The confidentiality and integrity of your personal data is of utmost concern to us. We have drawn up this privacy policy to provide you with information required by the General Data Protection Regulation (EU) 2016/679.

To explain what information we collect, how we use data and what decision-making options you have as a visitor to this website.

WHO IS RESPONSIBLE FOR DATA PROCESSING?

IDEALworks GmbH, Riesstraße 22, 80992 Munich, Germany, registered office and registration court: Munich HRB 260546 (hereinafter “idealworks”) is the provider of the

Website www.idealworks.com and responsible for data processing in connection with the use of the website.

WHAT DATA DO WE PROCESS FROM YOU AND FOR WHAT PURPOSE? Unless described in detail at relevant points on the website, personal data is processed when you use our website www.idealworks.com as described below:

1. ORDER OF PUBLICATIONS, USE OF THE CONTACT FORM (ART. 6 1 LIT. B) GDPR)

On some pages of our website, you have the option of contacting us or ordering certain publications. We indicate on the relevant pages which data we collect for the corresponding request. In general, we only collect the data that is required for the respective purpose. If, for example, you would like to receive our Annual Report by mail, we ask you to provide your first and last name, including title, and your postal address. Without this information, we would not be able to send you the publication you requested, addressed to you personally.

1. NEWSLETTER DISPATCH BASED ON YOUR CONSENT (ART. 6 PARA. 1 A) GDPR)

If you subscribe to our newsletter, we use the data you provide to send the newsletter you requested. You can revoke your consent to receive our newsletter at any time. Further details on data processing and contact details for revocation can be found in the declaration of consent for the respective newsletter.

1. COOKIES

In order to customize the use of our website specifically for you and also to constantly improve our website we use cookies. Details about the cookies set on the website and ways to change your cookie setting, can be found in the COOKIES section below on this website.

1. COMPLIANCE WITH LEGAL OBLIGATIONS TO WHICH IDEALWORKS IS SUBJECTED TO (ART. 6 PARA. 1 LIT. C) GDPR)

We will also process personal data if there is a legal obligation to do so. This may occur, for example, in the context of ensuring the operation of IT systems. Securing includes the following activities, among others:

• Backup and recovery of data processed in IT systems,
• Logging and monitoring of transactions to verify correct functioning of IT systems,
• Detection and prevention of unauthorized access to personal data,
• Incident and Problem Management to rectify faults in IT systems.

idealworks is subject to a variety of other legal obligations. In order to comply with these obligations, we process your data to the extent required and, if necessary, pass it on to the responsible authorities within the scope of legal reporting obligations.

HOW LONG DO WE STORE YOUR DATA?

We store your personal data exclusively for as long as the respective purpose requires. If data is processed for more than one purpose, the data will be deleted or will only continue to be stored in a form that cannot be directly traced back to you as soon as the last specified purpose has been fulfilled.

HOW DO WE SECURE YOUR DATA?

We secure your data using state-of-the-art technology. The following security measures are used as examples to protect your personal data from misuse or other unauthorized processing:

• Access to personal data is restricted to a limited number of authorized persons for the specified purposes.
• Collected data is transmitted only in encrypted form.
• Sensitive data is only stored in encrypted form.
• The IT systems used to process the data are technically isolated from other systems to prevent unauthorized access, e.g. hacking.
• In addition, access to these IT systems is permanently monitored in order to detect and prevent misuse at an early stage.

WHO DO WE SHARE DATA WITH AND HOW DO WE PROTECT IT?

For certain tasks, we use contracted service providers who prefer to process your data within the EU.

If data is processed in countries outside the EU, idealworks uses EU standard contracts including appropriate technical and organizational measures that your personal data is processed in accordance with the European level of data protection. If you would like to inspect the specific protection measures for the transfer of data to other countries, please contact us using the communication channels listed below.

For some countries outside the EU, such as Canada and Switzerland, the EU has already established a comparable level of data protection. Due to the comparable level of data protection, the transfer of data to these countries does not require any special authorization or agreement.

CONTACT DETAILS, YOUR DATA PROTECTION RIGHTS AND YOUR RIGHT TO COMPLAIN TO A SUPERVISORY AUTHORITY.

If you have any questions about our use of your personal data, please contact us either by e-mail at hello@idealworks.com or by telephone at +49-89-262008381.

AFFECTED RIGHTS.

As a person affected by the data processing, you may assert certain rights with us under the GDPR as well as other relevant data protection provisions. Under the GDPR, you are entitled to the following rights:

RIGHT TO INFORMATION (ART. 15 GDPR):

You can request information from us about the data we hold about you. This information concerns, among other things, the categories of data we process, the purposes for which we process them, the origin of the data if we have not collected it directly from you, and, if applicable, the recipients to whom we have transmitted your data. You may receive a copy of your data from us free of charge. Should you be interested in further copies, we reserve the right to charge you for the further copies.

RIGHT OF RECTIFICATION (ART. 16 GDPR):

You may request that we correct your data. We will take reasonable steps to keep the data we hold about you and process on an ongoing basis accurate, complete and up to date based on the most current information available to us.

RIGHT TO ERASURE (ART. 17 GDPR):

You may request us to delete your data, provided that the legal requirements for this are met. According to Art. 17 GDPR, this may be the case, for example, if

• the data is no longer necessary for the purposes for which it was collected or otherwise processed;
• you revoke your consent, which is the basis for the data processing, and there is no other legal basis for the processing.
• you object to the processing of your data and there are no overriding legitimate grounds for the processing, or you object to the processing of data for direct marketing purposes;
• the data has been processed unlawfully unless the processing is necessary,
• to ensure compliance with a legal obligation that requires us to process your data;
• especially with regard to statutory retention periods;
• to establish, exercise or defend legal claims.

RIGHT TO RESTRICT PROCESSING (ART. 18 GDPR):

You may request us to restrict the processing of your data if

• You dispute the accuracy of the data for the period of time we need to verify the accuracy of the data;
• the processing is unlawful and you refuse the erasure of your data and request the restriction of use instead;
• we no longer need your data, but you need it to assert, exercise or defend legal claims;
• you have objected to the processing pending the verification whether our legitimate grounds outweigh yours.

RIGHT TO DATA PORTABILITY (ART. 20 GDPR):

At your request, we will transfer your data – as far as this is technically possible – to another responsible person. However, you only have this right if the data processing is based on your consent or is necessary to perform a contract. Instead of receiving a copy of your data, you can also request that we transfer the data directly to another person specified by you.

RIGHT TO OBJECT (ART. 21 GDPR):

You may object to the processing of your data at any time for reasons arising from your particular situation, provided that the data processing is based on your consent or on our legitimate interests or those of a third party. In this case, we will no longer process your data. The latter does not apply if we demonstrate compelling legitimate grounds for processing

That outweigh your interests or we need your data to assert, exercise or defend legal claims.

DEADLINES FOR FULFILLING DATA SUBJECT RIGHTS.

We generally strive to comply with all requests within 30 days. However, this period may be extended if necessary for reasons related to the specific data subject right or the complexity of your request.

RESTRICTION ON INFORMATION WHEN FULFILLING DATA SUBJECT RIGHTS. 

In certain situations, we may not be able to provide you with information about all of your data due to legal requirements. If we have to refuse your request for information in such a case, we will inform you at the same time about the reasons for the refusal.

COMPLAINTS TO REGULATORY AUTHORITIES.

idealworks takes your concerns and rights very seriously. However, if you feel that we have not adequately addressed your complaints or concerns, you have the right to file a complaint with your local data protection authority.pagebreak

DATA PROCESSING ON THIS WEBSITE:

When you visit our website, our web server automatically stores data such as

• the address (URL) of the accessed web page
• Browser and browser version
• the operating system used
• the address (URL) of the previously visited page (referrer URL)
• the hostname and IP address of the device from which access is made
• Date and time in files (web server log files).

As a rule, web server log files are stored for two weeks and then automatically deleted. We do not pass on this data, but cannot rule out the possibility that this data may be viewed in the event of unlawful behavior.

USE OF HUBSPOT

On our website, we use the HubSpot marketing automation software of the American company HubSpot Inc., 25 First Street, Cambridge, MA 02141 USA (hereinafter referred to as “HubSpot”), based on our legitimate interest (i.e. interest in analyzing, optimizing and economically operating our website in order to optimize it and provide you with the best possible and

user-friendly service). HubSpot is an integrated software solution that we use to cover various aspects of our digital marketing, sales, and customer relationship management.

Use HubSpot for:

• Contacting us via our contact form.
• Interest-based mailings (e.g. newsletter)
• Marketing content management, including options to download brochures, success stories, or similar content.
• The evaluation of our website usage (e.g. accesses, pages visited, session time,).

The content of our websites as well as your personal data provided by you (e.g. when you use our contact form) are usually transferred to and stored by a HubSpot server in the USA. HubSpot, Inc. is certified under the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks administered by the U.S. Department of Commerce to implement adequate safeguards for such transfers under Article 46 of the GDPR.

For more information on HubSpot data usage, settings, and opt-out options, please visit the HubSpot website at privacy policy, cookie policy, and data privacy (GDPR).

COOKIES

Below we explain the purposes for which we use cookies and similar technologies on our websites and offer you the opportunity to make settings to consent to this use, revoke your consent at any time or object to the use.

Our website uses HTTP cookies to store user-specific data.

What exactly are cookies?

Cookies and web storage technologies, such as local storage and session storage (“cookies”), make it easier for you to interact with our websites. As soon as you visit our websites, the cookies are downloaded, for example, as a small text file from your Internet browser to your device. Third-party technologies such as scripts, pixels and tags that we embed in our websites for advertising purposes also set cookies on your terminal device. In the following sections, we explain what we use these technologies for and how you can adjust the settings to your needs.

What are the available types of cookies?

Data processing and associated cookies may be used on our websites. Depending on the function and purpose, we divide data processing into different categories. Within a category, all data processing that may be carried out for this purpose is listed, as well as the cookies that are usually used for data processing.

Performance and statistics cookies:

We use these to:

To learn how visitors engage with our websites

To learn more about the activities of our visitors within each page To improve our websites and tailor them to our visitor’s needs.

_ga

Purpose: This cookie is used by Google Analytics to distinguish different users.

Set by: Google Ireland Limited

Expiration: 2 years

_gid

Purpose: This cookie is used by Google Analytics to distinguish different users.

Set by: Google Ireland Limited

Expiration: 24 hours

_gat

Purpose: Used to throttle the request rate. When Google Analytics is used via Google Tag Manager, this cookie is named _dc_gtm_<property- id>.

Set by: Google Ireland Limited

Expiration: 1 minute

AMP_TOKEN

Purpose: Contains a token that can be used to retrieve a client ID from the AMP Client ID service. Other possible values indicate opt-out, insight request, or an error retrieving a client ID from the AMP Client ID service.

Set by: Google Ireland Limited

Expiration: 30 seconds to 1 year

_gac_<property-id>

Purpose: Contains campaign-related information for the user. If you have linked your Google Analytics and Google Ads accounts, the Google Ads website conversion tags read this cookie unless you disable it.

Set by: Google Ireland Limited Expiration: 30 seconds to 1 year

Usually, when you visit a website for the first time, you are asked which of these cookie types you want to allow. And, of course, this decision is also stored in a cookie.

How can I delete cookies?

You decide by yourself how and whether you want to use cookies. Regardless of which service or website the cookies come from, you always have the option to delete, allow or disable cookies.

If you generally don’t want any cookies, you can set up your browser so that it always informs you when a cookie is to be set. In this way, you can decide for each individual cookie whether you allow the cookie or not. The procedure varies depending on the browser.