Privacy notice

Data protection information for processing operations on our websites

1. General

We collect and use your personal data in the use of the website and in the case of the services offered on the website, in compliance with the relevant data protection regulations. Personal data includes the information that allows you to identify your person (for example, your name, address, telephone number or e-mail address).

The present data protection statement explains what data we collect and what we use it for. It also explains how and for what purpose this will happen and what rights you will be able to do.

IBM’s Privacy Notice can be found at https://www.ibm.com/us-en/privacy.

1.1. Responsible body

The data controller of this website is:

IBM iX Berlin GmbH
Chausseestraße 5
10115 Berlin
Germany
Phone: +49 30 –28 39 210
Email: contact@ibmix.de

We have appointed a data protection officer for our company. You can contact our data protection officer by e-mail with the reference “To the hand data protection officer”: privacy@ibmix.de.

In order to support the regular operation and statistical analysis of visitor flows on the website, the responsible person of the IBM iX Dusseldorf GmbH, Plange Mühle 1 40221 Dusseldorf, Germany, is serving Germany. This is a contract processing contract in accordance with Art. 28 GDPR.

1.2. Data collection on the website

The collection of the data is done by informing us IBM iX* of this data. For example, this might be data that you enter in a contact form. Other data are automatically collected when the website is accessed by our systems, such as technical data (e.g. Operating system, Internet browser, time of page call). In some cases, data are also collected in order to be able to guarantee a technical error-free provision of the website. Other data can be used to analyze your user behavior. This is done primarily with cookies and with so-called analysis programs.

When you visit our website, sign up for our newsletter or an event, download one of our whitepapers, attend a webinar or event, access a link in an email you received from us, or make a contact request, you are automatically assigned a numerical score that places you into one of three levels. This rating gives us an indication of how interested you are in which of our services. The processing is carried out in accordance with Art. 6 par. 1 lit. f GDPR. We have an interest in ensuring that the contacts passed on from marketing to sales correspond to the ideal IBM iX customer profile. You have the right to object to this processing.

For more information on these tools, see the following sections.

 

2. Use of cookies and comparable technologies (hereinafter “cookies”)

2.1. Change cookie settings

Click here to access the cookie settings.

2.2. Essential cookies

These cookies are strictly necessary for the operation of the website and, for example, enable security-relevant functionalities. They guarantee that our website will work safely and in the way you wish. Therefore, you cannot deactivate it. Cookies which are necessary for the implementation of the electronic communication process are based on Art. 6 par. 1 lit. f GDPR. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimized provision of its services. You have the right to object to this processing.

2.3. Functional cookies

Functional Cookies allow this website to store information previously made by the user and based on it, to offer improved and personalized functions. These cookies collect and store exclusively anonymized information and do not track any movement of the users on other websites.

2.4. Marketing Cookies

Marketing cookies originate, among other things, from external advertising companies and are used to collect information about the websites visited by users, for example to create target-group-oriented advertising for the users. For more information, see the cookie settings on the website.

3. Social Media

3. 1. Facebook Plugin

Our website uses services of the social network Facebook. Facebook is offered by Meta Platforms Inc., 1 Hacker Way, Menlo Park, California 94025, USA.

The Facebook plugins can be seen on the Facebook logo or the “Like button” on our website. The use of the Facebook plugins takes place exclusively on the basis of your consent according to Art. 6 par. 1 lit. a GDPR. If you have given your consent when visiting our pages, a direct connection between your browser and the Facebook server is established when you click on the Facebook button. By doing so, Facebook receives the information that you have visited our site and assigns this information to your personal user account on Facebook. If you click on the Facebook “Like button” while you are logged in to your Facebook account, you can link the contents of our pages to your Facebook profile. This allows Facebook to assign the visit to our pages to your user account.

Since Facebook is a US company, it may be that your personal data will be processed in the United States, see also “International data transmission”.

Data protection information, in particular on the collection and use of data by Facebook, your rights in this regard and the settings options for protecting your privacy can be found here: https://de-de.facebook.com/about/privacy/. An overview of the Facebook plugins can be found at https://developers.facebook.com/docs/plugins/.

3.2. Facebook Ads Pixel

For conversion measurement, our website uses the visitor action pixel of Facebook, Meta Platforms Inc., 1 Hacker Way, Menlo Park, California 94025, USA (“Facebook”). In this way, the behaviour of the website visitors can be tracked after they have been forwarded to the website of the provider by clicking on a Facebook advertisement. This makes it possible to evaluate the effectiveness of the Facebook advertising advertisements for statistical and market research purposes and to optimise future advertising measures.

The use of the Facebook Ads Pixel will be done solely on the basis of your consent Art. 6 par. 1 lit a GDPR.

The collected data is anonymous for us as the operator of this website, we cannot draw any conclusions about the identity of the users. However, the data is processed by Facebook, so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, according to the Facebook data use policy. This allows Facebook to switch advertising ads on Facebook pages as well as outside of Facebook. This use of the data cannot be influenced by us as a page operator.

Since Facebook is a US company, it may be that your personal data will be processed in the United States, see also “International data transmission”.

In the privacy policy of Facebook, you will find further information on the protection of your privacy: https://www.facebook.com/about/privacy/. You can also deactivate the Remarketing function “Custom Audiences” in the Settings section for ad ads at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you must be logged in to Facebook. If you do not have a Facebook account, you can deactivate Facebook usage-based advertising on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.

3.3. Twitter Plugin

Our website uses functions of the service Twitter. Twitter is offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.

Through the use of Twitter and the function “Re-Tweet”, the websites you visit are linked to your Twitter account and announced to other users. Data will also be transmitted to Twitter. We would like to point out that we, as providers of the pages, do not receive any knowledge of the content of the transmitted data as well as their use by Twitter.

The use of the Twitter plugin is done solely on the basis of your consent in accordance with Art. 6 par. 1 lit. a GDPR.

Since Twitter is a US company, it may be that your personal data will be processed in the United States, see also “International data transmission”.

For more information, see Twitter’s privacy policy at https://twitter.com/privacy. You can change your privacy settings on Twitter in the account settings at https://twitter.com/account/settings.

3.4. Twitter Ads Pixel

Our website uses the service Twitter Ads Pixel. Twitter is offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.

The Twitter Ads Pixel stores and processes information about your user behavior on our website. Twitter Ads uses cookies for this purpose.

The use of the Twitter Ads Pixel will only be done on the basis of your consent Art. 6 par. 1 lit. a GDPR.

Since Twitter is a US company, it may be that your personal data will be processed in the United States, see also “International data transmission”.

In addition to the non-issuance of your consent, you can also prevent the collection of the aforementioned information by Twitter by setting an opt-out cookie on one of the following linked websites: https://twitter.com/personalization or http://optout.aboutads.info/?c=2.

We would like to point out that your settings will be deleted when you delete your cookies.

For more information about the privacy policy, please visit the following Web site: https://twitter.com/de/privacy.

3.5. LinkedIn Plugin

Our website uses functions of the LinkedIn network. Provider is the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.

If you have given your consent when visiting our pages, a connection to LinkedIn servers is established when you click on the LinkedIn button on a page that contains LinkedIn functions. LinkedIn is informed that you have visited our websites with your IP address. If you click on LinkedIn’s “Recommend button” and are logged into your LinkedIn account, LinkedIn will be able to assign your visit to our website to you and your user account.

The use of the LinkedIn plugin is done solely on the basis of your consent in accordance with Art. 6 par. 1 lit. a GDPR.

Since LinkedIn is a US company, it may be that your personal data will be processed in the US, see also “International data transmission”.

Further information can be found in the LinkedIn privacy policy at: https://www.linkedin.com/legal/privacy-policy.

3.6. LinkedIn Ads Pixel

Our website uses “LinkedIn Ads” website Pixel, a service of LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. (hereinafter: “LinkedIn”).

The LinkedIn Ads Pixel stores and processes information about your user behavior on our website. LinkedIn Ads uses cookies for this purpose.

In addition to the possibility to revoke your consent, you can deactivate a storage of cookies in the settings of your web browser.

The use of the LinkedIn Ads pixel will only be done on the basis of your consent Art. 6 par. 1 lit. a GDPR.

Since LinkedIn is a US company, it may be that your personal data will be processed in the US, see also “International data transmission”.

You can also prevent the collection of the aforementioned information by LinkedIn by setting up an opt-out cookie from LinkedIn on one of the following websites. Manage your user settings on LinkedIn:

https://www.linkedin.com/psettings/guest-controls

https://www.linkedin.com/psettings/enhanced-advertising

https://www.linkedin.com/help/lms/answer/87150/linkedin-marketing-solutions-und-die-datenschutz-grundverordnung-dsgvo-?lang=en

Once you delete your cookies, these settings will be lost.

Information on the processing of data on LinkedIn can be found at: https://www.linkedin.com/legal/privacy-policy.

3.7. XING Ads

Our website uses XING Ads, provider is the XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. By using this tool (so-called Xing Ads), in relation to the data of the advertising campaigns, we can determine how successful the advertising measures are. We want to identify interesting advertising for them as well as to gain insights into the further development of our website.

XING Ads is delivered by the supplier. If you access our website via an advertisement that the provider presents to you, the tool will store a cookie in your browser. These cookies do not serve to identify you.

The following data is usually stored for this cookie, the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) as well as opt-out information (marking that the user does not want to be addressed in any more).

If you have given your consent when visiting our pages, a connection to XING servers will be established when you click on the XING button on a page.You can prevent this tracking procedure as follows:

– by setting your browser, in particular the suppression of third party cookies means that you do not receive ads from third parties:

– further by disabling the cookies

Further information about the data processing can be found here: https://werben.xing.com/en/products/xing-ads/.

3.8. YouTube

We will include the videos of the platform “YouTube” of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

The use of YouTube is exclusively based on your consent in accordance with Art. 6 par. 1 lit. a GDPR.

Since YouTube is a US company, it may be that your personal data will be processed in the United States, see also “International data transmission”.

Further information can be found in the Privacy Statement: https://www.youtube.com/howyoutubeworks/our-commitments/protecting-user-data/.

Opt-Out: https://adssettings.google.com/authenticated.

 

4. Analysis and Tracking

4.1 Google Analytics

This website uses functions of the web analysis service Google Analytics. Supplier is the Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The storage of Google Analytics cookies and the use of this analysis tool shall be based on your consent in accordance with Art. 6 par. 1 lit. a GDPR.

Google Analytics uses cookies, which are stored on your computer and which enable an analysis of your use of the website. The information generated by the cookie about your use of this website can be transferred to a Google server in the USA and stored there.

Since Google Inc. is a US company, your personal data may be processed in the United States, and information about the risks involved can be found in the chapter on “International data transmission”.

4.2 Google Tag Manager

This website uses the service called Google Tag Manager of Google. “Google” is a group of companies and consists of the companies Google Ireland Ltd. (service provider), Gordon House, Barrow Street, Dublin 4, Ireland as well as Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA as well as other affiliated companies of Google LLC.

The Google Tag Manager is an auxiliary service and processes personal data only for technically necessary purposes. The Google Tag Manager is responsible for loading other components, which in turn may collect data. The Google Tag Manager does not access this data.

You can find more information about Google Tag Manager in Google’s privacy policy https://policies.google.com/privacy?gl=en

Since Google Inc. is a US company, your personal data may be processed in the United States, and you can view information about the risks involved in the chapter “International data transmission”.

4.3 Google AdWords and Google Conversion Tracking

This website uses Google AdWords. AdWords is an online advertising program of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). The storage of “Conversion-Cookies” and the use of this tool will be done solely on the basis of your consent Art. 6 par. 1 lit. a GDPR.

In the context of Google AdWords, we use the so-called conversion tracking. When you click on a display that is connected by Google, a cookie is set for conversion tracking. These cookies expire after 30 days and do not serve the personal identification of the users. If users visit certain contents of this website and the cookie has not yet expired, Google and we can recognize that the users have clicked on the ad and have been forwarded to this page.

Each Google AdWords customer receives a different cookie. The cookies cannot be tracked via the websites of AdWords customers. The information obtained with the help of conversion cookies is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. The customers learn the total number of users who have clicked on their ad and were forwarded to a page provided with a conversion tracking tag. You can also deactivate the Google conversion tracking cookie via your internet browser under the user settings. You will then not be included in the conversion tracking statistics.

Since Google Inc. is a US company, your personal data may be processed in the United States, and information about the risks involved can be found in the chapter on “International data transmission”.

For more information about Google AdWords and Google Conversion Tracking, please see the privacy policy of Google: https://www.google.de/policies/privacy/.

4.4 Google reCAPTCHA

This website uses “Google reCAPTCHA” (hereinafter referred to as “reCAPTCHA”). Supplier is the Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

Data processing is carried out on the basis of Art. 6 par. 1 lit. a GDPR.

With reCAPTCHA it is to be checked whether the data entry on our websites (e. g. This is done in a contact form) by a person or by an automated program. To do this, reCAPTCHA analyzes the behavior of the website visitor on the basis of various features. This analysis will start automatically as soon as the website visitor enters the website. For analysis, reCAPTCHA evaluates different information (e. g. IP address, visit duration of the website visitor on the website or user-made mouse movements). The data collected during the analysis will be forwarded to Google.

Since Google Inc. is a US company, your personal data may be processed in the United States, and information about the risks involved can be found in the chapter on “International data transfer”.

For more information about Google reCAPTCHA and the Google Privacy Statement, please visit the following links: https://www.google.com/intl/de/policies/privacy/.

4.5 Matomo (Web Analysis)

This website uses Matomo (formerly Piwik) for web analytics, a service provided by InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand, NZBN 6106769, (“Matomo”) using cookie technology.

We use Matomo to better understand what users are interested in on our websites and how to develop the website further.

With Matomo, we process the IP address when our websites are accessed. The web statistics tool does not store the full IP address. Based on the shortened IP address, we can draw general conclusions (e.g. their internet provider, rough geographical allocation). An assignment to them is not possible, so we do not store any information that can be traced back to them. No Matomo cookies are used in the analysis.

We operate Matomo on a server provided by the company Hetzner Online GmbH. Only in exceptional cases do technicians from Hetzner access this server for maintenance work.

Further information on the Matomo terms of use and data protection regulations can be found at: https://matomo.org/privacy/.

4.6 HubSpot

On our website we use the tool Marketing Hub, a service of HubSpot Inc. a software company from the USA with a branch office in Ireland, the HubSpot Ireland Limited, 1 Sir John Rogerson’s Quay, Dublin 2, Ireland (“HubSpot”).

The used service is an integrated software solution that allows us to manage customer data and cover various aspects of our online marketing.

We use HubSpot to analyse the use of our website. In this way, we can constantly optimize our website and make it more user-friendly. The processed information (IP address, the geographic location, type of browser, duration of the visit and accessed pages) will be evaluated so that we can generate reports on the visit and the visited pages.

The HubSpot cookies are automatically deleted after 24 months.

Processing is done on servers in the EU. Since HubSpot is a US company, it may be that your personal data will be processed in the USA, see also “International data transmission”.

The processing of your data takes place on the legal basis of Art. 6 par. 1 lit. a GDPR (consent), if you have agreed to the processing of your data by HubSpot within our Cookie Policy. You can revoke this consent at any time with effect for the future.

For more information on HubSpot data protection, please refer to the cookie settings or at https://legal.hubspot.com/privacy-policy.

4.7 SalesViewer

This website uses SalesViewer® technology from SalesViewer® GmbH on the basis of the website operator’s legitimate interests (Art. 6 par. 1 lit. f GDPR) in order to collect and save data on marketing, market research and optimisation purposes.

In order to do this, a javascript based code, which serves to capture company-related data and according website usage. The data captured using this technology are encrypted in a non-retrievable one-way function (so-called hashing). The data is immediately pseudonymised and is not used to identify website visitors personally.

The data stored by Salesviewer will be deleted as soon as they are no longer required for their intended purpose and there are no legal obligations to retain them.

The data recording and storage can be repealed at any time with immediate effect for the future, by clicking on https://www.salesviewer.com/opt-out in order to prevent SalesViewer® from recording your data. In this case, an opt-out cookie for this website is saved on your device. If you delete the cookies in the browser, you will need to click on this link again.

Data protection information for processing operations outside our website

At IBM iX, we take the protection of your data very seriously. We therefore only process your data on the basis of the statutory provisions.

1. Responsible for the processing of your data

The controller of your personal data may be any of the IBM iX companies listed below, or another IBM subsidiary that identifies itself as the controller for a particular interaction with you. IBM companies may act as processors for each other.

Germany, Berlin

IBM iX Berlin GmbH
Chausseestraße 5,
10115 Berlin
Germany
+49 30 –28 39 210
berlin@ibmix.de

Germany, Dusseldorf

IBM iX Düsseldorf GmbH / ecx international GmbH
Plange Mühle 1,
40221 Dusseldorf
Germany
+49 211 41 74 320
dusseldorf@ibmix.de

Croatia

IBM iX croatia d.o.o.
Kapucinski trg 5,
42000 Varaždin
Croatia
+385 42 421 175
varazdin@ibmix.hr

Austria

IBM iX Austria GmbH
Carl-Blum-Strasse 3,
4600 Wels
Austria
+43 72-42 71000
wels@ibmix.at

Switzerland

IBM iX Switzerland AG
Vulkanstrasse 106,
8048 Zürich
Switzerland
+41 58 -33 34 455
zurich@ibmix.ch

United Kingdom

ecx.io Ltd
2 Arlington Sq, Downshire Way,
Bracknell RG12
1WA UK
+44 1344-74 10 12

2. Our data protection officer

You can contact our data protection officer by e-mail at privacy@ibmix.de or by post at the address given above with the addition of “To the hand data protection officer”.

3. Contact form on the website

With regard to requests received via the contact form, your details are saved from the request form and the contact data provided by you there for the processing of the request and for the case of follow-up questions with us. The reason for contacting us, your email address, and your name will be stored by us to answer your questions.

The data entered in the contact form will be processed on the basis of your consent in accordance with Art. 6 par. 1 lit. a GDPR. You may revoke this consent at any time with effect for the future. The data you enter in the contact form shall remain with us until you withdraw your consent or the purpose for the data storage is no longer necessary.  Statutory retention periods and other mandatory statutory provisions remain unaffected by this.

4. Customer enquiries by email, telephone

If you contact us by e-mail or telephone, your enquiry and all personal data resulting from it (esp. name, contact details, content of the enquiry) will be stored and processed by us for the purpose of processing your request. This data is processed on the basis of Art. 6 par. 1 lit. b GDPR, insofar as your enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures.

In all other cases, the processing is based on your consent. Art. 6 par. 1 lit. a GDPR or on our legitimate interests in accordance with Art. 6 par. 1 lit. f GDPR, since we have a legitimate interest in the effective processing of the requests addressed to us. You can revoke your consent at any time with effect for the future. If the processing is based on our legitimate interests, you have the right to object to this processing.

We store the data you send to us via contact questions, depending on the content until the purpose for the data storage is fulfilled. You revoke your consent or you have an authorized objection to the processing.

Statutory retention periods and other mandatory statutory provisions remain unaffected by this.

5. On site with us

To ensure access control, we document our on-site visitors.

The legal basis for this is our legitimate interest within the meaning of Art. 6 par. 1 lit. f GDPR in the security of our locations and the preservation of house rights. Providing your personal data is not a legal requirement, but is necessary to ensure security at our sites. This means you are not legally obliged to provide us with your personal data. If you choose not to provide us with your personal data, you will not be able to enter our sites.

When you visit us, we collect the following data:

  • Name (first name, surname)
  • Company (if you are working for us on behalf of a company)
  • Your contact person with us
  • Date of your visit
  • Signature

The data of the on-site visitors will be deleted after 6 months.

6. (Online) Events

In the context of the registration for an event we collect the following data: name and e-mail address. If you voluntarily provide us, we also process the company where you are employed and your job title.

The processing of the mandatory data takes place in order to be able to identify you as a participant of the event, to check the entered data for plausibility, to reserve the attendance space and to establish the contract of participation with you respectively. In addition, we require your data to be able to create name tags and provide you with information about the event before, during and after the event. This is done in order to provide you with the best possible participation and to allow us to plan and ensure a smooth running. The data processing is made on your request and is according to Art. 6 par. 1 lit. b GDPR is required for the aforementioned purposes for the fulfilment of the participant contract and for the implementation of pre-contractual measures. In order to inform you about similar events from us in the future, we will only use your e-mail address if you have consented to such use.

We will delete your personal data no later than six months after the event has taken place. A storage beyond the specified time period shall be effected only insofar as we are referred to in Art. 6 par. 1 lit. c GDPR are obliged to be stored for a longer period of time due to legal storage and documentation requirements, or you are to be stored in a further storage in accordance with Art. 6 par. 1 lit. a have consented to a GDPR.

If this is an event, in which you do not participate in person, but online, the following information will be added to the following.

For the implementation of the online event, we use a technical service provider in the way of order processing, which processes the data according to our instructions. As part of the participation in the online event, the following data may be collected:

Access data: e.g. An individualised link via which you can choose to participate in the online event.
Content data: contents of your articles, e. g. in chats or in the voting system generally no image or sound recordings are recorded by you during the online event, provided that this is done only if and to the extent that you have given your prior consent (Art. 6 par. 1 lit. a GDPR).
Dial-up data: This includes, e. g. date and time of their dialing into the conference and the time of the leaving.
Support/feedback data: Information related to any problem-handling tickets or feedback.
Telemetry data: This includes diagnostic data related to service usage, including transmission quality. This data is used to troubleshoot problems, to secure and update the technical service and to monitor it. The legal basis is Art. 6 par. 1 lit. f GDPR. Our legitimate interests are the provision of a safe and error-free service for online events.

If you attend IBM iX on-site events, we or partners of ours may record the events or group photos may be taken. We reserve the right to use photos for promotional purposes. If this is not in your best interest, please let us know during the event or by emailing privacy@ibmix.de.

Insofar as we process your data in our interest or in the interest of a third party, you have the right to object at any time if reasons arise from your particular situation.

Unless otherwise stated, the processing is carried out for the technical and content-related implementation of the online event, i.e. for the performance of the contract (Art. 6 par. 1 lit. b GDPR).

7. Raffles

On our website or in the context of events, there is from time to time the possibility to participate in raffles. In the course of the participation you need to provide different data on your person, such as e.g. enter the name, address and contact details. This data will be used by us in accordance with Art. 6 par. 1 lit. b GDPR to comply with the participation agreement and to inform you of any winnings. The provision of the data you provide is required for this purpose.

We store the data you provide until after completion of the raffle, unless statutory retention requirements are applied. If it has been agreed in the participation agreement that participating in th e raffle in return will take place to the use of your email address for the mailing of the newsletter, we will also store your name and your e-mail address beyond the time of the winnings processing.

If the sending of the newsletter is not part of the participation agreement with you, it may be possible for you to be able to consent to the contact to be informed about current topics, company events and marketing offers by means of a separate declaration of consent. In these cases, contact is made for the above-mentioned purposes on the basis of your consent in accordance with Art. 6 par. 1 lit. a GDPR. You can revoke your consent to the mentioned contact at any time. The revocation shall not affect the lawfulness of the data processing carried out on the basis of the consent until the revocation.

8. Newsletter

Newsletters are sent on the basis of your consent to the contact details you provided when registering for the newsletter. You can revoke your consent to receive newsletters at any time, e.g. by using the unsubscribe link directly in the newsletter. The revocation does not affect the legality of the data processing carried out on the basis of the consent until the revocation.

We process the contact data you provide on the basis of your consent pursuant to Art. 6 par. 1 lit. a GDPR in order to send you information. The provision of the data you have provided is necessary for this purpose.

We store the data you provide until you revoke it.

We use the Marketing Hub tool for our newsletter mailing, a service provided by HubSpot Inc. a software company from the USA with a branch in Ireland, HubSpot Ireland Limited, 1 Sir John Rogerson’s Quay, Dublin 2, Ireland (“HubSpot”). The processing takes place on servers in the EU. However, data processing in the USA may occur. The European Court of Justice has found that the US does not ensure an adequate level of data protection. There is therefore a particular risk that your data may be subject to access by US authorities for control and monitoring purposes and that no effective legal remedies are available.

For more information about HubSpot privacy policy, please see https://legal.hubspot.com/de/privacy-policy.

9. Apply

If you send an application to join@ibmix.de, it will be processed by the following companies: IBM iX Berlin GmbH, Chausseestraße 5, 10115 Berlin, Germany, IBM iX Dusseldorf GmbH, Plange Mühle 1,40221 Dusseldorf, Germany, IBM iX Austria GmbH, Carl-Blum-Strasse 3, 4600 Wels, Austria, IBM iX Switzerland  Vulkanstrasse 106, 8048 Zürich, Schweiz and IBM iX Croatia d.o.o, Kapucinski trg 5, 42000 Varaždin, Croatia.

If you do not want to do this, please send your documents to the e-mail address of the respective company, which you can find here. If you submit an application via the application form, please take note of the data protection declaration for applicants that has been filed there. Further information on the processing of your data in the context of the application process, you will receive from the iX company at which you have applied.

10. Customers, service providers and other business partners

The implementation of our business relationships requires the processing of data of our customers, service providers and other business partners. Insofar as this data allows conclusions to be drawn about a natural person (e.g. if you enter into a business relationship with us as a sole trader), this is personal data. Regardless of the legal form of our business partner, we also process data on the contact persons at our business partner. Please also make this data protection information available to those persons within your organisation who are involved in the business relationship with us.

Within the scope of the business relationship, we process master and contact data (in particular name, address, e-mail address, telephone number, function, department) on our business partners and the contact persons as well as the data that we have collected in connection with the establishment of the business relationship (such as in particular the details of the contracts concluded). In addition, we process information about the services provided or accepted by us or you on the basis of the contracts concluded. To the extent permitted by law, we may also process data on the economic situation of our business partners if this is necessary to assess economic risks – such as payment defaults.

IBM iX may share the personal information collected with IBM, IBM subsidiaries and third parties globally.

The data processing is carried out for the implementation of the existing contract with the business partner or for the implementation of pre-contractual measures on the basis of Art. 6 par. 1 lit. b GDPR.

In addition, we process your personal data to fulfil legal obligations (e.g. commercial and tax retention obligations). In this case, the legal basis for the processing is the respective legal regulations in conjunction with Art. 6 par. 1 lit. c GDPR.

We also process your data if it is necessary pursuant to Art. 6 par. 1 lit. f GDPR in order to protect the legitimate interests of us or of third parties. This may be the case in particular for company-wide processes for the internal management of business partner data, the identification of economic risks – such as payment defaults – in connection with our business relationships, the assertion of legal claims and the defence in legal disputes, the prevention and investigation of criminal offences, the management and further development of our business activities including risk management.

Insofar as we process your data in our interest or in the interest of a third party, you have the right to object at any time if reasons arise from your particular situation.

Insofar as we provide the opportunity to give consent to the processing of personal data, we process the data covered by the consent for the purposes stated in the consent. This is done on the basis of Art. 6 par. 1 lit. a GDPR.

The provision of the data mentioned is necessary for the establishment and implementation of the business relationship, unless we expressly state otherwise when collecting this data. Without the provision of this data, we cannot establish and carry out a business relationship.

Within our group of companies, only those offices or employees receive your data insofar as they need it to process the business relationship. Where necessary, an agreement has been concluded between the companies in accordance with Art. 28 DSGVO/UK GDPR.

In certain cases, we cooperate with external service providers (processors) and transmit data to the extent necessary for the provision of services. Our processors include, in particular, IT service providers, software and service providers (for the provision of IT applications) as well as lawyers, auditors and tax consultants. Service provider information is made available to the respective other companies – the legal basis for the exchange of this information is our legitimate interest in the efficient and proper management of our service providers pursuant to Art. 6 par. 1 lit. f GDPR.

There are also legal obligations that we can only fulfil if we transfer your data to the authorities or courts to the extent required.

In all these cases, your data will only be transmitted or provided to the absolute minimum extent necessary.

We process your personal data as necessary for the duration of the entire business relationship (from the initiation and processing to the termination of a contract) and beyond that in accordance with the statutory retention and documentation obligations, which result from the retention periods under tax and commercial law, among other things. In addition, the statutory periods of limitation must be taken into account for the storage period.

11. Customer Relationship Management (Salesforce)

We use the Customer Relationship Management (CRM) of salesforce.com Germany GmbH, Erika-Mann-Str. 31-37, 80636 Munich, Germany.

Data that you provide to us via our website (e.g.: as part of contact requests) is stored in the CRM within the Salesforce Sales Cloud.

The data is stored and processed on servers within the EU. However, it may happen that data processing takes place in the USA. The European Court of Justice has determined that the USA does not ensure an adequate level of data protection. There is therefore primarily the risk that your data may be subject to access by US authorities for control and monitoring purposes and that no effective legal remedies are available.

Salesforce undertakes to maintain an appropriate level of data protection even for data processing outside the EU by concluding so-called standard contractual clauses and binding internal data protection regulations.

The legal basis for the use of Customer Relationship Management is our legitimate interest in the efficient and proper management of our customer relationships pursuant to Art. 6 par. 1 lit. f GDPR.

International data transfer

In the case of third country processing, IBM iX uses appropriate safeguards, such as standard data protection clauses approved by the EU Commission, certifications, binding internal data protection rules, or an adequacy decision of the European Commission.

Data processing in the United States:
On the basis of your express consent, a data transfer may be made to the USA as a third country Art. 49 par. 1 lit. a GDPR.

When using Google Analytics, HubSpot, Facebook Plugin, Facebook Ads Pixel, Twitter Plugin, Twitter Ads Pixel, LinkedIn Plugin, LinkedIn Ads Pixel, YouTube, Google Analytics, Google Tag Manager, Google Adwords, and Google Conversion Tracking, it may be that Google LLC, HubSpot Inc., Meta Platforms Inc., Twitter Inc. and LinkedIn Corporation, based in the United States, process your data. The European Court of Justice has found that the US does not ensure an adequate level of data protection. There is therefore, above all, the risk that your data will be subject to access by US authorities for control and monitoring purposes and will not be available for effective redress. Before we carry out the above-mentioned processing and your data, if necessary. We ask you for your express consent (Art. 6 par. 1 lit. a GDPR in connection with Art. 49 par. 1 lit. a GDPR). For information about each processing, see the cookie settings. You can also revoke your consent at any time with effect for the future by adjusting your preferences.

Your Rights

You have the following rights in relation to the processing of your personal data against us:

  • Information about the data we have stored about you (Art. 15 GDPR)
  • Correction of your data (Art. 16 GDPR)
  • Deletion of your data, if legally permissible (Art. 17 GDPR)
  • Restriction of the processing of your data (Art. 18 GDPR)
  • Receiving the data you have provided to us in a structured, common and machine-readable format (Art. 20 GDPR)
  • Objection to the processing of your data (Art. 21 GDPR)
  • Complain about us to a supervisory authority (Art. 77 GDPR)
  • If we process your data on the basis of your consent, you can revoke this consent at any time (Art. 7 GDPR)

In the UK, you can complain to the Information Commissioner’s Office (ICO). You can find more information here: https://www.ico.org.uk.

*IBM iX consists of IBM iX Berlin GmbH, Chausseestraße5, Berlin, Germany, IBM iX Dusseldorf GmbH, Plange Muehle 1, Dusseldorf, Germany, IBM iX Austria GmbH, Carl-Blum-Strasse 3, Wels, Austria, IBM iX Switzerland AG, Vulkanstrasse 106, Zuerich, Switzerland and IBM iX Croatia d.o.o, Kapucinski trg 5, Varaždin, Croatia.

Changes to this privacy notice

We reserve the right to adapt this privacy notice if necessary.

Version 2.2, last updated on 28 February 2024