Privacy Declaration


1) Basic Information on Data Processing

This privacy declaration explains how we use personal data on our website and for what purposes.

You can access this information at any time on our website.

We take the protection of your personal data seriously and treat your personal data as confidential, and in accordance with the statutory data protection regulations. We collect, use, and store personal data exclusively within the scope of the provisions of data protection laws. These include, in particular, the General Data Protection Regulation (GDPR), the new German Federal Data Protection Act (BDSG-Neu), and country-specific data protection laws. In concrete terms, this means that we will only use your data if permitted by law. In other words, we may process your data if it is necessary for the provision of our services (e.g., processing requests) or if it is required by law, you have given your consent, or if the processing of the data is justified on the basis of our legitimate interests (commercial operation of our company and security of our website).

Terms such as "personal data" and "processing" correspond to the definitions in the GDPR.

2) Controller

The controller for the data processing is:

IFS Management GmbH, Am Weidendamm 1A, 10117 Berlin, Germany, telephone +49 (0) 30 726 25074, fax +49 (0) 30 726 250 79, 
dataprotection@ifs-certification.com, www.ifs-certification.com

3) Contact Details of the Data Protection Officer:

Mr Nils Gustke, Gesellschaft für Personaldienstleistungen mbH, Pestalozzistraße 27,

34119 Kassel, Germany, telephone +49 (0) 561 7896868, fax +49 (0) 561 7896861, gustke@gfp24.de, www.gfp24.de

4) Legal Bases

Please note that the following legal bases exist for the processing of data:

Consent, Art. 6 para. 1 a) and Art. 7 GDPR.

Processing for the performance of our services, implementation of contractual measures, Art. 6 para. 1 b) GDPR.

Fulfillment of our legal obligations, Art. 6 para 1 c) GDPR.

Protection of our legitimate interests, Art. 6 para, 1 f) GDPR.

5) Disclosure of Data to Third Parties and Third Party Providers

We will only disclose your data to third parties within the scope of the legal requirements, for example if this is required for contractual purposes on the basis of Art. 6 para 1 b) GDPR or is justified on the basis of legitimate interests in accordance with Art. 6 para. 1 f) GDPR.

If we use third parties to provide our website, we will take appropriate legal precautions and appropriate technical and organizational measures to ensure the protection of your personal data.

6) Collection and Use of Data

We collect and use the personal data of every user insofar as this is required for the user to be able to use our website. This includes, in particular, features identifying the user and details on the start, end, and scope of the use of our website.

We collect a range of general data and information each time our website is visited. This general data and information is stored in the log files of the server (see point 8 of this privacy declaration).

7) Security

We maintain technical and organizational measures for the purpose of ensuring data security. However, we draw your attention to the fact that online data transmission (e.g., when communicating via email) can be exposed to security vulnerabilities. It is not possible to ensure the seamless protection of data against access by third parties.

8) Server Logs

We collect data on every access to the server on which our IFS app is located based on our legitimate interests within the meaning of Art. 6 para. 1 f) GDPR (so-called server log files). Your browser transmits these server log files to us automatically. The data collected in this way includes the date and time of access, location, country, state, region, town/city, URL (web address) of the referring website, the file retrieved, notification regarding successful retrieval, the browser type and the browser version, as well as information about the user's operating system. We use this information solely for statistical purposes and for internal analysis purposes, such as improving the website. This data cannot be attributed to specific people. This data is not combined with other data sources.

Exceptions apply if you use our login area. You can find further explanations under point 12 of this privacy declaration.

9) Cookies

Cookies are used on our website to make the web pages more attractive and to enable the use of certain functions. Cookies are small text files that are stored on your computer and enable your browser to be recognized. They therefore also enable us to determine how frequently our websites are visited and the volume of users.

"Session cookies" are used on our websites. They are stored temporarily and only for the duration of the use of one of our web pages. They are then deleted automatically.

"Permanent cookies" are also used in order to record information about users who visit our websites more than once. With the aid of permanent cookies, we can recognize users and ensure that they enjoy optimal use of our websites.

Website users can prevent cookies from being stored on their computer by changing their browser settings. Cookies can be prevented from being stored by selecting the “Block all cookies” option in the browser settings. This may restrict the functionality of our website.

10) Social media usage: Twitter

On our website and in our database, functions of the service Twitter are included. These features are provided by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA.

We use our Twitter account to inform you about events, training and news at IFS.

By using Twitter, the websites you visit are linked to your Twitter account and shared with other users. This data is also transmitted to Twitter.

We point out that we do not receive any information about the content of the transmitted data to and its use by Twitter. Your privacy settings on Twitter can be changed in your account settings.

Information about what data is processed by Twitter and used for which purposes, please refer to the privacy policy of Twitter: https://twitter.com/de/privacy

Twitter Inc. is committed to the principles of the EU-US Privacy Shield. For details, see: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active

You may use the Twitter feed on our website and database if you agree in advance to the terms of use for this service. A data transfer to Twitter takes place only if the appropriate field is clicked and the connection is thereby activated.

If you give your consent, we will save it. We are entitled to do so on the basis of Article 6 (1) (b) and (f) GDPR.

Our legitimate interests are the economic operation of our business and customer communication, which serves to facilitate the certification process.

11) Matomo (Formerly PIWIK)

We use Matomo, an open source software for statistical analysis of user access. In Matomo, user IP addresses are shortened before they are saved. However, Matomo uses cookies that are stored on your computer and enable an analysis of the use of our website. In doing so, we can create pseudonymized user profiles from the processed data.

We process the data for reach analysis with Matomo in accordance with Art. 6 para 1 f) GDPR on the basis of legitimate interest, namely the interest in optimization and the commercial operation of our website.

If you do not agree with the storage and evaluation of this data collected from your visit, you can object to it at any time using the following link https://matomo.org/faq/general/faq_20000/. To do so, remove the check mark under "You are currently opted in. Click here to opt out.". In this case, a so-called opt-out cookie is stored in your browser that stops Matomo from collecting session data. Note: If you clear your cookies, the opt-out cookie will also be deleted and you will need to reactivate it.

12) Contact Form

If you submit an inquiry to us using the contact form, we will store your details from the contact form, including the contact details you have provided therein, for the purposes of processing the inquiry and in case there are any follow-up questions. We will not pass on this data without your consent (with the exception of the processors who help us to provide our website).

The data is processed on the basis of Art. 6 para. 1 b) GDPR.

13) Use of the Login Area

If you wish to use our login area, you will need to register. To do this, you must first indicate whether you belong to an approved user group. You can then register by providing your email address and, where applicable, a password of your choice, as well as any additional data resulting from the data entry form. As a certified company, you will already have access to the log-in area upon certification; as a certification body, you will also have access to the log-in area without having to register beforehand.

When you use the login area, we will store the necessary data to make our login area available to you. On the basis of your login and the server log files, we can identify how the registered user used the login area.

The data is processed on the basis of Art. 6 para. 1 b) GDPR.

14) Use of the Auditor Portal

If you wish to use our Auditor Portal on our website, you must be an auditor and you will need to register.

If you work exclusively for a certification body, the certification body will register you on the Auditor Portal and will send us the following necessary data: Your certification body, your title, name, email address, country, and language.

If you do not work exclusively for a certification body, you can register directly with us. For this, you must provide the following data: Your title, name, email address, country, and language, as well as a password of your choice.

In the Auditor Portal you can then provide further details about your work as an auditor if you wish, in particular information about previous audits. You can also provide your CV. When you use the Auditor Portal, the data that you have provided voluntarily will be accessible to users of the login area. If you wish to erase the data you entered voluntarily on the Auditor Portal, please contact us via email at auditor@ifs-certification.com. We will gladly erase or change your data on request. Once the data has been erased, other users of the login area will no longer be able to retrieve it. However, if you have already transmitted this data to a third party (e.g., a certification body) via the portal, you must contact the respective third party regarding the use of your data.

The data is processed on the basis of Art. 6 para. 1 b) and f) GDPR; our legitimate interests are the commercial operation of our company and the needs-based provision of our website.

In this regard, please note the following: Providing the data is not a legal requirement, nor is it stipulated in a contract or compulsory for the conclusion of a contract. You are not obliged to provide data. There are no legal consequences if you do not provide the data. You are entitled to object to the processing based on Art. 6 para 1 f) GDPR at any time.

However, if you wish to use certain functions within the Auditor Area (applying to a certification body), certain data may be required to use such functions. You will then be notified of the required data.

If you have any questions about the IFS Academy, you can contact us by sending an email to the following address:

academy@ifs-certification.com.

15) Use of the Consultant-Portal

If you wish to use our Consultant Portal on our website, you must be a consultant and you will need to register.

For this, you must provide the following data: Your title, name, email address, country, language, as well as information about your previous education, work experience, scope of services, language skills, and references, as well as a password of your choice.

When registering on the Consultant Portal, we will create a profile for you on the learning platform Moodle. The data used for the Moodle profile is listed under point 15 of this privacy declaration. We create the profile on the Moodle platform because you are required to provide us with proof of your qualifications on the Moodle platform prior to using the Consultant Portal.

In the Consultant Portal you can then provide further details about your work as a consultant if you wish. When you use the Consultant Portal, the data that you have provided will be accessible to users of the login area. If you wish to erase the data you entered on the Consultant Portal, please contact us via email at consultant@ifs-certification.com. We will gladly erase or change your data on request. Once the data has been erased, other users of the login area will no longer be able to retrieve it. However, if you have already transmitted this data to a third party (e.g., a certification body) via the portal, you must contact the respective third party regarding the use of your data.

The data is processed on the basis of Art. 6 para. 1 b) and f) GDPR; our legitimate interests are the commercial operation of our company and the needs-based provision of our website.

In this regard, please note the following: Providing the data is not a legal requirement, nor is it stipulated in a contract or compulsory for the conclusion of a contract. You are not obliged to provide data. There are no legal consequences if you do not provide the data. You are entitled to object to the processing based on Art. 6 para 1 f) GDPR at any time.

However, you can only use the Consultant Portal once you have provided the aforementioned data required for registration and the other requirements for use have been met (proof of qualifications).

If you have any questions about the IFS Consultant Portal, you can contact us by sending an email to the following address:

consultant@ifs-certification.com.

16) Use of the IFS Academy via the Moodle Learning Platform

Use of the IFS Academy via the Moodle learning platform is voluntary – unless you are a consultant. In this case, we will automatically create a profile for you on the Moodle learning platform when you register on the Consultant Portal.

If you use the IFS Academy, data will be processed on the basis of Art. 6 para 1 b) and f) GDPR; our legitimate interests are the needs-based management of users of the IFS Academy and the implementation of virtual courses.

Registration and Profile

To use the IFS Academy via the Moodle leaning platform, you must register and create a profile. For this, you must enter the following data: First name, last name, email address, password. If you wish, you can also provide optional information, such as information about your company and sector. If you are already registered on our login area, you can login with the email and password you provided.

Only you can change your profile. In the courses you attend, lecturers and other participants can see your profile with your first and last names. Your email address on your user profile is also always visible to us, as the administrator, and the lecturers.

Contributions and Evaluations

When using the IFS Academy via Moodle, additional data will be generated within the courses, such as contributions to the individual activities and their evaluations by lecturers and, if applicable, course participants. This data will only be visible to the course participants and us as the administrator. If you unsubscribe from a course as a participant, you will usually be unable to access the course in question and you will no longer be visible to the other participants. If an activity or course is deleted, the contributions and evaluations within Moodle will also be deleted.

Contributions to collaborative activities and their evaluations can be viewed by the course participants. Only the lecturers can view activities which show individual performance.

Log Data

In addition, your individual actions within the IFS Academy via Moodle will be logged as part of the login data, together with the time, your IP address, full name, action, and information.

Cookies

In order to access Moodle, you must enable cookies in your web browser.

Administration

As the administrator, we have access to all data resulting from the use of the IFS Academy, which is operated via the learning platform Moodle. We will only use the data for the purposes described in this privacy declaration and will not transfer it to third parties.

17) Google Maps

Within our login area, we use the Google Maps service for certain user groups (retailer, certified company, and "other"). This also occurs when using our software auditXpress(X).

Google Maps displays geographic information. When using Google Maps within our website, data about the use of the Maps function is collected, processed, and used by Google (Google Inc., 1600 Amphitheatre Parkway, Mountain View, California, 94043). This applies in particular to IP addresses. More information about data processing by Google can be found in Google's privacy policy. This can be accessed at www.google.com/privacypolicy.html .

However, you can only use Google Maps on our website if you first agree to Google's terms of service. On our website we ask for your consent prior to using Google Maps. If you give your consent, we will store it. We are entitled to do so in accordance with Art. 6 para. 1 b) and f) GDPR. Our legitimate interests are the commercial operation of our company, the needs-based provision of our website, and our documentation purposes.

18) Newsletter

Once you have registered for our login area, we will use your email address to send you a newsletter. The newsletter contains news about our products and services.

In accordance with Art. 6 para 1 f) GDPR, we are entitled under data protection law to use your email address for a newsletter on the basis of our interest in direct marketing.

You can cancel your subscription to our newsletter or revoke your consent at any time. If you do not wish to receive further newsletters, please let us know by sending an email to the following address: info@ifs-certification.com.

Please put "Unsubscribe from Newsletter" as the subject.

19) Rights of the Data Subject

Provided that the statutory requirements are met, you are entitled to rights in accordance with Art. 15 to 22 GDPR. These are your rights of access, rectification, erasure, restriction of processing, and rights to data portability.

In addition, you have a right to object to the processing that is based on Art. 6 para 1 f) GDPR and therefore on our legitimate interests. You may revoke your consent in the future.

20) Right to Lodge a Complaint with the Supervisory Authority

In accordance with Art. 77 GDPR, you are entitled to lodge a complaint with the supervisory authority if you consider that your data is being processed unlawfully.

21) Erasure of Data

The data stored by us will be erased as soon as it is no longer necessary for its intended purposes and the erasure does not conflict with any statutory retention requirements. In accordance with Section 257 of the German Commercial Code (Handelsgesetzbuch, HGB), the statutory retention period is six years for trading books, inventories, commercial papers, opening balance sheets, etc. and ten years for books, accounting records, supporting documents, and other tax-related documents in accordance with Section 147 of the German Fiscal Code (Abgabenordnung, AO).