IBA DATA PROTECTION STATEMENT

We are delighted that you are interested in our company. Data protection is a particularly high priority for the management of Industrieverband Büro und Arbeitswelt e. V., hereinafter referred to as IBA. It is generally possible to use the IBA website without providing any personal data. However, if you wish to use specific services offered by our company via our website, it may be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we will generally obtain your consent.

The processing of personal data, such as your name, address, email address or telephone number, is always carried out in accordance with the General Data Protection Regulation (GDPR) and in compliance with the country-specific data protection regulations applicable to the IBA. By means of this privacy policy, our company informs the public in accordance with Articles 13 and 14 of the GDPR about the nature, scope and purpose of the personal data we collect, use and process, as well as your rights.

As the controller, the IBA has implemented numerous technical and organisational measures to ensure the most complete protection possible of the personal data processed via this website. Nevertheless, Internet-based data transmissions can generally have security gaps, so that absolute protection cannot be guaranteed. For this reason, you are free to transmit personal data to us by alternative means, for example by telephone.

https://quality-office.org/legal/datenschutzbestimmungen/

1. Name and address of the controller

The controller within the meaning of Article 13(1)(a) of the GDPR, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is:

Industrieverband Büro und Arbeitswelt e. V. (IBA)
Parkstraße 44 B
65191 Wiesbaden
Germany
Tel.: +49 611 9457637-0
Email: info(at)iba.online
Website: iba.online

2. Cookies

Our website uses cookies. Cookies are small text files that are stored on your device via an internet browser. The use of technically necessary cookies is based on Art. 6 (1) lit. f GDPR in conjunction with § 25 (2) TTDSG, the use of additional cookies is based exclusively on your consent in accordance with Art. 6 (1) lit. a GDPR.

Cookies serve to make the use of our website more convenient, secure and effective, for example by storing settings or temporarily storing user entries. Cookies make it possible to recognise a return visit to the website by reading a previously set cookie. This does not involve any direct identification of your person.

An example of this is the use of an online planning tool for room or furnishing concepts. The planning tool uses cookies to remember the room layouts, positions of furnishings or configurations you have selected, so that they are still available when you return to the site.

You can prevent cookies from being stored at any time by adjusting your browser settings or delete cookies that have already been set. Please note that if you deactivate cookies, you may not be able to use all the functions of our website to their full extent.

3. Collection of general data and information

The IBA website collects a range of general data and information each time the website is accessed, regardless of whether this is done by a user or an automated system. This general data and information is stored in the server log files. The following may be collected

1. the browser types and versions used
2. the operating system used by the accessing system
3. the website from which an accessing system reaches our website (so-called referrer)
4. the sub-websites that are accessed via an accessing system on our website
5. the date and time of access to the website
6. an Internet Protocol address (IP address)
7. the Internet service provider of the accessing system
8. other similar data and information that serves to avert danger in the event of attacks on our information technology systems. Insofar as personal data is processed in this context, this is done on the basis of Art. 6 para. 1 lit. f GDPR.

When using this general data and information, the IBA does not draw any conclusions about your person. Rather, this information is required on the basis of legitimate interest pursuant to Art. 6 (1) lit. f GDPR in order to

1. deliver the content of our website correctly
2. optimise the content of our website and the advertising for it
3. ensure the long-term functionality of our information technology systems and the technology of our website, and
4. provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack.

This data and information, which is usually collected anonymously, is therefore evaluated by the IBA for statistical purposes and with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimal level of protection for the personal data we process. The anonymous data in the server log files is stored separately from all personal data you provide in order to comply with the principle of data minimisation and storage limitation in accordance with Art. 5 (1) (c) and (e) GDPR.

The log file data is generally only stored for a limited period of time and then deleted, unless further storage is necessary for security reasons.

4. Registration on our website

You can register on our website by providing personal data. The personal data that is transmitted to us is determined by the respective input mask used for registration. We collect and store the personal data you enter on the basis of Art. 6 para. 1 lit. b GDPR exclusively for internal use and for our own purposes. The data may be passed on to one or more processors within the meaning of Art. 28 GDPR, provided that they use the data exclusively on our behalf or for internal purposes.

When you register on our website, the IP address assigned by your Internet service provider (ISP), the date and the time of registration are also stored on the basis of Art. 6 (1) lit. f GDPR. This data is stored in order to prevent misuse of our services and, if necessary, to enable the investigation of criminal offences. In this respect, the storage of this data is necessary for our protection in accordance with the legitimate interest pursuant to Art. 6 (1) lit. f GDPR. This data will not be passed on to third parties unless there is a legal obligation to do so or the disclosure serves the purpose of criminal prosecution.

The purpose of registration is to offer you content or services that, due to their nature, can only be offered to registered users. You have the option at any time to change or completely delete the personal data you provided during registration.

Within the scope of Art. 15 GDPR, you can request information about which personal data is stored about you at any time. Furthermore, your personal data will be corrected or deleted within the scope of Art. 16 and 17 GDPR upon request or notification, provided that there are no legal retention obligations to the contrary. Our employees are available to you as contact persons at any time.

5. Contact option via the website

Due to legal requirements, the IBA website contains information that enables you to quickly contact our company electronically and communicate with us directly, which also includes a general address for electronic mail (e-mail address). If you contact us by email or via a contact form, the personal data you provide will be automatically stored on the basis of Art. 6 (1) lit. b GDPR or Art. 6 (1) lit. f GDPR. Such personal data initially transmitted to us by you will be stored for the purpose of processing or contacting you. This personal data will not be passed on to third parties unless there is a legal obligation to do so.

6. Routine deletion and blocking of personal data

We process and store your personal data in accordance with Art. 5 (1) (e) GDPR only for the period necessary to achieve the purpose of storage or if this is required by law.

If the purpose of storage no longer applies or if a statutory storage period expires, the personal data will be routinely blocked or deleted in accordance with Art. 17 and Art. 18 GDPR and in accordance with the statutory provisions.

7. Your rights

You have the following rights with regard to your personal data under the GDPR:

a. Right to confirmation

In accordance with Art. 15 GDPR, you have the right to request confirmation from us as to whether personal data concerning you is being processed.

b. Right to information

In accordance with Art. 15 (1) GDPR, you have the right to obtain information free of charge about the personal data stored about you and to receive a copy of this data in accordance with Art. 15 (3) and (4) GDPR. The information includes in particular:

• the purposes of processing
• the categories of data processed
• the recipients or categories of recipients
• the planned storage period, or otherwise the criteria for determining this period
• your other rights (e.g. rectification, erasure, restriction, objection)
• the existence of a right to lodge a complaint with a supervisory authority
• if the personal data was not collected from you: information about its origin
• the existence of automated decision-making, including profiling, in accordance with Article 22(1) and (4) GDPR

If data has been transferred to a third country or to an international organisation, you may request information about the safeguards provided for this purpose in accordance with Article 15(2) GDPR.

We will respond to your requests without delay, but at the latest within one month, in accordance with Article 12(3) GDPR. The exercise of your rights is generally free of charge. Manifestly unfounded or excessive requests may be rejected or subject to a reasonable fee in accordance with Article 12(5) GDPR.

c. Right to rectification

In accordance with Art. 16 GDPR, you may request the immediate rectification of inaccurate data or the completion of incomplete data.

d. Right to erasure (right to be forgotten)

Pursuant to Art. 17 GDPR, you may request the erasure of your data, in particular if:

• the data is no longer necessary,
• you have revoked your previously given consent,
• you have lodged an objection,
• the data has been processed unlawfully, or
• there is a legal obligation to erase it.

If personal data has been made public and we are obliged to delete it in accordance with Art. 17 (1) GDPR, we shall take appropriate measures within the scope of Art. 17 (2) GDPR to inform other controllers who process this data of your request for deletion. The right to erasure does not apply if processing is necessary in accordance with Art. 17(3) GDPR, in particular due to legal obligations, for reasons of public interest or for the establishment, exercise or defence of legal claims.

e. Right to restriction of processing

You may request the restriction of the processing of your data in accordance with Art. 18(1) GDPR if:

• you have contested the accuracy of the data,
• the processing is unlawful,
• we no longer need the personal data, or
• you have objected to the processing pursuant to Art. 21(1) GDPR.

In the event of a restriction of processing, your personal data may – apart from its storage – only be processed with your consent or for the establishment, exercise or defence of legal claims or for reasons of important public interest pursuant to Art. 18(2) GDPR.

f. Right to data portability

In accordance with Art. 20 (1) and (2) GDPR, you have the right to receive your data in a structured, commonly used and machine-readable format or, where technically feasible, to have it transferred to another controller, provided that the processing is based on your consent or on a contract.

This right only applies if it does not conflict with the rights and freedoms of other persons or overriding public interests pursuant to Art. 20 (3) GDPR.

g. Right to object

Pursuant to Art. 21 GDPR, you may object at any time to the processing of your data on grounds relating to your particular situation, which is carried out on the basis of Art. 6 para. 1 letters e or f GDPR.

If we process your data (including profiling) for direct marketing purposes, you may object to the processing at any time.

If we process data for scientific or statistical purposes in accordance with Art. 89(1) GDPR, you may object to this on grounds relating to your particular situation.

h. Automated decisions in individual cases

Pursuant to Art. 22(1) GDPR, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. Such a decision shall only be made in accordance with Art. 22(2) GDPR if it is necessary for the conclusion or performance of a contract, is based on a legal basis or is made with your express consent.

In these cases, we take appropriate measures to protect your rights, freedoms and legitimate interests, in particular the right to human intervention, to express your own point of view and to contest the decision, in accordance with Art. 22(3) GDPR.

Exclusively automated decision-making based on special categories of personal data within the meaning of Art. 9 para. 1 GDPR does not take place, unless it is exceptionally permissible under Art. 22 para. 4 GDPR.

i. Right to withdraw consent under data protection law

Every person affected by the processing of personal data has the right, granted by the European legislator, to withdraw consent to the processing of personal data at any time.

You can contact us at any time to exercise your rights. If you assert your rights to rectification, erasure or restriction, we will inform the recipients of your personal data of this, insofar as this is necessary in accordance with Art. 19 GDPR.

8. Data protection provisions on the use of Google

Our website uses the advertising analysis service Google Analytics 4. Google Analytics 4 enables us to analyse the use of our website by visitors and to optimise our offering. The operating company of Google Analytics 4 is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit our website, your usage behaviour, the pages you visit, your clicks, your length of stay, your approximate location, technical information (e.g. browser, device) and a pseudonymised user ID are recorded, among other things. According to Google, the IP address is truncated by default in EU member states or other EEA contracting states and only then transferred to servers in the USA or other third countries for further processing (IP anonymisation). The data collected by Google Analytics is generally stored for up to 14 months. Storage beyond this period only takes place if and as long as there are legal retention obligations.

The use of Google Analytics is based on your express consent in accordance with Art. 6 (1) lit. a GDPR in conjunction with § 25 (1) TTDSG. If you do not wish such information to be transmitted to Google, you can revoke your previously given consent at any time via our cookie banner.

We use Google Tag Manager, a service provided by Google Ireland Limited, on the basis of our legitimate interest in the efficient administration and control of our website in accordance with Art. 6 (1) lit. f GDPR. The tool is used in particular to check the success of Google Ads campaigns. Tag Manager itself does not collect any personal data. It is only used to manage and trigger tags, which may collect further data.

When using this tool, it cannot be ruled out that data may be transferred to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. If such a transfer takes place, it is based on an adequacy decision pursuant to Art. 45 or appropriate safeguards pursuant to Art. 46 GDPR. Where necessary, processing is carried out on the basis of contractual agreements for order processing in accordance with Art. 28 GDPR.

Further information and Google’s applicable data protection regulations can be found at:

• https://www.google.de/intl/de/policies/privacy/
• http://www.google.com/analytics/terms/de.html
• https://www.google.com/intl/de_de/analytics/
• https://support.google.com/analytics/answer/6004245?hl=de

9. Data protection provisions regarding the use of LinkedIn

We have integrated components from LinkedIn Corporation into our website. LinkedIn is an internet-based social network that enables users to connect with existing business contacts and establish new business contacts. Over 400 million registered users use LinkedIn in more than 200 countries. This makes LinkedIn currently the largest platform for business contacts and one of the most visited websites in the world.

LinkedIn is operated by LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland. For users outside the EU, LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA is responsible.

Each time you access our website, which is equipped with a LinkedIn component (LinkedIn plug-in), the browser you are using downloads a corresponding representation of the LinkedIn component. This is done on the basis of your consent in accordance with Art. 6 (1) lit. a GDPR in conjunction with § 25 (1) TTDSG. As a result, LinkedIn receives information about which specific page of our website you have visited.

If you are logged in to LinkedIn at the same time, LinkedIn recognises which specific page of our website you are visiting each time you access our website and for the entire duration of your visit to our website. This information is collected by the LinkedIn component and assigned to your LinkedIn account by LinkedIn. If you click on a LinkedIn button integrated into our website, LinkedIn will assign this information to your personal LinkedIn user account and store your personal data. In this context, joint responsibility may exist between us and LinkedIn in accordance with Art. 26 GDPR.

LinkedIn always receives information via the LinkedIn component that you have visited our website if you are logged into LinkedIn at the same time as you visit our website; this occurs regardless of whether you click on the LinkedIn component or not.

In this context, the transfer of personal data to servers in third countries cannot be ruled out. If this occurs, it is based on an adequacy decision pursuant to Art. 45 or appropriate safeguards pursuant to Art. 46 GDPR.

If you do not want such information to be transferred to LinkedIn, you can log out of your LinkedIn account before visiting our website or, alternatively, revoke your previously given consent at any time via our cookie banner.

LinkedIn offers you the option to unsubscribe from email messages, SMS messages and targeted ads, as well as to manage your ad settings, at https://www.linkedin.com/psettings/guest-controls. LinkedIn also uses partners such as Quantcast, Google Analytics, BlueKai, Doubleclick, Nielsen, Comscore, Eloqua and Lotame, which may set cookies. You can opt out of such cookies at https://www.linkedin.com/legal/cookie-policy.

You can view LinkedIn’s current privacy policy at https://www.linkedin.com/legal/privacy-policy, LinkedIn’s cookie policy at https://www.linkedin.com/legal/cookie-policy and information about LinkedIn plugins at https://developer.linkedin.com/plugins.

10. Data protection provisions for the use of IBA OfficePlaner

We have integrated an interface to the online planning tool IBA OfficePlaner on our website. The online planning tool (‘room planner’) enables you to plan rooms digitally and place furniture virtually. Interactive functions are provided for this purpose, which can be used to enter room dimensions, create floor plans and visualise furnishings. The tool is designed for convenient and individualised planning of room concepts directly in the browser. The planning tool is operated by EasternGraphics GmbH, Albert-Einstein-Straße 1, 98693 Ilmenau.

When you open the page https://iba.online/planer/, data from https://www.easterngraphics.com/de/pcon-roomplanner.html, a website of EasternGraphics GmbH, is loaded into your browser window.

For this purpose, your IP address is forwarded to EasternGraphics GmbH, which processes the data. This is done on the basis of your prior consent in accordance with Art. 6 (1) lit. a GDPR in conjunction with § 25 (1) TTDSG.

In this context, joint responsibility within the meaning of Art. 26 GDPR may exist between us and EasternGraphics GmbH.

You can view the data protection provisions of EasternGraphics GmbH at https://pcon-planner.com/de/impressum/#terms.

11. Data protection provisions on the use of Getty Images images

The controller has integrated components from Getty Images into this website. Getty Images is an American image agency. A photo agency is a company that offers images and other visual material on the market. Photo agencies usually market photographs, illustrations and film material. Various customers, in particular website operators, editorial offices of print and TV media and advertising agencies, license the images they use through a photo agency.

The operating company of the Getty Images components is Getty Images International, 1st Floor, The Herbert Building, The Park, Carrickmines, Dublin 18, Ireland.

Getty Images permits the embedding of stock images (free of charge in some cases). Embedding is the integration of specific third-party content, such as text, video or image data, which is provided by a third-party website and then appears on your own website. A so-called embed code is used for embedding. An embed code is an HTML code that is integrated into a website by a website operator. If a website operator has integrated an embed code, the external content of the other website is displayed immediately by default as soon as a website is visited. To display the third-party content, the external content is loaded directly from the other website. Getty Images provides further information about embedding content at http://www.gettyimages.de/resources/embed.

The technical implementation of the embed code, which enables the display of Getty Images, transmits the IP address of the internet connection used by the data subject to access our website to Getty Images. Getty Images also records our website, the type of browser used, the browser language, the time and duration of access. In addition, Getty Images may collect navigation information, i.e. information about which of our subpages were visited by the data subject and which links were clicked, as well as other interactions that the data subject carried out while visiting our website. This data may be stored and evaluated by Getty Images.

Further information and the applicable data protection regulations of Getty Images can be found at https://www.gettyimages.de/company/privacy-policy.

12. Ordering IBA publications

Users of this website have two options for ordering IBA publications:

• Free of charge. In return, you provide us with your contact details. These will be used to inform you about new publications, events involving the IBA Forum and similar activities. The data will not be marketed in the form of disclosure to third parties for their advertising purposes. You can revoke the permission granted with the order to use your data to the extent described at any time, free of charge and informally, with effect for the future, in accordance with Art. 7 (3) GDPR.
• Subject to a fee. In this case, your data will be stored on the basis of Art. 6 (1) lit. b GDPR solely for the purpose of sending the ordered documents and calculating the fees incurred, including all subsequent processes within the framework of proper accounting, insofar as there are statutory retention obligations in accordance with Art. 6 (1) (c) GDPR in conjunction with commercial and tax law regulations.

13. Legal basis for processing

Insofar as the processing of personal data in the above sections is based on your consent in accordance with Art. 6 (1) lit. a GDPR, this does not constitute the exclusive legal basis for all processing operations. Depending on the individual case, processing may also be based on Art. 6 (1) lit. b–f GDPR.

If the processing of personal data is necessary for the performance of a contract to which you are a party, the processing is based on Article 6(1)(b) GDPR. The same applies to processing operations that are necessary for the implementation of pre-contractual measures.

If our company is subject to a legal obligation that requires the processing of personal data, such as for the fulfilment of tax obligations, the processing is based on Article 6(1)(c) GDPR.

In rare cases, the processing of personal data may be necessary to protect your vital interests or those of another natural person. In these cases, processing is based on Art. 6 para. 1 lit. d GDPR.

Finally, processing operations may be based on Art. 6 para. 1 lit. f GDPR if the processing is necessary to safeguard a legitimate interest of our company or a third party and there are no overriding interests, fundamental rights and freedoms on your part. A legitimate interest may exist in particular if you are our customer, Recital 47 GDPR.

14. Legitimate interests in processing

If the processing of personal data is based on Article 6(1)(f) GDPR, our legitimate interest lies in the proper execution of our business activities, ensuring IT security and optimising our online offering.

15. Storage period

The duration of the storage of personal data depends on the respective processing purpose and the applicable statutory retention periods. Personal data will be deleted as soon as it is no longer necessary for the fulfilment of the contractual purpose. Longer storage will only take place if and as long as statutory retention periods exist or the data is still required for the fulfilment or initiation of the contract.

16. Obligations to provide data

We would like to point out that the provision of personal data is sometimes required by law (e.g. tax regulations) or may also result from contractual provisions (e.g. information on the contractual partner). In certain cases, it is necessary for the conclusion of a contract that you provide us with personal data, which we will then process. If you do not provide us with the personal data required for the conclusion of the contract, a contract cannot be concluded. In individual cases, we will inform you separately whether the provision of personal data is required by law or contract or is necessary for the conclusion of a contract and what the consequences of non-provision may be, Art. 13 (2) (e) GDPR.

17. Automated decision-making

There is no automated decision-making or profiling within the meaning of Art. 22 GDPR.