Name and Contact Details of the Controller

ITA engineering GmbH
Hansastraße 40
80804 Munich
Phone: +49 89 5799 – 0
Email: info@ita-engineering.eu

Contact Details of the Data Protection Officer

We have appointed a data protection officer. You can reach him at:
anton.greil@compliant-it.eu

Collection and Processing of Personal Data When Visiting the Website

When you visit our website, information transmitted by your browser is automatically recorded and temporarily stored in server log files. These data include in particular:

• IP address of the requesting device

• Date and time of the server request

• URL (address) of the accessed page or file

• Referrer URL (website from which you accessed our site)

• Browser type and version and, if applicable, the operating system used

• Amount of data transmitted and notification of successful retrieval

Purpose: Processing these log data is technically necessary to display the website and ensure the stability and security of our systems. We also use the data for website administration and to optimize our services (e.g. error analysis).

Legal Basis: The processing of the aforementioned data is based on our legitimate interest pursuant to Art. 6(1)(f) GDPR to ensure the smooth operation of the website and IT security. These data are not merged with other data sources.

Retention Period: The server log files are deleted after 6 months unless security-related incidents (e.g. attempted attacks) require longer retention. Personal data are only evaluated in emergencies, such as investigating attacks. No personal user profiles are created.

Use of Cookies

Our website uses cookies, which are small text files stored on your device. We use different types of cookies:

Technically necessary cookies: Session cookies are temporary and used only during your active session on the site. These cookies are not used to collect data. They are used for session management, optimizing page display and navigation. Disabling cookies may limit website functionality.

Analytics cookies: These cookies evaluate user behavior on our website. We only use these cookies with your prior consent. Specifically, we use Google Analytics, which sets cookies to create pseudonymized usage profiles. Analytics cookies are only set if you actively consent via the cookie banner. Without your consent, these cookies remain inactive.

When visiting our website, a cookie banner appears where you can accept or reject the use of analytics cookies. Your selection is stored in a cookie ("opt-in/opt-out" cookie), which includes your consent status and has a limited storage duration. You can adjust your cookie settings at any time via the banner or delete stored cookies in your browser.

Note: Deactivating or deleting cookies may affect website functionality. You can remove or block cookies via your browser settings.

Web Analytics with Google Analytics

Our website uses Google Analytics, a web analytics service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses cookies (see analytics cookies above). The information generated by these cookies about your use of the website (e.g. pages visited, site behavior, browser used, operating system, origin of the user, server request time) is usually transmitted to and stored on Google servers.

We have activated IP anonymization (IP masking) on this website. This means your IP address is shortened by Google within the EU or EEA before being transmitted to the USA. In exceptional cases, the full IP address is sent to a Google server in the USA and shortened there.

Purpose: We use Google Analytics to evaluate usage behavior on our website and improve our offerings. The statistics help us identify popular content, detect technical problems, and optimize our content. We may also use analytics data for marketing and campaign performance.

Legal Basis: The processing of your data through Google Analytics is based solely on your consent (Art. 6(1)(a) GDPR). Consent is requested via the cookie banner. It is voluntary, and you may use the website without allowing analytics. You can withdraw consent at any time with future effect (see section on withdrawal). Without consent or upon withdrawal, no data are collected via Google Analytics.

Data Processing Agreement: We have concluded a data processing agreement with Google in accordance with Art. 28 GDPR. Google processes the data on our behalf to provide us with usage reports. According to Google, the data are not used for their own purposes nor passed on to unauthorized third parties. For more information, see Google’s privacy policy.

Data Transfer to the USA: Google Ireland Limited is a subsidiary of Google LLC, based in the USA (1600 Amphitheatre Parkway, Mountain View, CA). It cannot be excluded that data collected via Google Analytics are stored on servers in the USA. Google LLC is certified under the EU-U.S. Data Privacy Framework. This certification confirms adequate data protection for certified US companies. Thus, data transfers are based on the EU Commission’s adequacy decision.

Retention Period: We have limited the retention of usage data collected by Google Analytics to 14 months. This means personal data are automatically deleted or anonymized 14 months after your last visit. Google Analytics cookies (e.g. _ga) can last up to 2 years but are no longer read once consent is withdrawn or expires.

Opt-out Options: You can prevent participation in Google Analytics at any time by changing your cookie consent (deactivating analytics) or deleting analytics cookies in your browser.

Disclosure of Personal Data to Third Parties

No Unauthorized Disclosure: We do not disclose your personal data to third parties except as described here or with your explicit consent. Disclosure may occur if required by law (Art. 6(1)(c) GDPR) or necessary to assert legal rights (Art. 6(1)(f) GDPR).

Use of Service Providers (Processors): We use external service providers for data processing, e.g. for hosting and analytics. These providers are bound by data processing agreements under Art. 28 GDPR, ensuring data processing only on our instructions and in compliance with applicable laws. Our website is hosted on the servers of an external provider within the EU, which may access personal data (e.g. log data, website content) during maintenance and operation.

Web Hosting

The content management system is hosted on a server operated by Jweiland.net GmbH (Germany, internal ATP server). Website content is delivered via the hosting service Netlify Inc. (USA) using static site delivery.

Another processor is Google Ireland Limited, which operates Google Analytics on our behalf. Google processes analytics data strictly for evaluation purposes. Data are not passed to third parties unless legally required or via subcontractors under the same data protection obligations.

Data Transfers to Third Countries

As described above, personal data may be transferred to countries outside the EU or EEA (so-called third countries). This mainly applies to the use of Google LLC services in the USA.

We only transfer data to third countries where an EU adequacy decision exists, or appropriate safeguards (e.g. Standard Contractual Clauses) are in place, or where you have explicitly consented.

For the USA, we rely on the EU-U.S. Data Privacy Framework. In July 2023, the EU Commission determined that certified companies provide adequate data protection. Our partners in the USA (e.g. Google) are certified under this framework, allowing data transfers on this basis.

If, in exceptional cases, data are transferred to providers in countries without adequate protection, we ensure appropriate safeguards (e.g. Standard Contractual Clauses) to maintain the required level of data protection.

Retention Period

We process and store your personal data only as long as necessary for the intended purposes or legal obligations.

Cookies: Session cookies are deleted after your visit or when the browser is closed. Persistent cookies (e.g. consent or analytics cookies) remain until expired or manually deleted. Consent cookies are stored for 6 months, analytics cookies for up to 2 years (unless withdrawn earlier).

Google Analytics data: Stored for up to 14 months (see above).

Contact data: If you contact us (e.g. by email), we process your personal data (name, email address, inquiry) to respond to you. These data are stored as long as necessary to process your inquiry unless legal obligations require longer retention.

Once the purpose ends and no legal retention requirements exist, your data are deleted or anonymized.

Your Rights as a Data Subject

You have the right to access, rectification, deletion, restriction of processing, data portability, objection, and withdrawal of consent. If you believe your data are processed unlawfully or your rights are violated, you may lodge a complaint with a supervisory authority. In Austria, this is the Data Protection Authority.

Right to Lodge a Complaint with a Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe the processing of your personal data is unlawful. This right can be exercised with an authority in your EU country of residence, workplace, or where the alleged violation occurred.

In Germany, the competent authority is usually the Data Protection Commissioner of the respective federal state. A list of supervisory authorities can be found at:
https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html