Data protection statement
The use of this website www.ioioleo.de may require the processing of personal data.
We would like to provide you with an overview of this processing by means of the following information to ensure that you fully understand which, and to what extent, your data is processed.
In addition, we would like to impart information to you regarding your rights pursuant to the European General Data Privacy Regulation (GDPR) and the German Federal Data Protection Act (BDSG). The party responsible (controller) for the processing of personal data is: IOI Oleo GmbH, Herrengraben 31 20459 Hamburg, Deutschland (hereinafter also referred to as “we” or “us”).
If you have any questions or feedback concerning this information or wish to contact us to assert your rights, please send your enquiry to
IOI Oleo GmbH
Herrengraben 31, 20459 Hamburg, Germany
Tel.: +49 (0) 40 28 00 31 – 0
b. Legal Basis
Use of this website can result in your personal data being processed. The legal term “personal data” refers to all information relating to an identified or identifiable natural person. The IP address can be personal data as well. Every device connected to the internet is assigned an IP address by the internet provider to enable it to receive and send data. When you use the website, we process data you provide. In addition, we collect certain information about your use of the website automatically during your visit to the website.
We process personal data in compliance with the data protection regulations, in particular the GDPR and the BDSG. We only process data within legal bounds. During use of this website, we will process personal data solely
- with your consent (Art. 6 para. 1 lit. a GDPR),
- to perform a contract to which you are a party, or to take steps at your request prior to entering into a contract (Art. 6 para. 1 lit. b GDPR),
- for compliance with a legal obligation (Art. 6 para. 1 lit. c GDPR)
- or where processing is necessary for the purposes of our legitimate interests or those of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data (Art. 6 para. 1 lit. f GDPR).
If you apply for an open position within our company, we will additionally process your personal data in order to determine whether or not to hire you (Section 26 para. 1 BDSG).
c. Period of storage
In absence of an alternative provision ensuing from the following statements, we will only store your data for as long as required to achieve the intended processing purpose or to fulfil our contractual or statutory obligations.
Such statutory retention requirements, in particular, result from commercial or tax law. From the end of the calendar year in which the data has been collected we will store personal data used for accounting for ten years. Personal data contained in commercial letters and contracts will be stored for six years.
Apart from that, we will store personal data collected for the purpose of the performance of a contract, in particular data on complaints and requests, for a maximum of four years from the end of the procedure. Data stored for marketing purposes will be deleted when you object to processing for this purpose.
d. Recipients of data
Unless otherwise stated in the following, the data is processed on the servers of service providers. For this, we commission processors. Processing activities conducted by the processors include e.g. hosting, maintenance and support of IT systems, customer and order management, order handling, accounting, marketing or shredding of files and data carrier destruction. Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. Processors process data not for their own purposes but solely for the controller and are contractually obliged to implement appropriate technical and organizational measures ensuring data protection.
Apart from that, we transfer your data to postal and delivery services, our bank, tax consultants/auditors or the fiscal authority if necessary.
Should your data be transferred to further recipients, we will inform you via the respective processing activity.
e. Transfer of data to the USA
Visiting our website may involve the transfer of certain personal data to the USA. For the transfer of data to the USA as a third country, a country in which the GPDR is not applicable law, the European Commission has decided in accordance with Art. 45 GDPR that an adequate level of data protection is required for companies certified under the EU-US Privacy Shield. The transfer to the USA will then take place in a permissible manner. Certified companies are listed by the U.S. Department of Commerce at https://www.privacyshield.gov/list.
When using our website for purely informative purposes, general information that your browser transmits to our server is initially stored automatically (not via registration). This includes by default: browser type/-version, operating system used, page visited, the previously visited page (referrer URL), IP address, date and time of server request and HTTP status code.
The processing is carried out in pursuit of our legitimate interests and is based on the legal basis of Art. 6 para. 1 lit. f GDPR. This processing enables technical administration and ensures the technical security of the website. The stored data will be deleted after fourteen days unless there is a justified suspicion of illegal use based on concrete indications and further examination and processing of the information is necessary for this reason.
We are not able to identify you as a data subject based on the stored information. Art. 15 to 22 GDPR therefore do not apply pursuant to Art. 11 para. 2 GDPR, unless you provide additional information to enable your identification in order to exercise the rights set out in these articles.
When you send us a message via our contact email address, we will process the transferred data in order to process the request.
We process this data in pursuit of our legitimate interest to reach out to persons submitting requests. The legal basis for this is Art. 6 section 1 lit. f GDPR.
Our website contains a contact form, by means of which you can send us messages or requests. Here, your data is transferred while encrypted. All data fields marked as required are needed for processing your requests. Failure to provide the information will have the consequence that we are unable to process your request. Provision of other data is voluntary. Alternatively, you may send us an email. The legal basis for data processing is Art. 6 (1) (b) GDPR.
Legal basis for the data processing is section 26 para. 1 BDSG. If we keep your applicant data for a period of six months and you have expressly consented to this, we would like to point out that this consent can be freely withdrawn at any time in accordance with Art. 7 para. 3 GDPR. Such a revocation does not affect the lawfulness of processing based on the consent prior to its withdrawal.
We use so-called ‘session cookies’, which are deleted when the browser session is closed. Other cookies (‘persistent cookies’) are automatically deleted after a specified period, which may vary depending on the cookie.
We use session cookies to maintain functionality of the system in our login area. The period of storage of these cookies is 28 days.
We only use Google Analytic with activated IP address anonymisation. With this setting the user’s IP address will be shortened within the EU or the European Economic Area. The user’s full IP address will only be sent to Google’s servers in the USA and shortened there in exceptional cases. The user’s IP address provided by the user’s web browser will not be merged with other data stored by Google.
We use a product variant called Google Universal Analytics. This service enables us to connect data from multiple sessions and multiple devices under a unique User-ID. By using it, we can put single user interactions in a broader context and are able to analyse long term relationships.
User interaction data will be stored for a duration of 14 months and will be deleted automatically afterwards. The deletion process of data for which the storage period has passed will be performed automatically, once per month.
The setting of cookies and the processing of personal data described here, are conducted with your consent. Legal basis for the processing of personal data through Google Analytics is therefore Art. 6 Sec. 1 letter a) GDPR. You can object to the storage of cookies by Google Analytics through editing the respective settings of your web browser. Furthermore, you can prevent the collection of aforementioned information with a browser plugin available through the following link: https://tools.google.com/dlpage/gaoptout. If you are visiting our website with a mobile device, you can disable Google Analytics by clicking this link. Please be advised, that we will document your consent, as we are required to do so by Art. 7 Sec. 1 GDPR. Because we are required to do so by law, the legal basis for the storage is Art. 6 Sec. 1 letter c) GDPR.
Using Google Analytics, a transfer of your personal data to the US based Google LLC cannot be ruled out. Google LLC (USA) is certified through the EU-US Privacy Shield.
We use services and content (collectively, “Content”) provided on our Website by third parties. For such an integration a processing of your IP address is necessary, so that the contents can be sent to your browser. Your IP address will therefore be transmitted to the respective third party providers. This data processing is carried out in order to safeguard our legitimate interests in the optimisation and economic operation of our website and finds its legal basis in Art. 6 Sec. 1 letter f) GDPR. You can object to this data processing at any time by changing the settings of your browser or by using certain browser extensions. One such extension is the uMatrix matrix-based firewall for the Firefox and Google Chrome browsers. Please note that this may result in functional restrictions on the website.
We have incorporated into our website content from the following third-party services:
Services provided by Google Ireland Limited (Ireland/EU):
- „Google-Maps“ to display maps;
- „Google Web Fonts“ to display fonts;
- „Google invisible reCAPTCHA“ to protect against automated spying, misuse and SPAM.
Using Google services, a transfer of your personal data to the US based Google LLC cannot be ruled out. Google LLC (USA) is certified through the EU-US Privacy Shield.
If you exercise your rights pursuant to Art. 12 to 22 GDPR we will process the data you provided in the request, in order to fulfil this request and in order to be able to prove that we responded adequately to your request.
We will only process data stored for the purpose of preparing for and replying to requests for these purposes and for the purpose of privacy monitoring. Any further processing is restricted in accordance with Art. 18 GDPR.
These processing activities have a legal basis in Art. 6 para. 1 lit. c GDPR in combination with Art. 15 to 22 GDPR and section 34 para. 2 BDSG.
As the data subject, you are entitled to exercise your rights against us. In particular, you have the following rights:
- Pursuant to Art. 15 GDPR and § 34 BDSG, you have the right to request information confirming whether or not and, if so, to what extent we are processing personal data concerning you.
- Pursuant to Art. 16 GDPR, you have the right get your data rectified.
- Pursuant to Art. 17 GDPR and § 35 BDSG, you are entitled to require us to delete your personal data.
- Pursuant to Art. 18 GDPR, you have the right to require us to restrict the processing of your personal data.
- Pursuant to Art. 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit such data to another controller.
- Where you have granted us separate consent to process your data, you can withdraw such consent at any time pursuant to Art. 7 Sec. 3 GDPR. Any such withdrawal of consent shall not affect the lawfulness of processing based on that consent prior to its withdrawal.
If you consider that the processing of personal data relating to you infringes GDPR provisions, you have the right to lodge a complaint with a supervisory authority pursuant to Art.77 GDPR.
Pursuant to Art. 21 para. 1 GDPR, you have the right to object to processing operations based on Art. 6 para. 1 lit. e or lit. f GDPR on grounds relating to your particular situation. If we process personal data about you for the purpose of direct marketing, you may object to such processing pursuant to Art. 21 para. 2 and para. 3 GDPR.