Privacy Policy

PRIVACY POLICY

This Privacy Policy informs you about the nature, scope, and purpose of the processing of personal data (hereinafter briefly referred to as \"data\") within our online offering and the associated websites, functions, and content, as well as external online presences, such as our social media profiles (hereinafter collectively referred to as \"Online Offering\"). With regard to the terminology used, such as \"processing\" or \"controller,\" we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

IS Softwarenetwicklung Dünnhofsweg 1a, 51469 Bergisch Gladbach, Germany Tel.: +49 211 95587660 Email: info@iss-pos.de Owner: Ihsani Sahbaz

Inventory data (e.g., names, addresses).

Contact data (e.g., email, telephone numbers).

Content data (e.g., text entries, photographs, videos).

Usage data (e.g., visited websites, interest in content, access times).

Meta/Communication data (e.g., device information, IP addresses).

Contract data (e.g., subject matter of the contract, term, customer category).

Payment data (e.g., bank details, payment history).

Data Subjects: Visitors and users of the Online Offering (hereinafter collectively referred to as \"Users\"), customers, prospects, and business partners.

Provision of the Online Offering, its functions, and content.

Responding to contact requests and communication with Users.

Security measures.

Reach measurement/Marketing.

Provision of contractual services (online shop operation, order processing, billing, delivery).

Service and customer care.

Administration and organization of the operation, financial accounting, and archiving.

Processing of applicant procedures.

In accordance with Art. 13 GDPR, we inform you about the legal bases of our data processing. Unless the legal basis is mentioned in the Privacy Policy, the following applies:

Consent: Art. 6 para. 1 lit. a and Art. 7 GDPR.

Performance of our services, implementation of contractual measures, and answering inquiries: Art. 6 para. 1 lit. b GDPR.

Compliance with our legal obligations: Art. 6 para. 1 lit. c GDPR.

Safeguarding our legitimate interests: Art. 6 para. 1 lit. f GDPR.

Protection of vital interests of the data subject or another natural person: Art. 6 para. 1 lit. d GDPR.

In accordance with Art. 32 GDPR, we take appropriate technical and organizational measures, taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, to ensure a level of protection appropriate to the risk. This also includes the protection of personal data during development or selection of hardware, software, and procedures (Art. 25 GDPR).

If we disclose data to other persons and companies (processors or third parties) as part of our processing, transmit it to them, or otherwise grant them access to the data, this only takes place on the basis of a legal permission (e.g., if a transmission of the data to third parties, such as payment service providers, is required for contract performance in accordance with Art. 6 Para. 1 lit. b GDPR), you have consented, a legal obligation provides for this, or on the basis of our legitimate interests. If we commission third parties to process data on the basis of a so-called \"Data Processing Agreement,\" this is done on the basis of Art. 28 GDPR.

If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)), this is done only if it is necessary for the fulfillment of our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation, or on the basis of our legitimate interests. The processing takes place, for example, on the basis of special guarantees, such as the officially recognized determination of a data protection level corresponding to the EU (e.g., for the USA through the \"Privacy Shield\") or observance of officially recognized special contractual obligations (so-called \"Standard Contractual Clauses\").

You have the right to:

Demand confirmation as to whether the data concerned is being processed, and to information about this data and a copy of the data (Art. 15 GDPR).

Demand the completion of the data concerning you or the correction of incorrect data concerning you (Art. 16 GDPR).

Demand that the data concerned be immediately deleted (Art. 17 GDPR), or alternatively demand a restriction of the processing of the data (Art. 18 GDPR).

Receive the data concerning you that you have provided to us (Art. 20 GDPR) and request their transmission to other controllers.

Lodge a complaint with the competent supervisory authority (Art. 77 GDPR).

You have the right to withdraw consents granted in accordance with Art. 7 Para. 3 GDPR with effect for the future.

You can object to the future processing of the data concerning you at any time in accordance with Art. 21 GDPR. The objection can, in particular, be made against processing for the purposes of direct advertising.

\"Cookies\" are small files that are stored on users\' computers. We may use temporary and permanent cookies.

Session cookies (temporary) are deleted after you leave the Online Offering and close your browser (e.g., storing shopping cart content).

Permanent cookies remain stored even after the browser is closed (e.g., storing the login status). If Users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. The exclusion of cookies can lead to functional restrictions of this Online Offering.

The data processed by us will be deleted or its processing restricted in accordance with Art. 17 and 18 GDPR. We delete the data as soon as it is no longer required for its intended purpose and there are no legal retention obligations preventing deletion.

Retention Obligations (Germany): Retention is required for 10 years in accordance with Sections 147 Para. 1 AO, 257 Para. 1 No. 1 and 4, Para. 4 HGB (books, vouchers, accounting documents, etc.) and 6 years in accordance with Section 257 Para. 1 No. 2 and 3, Para. 4 HGB (commercial letters).

We process our customers\' data as part of the ordering processes to enable them to select and order the chosen products and services, as well as their payment and delivery.

Data Processed: Inventory data, communication data, contract data, payment data.

Legal Basis: Art. 6 Para. 1 lit. b (order processing) and c (legally required archiving) GDPR.

We use session cookies to store the shopping cart content and permanent cookies to store the login status.

We only disclose data to third parties within the scope of delivery, payment, or within the scope of legal permissions and obligations towards legal advisors and authorities.

Users can optionally create a user account (Art. 6 Para. 1 lit. b GDPR).

Data Processed: Login information (name, password, email address) and order data.

Deletion: If Users cancel their user account, their data with regard to the user account will be deleted, subject to commercial or tax retention obligations.

Logging: As part of the use of our registration and login functions, we store the IP address and the time of the respective user action (legitimate interest, Art. 6 Para. 1 lit. f GDPR). The IP addresses are anonymized or deleted after 7 days at the latest.

We process data as part of administrative tasks, organization of our operations, financial accounting, and compliance with legal obligations (Art. 6 Para. 1 lit. c GDPR, Art. 6 Para. 1 lit. f GDPR).

Purpose: Administration, financial accounting, office organization, archiving of data.

Disclosure: Data is disclosed to the financial administration, consultants (e.g., tax consultants), and payment service providers.

We process applicant data to fulfill our (pre-)contractual obligations in the context of the application process (Art. 6 Para. 1 lit. b GDPR, Section 26 BDSG).

Deletion: If the application is unsuccessful, the applicant\'s data will be deleted, subject to a justified withdrawal, after a period of six months to comply with our burden of proof under the General Equal Treatment Act (AGG).

When contacting us (e.g., via contact form, email, telephone, or social media), the user\'s information for processing the contact request and its handling is processed in accordance with Art. 6 Para. 1 lit. b) GDPR. The user\'s information may be stored in a Customer Relationship Management System or a comparable customer service organization.