Privacy policy

July 2023

We are delighted that you are visiting our website and thank you for your interest in our company and the services we offer.

In the following, we inform you about the processing of your personal data by us and the claims and rights you are entitled to under data protection regulations, in particular the European General Data Protection Regulation (GDPR).

This privacy information explains to you the type, scope, and purpose of the processing of personal data within our website. The privacy information applies to www.ifp-labs.com and its subdomains, platforms, and devices (e.g., desktop, mobile, etc.).

Personal data in the sense of the GDPR are all data that can be related to you personally, e.g., name, address, email addresses, user behavior. The specific data processed and how it is used largely depends on the services you use from us.

We use various other terms in our privacy information in the sense of the GDPR. These include terms such as processing, restriction of processing, profiling, pseudonymization, controller, processor, recipient, third party, consent, supervisory authority, and international organization. You can refer to Art. 4 GDPR for corresponding definitions of these terms.

1. Who is responsible for data processing and who can I contact?

Responsible is:

ifp Privates Institut für Produktqualität GmbH
Wagner-Régeny-Str. 8
12489 Berlin
Tel.: +49 30 / 74 73 33 - 0
Fax: +49 30 / 74 73 33 - 4999
E-Mail: datenschutz@produktqualitaet.com

You can reach our data protection officer at:

mip Consult GmbH
Rechtsanwalt Asmus Eggert
Wilhelm-Kabus-Str. 9
10829 Berlin
Tel.: +49 30 / 74 73 33 - 0
E-Mail: datenschutz@produktqualitaet.com
www.sofortdatenschutz.de

2. What sources and data do we use?

We process personal data that we receive from you in the course of using our website and, if applicable, our business relationship.

In the case of purely informational use of the website, i.e., if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. When you visit our website, we collect the following access data, which is technically necessary for us to display our website to you and to ensure stability and security. Access data includes the IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (i.e., name of the specific webpage accessed), access status/HTTP status code, each amount of data transferred, referrer URL (previously visited page), operating system and its interface, language and version, and type of browser software, notification of successful retrieval. This data is collected for technical reasons.

Furthermore, we receive your personal data if you contact us via the contact form or email. Personal data in this context includes, for example, name, email address, telephone number, and possibly the data that you send us as a message (hereinafter referred to as "contact data"). Please note that we cannot guarantee complete data security when communicating via email, so for information with a high need for confidentiality, we recommend contacting us by mail.

3. Why do we process your data (purpose of processing) and on what legal basis?

We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) for the following purposes and based on the following legal bases:

PurposesLegal basis
Insofar as you have given us consent to process personal data for certain purposes, in particular for making contact (e.g., via our contact form or by email to process and handle the request), the legality of this processing is based on your consent.
Consent that has been given can be revoked at any time. Please note that the revocation only affects the future. Processing that took place before the revocation is therefore not affected by the revocation. The revocation can be sent to the contact data mentioned above or to datenschutz@produktqualitaet.com.
Consent, Art. 6 para. 1 sentence 1 lit. a) GDPR
When you contact us (via contact form or email), your information is processed to handle the contact request and its execution. Implementation of pre-contractual measures at the request of the person, Art. 6 para. 1 sentence 1 lit. b) GDPR; Protection of legitimate interests, Art. 6 para. 1 sentence 1 lit. f) GDPR
We use cookies on our website. We store information on your end device because it is absolutely necessary to provide our website to you, § 25 paragraph 2 no. 2 TTDSG. The data processing is carried out in accordance with Art. 6 paragraph 1 sentence 1 lit. f) GDPR, to safeguard our legitimate interests in the best possible functionality of the website. An overview of the cookies used can be found below in section 10. In the context of the balance of interests to protect legitimate interests, Art. 6 para. 1 sentence 1 lit. f) GDPR, as well as § 25 para. 2 no. 2 TTDSG
When you contact us (via contact form or email) in connection with your application, we process your data to check your suitability for the position (or possibly other open positions in our companies) and to carry out the application process. Your application data will be reviewed by the HR department upon receipt. Suitable applications are then forwarded internally to the department heads responsible for the respective open position. The further course of action is then decided there. In the company, only those people have access to your data who need it for the proper course of our application process. Establishment of an employment relationship, § 26 BDSG and after the application process has been completed in the event of rejection to protect legitimate interests, Art. 6 para. 1 sentence 1 lit. f) GDPR (defense of claims), possibly if given consent, Art. 6 para. 1 sentence 1 lit. a) GDPR
We process your access data (see data listed above under point 2) to protect legitimate interests of us or of third parties. We particularly pursue the following legitimate interests:
  • Ensuring IT security, in particular the security of the website;
  • Advertising or market and opinion research, provided you have not objected to the use of your data;
  • Asserting legal claims and defense in legal disputes;
In the context of the balance of interests to protect legitimate interests, Art. 6 para. 1 sentence 1 lit. f) GDPR

4. Who receives my data?

Within our company, those departments that need it to fulfill our contractual and legal obligations will have access to your data.

Contract processors used by us (Art. 28 GDPR) can also receive data for the purposes mentioned above. These are companies in the categories of IT services, logistics, telecommunications, collections, consulting, and sales and marketing. If we pass on data to our service providers, they may use the data exclusively to fulfill their tasks. The service providers have been carefully selected and commissioned by us. They are contractually bound by our instructions, have suitable technical and organizational measures to protect the rights of the affected persons, guarantee an adequate level of data protection and are carefully monitored by us. If necessary, we will forward your data within our group of companies for processing.

Data will only be passed on to third parties who are not contract processors within the framework of the legal requirements. We only pass on the data of users to third parties if this is necessary, for example, on the basis of Art. 6 para. 1 sentence 1 lit. b) GDPR for contract purposes or based on legitimate interests according to Art. 6 para. 1 sentence 1 lit. f) GDPR in an economic and effective operation of our business operations or you have consented to the data transfer. For purely informational use of the website, we generally do not pass on data to third parties.

5. How long will my data be stored?

For security reasons (e.g., to investigate misuse or fraud), log file information is stored for a maximum of 14 days and then deleted (see point 2 above). Data, the further retention of which is necessary for evidential purposes, are excluded from deletion until the respective incident has been finally clarified.

As necessary, we process and store your personal data for the duration of our business relationship, which includes, for example, the initiation of a contract via contact form or by email.

Applicant data is deleted six months after rejection. If there has been no hiring, but your application is still of interest to us, we will, provided we have your express written consent, keep your application on file for future job postings. The data will be deleted after a maximum of three years.

In addition, we are subject to various retention and documentation obligations, which result, among other things, from the Commercial Code (HGB) and the Fiscal Code (AO). The periods prescribed there for retention or documentation are two to ten years.

Finally, the storage duration is also determined by the statutory limitation periods, which, for example, according to §§ 195 ff. of the German Civil Code (BGB) usually amount to 3 years, but in certain cases can be up to thirty years, with the regular limitation period being three years.

If you assert your rights as a data subject, we store the information provided to you in this regard until the expiry of the statutory limitation period according to § 31 para. 2 no. 1 OWiG, § 41 para. 1 BDSG, Art. 83 para. 5 lit. b) GDPR for 3 years. This period can be extended if the statutory limitation period is extended by interruptions of the limitation period (e.g., as part of requests from supervisory authorities).

6. Is data transferred to a third country or an international organization?

Data transfer to third countries (states outside the European Union - EU) does not take place.

7. What data protection rights do I have?

Every data subject has

  • the right to information according to Art. 15 GDPR (i.e., you have the right to request information about your personal data stored by us at any time),
  • the right to rectification according to Art. 16 GDPR (i.e., if your personal data is incorrect or incomplete, you can request the correction of this data),
  • the right to deletion according to Art. 17 GDPR and the right to restriction of processing according to Art. 18 GDPR (i.e., you may have the right to request the deletion or restriction of the processing of your personal data, for example, if there is no longer a legitimate business purpose for such processing and statutory retention obligations do not require further storage),
  • the right to data portability from Art. 20 GDPR (i.e., you may have the right to receive the personal data concerning you that you have provided to us in a structured, common, and machine-readable format and to transmit this data to another controller without hindrance).

Furthermore, you can revoke consents, generally with effect for the future.

In addition, there is a right to complain to a data protection supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG). You can find the supervisory authority responsible for you at https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

Additionally, we would like to draw your attention to your right to object under Art. 21 GDPR:

Information about your right to object under Art. 21 GDPR
You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you, which is based on Art. 6 para. 1 sentence 1 lit. e) GDPR (data processing in the public interest) and Art. 6 para. 1 sentence 1 lit. f) GDPR (data processing on the basis of a balance of interests); this also applies to profiling based on this provision as defined by Art. 4 No. 4 GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.
In individual cases, we process your personal data in order to carry out direct marketing. You have the right to object at any time to the processing of personal data concerning you for such marketing; this also applies to profiling to the extent that it is associated with such direct marketing. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.
The objection can be made informally and no costs will be incurred other than the transmission costs according to the basic rates.

The objection should be addressed to:

ifp Private Institute for Product Quality GmbH
Data Protection Officer
Wagner-Régeny-Str. 8, 12489 Berlin

or by e-mail to:

datenschutz@produktqualitaet.com

8. To what extent is there automated decision-making in individual cases including profiling?

In the context of accessing our website or contacting us via form or email, we do not generally use fully automated decision-making in accordance with Article 22 GDPR. Should we use these procedures in individual cases, we will inform you separately if this is legally required. We do not process your data automatically with the aim of evaluating certain personal aspects (profiling).

On our website, you must provide the personal data that is technically necessary or required for IT security reasons for the use of our website. If you do not provide this data, you cannot use our website.

When contacting us via form or email, you only need to provide the personal data necessary to process your request. Otherwise, we cannot process your request.

10. Data processing, cookies, and similar technologies

When you visit our site, a session ID is stored in a cookie on your device to maintain the user status for all page requests. The cookie is deleted as soon as you close your internet browser. We store information on your device because it is absolutely necessary to provide you with our website, § 25 para. 2 no. 2 TTDSG. The data processing is carried out in accordance with Art. 6 para. 1 sentence 1 lit. f) GDPR, to protect our legitimate interests in the best possible functionality of the website. Beyond that, no further cookies or similar technologies are used on our website.

11. Our social media presence

You can find us on social networks and platforms to communicate with you and inform you about our services there.

On our website, we only link to our company profiles on the respective social networks. Please note, however, that when you click on a link to the social networks, data is transferred to their servers. If you are logged into the respective social network with your username and password at this time, the information that you have visited our company profile from our website is transferred there and the respective provider can store this information in your user account.

We would like to point out that in this case your data may be processed outside the European Union and that the data is usually processed for market research and advertising purposes. User profiles can be created from the usage behavior and the interests of the users that result from this. These usage profiles can in turn be used to place, for example, advertisements within and outside the platforms that presumably correspond to the interests of the users. For this purpose, cookies and similar technologies may be stored on the users' devices in which the users' usage behavior and interests are stored. In these usage profiles, other data can also be stored, especially if the users are members of the respective platforms and are logged in to them.

We generally do not have a significant influence on the data processing of the social networks. However, we do receive statistics from the providers about the use and visits to our company profiles on social networks (e.g. information about the number of views, interactions like likes and comments as well as summarized demographic and other information or statistics). More detailed information about the data used by the providers can be found in the privacy information of the providers linked below.

If we receive your personal data in the context of our social media presences (e.g. in the context of a message), you have the rights mentioned above in this data protection information. You can direct your requests regarding the data processing in the context of our company profiles to us via the contact details mentioned above.

If you wish to assert rights against the provider of the social network, the easiest way to do this is to contact the respective providers directly. The provider knows both the details of the technical operation of the platform and the associated data processing as well as the specific purposes of data processing. The contact details can be found in the privacy information linked below. We are also happy to assist you in asserting your rights, as far as it is possible for us.

The processing of users' personal data is generally based on their consent in accordance with Art. 6 Para. 1 sentence 1 lit. a) GDPR. The legal basis is also Art. 6 Para. 1 sentence 1 lit. b) GDPR, if we receive and process your data in the context of a contract-related inquiry via our social media presence. The legal basis for the linking and operation of our company profiles in social networks including the receipt of statistics on the use of our company profiles is Art. 6 Para. 1 sentence 1 lit. f) GDPR based on our legitimate interest in our company communication in the respective social networks.

For information on the respective processing and the respective possibilities to object, we refer to the privacy information of the providers linked below:

powered by webEdition CMS