IPM AG

PRIVACY POLICY

Basics

We take the protection of your personal data very seriously. This Privacy Policy explains how we use your data when you visit our website, why we need this information, and what rights you have regarding your data.

Name and Address of the Data Controller

IPM AG

42 Schiffgraben

30175 Hanover, Germany

HRB 214332

Phone: +49 511 47314790

Email address: datenschutz@ipm.ag

Address of the Data Protection Officer

Data Protection Officer:

ploon.compliance GmbH

4 Garvens Street

30519 Hanover

+49 511 499999600

Email address: compliance@ploonit.group

As of May 18, 2026

1. Why this Privacy Policy?

1.1. This Privacy Policy informs you about the nature, scope, and purpose of the processing of personal data within our online service and the associated web pages, features, and content (hereinafter collectively referred to as the “online service” or “website”). It applies regardless of the domains, systems, platforms, and devices (e.g., desktop or mobile) on which the online service is operated. 

1.2. The terms “personal data” and “processing” refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR), which we use to explain our data protection practices.

1.3. The personal data of users processed in connection with this online service includes master data (e.g., names and addresses of customers), contract data (e.g., services used, names of case managers, payment information), usage data (e.g., webpages visited on our online service, interest in our products), and content data (e.g., entries in the contact form).

1.4. The term “user” encompasses all categories of data subjects whose data we process. This includes our business partners, customers, prospective customers, and other visitors to our website. These terms are to be understood as gender-neutral.

1.5. We process users’ personal data only in compliance with applicable data protection regulations. This means that data is processed only if there is legal authorization to do so. In particular, processing takes place when it is necessary to fulfill our contractual obligations (e.g., processing orders), is required by law, the user has given consent, or we have a legitimate interest in the processing (e.g., analysis and optimization of the online offering, security).

1.6. The legal basis for data processing is:

  • User consent pursuant to Article 6(1)(a) and Article 7 of the GDPR,

  • Processing to fulfill our contractual obligations and carry out contractual measures in accordance with Article 6(1)(b) of the GDPR,

  • Processing to fulfill our legal obligations pursuant to Article 6(1)(c) of the GDPR,

  • Processing to safeguard our legitimate interests pursuant to Article 6(1)(f) of the GDPR, in particular for the analysis, optimization, and security of our online services, audience measurement, the creation of profiles for advertising and marketing purposes, and the use of third-party services.

2. Better safe than sorry: Safety Measures

2.1. Your data is important. That is why we have implemented technical and organizational measures to ensure that it is protected.

2.2. Data transmission between you and our website is encrypted (128-bit SSL encryption). You can view the corresponding certificates in your browser.

3. Transparency in Data Sharing: Your Information and How It Is Used

3.1. We disclose user data to third parties only to the extent permitted by law. In particular, such disclosure occurs when it is necessary for the performance of a contract pursuant to Article 6(1)(b) of the GDPR, or based on our legitimate interests pursuant to Article 6(1)(f) of the GDPR in the economic and efficient operation of our business.

3.2. When using subcontractors to provide our services, we take appropriate legal, technical, and organizational measures to ensure the protection of personal data in accordance with applicable laws.

3.3. If this Privacy Policy uses content, tools, or other resources from third-party providers that are based in a third country, data will be transferred to the countries where those third-party providers are based. Third countries are countries outside the EU or the European Economic Area where the GDPR is not directly applicable. Data transfers to third countries are made either on the basis of an adequate level of data protection, user consent, or another legal authorization.

4. Provision of Contractual Services and Your Personal Data

In order to fulfill our contractual obligations, we need certain personal data.

4.1. What We Need and Why:

We use your data, such as your name, address, and contact information (customer information), as well as contract data (e.g., services used, names of contact persons, payment information), for the purpose of fulfilling our contractual obligations and providing services in accordance with Article 6(1)(b) of the GDPR.

4.2. Your personal account:

When you sign up for our online store, we’ll provide you with all the necessary information and create a user account for you. Don’t worry—this information remains private and won’t be found by search engines. If you, as a user, wish to delete your account, we can do so, unless we are legally required to retain data for commercial or tax purposes. Be sure to back up your data before the end of the contract. We are entitled to permanently delete all data we have stored during our business relationship once the retention periods have expired.

4.3. IP Addresses and User Behavior:

When you register and during other activities, we store your IP address and the time of your action. We do this to protect you and us from misuse. As a general rule, we do not share this data with others, unless it is necessary to defend our rights or if it is required by law pursuant to Article 6(1)(c) of the GDPR.

4.4. Usage and Content Data for Advertising Purposes:

To show you relevant offers, we analyze which pages you visit and which products interest you (user data). Based on this information, we create a user profile for you. This allows us, for example, to recommend products that might truly interest you.

5. Stay in Touch: Getting in Touch

How we contact you and process your inquiries in the CRM system:

5.1. When users contact us (via the contact form or by email), their information is processed in accordance with Article 6(1)(b) of the GDPR for the purpose of handling and resolving their inquiry.

5.2. User information may be stored in our customer relationship management system ("CRM system") or similar inquiry management systems.

5.3. To efficiently process user inquiries, we use the "HubSpot" CRM system from HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA. This includes managing customer contacts, tracking sales activities, automating marketing campaigns, analyzing sales data, email campaigns, lead generation and management, integration with other tools, management of customer support requests, AI-powered content, personalized email creation, predictive sales forecasting, automated workflow descriptions, and AI chatbots for customer interaction. This processing is based on the legal grounds of contract performance (Art. 6(1)(b) GDPR) and legitimate interests (Art. 6(1)(f) GDPR).

The legal bases for using HubSpot are: performance of a contract and pre-contractual inquiries (Art. 6(1), first sentence, lit. b) of the GDPR), legitimate interests (Art. 6(1), first sentence, lit. f) of the GDPR); Standard Contractual Clauses: https://legal.hubspot.com/dpa; Data Processing Agreement: https://legal.hubspot.com/dpa.

You can find the link to HubSpot's privacy policy at:   

https://legal.hubspot.com/de/privacy-policy

6. Privacy and Transparency Regarding Your Comments and Posts

6.1. When you leave comments or other posts, we store your IP address for 7 days based on a legitimate interest pursuant to Article 6(1)(f) of the GDPR.

6.2. This is for our protection in the event that unlawful content (e.g., insults, prohibited political propaganda) is posted. In such cases, we may be held liable for the comment or post and therefore need to know the author’s identity.

7. Review of Access Data and Log Files

7.1. We collect data on every access to our server based on a legitimate interest pursuant to Article 6(1)(f) of the GDPR. Access data includes: the name of the page accessed, the date and time of access, the amount of data transferred, a status message regarding the access, the browser type and version, the user’s operating system, the referrer URL (the previously visited page), the IP address, and the requesting provider.

7.2. For security reasons, this log file information is stored for a maximum of seven days and then deleted. Data that must be retained for evidentiary purposes is exempt from deletion until the incident has been resolved.

8. Cookies: Not for eating, but packed with features

8.1. Our website uses cookies and similar technologies to improve your user experience, analyze website usage, and ensure basic functionality. Cookies are small text files that are stored on your device. We use various types of cookies, which are described below:

8.2. Types of Cookies:

  1. Essential Cookies: These cookies are essential for the operation of the website, and their use is based on the website operator’s legitimate interest pursuant to Article 6(1)(f) of the GDPR; therefore, the user’s consent is not required. They enable basic functions such as page navigation and access to secure areas of the website. Essential cookies on this website are:

    • dd_cookie_test_cf09d422-36c9-4089-ac50-669d392d7555 and similar: These cookies ensure the reliable functionality of the website during your session and are deleted when you close your browser.

    • crumb: This cookie prevents cross-site request forgery (CSRF) and has a session-based lifetime.

    • __hssrc: This cookie detects when you restart your browser and is valid for the duration of the session.

  2. Functional cookies: Functional cookies are used to provide specific features and services that go beyond the basic functionality of the website. Unlike necessary cookies, which are essential for basic navigation and access to secure areas of the website, functional cookies enable additional features such as managing user settings, improving the user experience through personalized content, or blocking tracking codes. The following functional cookies are used on this website:

    • __hs_do_not_track: This cookie is used to prevent the tracking code from sending information to HubSpot. It has a duration of 179 days.

    • Secure_ENID Cookie: We use Secure_ENID to ensure the security and integrity of our website. Secure_ENID is a security protocol that helps you navigate our online services safely. It enables us to prevent unauthorized access and ensure that your personal data is protected from cyberattacks. Secure_ENID data is stored for a maximum of 24 hours. This short retention period helps us quickly identify and respond to security-related incidents without storing your data longer than necessary. After this period expires, Secure_Enid data is automatically deleted, unless there is a specific security reason that requires longer storage. The _Secure_ENID cookie, which is set by Google and serves to ensure the security and functionality of Google services, would appropriately be classified as a functional cookie.

The legal basis for the use of necessary and functional cookies is Article 6(1)(f) of the GDPR (legitimate interest).

  1. Session Cookies: These temporary cookies are deleted when you close your browser and help us recognize and link your actions during a browsing session. Examples of session cookies on this website include:

  • _ga: This cookie is used to distinguish users and analyze website usage during your session.

  • _cf_bm (hsforms.com) and _cf_bm (hsforms.net): These cookies distinguish between humans and bots and are typically deleted after 30 minutes.

The legal basis for the use of session cookies is Article 6(1)(f) of the GDPR (legitimate interests).

  1. Analytics cookies: These cookies collect information about how our website is used in order to improve its performance and optimize the user experience. Examples of analytics cookies include:

  • _ga_P8TESRLFJ9 and _ga_W2SNQ7ZBDN: These cookies store information such as the number of visitors, pages visited, and the source of the visit. This information helps us improve the user experience and optimize the performance of our website. Both cookies are stored for a period of 2 years. During this time, they enable us to identify trends and patterns in website usage, which contributes to the continuous improvement of our online offerings. After 2 years, these cookies are automatically deleted unless they are set again.

  • __hstc: This cookie tracks visitors and stores the time of their first and last visits, as well as their current session, for 179 days.

  • hubspotutk: This cookie tracks a visitor's identity and has a duration of 179 days.

When you visit our website for the first time, you will be asked to consent to the use of cookies, particularly analytics cookies. While necessary and session cookies remain enabled by default, analytics cookies require your consent in accordance with Article 6(1)(a) of the GDPR.

You can change your cookie settings in your browser at any time or withdraw your consent. To do so, go to the cookie banner at this link: Cookie Settings.

Alternatively, you can opt out of the use of cookies for audience measurement and advertising purposes via the Network Advertising Initiative’s opt-out page (http://optout.networkadvertising.org/), the U.S. website (http://www.aboutads.info/choices), or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

9. Google Analytics

Google Analytics is a powerful analytics tool that we use to gain valuable insights into how our website is used. Below, we provide detailed information about our use of Google Analytics: 

9.1. We use Google Analytics based on our legitimate interests to analyze, optimize, and operate our online service in a cost-effective manner (Art. 6(1)(f) GDPR). In doing so, we use privacy-friendly settings. Google uses cookies to collect information about how users use our online service; this information is typically transmitted to a Google server in the United States and stored there.

9.2. To ensure an adequate level of data protection when transferring data to the United States, we have entered into additional data processing agreements and standard contractual clauses with Google.

9.3. Google uses this information on our behalf to analyze the use of our online service, generate activity reports, and provide other services related to the use of the online service. In doing so, pseudonymous user profiles may be created.

9.4. We use Google Analytics to display relevant ads to users who have shown an interest in our online offerings or who exhibit certain characteristics (so-called "remarketing" or "Google Analytics audiences"). Our goal is to ensure that our ads align with users' potential interests and do not come across as intrusive.

9.5. We use pseudonymous user identification numbers to measure and analyze the use of our online services. These do not contain any personally identifiable information, such as names or email addresses, but are used to associate analytical information with end devices. The data collected includes, among other things, the content accessed, search terms used, interactions, and technical details of the end devices and browsers.

9.6. Pseudonymous user profiles are created that may contain information derived from the use of various devices. Google Analytics does not log or store individual IP addresses for EU users; instead, it provides general geographic location data derived from IP address metadata.

9.7. Users can prevent cookies from being stored by adjusting their browser settings, or they can prevent Google from collecting the data generated by the cookie and related to the use of the online service, as well as from processing that data, by installing the browser plugin available at http://tools.google.com/dlpage/gaoptout?hl=de.

9.8. Legal Basis: Consent (Art. 6(1), first sentence, lit. a GDPR);
Standard Contractual Clauses: https://business.safety.google/adsprocessorterms;
Right to Object (Opt-Out): Opt-Out Plugin: https://tools.google.com/dlpage/gaoptout?hl=de,
Settings for Ad Display: https://myadcenter.google.com/personalizationoff;
Data Processing Agreement: https://business.safety.google/adsprocessorterms/;
Further information: https://business.safety.google/adsservices/ (Types of processing and data processed).
Further details on data processing by Google can be found in the Privacy Policy at: https://policies.google.com/privacy.

10. Google Marketing Services

10.1. We use the marketing and remarketing services (“Google Marketing Services”) provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, based on our legitimate interests (Art. 6(1)(f) GDPR), to analyze, optimize, and operate our online offering in a commercially viable manner. 

10.2. To ensure an adequate level of data protection when transferring data to the United States, we have entered into additional data processing agreements and standard contractual clauses with Google.

10.3. Google Marketing Services enable us to display targeted advertisements on our website that match your interests. This is done through “remarketing,” whereby you may be shown ads for products in which you have already expressed interest on other websites. To do this, Google uses special codes and (re)marketing tags when you visit our website and other websites where Google Marketing Services are active. In the process, your IP address and other information regarding your use of our online services are collected and stored. However, within the European Union and in other signatory states of the Agreement on the European Economic Area (EEA), IP addresses are truncated before storage to prevent direct personal identification. Your IP address is not combined with data from other Google services. However, Google may link the information mentioned above with data from other sources. As a result of this linking, you may see ads on other websites based on your interests.

10.4. In the process, a unique cookie is stored on the user’s device, containing information about visited web pages, content of interest, offers clicked on, technical details, and the IP address. The IP address is truncated within the EU or other EEA member states and is only transmitted in full to a Google server in the United States—and truncated there—in exceptional cases.

10.5. Your data is processed pseudonymously as part of Google Marketing Services, without storing names or email addresses. Google uses cookies to process the data in pseudonymous user profiles so that ads can be managed and displayed based on your interests.

10.6. The information collected by Google Marketing Services is transmitted to Google and stored on servers in the United States. The services used include, among others, Google AdWords, DoubleClick, and AdSense.

10.7. We use Google Tag Manager to centrally manage website tags and analyze visitor activity. Google Tag Manager itself does not store user profiles or cookies, nor does it perform any independent analyses. However, for technical reasons, users’ IP addresses are transmitted to Google when services are integrated via Tag Manager.

10.8. Legal basis: Your consent (Art. 6(1), first sentence, subparagraph (a) of the GDPR);              

Standard Contractual Clauses: https://business.safety.google/adsprocessorterms;       

Data Processing Agreement: https://business.safety.google/adsprocessorterms/.

10.9. For more information on Google's use of data for marketing purposes, please see Google's Privacy Policy at: https://policies.google.com/privacy.

10.10. If you wish to opt out of interest-based advertising through Google Marketing Services, you can use the settings and opt-out options provided by Google: http://www.google.com/ads/preferences.

 11. NEWS-NEWS-NEWS

11.1. What is it about? The newsletter is our digital information package featuring offers, promotions, and everything related to our company. By subscribing, you agree that we may send you this information and that you accept our practices.

11.2. What’s in it? The newsletter contains only content for which you have given us your consent or that is permitted by law. If we offer specific content, this is considered consent.

11.3. Confirmation and Security: Registration is done using the double opt-in process: After registering, you will receive an email in which you must confirm your registration. This prevents anyone from registering using someone else’s email address. We log all registrations to comply with legal requirements. This includes the time, IP address, and confirmation.

11.4. What happens to the data? The shipping provider may use this data in pseudonymous form—that is, without directly linking it to you—to improve shipping services or for statistical purposes, such as determining the recipients’ locations. The shipping provider will not use your data to contact you directly or to share it with third parties.

11.5. Registration Details: You only need to provide your email address. Optionally, you can provide your name so we can address you personally.

11.6. Statistical Collection and Analysis: In our newsletters, we use a “web beacon,” a small, pixel-sized file that is retrieved from the mailing service provider’s server when you open the newsletter. In doing so, we collect technical information such as your browser type, operating system, IP address, and the time the newsletter was opened. This data helps us improve our service, for example, by analyzing which content is particularly interesting or when most readers open the newsletter. We also look at which links are clicked to find out what interests you most. We use these insights to tailor our content even better to your needs, without, however, identifying or monitoring individual users.

11.7. Why do we do this? We use the mailing service to provide a user-friendly and secure newsletter that meets both our and your interests.

11.8. Cancellation and Withdrawal: You can unsubscribe from the newsletter at any time. Doing so will also revoke your consent to receive the newsletter and to the use of statistics. You’ll find the unsubscribe link at the bottom of every newsletter. When you unsubscribe, we’ll delete your data.

12. Integration of Third-Party Services and Content:

12.1. Third-Party Content and Services: We use third-party content and services on our website to optimize our online offerings and operate them efficiently. This means, for example, that we embed videos or fonts from external providers to offer you an improved user experience. Your IP address is required so that this content can be properly transmitted to your browser. We take care to embed only content whose providers use the IP address exclusively for the purpose of delivering the content. Some third-party providers also use pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. These tags enable us to analyze information about visitor traffic on our website. The information collected is pseudonymized and may include cookies containing technical details such as browser type and operating system, referring pages, time of visit, and other usage data. This information may also be combined with data from other sources.

12.2. Overview of Third-Party Providers and Their Services:

a) Payment services: If you use third-party payment services such as PayPal or Sofortüberweisung, their terms and conditions and privacy policies apply; you can find these on their respective websites or within their transaction applications.

b) External fonts:

  • Adobe Typekit Fonts : We integrate Adobe's "Typekit Fonts." User data is used exclusively to display the fonts in the browser.

Provider: Adobe Systems Software Ireland, 4-6 Riverwalk Drive, Citywest Business Campus, Brownsbarn, Dublin 24, D24 DCW0, Ireland. Link to the privacy policy: https://www.adobe.com/de/privacy.html External fonts from Google, Inc., https://www.google.com/fonts (“Google Fonts”).

  • Google Fonts: Google Fonts are integrated by making a server request to Google, usually in the United States. When your browser requests a Google font, your IP address is transmitted to Google so that the fonts can be displayed correctly. In addition to your IP address, technical data such as language settings, screen resolution, operating system, and hardware used are also transmitted. This data is necessary so that the fonts can be delivered in a way that is compatible with your device and technical environment. When you visit our website, your browser sends HTTP requests to the Google Fonts Web API, an interface for retrieving fonts. The Web API provides you with the required CSS files and the fonts specified therein. These HTTP requests include your IP address, the requested URL on the Google server, and HTTP headers containing information about your browser and operating system, as well as the referrer URL—that is, the webpage on which the Google font is to be displayed.

Google does not store or analyze your IP address. The Google Fonts Web API only logs the requested URL, the user-agent (for debugging and usage statistics), and the referrer URL (for maintenance and reporting purposes). This data helps Google analyze font usage and measure the popularity of different font families. According to Google, this information is not used to create profiles of end users or to serve targeted ads.

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Legal basis: Legitimate interests (Art. 6(1), first sentence, lit. f) of the GDPR).

c) Vimeo video player: We embed the Vimeo video player to display videos on our website.

Provider: Vimeo, Inc. Legal basis: Legitimate interests (Art. 6(1), first sentence, lit. f) GDPR); Standard Contractual Clauses: https://vimeo.com/enterpriseterms/dpa; Data Processing Agreement: https://vimeo.com/enterpriseterms/dpa. Link to the Privacy Policy: https://vimeo.com/privacy

d) LinkedIn: Our website uses features from the LinkedIn network.          

Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. Every time you access one of our pages that includes LinkedIn features, a connection is established with LinkedIn’s servers. LinkedIn receives information that you have visited our website using your IP address. If you click the LinkedIn “Recommend” button while logged in to LinkedIn, LinkedIn can associate your visit to our site with your user account. We have no knowledge of the content of the transmitted data or its use by LinkedIn. Privacy Policy: https://www.linkedin.com/legal/privacy-policy, Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

e) Pinterest: We use social plugins from the social network Pinterest.          

Provider: Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA (“Pinterest”). When you visit a page with such a plugin, a direct connection to Pinterest’s servers is established. Log data such as your IP address, the web pages you visit, browser settings, the date and time of the request, and cookies may be transmitted to Pinterest. Privacy Policy: https://about.pinterest.com/de/privacy-policy.

f) XING: We use features of the XING network.              

The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. When a page with XING features is accessed, a connection is established to XING servers. To the best of our knowledge, no personal data is stored. IP addresses are not stored, nor is user behavior analyzed.               

Privacy Policy: https://www.xing.com/app/share?op=data_protection

g) Elfsight: We use Elfsight to provide widgets, including contact forms, social media feeds, reviews, and galleries. Elfsight customizes the widgets to match the website’s design and collects user data to improve its services, i.e., by storing and analyzing interactions to optimize the user experience; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).         

Provider: Elfsight, LLC, 19/3 Paronyana St., 201, 0015 Yerevan, Armenia. 

The link to the privacy policy: https://elfsight.com/privacy-policy/.

h) jQuery: We use the external code from the jQuery JavaScript framework, provided by the jQuery Foundation, https://jquery.org.

13. Your Application with Us: Data Protection and Transparency

13.1. On what legal basis is your applicant data processed?

When you apply for a position with us, your data will be processed in accordance with applicable laws and this Privacy Policy. The processing is carried out in the context of employment pursuant to Article 88(1) of the GDPR in conjunction with Article 6(1)(b) of the GDPR. This means that we need your data to conduct the application process and to prepare a potential employment contract.

13.2. What Data Is Processed?

We process various categories of personal data that you provide to us, such as your contact information (name, phone number, email address, mailing address), your application materials (e.g., resume, transcripts, other documents as submitted), qualifications, and, in the case of a severe disability, health data.

13.3. To whom is the data disclosed?

Within our company, your data will be shared only with human resources personnel and, if necessary, with management, in order to make an appropriate hiring decision. The IT systems we use are operated by data processors that comply with data protection regulations.

13.5. Is there a recruitment platform?

Personio is integrated as a recruitment platform and applicant tracking system (job postings, candidate search, and application processes) to assist us in managing and processing application data. The legal basis for this processing is our legitimate interest pursuant to Article 6(1)(f) of the GDPR. For more information on how your data is handled, please see Personio’s Privacy Policy at: https://www.personio.de/datenschutzerklaerung/.

13.4. What happens to your data after you submit your application?

If we are unable to make you a job offer, or if you decline our job offer or withdraw your application, we reserve the right to retain your data based on our legitimate interests pursuant to Article 6(1)(f) of the GDPR for up to 6 months after the conclusion of the application process. After that, the data will be deleted and physical application documents will be destroyed, unless they are needed for evidentiary purposes in a legal dispute. If it is foreseeable that the data may still be needed after this period has expired (e.g., due to an impending legal dispute), the data will not be deleted until the purpose for further retention no longer applies. Data may also be retained for a longer period if you have given us your consent or if statutory retention requirements so dictate. If you give your consent, we may store your data for up to 24 months.

 

14. Your Rights as a User of the Website 

14.1. You have the right to request, free of charge, information about what personal data we have stored about you.

14.2. In addition, you have the right to have inaccurate data corrected, to restrict the processing of your data, or to have your personal data deleted, to the extent permitted by law. You may also exercise your right to data portability.

14.3. You may object to the future processing of your personal data at any time in accordance with legal requirements. In particular, you have the right to object to the processing of your personal data for direct marketing purposes.

14.4. In addition, if you suspect that your data is being processed unlawfully, you may file a complaint with the competent supervisory authority. The contact information for the competent data protection supervisory authorityin Lower Saxony is:

 

The State Data Protection Commissioner of Lower Saxony

5 Prinzenstraße

30159 Hanover

Phone: +49 511 120 4500

Email: poststelle@lfd.niedersachsen.de

Website: https://www.lfd.niedersachsen.de


14.5. You may also generally revoke any consent you have given, effective for the future 

15. “The Right to Be Forgotten”: Deletion of Data

15.1. Your data stored by us will be deleted as soon as it is no longer necessary for its intended purpose and there are no legal retention requirements that prevent its deletion. If deletion is not possible because the data is required for other legally permissible purposes, its processing will be restricted. This applies, for example, to data that must be retained for commercial or tax law reasons.

15.2. In accordance with legal requirements, records must be retained for 6 years pursuant to Section 257(1) of the German Commercial Code (HGB) and for 10 years pursuant to Section 147(1) of the German Fiscal Code (AO).

16. Changes to the Privacy Policy 

16.1. We reserve the right to amend the Privacy Policy to bring it into line with changes in the law or changes to our service and data processing practices. However, this applies only to statements regarding data processing. Changes that require user consent or that affect parts of the Privacy Policy containing provisions governing the contractual relationship with users will be made only with your consent.

16.2. We recommend that you review the Privacy Policy regularly to stay informed.