Data protection declaration

This English translation of the German original is a courtesy translation. Only the German version is binding and shall prevail.

This Privacy Policy supplements the General Terms and Conditions for the use of the service on this platform (IUCAB B2B Platform Spain) and also applies to registered commercial agents.

The protection of personal data when it is collected, processed and used during your visit to our website is important to us. In accordance with Art. 13 GDPR, we provide you with the following information on the processing of your personal data by our website:

Table of Contents

General information

Responsible party and services provider:
INCREON GmbH, Robert-Bürkle-Straße 3, 85737 Ismaning / München, Germany, T +49 89 962286-0, team@increon.com

Operator:
CDH eService GmbH, Am Weidendamm 1 a · 10117 Berlin, Germany, T +49 30 72625-600, berlin@eservice.cdh.de

Responsible organisation: (see Legal Notice)

Processing of your data

As a matter of principle, we do not pass on personal data to third parties unless we are obliged to do so by law or you have given your consent.

An exception to this is the involvement of service providers, e.g. for hosting the website or payment processing, who have been carefully selected in particular with regard to data protection and data security and for whom all measures required under data protection law for permissible data processing have been taken. Data is not processed outside the European Union.

Logfiles

Each time our website is accessed, our system, i.e. the web server, automatically collects information from the system of the accessing computer or end device of the user, which may allow identification. The following data is collected by us:

  • Date and time of access
  • IP address of the requesting computer (anonymized)
  • Host name of the accessing computer
  • Website from which the website is accessed (referrer)
  • Visited page on our website
  • Message as to whether the retrieval was successful
  • Amount of data transferred
  • User agent
  • Host name called up
  • Information about the browser type and version used
  • The operating system of the user’s end device
  • Internet service provider of the user


Legal basis for data processing

The legal basis for the temporary storage of this data and the log files is Art. 6 para. 1 lit. f) GDPR (legitimate interests of us as the responsible website operator). The processing of personal data for the purposes mentioned below also constitutes our legitimate interest in the processing of the personal data provided. The logged data is not merged with other data sources, in particular data that can be assigned to a specific person.

Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. If the data is stored in log files, it is deleted after 7 days. No backups are made of the log files. Only the provider as a telecommunications provider is obliged in accordance with § 113 b TKG,

  1. the Internet protocol address assigned to the subscriber for Internet use,
  2. a unique identifier for the connection used to access the Internet and an assigned user ID,
  3. the date and time of the start and end of Internet use at the assigned Internet Protocol address, stating the underlying time zone for a period of ten weeks. Additional storage may be possible in the prosecution of misdemeanors or criminal offenses if an investigation is opened.

Statistical Evaluations

We use the analysis tool Matomo on our website to analyze the surfing behavior of users and to obtain information about the use of the individual components of the website. This enables us to constantly optimize the website and its user-friendliness. The data collected with Matomo is stored on our own servers. It is not passed on to third parties. See more under “Cookies -> Matomo”.

Cookies

Third-party cookies (cookies requiring consent) In addition to consent-free cookies, we also use cookies from third-party providers. Without these cookies requiring consent, certain functions on this website, such as the display of Google Maps, are not possible. These third-party providers may set cookies while you visit our website. Please visit the websites of the third-party providers for more information on their use of cookies. If you have chosen not to give or revoke your consent to the use of cookies requiring consent, you will only be provided with the functionalities of our website that we can guarantee you can use without these cookies.

We use the analysis tool Matomo on our website to analyze the surfing behavior of users and to obtain information about the use of the individual components of the website. This enables us to constantly optimize the website and its user-friendliness. The provider of the analysis tool is InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand. The data collected with Matomo is stored on our own servers. It is not passed on to third parties.

Legal basis for data processing

The legal basis for the processing of personal data is Art. 6 para. 1 lit. f) GDPR (legitimate interests of us as the controller). The website operator has a legitimate interest in collecting data on visitor behavior in order to identify any problems such as pages not found, search engine problems or unpopular pages. As soon as the data is processed, Matomo generates reports for the website operator. The processing of personal data for the aforementioned purposes also constitutes our legitimate interest in processing the personal data provided.

You can object to the recording of data in the manner described above in different ways:

You can prevent the storage of cookies in your browser altogether. However, this may mean that you will no longer be able to use some functions of our website that require identification.

You can create a so-called opt-out cookie with a mouse click below, which is valid for two years. As a result, we will not register your further visits. Please note, however, that the opt-out cookie will be deleted if you delete all cookies.

You may choose to prevent this website from aggregating and analyzing the actions you take here. Doing so will protect your privacy, but will also prevent the owner from learning from your actions and creating a better experience for you and other users.

We use WPML from OnTheGoSystems Limited, 22/F 3 Lockhart Road, Wanchai, Hong Kong (hereinafter referred to as: WPML). WPML is a multilingual plugin for WordPress. We use WPML to display our website in different languages. When you visit our website, WPML stores a cookie on your device to save the language setting you have selected. While you are using the plugin, WPML will share the data relating to the page via the installer. No data is shared by the user themselves. Further information on the collection and storage of data by WPML can be found here: https://wpml.org/documentation/privacy-policy-and-gdpr-compliance

You can prevent the collection and processing of your personal data by WPML by preventing the storage of third-party cookies on your computer, using the “Do Not Track” function of a supporting browser, deactivating the execution of script code in your browser or installing a script blocker in your browser. Further information on objection and removal options vis-à-vis WPML can be found at: https://wpml.org/documentation/privacy-policy-and-gdpr-compliance

Legal basis for data processing

The legal basis for the processing of personal data in the form of the cookie listed above is Art. 6 para. 1 lit. f) GDPR (legitimate interests of us as the controller). The website operator has a legitimate interest in ensuring that visitors to the website are addressed in their native language.

Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. If the data is stored in log files, it is deleted after 7 days. No backups are made of the log files. Only the provider as a telecommunications provider is obliged in accordance with § 113 b TKG,

  1. the Internet protocol address assigned to the subscriber for Internet use,
  2. a unique identifier for the connection used to access the Internet and an assigned user ID,
  3. the date and time of the start and end of Internet use at the assigned Internet Protocol address, stating the underlying time zone for a period of ten weeks. Additional storage may be possible in the prosecution of misdemeanors or criminal offenses if an investigation is opened.

Use of personal data you make available to us

Personal data such as your name, your address, telephone number, or electronic mail address are not collected unless you provide this data voluntarily.

We call your attention to the fact that transferring data in the Internet (for example, during communication by electronic mail) is subject to security breaches. It is not possible to completely protect such data against access by third parties.

However, INCREON GmbH takes all necessary precautions — to the extent technically possible — to protect the data from misuse from outside. In the process, measures such as encryption, firewalls, hacker defence programs, and manual security precautions are used. For most functions, the user also needs a personal password.

Inquiries and Contracts

Insofar as you have made personal data available to us, we use these solely for the purpose of technically administering the website and fulfilling your wishes and requests, in particular for processing a contract made with you, or for answering your inquiry.

If you have made inquiries through our contact form, the information from the contact form, including the contact data you have entered into the form, will be saved by us to process your inquiry and in the event of follow-up questions. The basis of law for this is Article 6 Section 1 Letter b of the General Data Protection Regulation (pre-contractual measures and performance of the contract).

Forwarding, selling, or otherwise transferring your personal data to third parties does not occur; excepting that:

  • This is necessary to conclude the contract. Thus it can be necessary, for example, that for product orders, your address and order data are forwarded to our suppliers.
  • This is necessary for billing purposes.
  • You register or have registered as commercial agent. In this case your data will also be forwarded to the responsible association.
  • You have previously consented to it.

The basis of law for this is Article 6 Section 1 Letter b of the General Data Protection Regulation (performance of the contract) and Article 6 Section 1 Letter a of the General Data Protection Regulation (consent).

Registration and Online Platforms

Users may register themselves for the online platform as principals or manufacturers or as commercial agents.

In the case of a registration as a commercial agent, a distinction is made between a registration as a member or non-member of the responsible organisation. Members of the responsible organisation must possibly provide their association affiliation and their member number. The indicated association checks the entry and then will activate the account. The personal data of unsuitable or unauthorised registrations will be deleted immediately. As soon as the activation has taken place, the user receives an electronic mail message. This serves to check the authorisation to use the platform. Non-members are immediately activated after a completed registration, but receive limited services to which special reference is made. The personal data of inappropriate or unauthorised registrations can be deleted by the sponsoring association. The sponsoring association is free to inform the person concerned of the deletion process.

By registering, the advertiser consents to receiving information from the operator of the platform, CDHeService GmbH, the sponsors of the platform (El Consejo General de Agentes Comerciales de España) including their member associations, and expressly also the company INCREON GmbH as the leading service provider. This information is sent by electronic mail (email) and does not contain any advertising, but contains information about new functions and enhancements on the platform and also about services and offers of the operator and the sponsors. The personal data that we process for sending these informational emails are not made available to other third parties. You can cancel the receipt of these emails at any time through the respective sender (operator, sponsor, or service provider) with effect for the future.

The basis of law for this is Article 6 Section 1 Letter b of the General Data Protection Regulation (performance of the contract).

In order to fulfil the contractual agreements concerning the online platform and the provision of our services, we transfer data to third parties; in particular, we may publish the content posted by a user in his or her public profile.

The basis of law for this is Article 6 Section 1 Letter b of the General Data Protection Regulation (precontractual measures and performance of the contract).

Agents’ Directory

Only commercial agents are included in the Agents’ Directory. As a member of the responsible organisation you can search there for colleagues. In addition, you can also be found in the directory by foreign trade associations and institutions with which the responsible organisation is in contact, which are looking for commercial agents and independent sales companies for principals and manufacturers from their countries. This is an additional service to help commercial agents and sales companies find representations and help principals, manufacturers and suppliers find sales agents, commercial agents, reps and independent sales companies to represent their products.

Newsletter

If you would like to subscribe to the newsletter offered on the website, we need your electronic mail address and information that permits us to check that you are the owner of the indicated electronic mail address and agree to receiving the newsletter. More data will not be collected. We use these data exclusively for sending the requested information and do not forward them to third parties.

The basis of law for this is Article 6 Section 1 Letter f of the General Data Protection Regulation (protection of legitimate interests: verification of the owner of the email address) and Article 6 Section 1 Letter a of the General Data Protection Regulation (consent).

In your profile, you may revoke at any time, with effect in the future, the issued consent to store the data, the electronic mail address, and their use for sending the newsletter.

Other Advertising and Customer Relations Management

Without your permission, we use personal data only within the legally permitted scope; that means, for customer relations management and sending advertisements by mail. We do not use your electronic mail address, fax number, or telephone number for advertisements without your express consent. The basis of law for this is Article 6 Section 1 Letter f of the General Data Protection Regulation (protection of legitimate interests).

You can object to the use of your data for the purpose of direct marketing at any time and then will not receive further advertisements from us.

Processing by third parties

We use the following service providers that have access to personal data:

Web hoster
Hetzner Online GmbH, Industriestraße 25, 91710 Gunzenhausen, Germany

Payment processing
Novalnet AG, Zahlungsinstitut (ZAG), Feringastraße 4, 85774 Unterföhring, Germany

The controller has integrated Novalnet AG components on this website. Novalnet AG is a Full Payment Service Provider which provides payment processing services, among others. When the data subject chooses a payment method during the ordering process in the online shop, data about the data subject is automatically transmitted to Novalnet AG. By selecting a payment option, the data subject agrees to the transmission of personal data for the purposes of the payment.

The personal data transmitted to Novalnet generally consists of first name, surname, address, gender, email address, IP address and possibly date of birth, telephone number, mobile phone number as well as any other data necessary for the processing of a payment. For the processing of the purchase agreement some personal data related to the respective order is also required. Specifically, this may involve the mutual exchange of payment information such as bank details, card number, expiry date and CVC code, data on goods and services, prices.

The purpose of the transmission of the data is in particular identity verification, payment administration and fraud prevention. The controller will transmit personal data to Novalnet AG in particular if there is a legitimate interest in this transmission. The personal data exchanged between Novalnet AG and the controller may be transmitted by Novalnet AG to credit agencies. This transmission is for identity verification and credit checking purposes.

Novalnet AG also transmits the personal data to service providers or subcontractors provided that this is necessary to fulfil the contractual obligations or the data needs to be provided.

The data subject has the option of revoking their consent given to Novalnet AG for the handling of personal data at any time. A revocation does not affect personal data that must necessarily be processed, used or transmitted for (contractual) payment processing.

  • Payment guarantee
    In case of payment using the payment methods “purchase on account”, “debit”, (depending on the payment method(s) offered), the purchase price claim is assigned to Financial Management Solutions GmbH (under the brand InfinitePay), (hereinafter “InfinitePay”) via Novalnet AG as the payment institution. Therefore, the data required for the payment processing is transmitted to InfinitePay. The purpose of the data transmission is, among others, so that Infinite Pay can perform an identity verification and credit check to process your purchase using your chosen payment method. The processing takes place based on Art. 6 (1) (f) GDPR arising from the legitimate interest in an offer of different payment methods as well as the legitimate interest in protection against payment default. You have the right, for reasons based on your specific situation, to contact us at any time to object to the processing of personal data affecting you under Art. 6 (1) (f) GDPR. The InfinitePay privacy policy can be found here: https://www.infinitepay.de/datenschutzhinweise.
  • If you would like more information about the use of the personal data affecting you, you can contact datenschutz@fms-maiz.de at any time. The provision of data is mandatory for the conclusion of the contract with your chosen payment method. Failure to provide the data means the contract cannot be concluded using your chosen payment method.

Rights of the data subjects

You have the following rights if the respective legal requirements are met:

  • You have the right to receive information about the personal data saved about you. (Article 15 GDPR).
  • You have the right to request the correction of incorrect information (Article 16 GDPR).
  • You have the right to request the deletion (Article 17) or restriction of processing (Article 18 GDPR) of data which is no longer required. Insofar as statutory retention obligations exist; e.g., for business correspondence under commercial law and tax law or another statutory exception, data will not be deleted, but only their processing will be restricted.
  • You may at any time object to the processing of your data for direct marketing purposes and, for special reasons, also to the further processing of your data (Article 21 GDPR).
  • You have the right to data transferability (Article 20 GDPR); that is, the right to request the data you have provided us in a structured, current, and machine-readable format and to transmit this data to another person responsible without our interference; if necessary, you also have the right to request that we transmit the data directly to another person responsible if this is technically feasible.


Right of objection: In accordance with Article 21 Section 2 GDPR, you may object to the processing of your data for direct marketing purposes at any time. The processing of your data will then be restricted to other purposes for which it is necessary, and will no longer be processed for direct marketing. Furthermore, you can also object to the additional processing of your data if there is a special reason.

To assert your rights, please contact the responsible party named above.

If you believe that the processing of your data violates data protection law, you can complain to a supervisory authority (Article 77 GDPR). Our local supervisory authority is the Bayerisches Landesamt für Datenschutzaufsicht, Promenade 27 (Schloss), 91522 Ansbach, Germany, telephone: +49 (0) 981 53 1300, fax: +49 (0) 981 53 98 1300, e-mail: poststelle@lda.bayern.de.