Privacy policy
IOI Oleo GmbH
Herrengraben 31
20459 Hamburg
Germany
Phone: +49 (0) 40 280031 – 0
E-mail: info@ioioleo.de
Web: www.ioioleo.de
Information on data protection
This privacy policy informs you about how we handle your data.
In order to make the processing of your data comprehensible for you, we would like to provide you with an overview of this processing with the following information.
In order to ensure fair processing, this privacy policy contains general information on our handling of your data as well as information on your rights under the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
We also inform you in detail about
I. General information
II. Data processing on our website
III. Data processing on our social media pages
IV. Further data processing
IOI Oleo GmbH (hereinafter referred to as “we” or “us”) is responsible for data processing.
Status: July 2020
1. contact
If you have any questions or suggestions regarding this information or would like to contact us to assert your rights, please send your request to
IOI Oleo GmbH
Herrengraben 31, 20459 Hamburg, Germany
Phone: +49 (0) 40 28 00 31 – 0
E-mail: info@ioioleo.de
2. legal bases
The data protection term “personal data” refers to all information relating to an identified or identifiable individual.
We process personal data in compliance with the relevant data protection regulations, in particular the GDPR and the BDSG.
Data processing by us only takes place on the basis of legal permission.
We process personal data
- only with your consent (Art. 6 (1) (a) GDPR),
- for the performance of a contract to which you are a party or at your request for the implementation of pre-contractual measures (Art. 6 (1) (b) GDPR),
- to fulfill a legal obligation (Art.
6 para. 1
lit. c) GDPR) - or if the processing is necessary for the purposes of our legitimate interests or the legitimate interests of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data (Art. 6 (1) (f) GDPR).
If you apply for an open position in our company, we will also process your personal data to decide on the establishment of an employment relationship (Section 26 (1) sentence 1 BDSG).
3. duration of storage
Unless otherwise stated in the following information, we only store the data for as long as is necessary to achieve the purpose of processing or to fulfill our contractual or legal obligations.
Such statutory retention obligations may arise in particular from commercial or tax law regulations.
From the end of the calendar year in which the data was collected, we will store such personal data contained in our accounting data for ten years and store personal data contained in commercial letters and contracts for six years.
In addition, we will store personal data collected in the course of performing a contract, in particular complaints and claims data, for a maximum of four years from the end of the respective transaction.
We will delete data stored for advertising purposes if you object to processing for this purpose.
4. categories of recipients of the data
Unless otherwise stated in the following information, the data is processed on the servers of technical service providers.
We use processors for this purpose.
The processing of data about you carried out by processors includes, for example, hosting, maintenance and support of IT systems, customer and order management, order processing, accounting and billing, marketing measures or file and data carrier destruction.
A processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the data controller.
Processors do not use the data for their own purposes, but carry out the data processing exclusively for the controller and are contractually obliged to guarantee suitable technical and organizational measures for data protection.
We may also transfer your personal data to bodies such as postal and delivery services, your bank, tax consultants/auditors or the tax authorities.
If your data is transmitted to other recipients, we will inform you under the respective processing procedure.
5. processing when exercising your rights in accordance with.
Art. 15 to 22 GDPR
If you exercise your rights in accordance with Art. 15 to 22 GDPR, we process the personal data transmitted for the purpose of implementing these rights by us and to be able to provide proof of this.
We will only process data stored for the purpose of providing and preparing information for this purpose and for the purposes of data protection monitoring and will otherwise restrict processing in accordance with Art. 18 GDPR.
This processing is based on the legal basis of Art. 6 para.
1 lit. c) GDPR in conjunction with. Art. 15 to 22 GDPR and § 34 para.
2 BDSG.
6. your rights
As a data subject, you have the right to assert your data subject rights against us.
In particular, you have the following rights:
- In accordance with Art. 15 GDPR and Section 34 BDSG, you have the right to request information as to whether or not we process personal data relating to you and, if so, to what extent.
- You have the right to demand that we rectify your data in accordance with Art. 16 GDPR.
- You have the right to demand that we erase your personal data in accordance with Art. 17 GDPR and Section 35 BDSG.
- You have the right to restrict the processing of your personal data in accordance with Art. 18 GDPR.
- In accordance with Art. 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and to transmit those data to another controller.
- If you have given us separate consent to data processing, you can revoke this consent at any time in accordance with Art. 7 para.
3 GDPR at any time.
Such a revocation does not affect the legality of the processing that was carried out on the basis of the consent until the revocation. - If you believe that the processing of your personal data violates the provisions of the GDPR, you have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR.
7. right to object
In accordance with Art. 21 para.
1 GDPR, you have the right to object to processing based on the legal basis of Art. 6 para.
1 lit.
e) or
f) GDPR for reasons arising from your particular situation.
If we process personal data about you for the purpose of direct marketing, you can object to this processing in accordance with Art.
Art. 21 para.
2 and para.
3 of the GDPR.
8. data protection officer
You can reach our data protection officer at the following contact details datenschutz@ioioleo.de
When you use the website, we collect information that you provide yourself.
We also automatically collect certain information about your use of the website during your visit.
Under data protection law, the IP address is also considered personal data.
An IP address is assigned to every device connected to the Internet by the Internet provider so that it can send and receive data.
1. processing of server log files
When using our website for purely informational purposes, general information that your browser transmits to our server is initially stored automatically (i.e. not via registration).
By default, this includes: browser type/version, operating system used, page accessed, the previously visited page (referrer URL), IP address, date and time of the server request and HTTP status code.
The processing is carried out to protect our legitimate interests and is based on the legal basis of Art. 6 para.
1 letter f) GDPR.
This processing serves the technical administration and security of the website.
The stored data will be deleted after fourteen days unless there is a justified suspicion of unlawful use based on concrete evidence and further examination and processing of the information is necessary for this reason.
We are not in a position to identify you as a data subject on the basis of the stored information.
Art. 15 to 22 GDPR therefore apply in accordance with.
Art. 11 para.
2 GDPR do not apply unless you provide additional information that enables your identification in order to exercise your rights set out in these articles.
2. data transfer to a third country
Visiting our website may involve the transfer of certain personal data to third countries, i.e. countries in which the GDPR is not applicable law.
Such a transfer is permitted if the European Commission has determined that an adequate level of data protection is required in such a third country.
If there is no such adequacy decision by the European Commission, personal data will only be transferred to a third country if suitable guarantees are in place in accordance with Art.
Art. 46 GDPR or if one of the requirements of Art. 49 GDPR is met.
If the transfer is based on appropriate safeguards in the form of the standard data protection clauses pursuant to Art.
Art. 46 para.
2 lit. c) GDPR, these can be found at https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX%3A32010D0087 can be accessed.
3. contact options and inquiries
If you send us a message via the contact email provided, we will process the data transmitted for the purpose of responding to your inquiry.
We process this data on the basis of our legitimate interest in contacting inquiring persons.
The legal basis for data processing is Art. 6 para.
1 letter f) GDPR.
4. registration
In order to use certain functions of the website, registration via the website is required.
The information required can be seen in the registration input screen.
As part of the registration process, we process the name provided, the e-mail address provided and a password of your choice.
The provision of the information marked as mandatory is essential for the registration process to be completed.
The data provided will be processed for the purpose of providing the service.
The processing is based on the legal basis of Art. 6 para.
1 letter b) GDPR.
5. applications
If you apply to our company, we will process your application data exclusively for purposes related to your interest in current or future employment with us and the processing of your application.
Your application will only be processed and acknowledged by the relevant contact persons at our company.
All employees entrusted with data processing are obliged to maintain the confidentiality of your data.
If we are unable to offer you employment, we will retain the data you have submitted for up to six months after any rejection for the purpose of answering questions in connection with your application and rejection.
This does not apply if further storage is necessary for the purpose of providing evidence or if you have expressly consented to longer storage.
The legal basis for data processing is § 26 para.
1 SENTENCE 1 BDSG.
If we retain your applicant data beyond a period of six months and you have expressly consented to this, we would like to point out that this consent can be freely revoked at any time in accordance with Art. 7 para.
3 GDPR is freely revocable.
Such a revocation does not affect the legality of the processing that was carried out on the basis of the consent until the revocation.
6. newsletter
On our website, we offer you the opportunity to subscribe to our newsletter.
Once you have registered, we will inform you regularly about the latest news on our offers.
A valid e-mail address is required to register for the newsletter.
To verify your e-mail address, you will first receive a registration e-mail, which you must confirm via a link (double opt-in).
If you subscribe to the newsletter on our website, we process personal data such as your e-mail address and your name on the basis of the consent you have given.
The processing is based on the legal basis of Art. 6 para.
1 letter a) GDPR.
You can revoke your consent at any time with effect for the future, for example via the “Unsubscribe” link in the newsletter or by contacting us via the channels mentioned above.
The legality of the data processing operations that have already taken place remains unaffected by the revocation.
When you register for the newsletter, we also store your IP address and the date and time of registration.
The processing of this data is necessary in order to be able to prove that consent has been given.
The legal basis arises from our legal obligation to document your consent (Art. 6 (1) (c) in conjunction with Art. 7 (1) (f) GDPR). Art. 7 para.
1 GDPR).
We also analyze the reading behavior and opening rates of our newsletter.
For this purpose, we collect and process pseudonymized usage data that we do not merge with your e-mail address or your IP address.
The legal basis for the analysis of our newsletter is Art. 6 para.
1 letter f) GDPR and the processing serves our legitimate interest in optimizing our newsletter.
You can object to this at any time by contacting one of the contact channels listed above.
We use the CleverReach service provided by CleverReach GmbH & Co KG (Mühlenstr. 43, 26180 Rastede, Germany) to manage subscribers, send the newsletter and analyze it.
CleverReach GmbH & Co KG processes personal data as a processor only with our express instructions and is contractually obliged to guarantee sufficient technical and organizational measures for data protection.
Data processing by CleverReach GmbH & Co KG only takes place in data centers in the European Union.
7. cookies
We use cookies and similar technologies on our website.
Cookies are small text files that are stored by your browser when you visit a website.
This identifies the browser used and can be recognized by our web server.
We use so-called “session cookies”, which are deleted when the browser session ends.
Other cookies (“persistent cookies”) are automatically deleted after a specified period, which may vary depending on the cookie.
The use of cookies is in part technically necessary for the operation of our website.
We use session cookies to maintain the system functions in our login area.
The storage duration of these cookies is 28 days.
We also use cookies and similar technologies to measure analytics about the reach of our website and to analyze the use of our website.
We also use cookies and similar technologies to track user behavior across websites and devices.
Cookies are stored on the user’s computer.
As a user, you therefore have full control over the use of cookies.
You can delete cookies in the security settings of your browser at any time.
You can object to the use of cookies through your browser settings in principle or for specific cases.
Further information on this is available from the Federal Office for Information Security at https://www.bsi-fuer-buerger.de/BSIFB/DE/Empfehlungen/EinrichtungSoftware/EinrichtungBrowser/Sicherheitsmassnahmen/Cookies/cookies_node.html.
Information on how cookies and similar technologies are used by us can be found below under the description of the specific processing activity.
8. consent management system
This website uses a consent management banner from the provider Borlaps to control cookies.
The Borlabs consent banner enables users of our website to give their consent to certain data processing operations or to withdraw their consent.
Borlabs also supports us in being able to provide proof of the declaration of consent.
For this purpose, Borlabs processes information on the declaration of consent and further log data on this declaration.
Cookies are also used to collect this data.
The processing of this data is necessary in order to be able to prove that consent has been given.
The legal basis arises from our legal obligation to document your consent (Art. 6 para. 1 letter c) in conjunction with Art. 7 para. Art. 7 para.
1 GDPR).
9. analysis of our website with Google Analytics
We use the Google Analytics service of Google Ireland Limited (Ireland/EU) to analyze our website visits.
Google uses cookies that enable your use of our website to be analyzed.
This involves processing personal data in the form of online identifiers (including cookie identifiers), IP addresses, device identifiers and information about interaction with our website.
The information generated by the cookie about the use of our website by users is usually transferred to a Google server in the USA and stored there.
Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within our website and to provide us with further services associated with the use of our website and the use of the Internet.
Pseudonymous user profiles can be created from the processed data.
We only use Google Analytics with activated IP anonymization.
This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area.
Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there.
The IP address transmitted by the user’s browser will not be merged with other Google data.
We use the Google Universal Analytics variant.
This enables us to assign interaction data from different devices and from different sessions to a unique user ID.
This allows us to put individual user actions into context and analyze long-term relationships.
The data on user actions is stored for a period of 14 months and then automatically deleted.
Data whose storage period has expired is automatically deleted once a month.
The setting of cookies and the further processing of personal data described here takes place with your consent.
The legal basis for data processing in connection with the Google Analytics service is therefore Art. 6 para.
1 letter a) GDPR.
You can prevent the storage of cookies by Google Analytics by selecting the appropriate settings in your browser software.
You can also prevent the collection of information generated by the cookie by downloading and installing the browser plugin available at the following linkhttps://tools.google.com/dlpage/gaoptout.
If you visit our website via a mobile device, you can block Google Analytics by clicking on this link deactivate it.
Please also note that we document any consent you have given in order to fulfill our obligation to provide evidence under Art. 7 para.
1 GDPR.
As we are obliged to do so, this storage is based on the legal basis of Art. 6 para.
1 lit. c) GDPR).
10. integrated third-party services and content
We use services and content provided by third-party providers on our website (hereinafter collectively referred to as “content”).
For such integration, it is technically necessary to process your IP address so that the content can be sent to your browser.
Your IP address is therefore transmitted to the respective third-party providers.
This data processing is carried out in each case to protect our legitimate interests in the optimization and economic operation of our website and is based on the
legal basis of Art. 6 para.
1 letter f) GDPR.
You can object to this data processing at any time via the settings of the browser used or certain browser extensions.
One such extension is the Matrix-based firewall uMatrix for the Firefox and Google Chrome browsers.
Please note that this may result in functional restrictions on the website.
We have integrated content from the following services provided by third parties into our website:
Services of Google Ireland Limited (Ireland/EU):
- “Google Maps” for displaying maps;
- “Google Web Fonts” for the display of fonts.
We have a company page on several social media platforms.
In this way, we would like to offer further opportunities for information about our company and for exchange.
Our company has company pages on the following social media platforms:
- Flickr
- Tumblr
When you visit or interact with a profile on a social media platform, personal data about you may be processed.
The information associated with a social media profile used also regularly constitutes personal data.
This also includes messages and statements made using the profile.
In addition, certain information is often automatically collected during your visit to a social media profile, which may also constitute personal data.
1. data processing when visiting a social media page
a.Instagram page
When you visit our Instagram page, which we use to present our company or individual products from our range, certain information about you is processed.
The sole controller for this processing of personal data is Facebook Ireland Ltd (Ireland/EU – “Facebook”).
Further information about the processing of personal data by Facebook can be found at https://www.facebook.com/privacy/explanation.
Facebook offers the option of objecting to certain data processing; information and opt-out options can be found at https://www.facebook.com/settings?tab=ads.
Facebook provides us with statistics and insights for our Instagram page in anonymized form, which help us gain insights into the types of actions people take on our page (so-called “page insights”).
These Page Insights are created on the basis of certain information about people who have visited our page.
This processing of personal data is carried out by Facebook and us as joint controllers.
The processing serves our legitimate interest in evaluating the types of actions taken on our site and improving our site based on these findings.
The legal basis for this processing is Art. 6 para.
1 letter f) GDPR.
We cannot assign the information obtained via Page Insights to individual Facebook profiles that interact with our Facebook page.
We have entered into an agreement with Facebook on processing as joint controllers, which sets out the distribution of data protection obligations between us and Facebook.
Details about the processing of personal data for the creation of Page Insights and the agreement concluded between us and Facebook can be found at https://www.facebook.com/legal/terms/information_about_page_insights_data.
With regard to this data processing, you also have the option of asserting your data subject rights (see “Your rights”) against Facebook.
Further information on this can be found in Facebook’s privacy policy at https://www.facebook.com/privacy/explanation.
Please note that user data is also processed in the USA or other third countries in accordance with the Facebook privacy policy.
Facebook only transfers user data to countries for which the European Commission has issued an adequacy decision in accordance with Art. 45 GDPR or on the basis of suitable guarantees in accordance with Art. 46 GDPR.
Facebook Inc.
is certified under the EU-US Privacy Shield and thus offers an adequate level of data protection in accordance with Art. 45 GDPR.
b. Pinterest
In principle, Pinterest Europe Ltd. is solely responsible for the processing of personal data when you visit our Pinterest profile.
Further information on the processing of personal data by Pinterest Europe Ltd. can be found at https://policy.pinterest.com/de/privacy-policy.
c. Flickr
Flickr, Inc. is responsible for the processing of personal data when you visit our Flickr profile.
is the sole controller.
Further information about the processing of personal data by Flickr, Inc.
can be found at https://www.flickr.com/help/privacy.
d. Tumblr
In principle, Tumblr, Inc is solely responsible for the processing of personal data when you visit our Tumblr blog.
Further information about the processing of personal data by Tumblr, Inc can be found at https://www.tumblr.com/privacy/de.
2. processing of data that you provide to us via our company pages
We also process information that you have provided to us via our company page on the respective social media platform.
Such information may include the username used, contact details or a message to us.
We only process this personal data on a regular basis if we have expressly requested you to provide us with this data in advance, for example as part of a survey.
This processing is carried out by us as the sole controller.
We process this data on the basis of our legitimate interest in contacting the person making the request.
The legal basis for data processing is Art. 6 para.
1 letter f) GDPR.
We may also process such data for evaluation and marketing purposes.
This processing is carried out on the legal basis of Art. 6 para.
1 letter f) GDPR and serve our interest in further developing our offer and informing you specifically about offers from IOI Oleo GmbH.
Further data processing may take place if you have given your consent (Art. 6 (1) (a) GDPR) or if this serves to fulfill a legal obligation (Art. 6 (1) (c) GDPR).
We use software to manage our company pages.
If a user asks a question specified in the software via the comment function on one of our company pages, the text is displayed via the software together with the user’s username.
This data is also transmitted to the provider of the software.
The text sent and the user name are deleted as soon as the query has been answered.
1. contacting us by email
If you send us a message via the contact email provided, we will process the data transmitted for the purpose of responding to your request.
We process this data on the basis of our legitimate interest in contacting inquiring persons.
The legal basis for data processing is Art. 6 para.
1 letter f) GDPR.
2. contractual relationship
The processing of the personal master data, contract data and payment data provided to us is regularly required to establish or execute the contractual relationship with our customers.
The legal basis for the processing of personal data about our contact persons at commercial customers and business partners is Art. 6 para.
1 letter f) GDPR.
We also process customer and prospective customer data for evaluation and marketing purposes.
This processing is carried out on the legal basis of Art. 6 para.
1 letter f) GDPR and serve our interest in further developing our offer and informing you specifically about offers from IOI Oleo GmbH.
Further data processing may take place if you have given your consent (Art. 6 (1) (a) GDPR) or if this serves to fulfill a legal obligation (Art. 6 (1) (c) GDPR).
3. use of business e-mail address and telephone number for marketing purposes
We may use the e-mail address or telephone number you provide when registering or placing an order to inform you about similar products and services we offer.
In doing so, we are pursuing our legitimate interest in direct advertising for our products and services.
a. Use of the e-mail address for marketing purposes
The legal basis for the use of e-mail addresses for marketing purposes is Art. 6 para.
1 letter f) GDPR in conjunction with. § Section 7 para.
3 UWG.
You can object to this use of your email address at any time without incurring any costs other than the transmission costs according to the basic rates.
To do so, you can contact us by email at info@ioioleo.de or via one of the other contact channels we have provided.
You can also object to receiving such emails directly by clicking on the unsubscribe link contained in each mailing.
We use the CleverReach service provided by CleverReach GmbH & Co KG (Mühlenstr. 43, 26180 Rastede, Germany) to send such marketing emails.
CleverReach GmbH & Co KG processes personal data as a processor only with our express instructions and is contractually obliged to guarantee sufficient technical and organizational measures for data protection.
Data processing by CleverReach GmbH & Co KG only takes place in data centers in the European Union.
b. Use of the telephone number for marketing purposes
The legal basis for the use of telephone numbers for marketing purposes is Art. 6 para.
1 letter f) GDPR in conjunction with. § Section 7 para.
2 No. 2 UWG.
You can object to this use of your email address at any time without incurring any costs other than the transmission costs according to the basic rates.
You can do this by sending an email to info@ioioleo.de or by contacting us via one of our other specified contact channels.