Data Protection Policy


Data protection policy of the INNOCEAN Worldwide Europe GmbH for www.innocean.eu.


  1. 1. Name and address of the controller

The controller in the sense of the General Data Protection Regulation (GDPR), of the data protection regulations holding good in the member states of European Union and of other regulations with a legal data-protecting character is the:

INNOCEAN Worldwide Europe GmbH
Schwedlerstraße 6
60314 Frankfurt
E-Mail: dataprotection@innocean.eu


  1. 2. Name and address of the data protection officer

Jens Engelhardt
Notos Xperts GmbH
Heidelberger Str. 6
64283 Darmstadt
Telephone: +49 (0) 6151 15369 0
E-Mail: iwe.dpo@notos-xperts.de

  1. 3. Definitions

The data protection information of the INNOCEAN Worldwide Europe GmbH is based on the definitions which have been used by the European directive and order issuing office in formulating the General Data Protection Regulation (GDPR). The data protection information of the INNOCEAN Worldwide Europe GmbH should be easily read and understood not only by the general public but also by our customers and business partners. In order to ensure this, we would like to clarify in advance the definitions used.

In this data protection information and on our website, we use – amongst others – the following terms:

3.1 Personal data

Personal data is any information relating to an identified or identifiable natural person (hereafter “data subject”). Defined as identifiable is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

3.2 Data subject

Data subject is each identified or identifiable natural person, whose personal data is processed by the controller for the processing.

3.3 Processing

Processing means any operation or set of operations which is carried out in connection with personal data – whether or not by automated means – such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

3.4 Restricting of the processing

Restricting of the processing is the marking of personal data as stored with the objective of restricting its processing in the future.

3.5 Profiling

Profiling is each type of the automated processing of personal data, which consists of this personal data being used to permit particular personal aspects relating to a particular natural person, and here in particular aspects in respect of work performance, economic situation, health, personal likes, interests, reliability, behaviour, place of residence or change of place of residence of this natural person to be evaluated, analysed or forecast.

3.6 Pseudonymization

Pseudonymization is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information, in so far as this additional information is kept in a special way and subjected to technical and organizational measures which ensure that the personal data cannot be assigned to an identified or identifiable natural person.

3.7 Controller or party responsible for the processing

Controller or party responsible for the processing (hereafter controller) is the natural person or legal entity, authority, institution or other post, which alone or together with others decides on the purposes and means of the processing of personal data. If the purposes and means of the processing are laid down in European Union legislation or the legislation of the member states, then the controller or the particular criteria of the appointment of this controller in accordance with European Union legislation or the legislation of the member states can be provided.

3.8 Processor

Processor is a natural person or legal entity, authority, institution or other post, which processes the personal data on the instructions of the controller.

3.9 Recipient

Recipient is a natural person or legal entity, authority, institution or other post to which personal data are disclosed regardless of whether this is a third party or not. However, authorities, which receive within the framework of a particular investigation order in accordance with European Union legislation or the legislation of the member states data which possibly may be/contain personal data, do not hold good as recipients.

3.10 Third party

Third party is a natural person or legal entity, authority, institution or other post with the exception of the data subject, the controller, the order processor and those persons which are authorized under the direct responsibility of the controller or of the order processor to process the personal data.

3.11 Consent

Consent is each declaration of will given voluntarily by the data subject for the definite case in an informed and unambiguous manner in the form of a declaration or other unambiguous confirmatory action, with which the data subject makes clear that he/she agrees to the processing of personal data relating to himself/herself.


  1. 4. General information on data processing

Data protection, data security and data secrecy hold high priority for INNOCEAN Worldwide Europe GmbH (hereafter also termed INNOCEAN Worldwide Europe GmbH). The durable protection of your personal data, of your company data and of your business secrets is especially important for us.

You can always visit our website without making statements on your person. However, if you wish to make use of the services of our company, then this makes the stating of personal data necessary. As a rule we use the data that you communicate and that is collected by the website as well as the data stored in the course of the use solely for our own purposes, namely for the execution and making available of our website and the initiation, execution and progressing of the services/offers made available via the website (contract fulfilment) and do not pass this data on to external third parties in so far as there is not an official obligation to do this. In all other cases we obtain your special agreement.

The processing of your personal data is carried out in conformity with the requirements of the General Data Protection Regulation and in conformity with the country-specific data protection regulations holding good for INNOCEAN Worldwide Europe GmbH. With the aid of this data protection information we wish to inform you on the nature, scope and purpose of the personal data processed by ourselves. In addition, we clarify for you with the aid of this data protection information the rights to which you are entitled.

INNOCEAN Worldwide Europe GmbH has realized technical and organizational measures in order to ensure an appropriate level of protection of the personal data processed via this website. Nevertheless, fundamentally Internet-based data transmissions can have security loopholes so that absolute protection cannot be guaranteed.


  1. 5. General statements on the legal fundamentals

Article 6 Para. 1 lit. a EU General Data Protection Regulation (EU GDPR) serves as the foundation for the processing of personal data in so far as we obtain the consent of the data subject for the processing of personal data.

Article 6 Para. 1 lit. b GDPR serves as the legal foundation for the processing of personal data which is necessary for the fulfilment of a contract if the data subject is party to this contract. This also holds good for processing processes which are necessary for the execution of pre-contractual measures.

Article 6 Para. 1 lit. c GDPR serves as the legal foundation in so far as processing of personal data is necessary for the fulfilment of a legal obligation.

Article 6 Para. 1 lit. d GDPR serves as the legal foundation for the situation that vital interests of the data subject or another natural person make the processing of personal data necessary.

Article 6 Para. 1 lit. f GDPR serves as the legal foundation for the situation that processing is necessary for ensuring a legitimate interest of our company or of a third party and if the interests, fundamental rights and fundamental freedoms of the data subject do not exceed the first named interest.


  1. 6. General statements on deletion of data and duration of storing

The personal data of the data subject are deleted or disabled as soon as the purpose for which the data was stored lapses. In addition, storage can take place if this was stipulated by the European or national legislatures in orders, laws or other regulations in accordance with European Union law to which the controller is subject. Disabling or deletion of the data is also carried out if a storage period prescribed by the standards as named expires unless there is a necessity for the continued storage of the data for the concluding or fulfilling of a contract.


  1. 7. Collecting of general data and information

The website of INNOCEAN Worldwide Europe GmbH collects a range of general data and information each time the website is called by a data subject or an automated system. This general data and information is stored in the log files of the server. Able to be collected are: (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website, from which an accessing system reaches our website (so-called referrer), (4) the sub-websites, which are steered to on our website via an accessing system, (5) the date and time of an access to the website, (6) an Internet-protocol-address (IP-address), (7) the Internet service provider of the accessing system and (8) other similar data and information, which serve the warding off of hazards in the case of attacks to our IT systems.

In using this general data and information INNOCEAN Worldwide Europe GmbH draws no conclusions about the data subject. Much more is this information needed (1) to be able to deliver out the content of our website correctly, (2) to permit the optimization of the content of our website and of the advertising for this, (3) to ensure the durable functionality of our IT systems and of the technology of our website and (4) to be able to make available to the law enforcement authorities the information necessary for criminal prosecution in the case of a cyber attack. This anonymously collected data and information is evaluated by INNOCEAN Worldwide Europe GmbH on the one hand statistically and on the other hand with the objective of increasing the data protection and the data security in our company in order finally to ensure an optimal level of protection for the personal data processed by ourselves. The anonymous data of the server-logfiles are stored separately from all the personal data stated by a data subject.

Legal foundation
Article 6 Para. 1 lit. f GDPR (legitimate interest)

Storage purpose
The temporary storing of the IP-address by the system is necessary to permit the delivery of the website to the computer of the user. For this the IP-address of the user must remain stored for the duration of the session.

Storage duration
The data is deleted as soon as it is no longer necessary for achieving the purpose of their collection. This is the case when the particular session has ended in situations where the data is collected for making the website available.

This is the case at the latest seven days after the time when the data was stored in log files. More extensive storing is possible. In this case the IP-addresses of the users are deleted or distorted so that an assignment of the client calling in is no longer possible.

Objection / opportunity for elimination
No because the data is essential for operating of the website.


  1. 8. E-mail contact

Contact can be established via the e-mail address provided. In this case the personal data of the user transmitted with the e-mail is stored.

In this connection no data is passed on to third parties. The data is used exclusively for the processing of the conversation and will immediately be deleted if it is no longer needed.

Legal foundation
Legal foundation for the processing of the data is as a rule Article 6 Para. 1 lit. b. GDPR in the case of e-mails.
(contract fulfilment; pre-contractual measures); Article 6 Para. 1 lit. c. GDPR (fulfilment of a legal obligation, e.g. answering of questions on data protection) and in addition, Article 6 Para. 1 lit. f GDPR (legitimate interest).

Storage purpose
The processing of the personal data from e-mail serves us solely for the processing of the contact. This is also the necessary legitimate interest in the processing of the data.
The other personal data processed during the sending-off process serve to prevent misuse and to ensure the security of our IT systems.

Storage foundation
The data is deleted as soon as it is no longer needed for achieving the purpose of their collection. This is the case for the personal data from those which are sent by e-mail when the particular conversation with the user has ended. The conversation has ended when the circumstances allow the conclusion to be drawn that the matter in question has been finally clarified.

The above does not hold good if the correspondence is subject to a retention obligation under commercial law.

Objection / opportunity for elimination
The user has the opportunity to object at any time to the storing of his personal data. In such a case the conversation cannot be continued.


  1. 9. Data protection with applications and application processes

9.1 General information

We collect and process the personal data of applicants for the purpose of progressing the application process. The processing can also be carried out electronically. This is in particular the case when an applicant sends to us relevant application documents by an electronic route, e.g. per e-mail. If we conclude a contract of employment with yourself as applicant, the data transmitted will be stored for purposes of progressing the employment relationship subject to observation of the legal regulations. If a contract of employment is not concluded by the party responsible for the processing with the applicant, then the application documents will be automatically deleted six months after notification of the rejection in so far as there is no other legitimate interest of the party responsible for the processing against deletion. Another legitimate interest in this sense is, for example, an obligation of proof in a process in accordance with the German General Equal Treatment Act.

9.2 Job subscription

We offer you the opportunity to be automatically informed about new vacancies when you register for our Job subscription. The following of your personal data will be processed for this purpose:

– Audience (selection)

– Job category (selection)

– Location

– Notification type (via email / via RSS) (selection; if email: email address)

You can always unsubscribe from our automatic notification, e.g. by clicking the respective tab in the notification.

Legal foundation
Legal foundation for the processing of the data is as a rule Article 6 Para. 1 lit. b. GDPR with job applications submitted via the contact form and/or e-mail.
(fulfilment of the employment contract; measures prior to the concluding of an employment contract); Article 6 Para. 1 lit. c. GDPR (Fulfilment of a legal obligation, e.g. answering of questions in connection with the job-application process) and apart from this Article 6 Para. 1 lit. f GDPR (legitimate interest) and special legal authorization rules such as a collective agreement, company agreement, income tax law etc. A supplementary reference is made to the Personnel / HR processing file.

Storage Purpose
If we conclude an employment contract with you as job applicant, the data transmitted for the purpose of progressing the employment relationship will be stored whereby the legal obligations will be observed.

Storage duration
If no employment contract is concluded between the party responsible for the processing and the job applicant, then the job-application documents will be automatically deleted six months after the notification of rejection has been sent in so far as no other legitimate interest of the party responsible for the processing conflicts with the deletion.

A legitimate interest in this connection could be – for example – a proof obligation in a process in accordance with the German General Equal Treatment Act).

Objection / opportunity for elimination
Only general objection and elimination opportunities.


  1. 10. Cookies – description and scope of the data processing

Our website uses cookies. Cookies are text files which are stored in the Internet browser or, as the case may be, in the Internet browser on the computer system of the user. If a user calls a website, then a cookie may be stored on the operating system of the user. Such a cookie contains a characteristic string which permits unambiguous identification of the browser if the website is called again.

We employ cookies in order to arrange our website in a more user-friendly manner. Certain elements of our website require that the calling browser can also be identified after a page change.

In the cookies the following date is stored and transmitted:
– Language settings

We use on our website in addition cookies which permit an analysis of the surfing behaviour of the user.

In this way the following data can be transmitted:

– Search terms entered

– Frequency with which pages are called

– Use of website functions

The data of the user collected in this way is pseudonymized by technical processes. Accordingly, assignment of the data to the user calling in is no longer possible. The data collected is not stored together with other personal data of the user.

When our website is called, the users are informed by means of an information banner about the use of cookies for analytical purposes and are referred to this data protection information. Following in this connection is a reference to how that storing of cookies can be prevented in the browser settings.

When our website is called, the user is informed about the use of cookies for analytical purposes. In this connection a reference to this data protection information is also made.

The following links will tell you how to deactivate cookies in the most common browsers:

Mozilla Firefox

Chrome Browser

Internet Explorer

Apple Safari Browser

Legal foundation
Article 6 Para. 1 lit. f GDPR (legitimate interests) for strictly technically essential cookies

Storage purpose
The purpose behind the use of strictly technically essential cookies is that of making use of the website easier for the user. Certain functions of our website cannot be offered without the use of cookies. For these functions it is necessary that the browser is recognized even after a page change.

Analysis cookies are used for the purpose of improving the quality of our website and its content. Through the analysis cookies we learn how the website is used and in this way, we can continually optimize our offer.

These purposes also include our legitimate interest in the processing of the personal data in accordance with Article 6 Para. 1 lit. f GDPR.

Storage duration
Cookies are stored on the user’s computer and are transmitted from this to our website. Accordingly, you as user have full control over the use of cookies.

Objection / opportunity for elimination
By carrying out a change to the settings of your browser you can deactivate cookies or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be carried out automatically. However, if cookies for our website are deactivated, it may no longer be possible to use all the functions of the website in full.

The transmission of flash cookies cannot be prevented via the browser settings but requires changes to the setting of the flash player.


  1. 11. Use of analysis programs

Data protection regulations for the use and application of Google Analytics (with anonymization function)

General information

We have integrated on this website the Google Analytics component (with anonymization function). Google Analytics is a web-analysis service. Web-analysis is the collecting, compilation and evaluating of data concerning the behaviour of the visitors to websites. A web-analysis service collects – amongst other things – data on from which website (the so-called referrer) a data subject has come to a website, which subsites of the website were accessed or how often and for what period a subsite was watched.

Web-analysis is used primarily for optimization of a website and for cost-benefit analysis of Internet advertising. Such processing of personal data takes place on the basis of Art. 6 para. 1 lit. f GDPR. We, as website operators, have a legitimate interest in analysing user behaviour in order to optimise our website as well as our advertising offer.

The operating company of the Google-Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

Anonymization of the IP address

We use the addition “_gat._anonymizeIp” for the web analysis via Google Analytics. This is a function to shorten the IP address. Accordingly, your IP address will be anonymized before it is transmitted from a member state or another state member to the Agreement on the European Economic Area to the United States. In exceptional cases, the IP address will only be anonymized in the USA.

Processing in accordance with Article 28 GDPR

The purpose of the Google Analytics component is the analysis of the visitor flows to our website. Google uses the data and information obtained in order to – amongst other things – evaluate the use of our website, to prepare for us online reports which show the activities on our website and to provide further services linked with the use of our website.

Google Analytics sets a cookie on the IT system of the data subject. What cookies are has been explained above. The setting of cookies enables Google to analyse the use of our website. With each call of an individual page of this website, which is operated by the controller for the processing and on which a Google Analytics component has been integrated, the Internet browser on the IT-system of the data subject is automatically caused by the particular Google Analytics component to transmit data to Google for the purpose of online analysis. Within the framework of this technical process, Google obtains knowledge of personal data such as the IP-address of the data subject, which data enables Google to – amongst other things – trace the origin of the visitor and clicks and as a consequence to make possible the issuing of commission invoices.

The cookie is used to store personal data, such as the access time, the location from which an access originated and the frequency of visits to our website by the data subject. With each visit to our website this personal data including the IP-address of the Internet connection used by the data subject is transmitted to the United States of America. This personal data is stored by Google in the U.S.A. In certain circumstances Google passes on this personal data as collected via the technical process to third parties.

We have signed a processing agreement in accordance with Art. 28 GDPR with Google in this regard and comply with the legal requirements of the GDPR as well as the requirements of the German data protection authorities regarding the use of Google Analytics.

Objection to the use of cookies

As has already been described above, the data subject can prevent the setting of cookies by our website at any time by making an appropriate setting on his/her Internet browser as used and thereby permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a cookie on the IT system of the data subject. In addition, a cookie that has already been set by Google Analytics can be deleted at any time via the Internet browser or another software program.

Objection using browser add-on

Furthermore, the data subject has the opportunity to object to collection of the data relating to use of this website generated by Google Analytics and to the processing of this data by Google and to prevent such collection. For this the data subject must download and install a browser add-on under the link . This browser add-on informs Google Analytics via JavaScript that no personal data and no information on the visiting of websites may be transmitted to Google Analytics. The installation of the browser add-on is evaluated by Google as an objection. If the IT system of the data subject is deleted, formatted or installed anew at a later point in time, then the data subject must carry out the installation of the browser add-on again in order to deactivate Google Analytics. In so far as the browser add-on is deinstalled or deactivated by the data subject or by another person, who can be considered to belong to the area of control of the data subject, then the browser add-on can be installed or activated again.

Further information

Further information and the valid and applicable data protection regulations of Google can be called under https://policies.google.com/privacy?hl=en&gl=en as well as under https://marketingplatform.google.com/about/analytics/terms/us/. Google Analytics is explained in more detail under this https://marketingplatform.google.com/intl/en/about/analytics/

Date / data
Data transmission through third party cookies

Legal foundation
Article 6 Para. 1 lit. f GDPR (legitimate interest)

Storage purpose
Purpose of and legitimate interest in the setting of third party cookies is that of improving our offer for you through the analysis of your user behaviour. As a rule, only a pseudonymized transmission of data to the third parties takes place. In addition, you yourself are able to prevent transmission of third party cookies by carrying out an appropriate setting on your Internet browser. For more details look at the statements made under clauses 11.

Storage duration
Third party cookies are stored on the computer of the user and are transmitted to our computer from this. Accordingly, you as user have full control on the use of third party cookies.

Objection / opportunity for elimination
By carrying out a change to the settings of your Internet browser you can deactivate or restrict the transmission of third party cookies. Third party cookies that have already been stored can be deleted at any time. This process can also be automated.

The transmission of flash cookies cannot be prevented via the browser settings but requires changes to the setting of the flash player.


  1. 12. Use and application of other toolse

12.1 Data protection regulations on the application and use of YouTube

On this website we have integrated components from YouTube. YouTube is an Internet video portal that enables video publishers to set video clips free of charge and for other users to view, evaluate and comment on these, also free of charge. YouTube permits the publication of all types of video so that not only complete films and television programmes but also music videos, trailers and amateur videos prepared by users can be called via the Internet portal.

Operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, U.S.A.

With each call of one of the individual pages of this website, which is operated by the controller for the processing and on which a YouTube component (YouTube video) has been integrated, the Internet browser on the IT system of the data subject is caused by the particular YouTube component to download a representation of the relevant YouTube component from YouTube. Further information on YouTube can be called under . Within the framework of this technical process YouTube and Google receive knowledge of which concrete subsite of our website has been visited by the data subject.

In so far as the data subject is at the same time logged in at YouTube, YouTube will recognize with the calling of a subsite, which contains a YouTube video, which concrete subsite of our website the data subject has visited. This information is collected by YouTube and Google and assigned to the particular YouTube account of the data subject.

YouTube and Google will always receive via the YouTube components information that the data subject has visited our website if the data subject is logged in at our website and at the same time at YouTube; this takes place regardless of whether or not the data subject has clicked on a YouTube video. If the transmitting of this information in this way to YouTube and Google is not desired by the data subject, the latter can prevent this transmission by logging out of his/her YouTube account before calling our website.

The data protection regulations published by YouTube – these can be called down at https://www.google.de/intl/en/policies/privacy/ – provide information on the collecting, processing and using of personal data by Google and YouTube.

12.2 Data protection regulations on the application and use of Vimeo

We use videos from the video portal Vimeo on our website to present content and enhance the user experience. Vimeo is provided by Vimeo, LLC with headquarters at 555 West 18th Street, New York, New York 10011. On some of our pages we use plugins from the provider Vimeo. When you access the pages of our website that are equipped with such a plugin, a connection to the Vimeo servers is established and the plugin is displayed. This tells the Vimeo servers which of our pages you have visited. If you are logged in as a member of Vimeo, Vimeo assigns this information to your personal user account. When you use the plugin, such as when you click on the start button of a video, this information is also assigned to your user account. You can prevent this assignment by logging out of your Vimeo user account before using our website and deleting the corresponding cookies from Vimeo.

Vimeo is registered with the EU-US Privacy Shield. You can view the entry at the following link: https://www.privacyshield.gov/participant?id=a2zt00000008V77AAE&status=Activ

Further information on data processing and information on data protection by Vimeo can be found at https://vimeo.com/privacy.

12.3 Information about data processing on our Facebook company profile

Basic principles

We, INNOCEAN Worldwide Europe GmbH, operate our own Facebook fan page. As the operator of this Facebook page, we, together with the provider of the social network Facebook (Facebook Ireland Ltd.), are responsible within the meaning of Art. 4 No. 7 of the General Data Protection Regulation (GDPR). When visiting our Facebook page, personal data of the page visitors are processed by both controllers.

We have concluded an agreement with Facebook on joint data protection controllership (Page Controller Addendum). With this agreement, Facebook acknowledges its joint responsibility with regard to so-called Insights data and assumes essential data protection obligations to inform data subjects, to ensure data security or to report data protection violations. In addition, the agreement stipulates that Facebook is primarily the point of contact for the exercise of data subjects’ rights (Art. 15 – 22 GDPR). As a provider of the social network, Facebook alone has direct access to the required information and can also immediately take any necessary measures and provide information. Should our support nevertheless be necessary, we can be contacted at any time.

Use of Insights and Cookies

In connection with the operation of this Facebook fan page, we use the Insights function of Facebook to obtain anonymous statistical data on the users of our Facebook fan page. Facebook provides information on the insights and Facebook fan pages, for example, through its privacy policy.

In connection with visiting our and other Facebook Fan pages, Facebook also uses cookies and other similar storage technologies. For more information about Facebook’s use of cookies, please see Facebook’s cookie policy.

Comments and messages; participation in competitions

On our Facebook fan page you also have the opportunity to comment on our contributions, rate them and get in touch with us via private messages or take part in competitions.

Legal foundation
We operate this Facebook Page to present, interact and communicate with Facebook users, other interested persons and our customers who visit our Facebook Page. The processing of users’ personal data takes place on the basis of our legitimate interests in an optimized company and product presentation (Art. 6 Para. 1 lit. f GDPR) as well as when participating in competitions or answering product application questions on the basis of a (pre-)contractual relationship pursuant to Art. 6 Para. 1 lit. b) GDPR.

Storage purpose
The processing of the information generated by Insights is intended to enable us, as the operator of the Facebook fan page, to obtain statistics that Facebook generates on the basis of visits to our Facebook fan page. The purpose of this is to control the marketing of our activities. For example, it allows us to learn about the profiles of visitors who value our Facebook Page or use applications on the Page to provide them with more relevant content and develop features that may be of greater interest to them.

To better understand how our Facebook page can help us better achieve our business goals, we also use the information we collect to create demographic and geographic reports that we provide to us. We may use this information to serve targeted, interest-based advertisements without immediately obtaining knowledge of the visitor’s identity. If visitors use Facebook on several end devices, the recording and evaluation can also be carried out across devices if they are registered visitors logged into their own profile.

The visitor statistics created are transmitted to us exclusively in anonymous form. We do not have access to the underlying data.

We also use our Facebook page to communicate with our customers, prospects and Facebook users and to inform them about us and our products. In this context we may receive further information, e.g. from user comments, private messages or because you follow us or share our content. The processing takes place exclusively for the purpose of communication and interaction with you.

Storage duration
Your data will be deleted if it is not used for the purpose for which it was collected, as long as there is no obligation to retain it.

Objection / opportunity for elimination
Facebook users can influence the extent to which their user behavior is captured when they visit our Facebook page under Advertising Preference Settings. Further possibilities are offered by the Facebook settings or the right of objection formobjection formobjection form.

Transfer of data

It cannot be ruled out that some of the information collected may also be processed outside the European Union by Facebook Inc. based in the USA. Facebook Inc. is certified under the US-EU data protection agreement “Privacy Shield” and thus undertakes to comply with European data protection regulations.

We ourselves do not pass on any personal data that we receive via our Facebook page.

Information on contact possibilities and other rights as a data subject

For further information on our contact data, including our data protection officer, the rights of data subjects vis-à-vis us and how we process personal data, please refer to the relevant sections of this data protection declaration.


  1. 13. Cookies – description and scope of the data processing

13.1 Facebook

This website uses social plug-ins (“plug-ins”) of the social network facebook.com, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, U.S.A. (“Facebook”). The plug-ins can be recognized with one of the Facebook logos (white “f” on a blue tile or a “thumbs up” character) or are characterized with the additive “Facebook Social Plugin”. The list and appearance of the Facebook social plug-ins can be inspected here: http://developers.facebook.com/plugins.

If a participant calls a website of this offer, which website contains such a plug-in, the participant’s browser builds up a direct link with the Facebook servers. The content of the plug-in is transmitted by Facebook directly to your browser and from this integrated into the website. Accordingly, the offeror has no influence on the scope of the data which Facebook collects with the aid of this plug-in and informs the participants accordingly in accordance with its state of knowledge (https://www.facebook.com/help/186325668085084):

Through the integration of the plug-ins Facebook gets the information that a participant has called the appropriate page of the offer. If the participant is logged in at Facebook, Facebook can assign the visit to participant’s Facebook account. If participants interact with the plug-ins, for example if they press the Like button or make a comment, then the relevant information is transmitted from your browser directly to Facebook and is stored there. If a participant is not a member of Facebook, there is nevertheless the opportunity for Facebook to learn the participant’s IP-address and to store this. According to Facebook only an anonymized IP-address is stored in Germany.

The purpose and scope of the data collection as well as the further processing and use of the data by Facebook as well as the related rights and setting opportunities for the protection of the private sphere of the participants can be taken from Facebook’s data protection information: http://www.facebook.com/policy.php.

If a participant is a member of Facebook and does not want Facebook to collect data on him via this offer and to link this data with his membership data as stored at Facebook, he must log out at Facebook prior to visiting the Internet website.

Similarly it is possible to block Facebook social plug-ins with add-ons for your browser, for example with the “Facebook Blocker”.

13.2 Instagram

This website uses social plugins (“Plugins”) from Instagram, which is operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”). The plug-ins are marked with an Instagram logo, for example in the form of an “Instagram camera”. An overview of the Instagram plugins and their appearance can be found here: http://blog.instagram.com/post/36222022872/introducing-instagram-badges

When you access a page of our website that contains such a plugin, your browser establishes a direct connection to Instagram’s servers. Instagram transfers the content of the plugin directly to your browser and integrates it into the page. This integration informs Instagram that your browser has called up the corresponding page of our website, even if you do not own an Instagram profile or are not currently logged in to Instagram. This information (including your IP address) is transmitted directly from your browser to an Instagram server in the USA and stored there.

If you are logged in to Instagram, Instagram can immediately associate your visit to our website with your Instagram account. If you interact with the plugins, for example by pressing the “Instagram” button, this information is also transmitted directly to an Instagram server and stored there. The information is also published on your Instagram account and displayed to your contacts. Please refer to Instagram’s privacy policy for the purpose and scope of data collection and the further processing and use of data by Instagram and your rights and setting options for protecting your privacy: https://help.instagram.com/155833707900388/

If you do not want Instagram to associate the information collected through our website directly with your Instagram account, you must log out of Instagram before visiting our website. You can also completely prevent the Instagram plugins from loading with add-ons for your browser, e.g. with the script blocker “NoScript” (http://noscript.net/).

13.3 LinkedIn

Our websites use a plug-in of the social network LinkedIn. LinkedIn is an offer of LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA (hereinafter referred to as “LinkedIn”). You can recognize the LinkedIn plug-in by the corresponding logo or the “Recommend” button. Please note that the plug-in establishes a connection between your respective Internet browser and LinkedIn’s server when you visit our websites. LinkedIn is thus informed that our website has been visited with your IP address. If you click the “Recommend-Button” of LinkedIn and are logged into your LinkedIn account at the same time, you have the possibility to link content from our website on your LinkedIn profile page. In doing so, you enable LinkedIn to assign your visit to our websites to you or your user account. You must know that we have no knowledge of the content of the transmitted data and its use by LinkedIn.

Please contact LinkedIn for more details on data collection, your legal options and recruitment options. These are made available to you at http://www.linkedin.com/static?key=privacy_policy&trk=hb_ft_priv.

13.4 Twitter

Functions of the Twitter service are integrated on our pages. These functions are offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, U.S.A. By using Twitter and the function “Re-tweet” the websites visited by yourself are linked to your Twitter account and made known to other users. Thereby data is also transmitted to Twitter. We draw attention to the fact that we as offerer of the pages do not receive any knowledge of the content of the data transmitted or of its use by Twitter. You can find further information on this in Twitter’s data protection declaration at http://twitter.com/privacy.

You can change your data protection settings at Twitter in the account settings under: http://twitter.com/account/settings.


  1. 14. Your rights

If your personal data is processed, then you are the data subject in the sense of the GDPR and you are entitled to the following rights against the controller:

14.1 Right of access by the data subject

You can demand from the controller confirmation as to whether personal data that relates to you has been processed by us.

If such processing has taken place, you can demand information on the following from the controller:

(a) The purposes for which the personal data is processed;

(b) The categories of personal data which are processed;

(c) The recipients or, as the case may be, the categories of recipients to which the personal data relating to you has been disclosed or will be disclosed;

(d) The planned duration of the storage of the personal data relating to you or – if concrete statements on this are not possible – the criteria for the laying down of duration of storage;

(e) The existence of a right to correction or erasure of the personal data relating to yourself, of a right to a restriction of the processing by the controller or of a right of objection to this processing;

(f) The existence of a right of appeal at a supervisory authority;

(g) All the available information on the origin of the data if the personal data was not collected at the data subject;

(h) The existence of an automated decision-finding process including profiling in accordance with Article 22 Para. 1 and 4 GDPR and – at least in these cases – meaningful information on the logic involved and its scope and the effects strived for of such a processing for the data subject in question.

You are entitled to the right to demand information on whether the personal data relating to yourself is transmitted to a third country or an international organization. In this connection you can demand to be instructed on the suitable guarantees in accordance with Article 46 GDPR in connection with the transmission.

14.2 Right to rectification

You have a right to correction and/or complementing vis à vis the controller in so far as the personal data as processed and which relates to yourself is incorrect or incomplete. The controller has to carry out the correction without delay.

14.3 Right to restriction of the processing

Subject to the meeting of the following preconditions you can demand restriction of the processing of the personal data relating to you:

(a) if you dispute the correctness of the personal data relating to yourself for a period which makes it possible for the controller to check the correctness of the personal data;

(b) the processing is unlawful and you reject erasure of the personal data and instead demand restriction of the use of the personal data;

(c) the controller no longer needs the personal data for purposes of the processing but you need the data for the advancing, exercising or defending of legal claims, or

(d) if you have advanced objection to the processing in accordance with Article 21 Para. 1 GDPR but it has not yet been established whether the justified reasons of the controller outweigh your reasons.

If the processing of the personal data relating to yourself has been restricted, then this data – apart from the storing of this – may only be processed with your consent or for the assertion, exercising or defending of legal claims or for the protection of the rights of another natural person or legal entity or for reasons relating to an important public interest of the European Union or of a member state.

If the restriction of the processing has been restricted in accordance with the afore-mentioned preconditions, then you will be informed by the controller before the restriction is removed.

14.4 Right to erasure

14.4.1 Erasure obligation

You can demand from controller that the personal data relating to yourself is erased without delay and the controller is then obliged to erase this data without delay in so far as one of the following reasons applies:

(a) The personal data relating to yourself is no longer required for the purposes for which it was collected or for which it was processed.

(b) You revoke your consent, on which processing in accordance with Article 6 Para. 1 lit. a or Article 9 Para.2 lit. a GDPR was based, and there is no other legal foundation for the processing.

(c) You submit an objection to the processing in accordance with Article 21 Para. 1 GDPR and there are no justified reasons for the processing with a higher priority, or you submit an objection to the processing in accordance with Article 21 Para. 2 GDPR.

(d) The personal data relating to you was processed in an unlawful manner.

(e) The erasure of the personal data relating to you is required to fulfil a legal obligation in accordance with European Union law or the law of the member states, which laws the controller is subject to.

(f) The personal data relating to you was collected in relation to services offered by the information company in accordance with Article 8 Para. 1 GDPR.

14.4.2 Information to third parties

If the controller has made the personal data relating to you public and if he/she is obliged to erase this data in accordance with Article 17 Para. 1 GDPR, then he/she shall take reasonable measures including ones of a technical nature – whereby account shall be taken of the available technology and the implementation costs – to inform the responsible parties for the data processing which process the personal data that you as data subject have demanded from them the erasure of all links to this personal data or of copies or replicates of these.

14.4.3 Exceptions

The right to erasure does not exist in so far as the processing is necessary for

(a) the exercising of the right of free expression of opinion and to information;

(b) for the fulfilment of a legal obligation, which requires the processing in accordance with the law of the European Union or the law of the member states, which laws the controller is subject to, or for the carrying out of a task, which lies in the public interest or which is carried out in the exercising of public authority, which authority was transferred to the controller;

(c) for reasons of public interest in the field of public health in accordance with Article 9 Para. 2 lit. h and i as well as Article 9 Para. 3 GDPR;

(d) for archiving purposes, scientific or historical research purposes lying in the public interest or for statistical purposes in accordance with Article 89 Para. 1 GDPR, in so far as the right named in section a) probably makes the reaching of the objectives of the processing impossible or impairs it seriously, or

(e) for the advancing, exercising or defending of legal claims.

Moreover, the right to erasure does not exist in so far as the personal data has to be stored by the controller in order to fulfill legal duties to preserve records and legal retention periods.

In such a case instead of erasure restriction of the personal data applies.

14.5 Right to information

If you have advanced the right to the correcting, erasing or restricting of the processing vis à vis the controller, then the latter is obliged to inform all recipients, to which the personal data relating to you was disclosed, of this correction or erasure of the data or of the restricting of the processing, unless this proves itself to be impossible or linked with unreasonable expenditure.

You are entitled to the right vis à vis the controller to be informed about these recipients.

14.6 Right to data portability

You have the right to receive the personal data relating to you, which you made available to the controller, in a structured, conventional and machine-readable format. In addition, you have the right to transmit this data to another controller without hindrance by the controller to whom the personal data was made available, in so far as

(a) the processing is based on a consent in accordance with Article 6 Para. 1 lit. a GDPR or Article 9 Para. 2 lit. a GDPR or on a contract in accordance with Article 6 Para. 1 lit. b GDPR and

(b) the processing is carried out with the aid of automated processes.

In exercising this right, you have in addition the right to bring about the situation that the personal data relating to you is transferred directly from one controller to another controller in so far as this is technically possible. The freedoms and rights of other persons may not be impaired thereby.

The right to data portability does not hold good for the processing of personal data, which is necessary for the carrying out of a task, which lies in the public interest or in the exercising of public authority and which task was transferred to the controller.

14.7 Right to object

For reasons which result from your particular situation you have the right to advance at any time objection to the processing of the personal data relating to you, which processing is carried out on the basis of Article 6 Para. 1 lit. e or f GDPR; this right also holds good for profiling based on these provisions.

The controller shall then no longer process the personal data relating to you, unless he/she can demonstrate compelling reasons worthy of protection, which reasons overweigh your interests, rights and freedoms or where the processing serves the advancing, exercising or defending of legal claims.

If the personal data relating to you is processed for the carrying out of direct advertising, then you have the right to advance at any time objection to the processing of the personal data relating to you for purposes of such advertising; this holds good too for profiling in so far as this is carried out in connection with such direct advertising.

If you object to the processing for purposes of direct advertising, then the personal data relating to you will no longer be processed for these purposes.

You have the opportunity – in connection with the use of services of the information company and regardless of directive 2002/58/EC – to exercise your right of objection with the aid of automated processes in which technical specifications are used.

14.8 Right to withdraw from the declaration of consent under data protection law

You have the right to withdraw your consent at any time and without giving reasons. In the event of withdrawal we immediately will erase your personal data and no longer process it. The legality of the processing carried out on the basis of your given consent and carried out prior to your withdrawal is not affected by you withdrawal.

14.9 Automated decision-making in individual cases including profiling

You have the right to not subject yourself to a decision based solely on an automated processing process – including profiling – which unfolds a legal effect vis à vis yourself or which impairs you significantly in a similar way. This does not hold good if the decision

(a) is necessary for the concluding or fulfilment of a contract between you and the controller,

(b) is permissible on the basis of legal regulations of the European Union or of its member states, which the controller is subject to, and these regulations contain reasonable measures for the maintenance of your rights and freedoms as well as for your legitimate interests or

(c) is carried out with your explicit consent.
However, these decisions may not be based on particular categories of personal data in accordance with Article 9 Para. 1 GDPR, in so far as Article 9 Para. 2 lit. a or g does not hold good and reasonable measures have been taken for the protection of the rights and freedoms as well as of your legitimate interests.

In respect of the cases named in (1) and (3) above the controller shall take reasonable measures to ensure the rights and freedoms as well as your legitimate interests, whereby belonging thereto is at the least the right to the affecting of the intervention of a person on the side of the controller for the representation of the controller’s standpoint and to the challenging of the decision.

14.10 Right to complain at a supervisory authority

Regardless of another regulatory or judicial remedy, you are entitled to the right to lodge a complaint at a supervisory authority and here in particular at a supervisory authority in the member state of your place of residence, of your place of work or of the place where the suspected infringement took place when you are of the opinion that the processing of the personal data relating to you infringes the GDPR.

In this situation the supervisory authority, at which the complaint was lodged, shall inform the complainant on the status and the results of the complaint including the possibility of a judicial remedy in accordance with Article 78 GDPR.


  1. 15. Links to external websites

On our site there are several links to third party websites. We assume no responsibility for data protection on these websites. For more information, please refer to the data protection information of the respective websites.

Status: 30.04.2020

Controller: INNOCEAN Worldwide Europe GmbH

GO TOP

Global network