Privacy statement

Privacy Policy (May 25th, 2018, v2.0)

This Privacy Policy covers the collection, use and disclosure of information through our website www.compliance.idoxgroup.com. Throughout this Privacy Policy we’ll refer to this website or subdomains that link to this Privacy Policy collectively as our 'Site'.  We operate this site in compliance with applicable laws on data privacy protection and data security.

Protecting the security and privacy of your personal data is important to us and we are committed to safeguarding and preserving your privacy when visiting our site or communicating with us. 

Idox Compliance’s processing of personal data and privacy is in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679).

Policy Statement Version: 2.0
Last updated: 10.07.2018

1 Information on collecting personal data

(1) This Privacy Policy provides an explanation as to what happens to any personal data that you provide to us, or that we collect from you.  We describe our use of your information, where your information is stored, how long we will retain your information, our use of third party information and our policy on the sharing of information. 

We only collect information about you if we have a reason to do so – for example, to provide services or information more tailored to your needs, to communicate with you, or to improve our services.

Personal data is all data that identifies you as an individual, e.g. name, address, email address, user behaviour.

If you have any questions, comments or concerns regarding this Privacy Policy, please contact:

Idox Germany GmbH
Hauptstr. 65
12159 Berlin
Germany
T +49 30 841914-0
F +49 30 841914-99
E compliance[at]idoxgroup.com

Or you can contact our data protection officer at:

legitimis GmbH
Dellbrücker Straße 116
51469 Bergisch Gladbach
Germany
E datenschutz-idox[at]legitimis.com

(2) When contacting us via email or when using a contact form, we will only use the data provided by you (e. g. email address, name, phone number) to answer your request. We will delete the data accumulated during this process if there is no legal requirement or contractual obligation to retain this data.

2 Your rights

(1) You have the following rights concerning personal data collected by us:

  • Right to receive a copy of your data
  • Right to have data corrected or erased
  • Right to restrict processing
  • Right to object against processing
  • Right to have your data transferred

(2) In addition, if you are unhappy with the way in which we process your personal information, you can raise your concerns with a data protection authority.

3 Information we collect

(1) When visiting our website, we may gather information about your computer to provide statistical information about the use of our site. Similarly, we may gather information that is technically required to display the site and guarantee stability as well as protection. Examples of statistical information we collect:

  • IP address
  • Time and date of the request
  • Time difference to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Request status / HTTP status code
  • Data volume transferred
  • Website the request comes from
  • Browser
  • Operating system and its user interface
  • Language and version of the browser software

(2) In addition, we collect certain information automatically when you visit our site, read our emails, or interact with us. We typically collect this information through a variety of tracking technologies including cookies and beacons. Cookies are text files that contain small amounts of information which are downloaded to your device when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognises the cookie.  Cookies can’t execute programs or transfer potentially malicious software to your computer. They only serve to improve usability and user experience of our site.

4 How we use information

(1) In addition to the use of our site as an information source, visitors may choose to access services that require the submission of additional personal data to fulfil these services which are subject to the data privacy principles mentioned above.

(2) From time to time, we may engage service providers and contractors that act on behalf and under the instructions of Idox Compliance to perform certain business-related functions. These service providers will only be provided with appropriate and minimal information for the duties/tasks to be undertaken. Idox Compliance requires that all such service providers endorse the principles set out under the General Data Protection Regulation (GDPR) and adopt adequate technical and organisational security measures to ensure the processing of personal data only as instructed by Idox and for no other purposes.

(3) Occasionally, we may collaborate with third parties to enable us to offer you specific promotions, competitions, products or services. Should we present you with such an offer, we will request your permission to share your personal data with the third party.

(4) Should any personal information you provide to us be processed by Idox Compliance staff operating outside of the EEA, or by one of our service providers, Idox Compliance requires that all such providers endorse the principles set out under GDPR, and that they implement appropriate measures to protect and secure your personal information.

5 How long do we retain your personal information?

(1) We may retain your personal data as long as you are registered to use the site. You may close your account by either clicking on the opt-out link provided in one of our communications or by email at compliance[at]idoxgroup.com.

(2) In some cases, there are legal requirements to keep personal data for a minimum period, for example if it must be retained by court or tribunal order or where Idox is under a contractual obligation to retain it. If there is no such legal requirement, Idox Compliance will only keep the personal data for so long as it is necessary for the purposes for which it was collected, or as expressly consented. If we no longer need your personal information, we will delete or de-identify it. Even if we delete your personal data, it may persist on backup or archival media for an additional period of time for legal, tax or regulatory reasons, or for legitimate and lawful business purposes.

6 Where information is stored

We use appropriate technical, organisational and administrative measures to protect any personal information we process about you. All personal information collected from you is stored on servers in Germany and other countries within the European Economic Area (EEA).

7 Sharing information with associated businesses

(1) We do not share or sell your personal information with any other organisation, and we won't pass on your details except when we need to do so in order to complete a transaction. There are, however, certain circumstances in which we may disclose, transfer or share your personal data with certain third parties without further notice to you, which are as follow:

  • you have consented to the transfer/sharing of data;
  • the transferring/sharing of data is necessary for the performance of a contract;
  • the transferring/sharing of data is required under a legal obligation;
  • the transferring/sharing of data is necessary to protect the vital interests of the individual;
  • the transferring/sharing of data is necessary to carry out public functions (such as the administration of justice); or
  • the transferring/sharing of data is necessary in order to pursue the legitimate interests of the company or third parties (unless it could unjustifiably prejudice the interests of the individual).

(2) We may also share your personal data within the Idox group, including Idox subsidiaries and/or associated companies worldwide, if answering or complying to your request makes this a necessity. Any personal data shared will be done so in compliance with GDPR and this Privacy Policy. You can learn more about the members of the Idox group at www.idoxgroup.com.

(3) As Idox develops its business, Idox might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganisation, dissolution or similar event, personal data may be part of the transferred assets. You acknowledge and agree that any successor to or acquirer of the Idox group (or its assets) or Idox Germany GmbH will continue to have the right to use your personal data and other information in accordance with the terms of this Privacy Policy.

8 Accessing, Correcting, Updating or Deleting Personal Information

You may at any time review or update your preferences or opt-out of any marketing mailing list on which you previously asked us to include you by sending us an email at compliance[at]idoxgroup.com.

9 Our policy towards children

We do not knowingly collect personal data from children. Please do not supply any personally identifiable information for a person under the age of 13 through any of our sites. If you are under the age of 13 and believe you have already provided personally identifiable information through the site, please have your parent or guardian contact us immediately at datenschutz-idox[at]legitimis.com so that we can remove such information from our records.

10 Marketing communication

(1) You can opt-in to receive marketing communication from us, such as news, intelligence, events or promotions. Details of the type of communications, preferred communication methods and topics that you can opt-in to receive are described on our preference management page: https://www.compliance.idoxgroup.com/en/email-preferences.html.

(2) When you opt-in to receive email communications from us, we will ask you to provide us with the minimum information needed to facilitate your request such as your name, email address, company, country and preferred language. We collect your name so that we can address you personally and we use country and preferred language to help us send information that is relevant to you. After registration, we retain your data for sending our marketing communication according to Article 6 no.1 (a) GDPR.

(3) At Idox Compliance, we use the double opt-in procedure for subscribing to receive marketing communications. Following registration, an email will be send to you asking you to confirm your agreement to receive marketing communications from us. We also store your IP address, registration and confirmation timestamp, for confirming your subscription and clarification of any potential misuse of your personal data. If you do not confirm your subscription, we will delete the data you have submitted after one calendar month.

(4) You can revoke your consent to receive information by email or any other method and unsubscribe at any time. You can do this by clicking on the appropriate links in every marketing communication sent by us, by using the form at https://www.compliance.idoxgroup.com/en/email-preferences.html, by email to compliance[at]idoxgroup.com or with a message to the address listed here.

(5) In our email marketing communications we may use web beacons to track you IP address (until you opt-in to receive communication you remain anonymous). These web beacons are stored in our marketing automation tool ‘Act-On’ to help us identify and monitor how visitors interact with our brand (website visits, email opens, social media engagement and forms you may have filled in). Once you have opted-in to receive communications, for analytical purposes, we connect the data listed in § 3 and the web-beacons with your email address and an individual ID. Links in the email messages also contain this ID. This data creates a unique user profile that helps us to tailor and send only relevant marketing communications to you.

(6) We may from time to time use personal information provided by third party providers such as Databroker (third party mailing lists). This data will be used in accordance with the provider’s data transparency policy. All email communications using third party data will reference the data source and provide a link to that provider’s privacy policy/transparency policy.

11 Recruitment Data Privacy

(1) When you apply as a candidate, we collect data about you in a variety of ways including the information you would normally include in a CV or a job application cover letter, or notes made by our recruiting officers during a recruitment interview.

(2) If Unsuccessful: If you apply for a position with us, and if your application is not successful, we may retain your personal information for a limited period so that we can consider you for other positions that may become available, as outlined in the Idox Recruitment Data Privacy Policy. Please note, we are not able to advise every candidate individually about the outcome of their application.

(3) If you join us: Further information will be collected directly from you when you complete forms at the start of your employment, for example, your bank and next of kin details.

(4) Restricted use: Idox will only keep personal data for as long as it is necessary for the express purpose of finding an appropriate job opportunity within the Group. Only authorised colleagues will view your data, as part of the process for selecting, interviewing and offering to candidates. If we no longer require your personal information, we will delete or anonymise it.

(5) Accuracy of data: Candidates may ask Idox for personal information (e.g. CV) to be checked, corrected, deleted or refreshed at any time.

(6) Use of recruitment data for HR compliance and for identification of talent for future roles: The minimum time we will keep your details for a specific vacancy is 6 months from completion of the hire. The maximum time will be 2 years from our last contact with you unless you ask to be deleted earlier. We ask for 2 years so we can remember you for our Talent Pool. This length of time is particularly useful for experienced hires with specialist expertise, where opportunities turn over slowly.

(7) Data obligations: On request, we will delete all the personal information we hold for you as an individual, except the data we are obliged to hold to comply with legal obligations. Personal Data may persist on backup or archival media for an additional period of time for legal, tax or regulatory reasons or for legitimate and lawful business purposes, even after deletion. Please email recruitment[at]idoxgroup.com with 'Data deletion request (your name)' in the title.

12 Cookies used on this site

(1) Cookies do lots of different jobs, like letting you navigate between pages efficiently, remembering your preferences, and generally improving the user experience. We also use cookies to collect information about the way you use the website, for example: the site from which you came, the pages you visit, the links you click, how frequently you access the website, whether you open emails or click the links contained in emails, whether you access the website from multiple devices, etc. We also gather statistics around email opening and clicks using industry standard technologies including clear gifs to help us monitor and improve our emails.

(2) This website uses the following types of cookies:

  • Transient cookies (see a)
  • Persistent cookies (see b)

a) Transient cookies or session cookies are automatically erased, when you close the browser. The session cookie is stored in temporary memory and is not retained after the browser is closed. Session cookies do not collect information from the user’s computer.

b) Persistent cookies or permanent cookies are stored on a user’s hard drive until it expires (persistent cookies are set with expiration dates) or until the user deletes the cookie.  Persistent cookies are used to collect identifying information about the user, such as web surfing behavior or user preferences for a specific website. Persistant cookies used on this site:

  • EU_OPTIN (necessary cookie)
  • _ga (analytical cookie)
  • _gat (analytical cookie)
  • _gid (analytical cookie)
  • IDE (marketing cookie)
  • wp19117 (marketing cookie)

(3) You have the right to decide whether to accept or reject cookies. You can set or amend your web browser controls to accept or refuse cookies. If you choose to reject cookies, you may still use our sites, though your access to some functionality and areas of our sites may be restricted. As how you can refuse cookies through your web browser controls vary from browser to browser, you should visit your browser's help menu for more information. For more information about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.youronlinechoices.com.

13 Google Analytics

(1) This website uses Google Analytics, a web analytics service provided by Google, Inc. (‘Google’). Google Analytics uses cookies, which are text files placed on your computer, to help the website analyse how visitors use the site. The information generated by the cookie about your use of the website (including your IP address) will usually be transmitted to and stored by Google on servers in the United States. Where IP anonymization is activated on this website, your IP address will be truncated within the area of Member States of the European Union or other parties to the Agreement of the European Economic Area. Only in exceptional cases the whole IP address will be first transferred to a Google server in the USA and truncated there. Google will use this information on behalf of the operator of this website for evaluating your use of the website, compiling reports on website activity for website operators and providing them other services relating to website activity and internet usage.

(2) The IP address that your browser conveys within the scope of Google Analytics will not be associated with any other data held by Google.

(3) You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.  If you wish to prevent Google from collecting and processing personal data provided by that cookie and related to your use of our website, you may install Google Analytics Opt-out Browser Addon for your current web browser: http://tools.google.com/dlpage/gaoptout?hl=en.

(4) This website uses Google Analytics with the setting ‘_anonymizeIp()’. Only truncated IP addresses will be processed, which eliminates any reference to an individual person.

(5) We use Google Analytics to analyse the use of our website and to improve it on a regular basis. With the statistical data we can refine our offering and make it more interesting to you as a user. In exceptional cases, where personal data is transmitted in the USA, Google is subject to the EU-US Privacy Shield. For further information see: https://www.privacyshield.gov/EU-US-Framework.

(6) Third party supplier information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436?1001.

Terms of service: https://www.google.com/analytics/terms/us.html
Privacy overview: support.google.com/analytics/answer/6004245, as well as the privacy policy: policies.google.com/privacy.

14 Social media links

For our share and follow functions, we don’t use social media plug-ins that actively communicate with these services. Instead, we use simple passive links to the profiles on Twitter, Google+, XING, Facebook, YouTube and LinkedIn. This means that only after clicking on the relevant link are you are redirected to the social media website – no data is transmitted to it beforehand.

15 Embedded YouTube videos

(1) Our website uses embedded YouTube videos,which are stored at http://www.YouTube.com. All such videos are embedded using the ‘enhanced data privacy’ mode. Only after playing one of these videos may your data be transferred to YouTube. We have no control over this transfer.

(2) More information about the purpose and scope of data collection and processing by YouTube can be found in their data privacy policy. This policy also provides information about your rights and settings concerning your privacy: https://policies.google.com/privacy?hl=en. Google also processes personal data in the USA and is subject to the EU-US-Privacy-Shield: https://www.privacyshield.gov/EU-US-Framework.

16 Google Maps

(1) This website uses Google Maps.

(2) More information about the purpose and scope of data collection and processing by Google can be found in their data privacy policy. This policy also provides information about your rights and settings concerning your privacy: https://policies.google.com/privacy?hl=en. Google also processes personal data in the USA and is subject to the EU-US-Privacy-Shield: https://www.privacyshield.gov/EU-US-Framework.

17 Google AdWords Conversion

(1) Our website uses Google AdWords to attract interest by means of advertising media (so called Google AdWords) on external websites. This allows us to analyse the success of individual marketing measures compared to the advertising campaign. We aim to show you only those ads that are relevant to you.

(2) These ads are delivered by Google, using so called ‘ad servers’. We use ad server cookies, which we use to measure certain success indicators, such as ad impressions or clicks by users. If you visit our website by clicking on a Google ad, Google AdWords will place a cookie on your computer. These cookies are usually valid for 30 days and are not intended to identify you personally. Certain analytical values are saved together with the cookie, such as unique cookie ID, number of ad impressions per position (frequency), last impression (relevant for post view conversions) and opt-out information (a marker indicating a user does not want to see the ad anymore).

(3) These cookies enable Google to recognize your internet browser. When a user visits website pages of an AdWords client and the cookie is still valid, Google and the client recognize that the user clicked on an ad and was redirected to this page. A different cookie is allocated to each AdWords client. Therefore, cookies cannot be tracked back by an AdWords client’s website. Within these advertising campaigns, we don’t collect or process personal data. Google only provides accumulated data, which allows us to understand which advertising media was most effective. No further data from these ads is transferred to us, and it is not possible for us to identify individual users.

(4) Given the nature of these marketing tools, your browser establishes a direct connection with the Google servers. We have no control over the scope and further use of the data that is collected from Google by using this tool. Therefore, we can only provide the information available to us: By embedding AdWords conversion tracking Google receives the information that you visited the specific part of our website or clicked on one of our ads. If you are registered and logged in to a Google service, Google can allocate the visit to your profile. Even if you are not registered or logged in, Google may record and save your IP address.

(5) You can prevent being tracked in such a way by these means:

a) by configuring your browser software, in particular the prohibition of third party cookies, that will prevent ads from third parties being shown to you;

b) by deactivating the conversion tracking cookies, when you configure your browser in such way that cookies from the domain ‘www.googleadservices.com’ are blocked, https://www.google.de/settings/ads, keeping in mind that these settings will be deleted if you delete your cookies;

c) by deactivating targeted ads from members of the self-regulation campaign ‘about ads’ http://www.aboutads.info/choices, keeping in mind that these settings will be deleted if you delete your cookies;

d) by permanently deactivating AdWords in Firefox, Internet Explorer or Google Chrome browsers at http://www.google.com/settings/ads/plugin. Please note that in this case you might not be able to use all functions of our website properly.

(6) More information on privacy by Google can be found here: https://policies.google.com/privacy?hl=en  and https://services.google.com/sitestats/en.html. You can visit the website of the Network Advertising Initiative (NAI) at http://www.networkadvertising.org. Google is subject to the EU-US-Privacy-Shield: https://www.privacyshield.gov/EU-US-Framework.

18 Remarketing

Besides AdWord Conversion, this website uses Google Remarketing. This is a method which allows us to repeatedly address users. Remarketing may result in seeing our ads on other pages after visiting our website. This is achieved by using browser cookies, that allow Google to track and analyse your visits to different websites. This enables Google to recognize your previous visits to our website. Data collected through remarketing is anonymized.

19 ‘Act-On’ Marketing Automation

(1) This website uses the marketing automation tool ‘Act-On’. Act-On collects information about your website visits and interactions with communication items (email, landing pages, forms, downloads) by means of web-beacons, tracking pixels and cookies. Links related to Act-On can be recognized starting with compliance2.idoxgroup.com or a19117.actonsoftware.com. We use this data for profiling and identification of potential target groups, and to optimize our communication according to your interests. As long as you don’t submit any form or click on a link in an email message, you will stay an anonymous website visitor.

(2) To deactivate Act-On tracking cookies, please deselect ‘Marketing cookies’ in the cookie settings of this website.

20 Customer Portal

(1) Within the scope of our services or their initiation, a personal profile with individual login data may be created for you to grant you access to our customer portal. The portal provides you with the opportunity to test our solutions and to exchange project-related data, e.g. scripts, programme versions or project information.

(2) This profile is created exclusively based on the information you provided. In addition to your email address as the only mandatory field, the profile may contain your first and last name, academic title, company, position and telephone number.

(3) The length your data is stored for will depend on the project or test time. If you are inactive for a long period of time, your profile will be deleted along with the information provided.

(4) The customer portal does not use any tracking tools via cookies or other analytical tools. The CMS only logs your most recent login (date and time) for the purpose of detecting longer periods of inactivity.

21 Links to other sites

This site contains links to other sites. We do not control the information collection of sites that can be reached through links from our sites. If you have questions about the data collection procedures of linked sites, please contact those companies directly.

22 Changes to this statement

We may change this Privacy Statement from time to time. If we make any changes, we will post these on this page and change the ‘Last Updated’ date below. We encourage you to check this Privacy Statement frequently to stay informed of the latest modifications.

Responsible party according to article 4 (7) EU-GDPR

Idox Germany GmbH
Hauptstr. 65
12159 Berlin, Germany
T +49 30 841914-0
F +49 30 841914-99
E compliance[at]idoxgroup.com

You can reach our data protection officer at

legitimis GmbH
Dellbrücker Straße 116
51469 Bergisch Gladbach, Germany
E datenschutz-idox[at]legitimis.com