In connection with this, we use so-called conversion tracking and, in connection with Google Analytics (see above), so-called remarketing.
6.2.6. Google Ads Conversion Tracking
If you click on an advertisement placed by us on Google Ads on a website of another provider (Google itself or providers commissioned by Google), an individual cookie will be stored on your end device. This cookie enables Google to recognize that you have clicked on our ad and that the visit to our website is based on your clicking on the ad. In connection with this cookie, the so-called unique cookie ID, the number of so-called ad impressions per placement, the last impression and your opt-out information are stored (so-called conversion tracking). We do not collect or process any personal data in connection with conversion tracking. We only receive statistical evaluations from Google that enable us to assess the effectiveness of our advertising measures. It is therefore not possible for us to identify you.
You can object to participation in Google Ads Conversion Tracking by deactivating the Google Conversion Tracking cookie in your Internet browser under user settings.
Your personal data will be transferred to the USA, where there is no adequate level of data protection comparable to that in the EU. You are therefore at risk of access to this data by government authorities.
The legal basis for data processing is Art. 6 para. 1 sentence 1 a) GDPR in conjunction with Art. 49 para. 1 sentence 1 a) GDPR.
6.2.7. Google Ads Remarketing
Google Ads Remarketing enables Google to show you advertisements on other websites that belong to the Google advertising network, which Google assumes match your interests (so-called personalized advertising). This assumption is based on an analysis of your surfing behavior. For this purpose, Google places a cookie on your end device that enables Google to identify the web browser you are using on the end device you are using. If you give your consent, Google will link your browsing history to your Google account and show you personalized advertising on all devices on which you are logged in with your Google account. We do not collect or process any personal data in connection with Google Ads Remarketing.
You can prevent remarketing by selecting the appropriate settings in your browser software. You can permanently object to cross-device remarketing by deactivating personalized advertising in your Google account; follow this link: https://www.google.com/settings/ads/onweb/. Further information can be found in Google's privacy policy at: https://policies.google.com/technologies/ads.
The legal basis for data processing is Art. 6 para. 1 sentence 1 a) GDPR in conjunction with Art. 49 para. 1 sentence 1 a) GDPR.
6.2.8. Facebook pixel
We use the Facebook pixel of Meta Platforms, Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA. For users based in the EU, the provider is Meta Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. For this purpose, we insert small, transparent image files or lines of code into our web services. By calling up a pixel from your browser, Facebook can recognize whether an advertisement was successful. We do not collect or process any personal data in connection with the use of Facebook pixels. We only receive statistical evaluations from Meta that enable us to assess the effectiveness of our advertising measures. It is therefore not possible for us to identify you. You can object to the use of Facebook pixels by deactivating the Facebook pixel cookie. You can find information on how to do this in our cookie information.
Further information can be found in Meta's privacy policy at https://de-de.facebook.com/policy.php Your personal data will be transferred to the USA, where there is no adequate level of data protection comparable to that in the EU. You are therefore at risk of access to this data by government authorities.
The legal basis for data processing is Art. 6 para. 1 sentence 1 a) GDPR in conjunction with Art. 49 para. 1 sentence 1 a) GDPR.
6.2.9. LinkedIn
We use the LinkedIn Insight Tag of LinkedIn Corporation, 2029 Stierlein Court, Mountain View, CA 94043, USA. The responsible service provider in the EU and Switzerland is LinkedIn Ireland Unlimited, Wilton Place, Dublin 2, Ireland. The LinkedIn Insight tag is a simple JavaScript tag that collects metadata such as IP address, timestamp and page events (e.g. page views) and thus enables so-called conversion tracking. The InsightTag is integrated into our web services and activates the functions of LinkedIn Marketing Solutions. We do not collect or process any personal data in connection with the use of LinkedIn Insight Tag. We only receive statistical evaluations from LinkedIn that enable us to assess the effectiveness of our advertising measures at . It is therefore not possible for us to identify you.
You can object to the use of the LinkedIn Insight Tag by deactivating the Insight Tag cookie. You can find information on how to do this at https://www.linkedin.com/mypreferences/g/guest-cookies.
Further information can be found in LinkedIn's privacy policy at https://de.linkedin.com/legal/privacy-policy
Your personal data will be transferred to the USA, where there is no adequate level of data protection comparable to that in the EU. You are therefore at risk of access to this data by government authorities.
The legal basis for data processing is Art. 6 para. 1 sentence 1 a) GDPR in conjunction with Art. 49 para. 1 sentence 1 a) GDPR.
6.2.10. Contact forms
You have the option of contacting us directly via contact forms on our website. Personal data is collected when you contact us in this way. By using the contact form, you consent to the processing of your personal data.
The personal data is used to assign the request and the subsequent response. The provision of further data is required, for example, to determine whether you are acting in a business context or fulfilling an educational mission. The information you provide will be stored in our Customer Relationship Management (CRM) for the purpose of processing the request and for possible follow-up questions, stating the date of receipt and purpose. After your request has been processed, personal data will be deleted unless it is required to fulfill contractual obligations or pre-contractual measures.
If your data is processed for direct marketing purposes on the basis of your consent, you can withdraw this consent at any time with effect for the future. Your revocation will result in the deletion of your data. Please refer to point 3 of this declaration.
6.3. Online presence in social media
We maintain online presences within social networks and platforms, in particular Facebook, YouTube and LinkedIn, in order to communicate with the customers, interested parties and users active there and to inform them about our services.
If we offer you the opportunity to provide us with personal data for specific purposes (e.g. to request further information) and you provide us with your data for these purposes, it will be processed for the purposes stated in each case. Your personal data will be stored in a customer relationship management system ("CRM system") for this purpose, stating the date of entry, purpose of use and legal basis. In connection with the retrieval of your personal data, you will be informed separately and on a case-by-case basis of the purposes for which your data is processed, the legal basis on which the processing is carried out and the rights you have in connection with the processing of your personal data by us.
When accessing the respective networks and platforms, the terms and conditions and data processing guidelines of the respective operators apply. We would like to point out that you use our online presences and their functions on your own responsibility. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating).
When you visit our online presences, the operators of the respective social networks and platforms collect your IP address and other information that is stored on your PC in the form of cookies. The data collected about you in this context is processed by the respective social networks and platforms and may be transferred to countries outside the European Union where there is no adequate level of data protection comparable to that in the EU. You therefore run the risk of access to this data by government authorities. We have no influence on the type and scope of the data processed, the type of processing and the use or disclosure of this data to third parties. We also have no effective control options in this respect. The information collected is also used to provide us with statistical information about the use of our respective online presences.
Detailed information on data processing by the respective operators of the social networks and platforms can be found in their data usage guidelines.
The guidelines of Meta (formerly Facebook) Ireland Ltd. can be found at https://de-de.facebook.com/privacy/explanation/
The guidelines for the use of YouTube can be found in the privacy policy of Google Ireland Limited at https://policies.google.com/privacy?hl=de&gl=de#infocollect
The guidelines of LinkedIn Ireland Unlimited Company ("LinkedIn Ireland") can be found at https://de.linkedin.com/legal/privacy-policy
6.4. YouTube video platform
We offer you the opportunity to watch videos on our website. We use the services of YouTube for this purpose. This is operated by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA, which has been a subsidiary of Google, LLC since 2006. When you access a video on our website, a connection is established to the servers of the respective platform and the plugin required to view the video is displayed. In addition, various cookies are downloaded to your hardware from the servers of the respective platform. This tells the respective platform which of our websites you have visited, among other things. If you have an account with the respective platform and are logged into it, the platform assigns this information to your account. In this case, the platform will also assign it to your account if you actually watch the video.
Your personal data may be transferred to the USA, where there is no adequate level of data protection comparable to that in the EU. You are therefore at risk of access to this data by government authorities.
Information on the scope of the data collected by YouTube and the further handling of this data can be found in the privacy policy of Google, LLC. You can find this at https://policies.google.com/privacy.
The legal basis for data processing is your consent in accordance with Art. 6 para. 1 sentence 1 a) GDPR in conjunction with Art. 49 para. 1 sentence 1 a) GDPR. In particular, we use a so-called two-click solution, in which cookies from the platforms are not set immediately when you access the page containing them, but only after a second click, with which you declare your consent to the data transfer. You have the option to revoke your consent at any time in the cookie banner settings.
6.5 Microsoft Teams
Microsoft Teams is an offer from Microsoft Corporation for teamwork in Office 365 and can be used with guest access. A Microsoft account is required for active use of guest access, but this is quick and easy to set up. The use of Microsoft Teams is subject to Microsoft's terms of use and privacy policy. If you participate in a Microsoft Teams session offered by us, the terms of use and data protection provisions of Microsoft Corporation apply.
Microsoft Teams transfers, stores and processes data outside the territorial scope of the GDPR, in particular also in countries without equivalent data protection (e.g. USA). Microsoft ensures data protection in these countries with standard contractual clauses. We have also concluded an order processing agreement with Microsoft Teams.
The legal basis for the use of Microsoft Teams and the associated third-country processing is Art. 6 para. 1 sentence 1 a) GDPR in conjunction with Art. 49 para. 1 sentence 1 b) GDPR.
6.6. Purchase of products, ordering of services, registration for events
Personal data is collected when purchasing products, ordering services and registering for events. Personal data is processed for the purpose of executing the respective contracts concluded and thus for the fulfillment of contractual obligations.
The following data is collected for the installation of the program (for test purposes or after conclusion of a software transfer agreement):
Operation System and Edition
Name, e-mail and contact details of the user or administrator
Information about the computer on which the program is installed (Operation System Installation Date, Windows Product ID, UUID and MachineGUID)
The collection and use of this data is absolutely necessary for the conclusion and execution of the respective contract. The computer, user or administrator-related data will be deleted as soon as the contractual relationship has ended and the deletion does not conflict with any tax or legal requirements.
7. Recipients of personal data within I-ROM GmbH
Your personal data is stored in our Customer Relationship Management (CRM) system, stating the permitted purpose of use and the legal basis for processing. In addition to the system administrators and the management, access is only granted to those employees who require access to realize the purpose of use.
Third parties are only granted access in a few exceptional cases. Access by third parties is also limited to those of your personal data that they need to support us in carrying out the business relationship (e.g. in the context of telecommunications).
8. Transfer of data to third countries
We transfer your personal data to locations outside the European Union (so-called third countries) in the following cases:
The transmission is necessary for the execution of the contracts concluded with you,
The transfer is necessary to comply with export regulations or to prevent violations of export regulations (e.g. the export regulations of the USA).
We will obtain your express consent in advance before passing on the data.
9. Duration of data storage and its criteria
We store your personal data for as long as is necessary for the performance of our business relationships and the resulting contractual and legal obligations.
Personal data that is no longer required for the performance of business relationships is deleted at regular intervals. We review the personal data every three years to determine whether it is still required.
i-ROM GmbH is subject to the commercial and tax regulations in Germany. The regular retention period for commercial and tax matters and thus also for personal data related to these is ten years.
In addition, the rules on the statute of limitations in accordance with § 195 ff BGB must be observed. The regular limitation period is three years, beginning at the end of the year in which the claim arose. In addition, special limitation periods can be up to 30 years and thus lead to a very long retention period in individual cases.
10. Data security
To protect the security of your data during transmission, we use the state-of-the-art SSL encryption method via HTTPS.
11. Deletion or blocking of the data
We adhere to the principles of data avoidance and data economy. We therefore only store your personal data for as long as is necessary to achieve the purposes stated here or as provided for by the various storage periods stipulated by law. Once the respective purpose no longer applies or these periods have expired, the corresponding data is routinely blocked or deleted in accordance with the statutory provisions.
12. Obligation to provide data
We require our customers to provide the personal data necessary for the conclusion, execution and termination of contracts.
Our customers are also obliged to provide us with the necessary personal data that we are legally obliged to collect. We would like to point out that we offer products that may be subject to export restrictions. We are therefore obliged to verify the identity of our customers in order to prevent a breach of export restrictions where necessary.
We will not enter into a business relationship with potential customers who do not provide us with the necessary data.
13. Changes to our privacy policy
We reserve the right to adapt this privacy policy so that it always complies with current legal requirements or to implement changes to our services in the privacy policy, e.g. when introducing new services. The new privacy policy will then apply to your next visit.