Data protection at ista: The protection of your personal data is very important to ista.

ista has been a member of the German Society for Data Protection and Data Security (Gesellschaft für Datenschutz und Datensicherung e.V.(GDD)) since February 2002.

ista complies with the legal data protection regulations and does everything to keep your and your customer’s/tenant‘s data confidential. All personal data is collected, processed and used in accordance with the provisions of the General Data Protection Regulation (GDPR) and only for the purposes of contract processing, fulfilment of legal obligations or for safeguarding our own legitimate business interests with regard to the advice and support of the customers as well as the demand-oriented product design.

All service providers of ista dealing with the processing of personal data also comply with the provisions of the GDPR in accordance with Art. 28 GDPR. Compliance is monitored by our data protection officer.

1. Collection and processing of personal data

Each time a user accesses the ista website and each time a file is accessed, data about that activity is stored in a log file. These data are not related to a person; so ista cannot trace back which user has retrieved which data.

In detail, the following data record is saved for each call:

  • Name of the file
  • Date and time of access
  • Amount of data transferred
  • Message whether the call was successful
  • Anonymous IP-Address
  • If necessary, operating system and browser software on your computer
  • As well as the website from which you visited the ista website

Personal user profiles cannot be created.

The above-mentioned data are evaluated for statistical purposes only.

Personal data will only be collected if you give it to ista on your own - for example, when registering for a survey or conducting a contract. A transmission of your data to third parties does not take place, unless ista is legally obliged to do so. Insofar as external service providers come into contact with your personal data, ista has ensured that they comply with the provisions of data protection laws through legal, technical and organizational measures as well as regular checks.

Cookies:

ista uses so-called cookies on the ista website to recognize multiple use of the offer by the same user/internet connection owner. Cookies are small text files that your internet browser stores on your computer. They serve to optimize ista's internet presence and offers. The cookies are usually so-called "session cookies", which are deleted after the end of your visit.

In some cases, however, these cookies provide information in order to automatically recognize you. This recognition is based on the ID stored in the cookies. The information obtained in this way serves to optimize ista's offers and to make it easier for you to access the ista website.

You may refuse the use of cookies by selecting the appropriate settings in your browser; however, ista points out that in this case you may not be able to use the full functionality of the ista website.

1.1 Webanalytics

1.1.1 Piwik PRO Analytics Suite

We use the analysis software Piwik PRO Analytics Suite (piwikpro.de) to analyse and optimise this website. The data collected with this software can be used to create user profiles under a pseudonym.  

Data processing purposes

This list contains the purposes for which data are collected and processed. Consent is valid only for the purposes specified. The data collected cannot be used or stored for purposes other than those listed below.  

  • Analysis
  • Optimisation

Technologies used

  • Cookies

Data collected

This list contains all (personal) data that are collected during or through the use of the service.

  • Anonymised shortened IP address
  • Usage data
  • User ID
  • Date and time of the visit
  • Referrer URL
  • Websites visited
  • Screen resolution
  • Geographic location 
  • User agent
  • Visitor ID

Legal basis

The required legal basis for the processing of data is listed in the following:

  • Art. 6, para. 1 s. 1 lit. a GDPR

Location of processing

  • European Union

Retention period

The retention period is the period of time during which the data collected are stored for processing. The data must be deleted as soon as they are no longer needed for the stated processing purposes. The data are stored for up to 25 months.

Data recipient

  • Piwik PRO Sp. z o.o.
  • Piwik PRO GmbH

Data protection officer of the processing company 

Below you will find the email address of the data protection officer of the processing company.
gdpr@piwik.pro

Consent to the collection and storage of data can be withdrawn at any time with immediate future effect. 

Click here to read the privacy policy of the data processor https://piwik.pro/privacy-policy/

Click here to withdraw consent on all domains of the data processing company https://piwik.pro/opt-out/

 

 

1.1.2 Google Tag Manager

Google Tag Manager is a solution with which website tags can be managed via an interface (and thus, for example, integrate Piwik Pro into our online offering). The Tag Manager itself (which implements the tags) does not process any personal data of the users.

Data processing purposes

This list contains the purposes for which data are collected and processed. Consent is valid only for the purposes specified. The data collected cannot be used or stored for purposes other than those listed below.  

  • Functionality

Technologies used

  • Java Script

Data collected

  • None

Legal basis

The required legal basis for the processing of data is listed in the following:

  • Art. 6, para. 1 s. 1 lit. f  GDPR

Location of processing

  • Computer of the browser 

Retention period

The retention period is the period of time during which the data collected are stored for processing. 
The data are deleted as soon as they are no longer needed for the processing purposes.

Data recipient

  • No data are disclosed to third parties 

 

1.1.3 Google Ads and Conversion Measurement

On the basis of the consent of the users of our online offering within the meaning of Art. 6, para. 1, lit. a. and Art. 7 GDPR), we use the services provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").

For evaluation purposes, cookies are stored on your end device and through them information is collected, which is also stored on servers of our data processor Google LLC ("Google"). Access to the information by Google LLC ("Google"), a U.S.-based company, cannot be excluded so relevant EU standard data protection clauses have been agreed to offer adequate safeguards for data processing in non-European countries. You have the right to be informed about this standard contract as part of the information provided. We use the Google "Ads" online marketing process to place ads in the Google Advertising Network (e.g. in search results, in videos, on websites etc.) so that they are displayed to users who have a presumed interest in the ads. This allows us to display ads for and within our online offering in a more targeted manner in order to present users only with those ads that potentially match their interests. For example, if a user is shown ads for products in which he/she has shown an interest in other online offerings, this is referred to as “remarketing”. For these purposes, when our and other websites on which the Google Advertising Network is active are accessed, Google directly executes a code from Google and “(re)marketing tags” (invisible graphics or code, also known as “web beacons”) are incorporated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user's device (comparable technologies can also be used instead of cookies). This file records which websites the user visits, which content he/she is interested in and which offers the user has clicked on, as well as technical information on the browser and operating system, referring websites, the time of the visit and further information on the use of the online offering.

We also receive an individual “conversion cookie”. The information collected with the help of the cookie is used by Google to generate conversion statistics for us. However, we only receive information on the total number of anonymous users who clicked on our ad and were redirected to a page with a conversion tracking tag. We do not, however, receive any information that can be used to identify users personally.

The users' data is processed pseudonymously within the Google Advertising Network. This means that Google does not store and process, for example, the names or e-mail addresses of users, but processes the relevant data on a cookie-related basis within pseudonymous user profiles. Consequently, from Google's point of view, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who this cookie holder is. This does not apply if a user has expressly permitted Google to process the data without this pseudonymization. The information collected about the users is transmitted to Google and stored on Google's servers in the USA.

For more information about how Google uses your information, setting and opt-out options, please read Google's Privacy Policy (https://policies.google.com/technologies/ads) and the settings for the display of advertisements by Google (https://adssettings.google.com/authenticated).

1.2 Remarketing activities and cookies

This website uses the remarketing or "similar target group" function of Google Inc. (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; „Google“).

This feature allows you to view interest-based ads on Google Display Network web pages. For this purpose, a cookie is stored in your browser when you visit a website. This serves to recognize you as a visitor to the website and to determine visits and usage data.

According to Google's own information, server logs are stored in which parts of the IP address and cookie information are partially deleted after 9 to 18 months. For more information, please visit www.google.com/policies/technologies/ads/.

An example of a server log is provided by Google at the following link: https://www.google.com/intl/en/policies/privacy/key-terms/#toc-terms-server-logs.

There are several ways in which cookies can be deactivated in the browser to exclude your own browser from remarketing.

Google provides the option of downloading a browser plug-in that permanently deactivates these cookies under the following link: https://www.google.com/settings/ads/plugin

You can also make settings in your browser to deactivate the installation of cookies.

If you wish to object to tracking, you can do so by adjusting your browser settings regarding cookie installations. You can find information on this under the following links:

Firefox: https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox

Internet Explorer: https://support.microsoft.com/en-us/topic/delete-and-manage-cookies-168dab11-0753-043d-7c16-ede5947fc64d

Chrome: https://support.google.com/accounts/answer/32050?hl=en

Safari: https://support.apple.com/en-gb/guide/safari/sfri11471/mac 

Third-party providers may also disable browser cookies. The Network Advertising Initiative (NAI) offers the possibility to implement an opt-out for your own browser. Information can be found on the following page:  http://optout.networkadvertising.org.

This website uses the conversion tracking of "Google-Adwords", a Google service.

When you visit Google pages, Google stores cookies. You can deactivate or leave this storage activated. If the cookie is still activated and you visit certain websites on the website, Google and ista can recognize that you have clicked on an ad placed by ista and have thus been forwarded to an ista page.

The information collected is used by Google to generate statistics for Adwords customers. These statistics include information about the number of users who clicked on ads and were redirected to pages that were tagged with a conversion tracking tag.

You can find Google's privacy policy here: https://policies.google.com/privacy?gl=de&hl=en

1.3 Google Maps and Google Address Autocomplete

Several contact and order forms are available for contacting ista. In this context, we ask for your address in order to process the request. To help you enter the address, we use the Google Address Autocomplete function of Google Inc. (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; "Google").

1.4 Usercentrics

We use the Usercentrics Consent Management Platform for the collection and management of consents on this website.

Data processing purposes

This list contains the purposes for which data are collected and processed. Consent is valid only for the purposes specified. The data collected cannot be used or stored for purposes other than those listed below.  

  • Compliance with legal obligations
  • Storage of consent

Technologies used 

  • Local storage
  • Enable cookies

Data collected

This list contains all (personal) data that are collected during or through the use of the service.

  • Browser information
  • Opt-in and opt-out data
  • Request URLs of the webpage
  • Page path of the webpage
  • Geographic location
  • Date and time of the visit
  • Device information

Legal basis

The required legal basis for the processing of data is listed in the following:

  • Art. 6, para. 1 s. 1 lit. c  GDPR

Location of processing

European Union (consent database is located in Belgium)

Retention period

The retention period is the period of time during which the data collected are stored for processing. The data must be deleted as soon as they are no longer needed for the stated processing purposes.
The consent data (consent given and withdrawal of consent) are stored for three years. The data are then deleted immediately or given to the person responsible on request in the form of a data export.

Data recipient

  • Usercentrics GmbH

Data protection officer of the processing company 

Below you will find the email address of the data protection officer of the processing company.
datenschutz@usercentrics.com

Click here to read the privacy policy of the data processor:  

https://usercentrics.com/privacy-policy/

 

You can change your data privacy settings here 
 

2. Rights of data subjects

In accordance with the GDPR, ista takes appropriate measures to provide the data subject with all information and communications relating to processing in a precise, transparent, comprehensible and easily accessible form in clear and simple language. The information shall be transmitted in writing or in any other form, including, where appropriate, electronically.

Since ista processes personal data automatically, ista informs you of the following information in accordance with Art. 13 GDPR:

Dr. Hagen Lessing, ista SE, Luxemburger Straße 1, 45131 Essen, is the person responsible for ista.

The contact details of ista's data protection officer are:

ista SE, data protection officer, Luxemburger Straße 1, 45131 Essen, Germany, e-mail: Datenschutz@ista.de

The purpose for which the personal data are to be processed and the legal basis for the processing are as follows: Optimization of customer satisfaction and the website, Art. 6 paragraph 1 f GDPR.

The legitimate interest in this is to be seen in particular in the pseudonymized processing for the optimization of the website.

Data deletion and duration of storage

The personal data of the data subjects will be deleted or blocked as soon as the purpose of storage ceases to apply. Furthermore, data may be stored if this has been provided for the European or national legislator in EU regulations, laws or other provisions to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

Newsletter

ista offers you the option to subscribe to a newsletter on the ista webpage. From this newsletter you will receive information on ista topics and offers at regular intervals. To receive this newsletter, you need a valid e-mail address. Your entered e-mail address will be checked by ista for accuracy and completeness. Your login data as well as your official IP address, date and time will be stored. This serves as security to prevent your e-mail address from being misused by unauthorized third parties. No other data will be stored by ista. The data collected will only be used for the newsletter dispatch. ista undertakes not to transmit the data collected to other third parties. You have the option of cancelling the newsletter at any time without giving reasons and requesting information from the ista site. The details are marked in each newsletter.

3. Use and disclosure of personal data and earmarking

Visitors to ista’s website are always informed if their information is transmitted to third parties. So you can decide whether you agree to a transfer of your personal information to third parties or not.

3.1 Social Media / Social Bookmarks

Social bookmarks from LinkedIn, Facebook, Twitter, kununu, Xing and YouTube are integrated on the ista website. Social Bookmarks are internet bookmarks that allow users of such services to collect links and news messages. These are only included on the website as a link to the corresponding services. After clicking on the integrated graphic you will be forwarded to the page of the respective provider, i.e. only then will user information be transferred to the respective provider. For information on the handling of your personal data when using these websites, please refer to the respective data protection regulations of the provider.

Important Notice: This data protection information applies exclusively to ista's internet service offering. The ista website contains links to other websites. Please note that ista is not responsible for the data protection or the content of these other internet services. We recommend all internet users to inform themselves about the respective data protection notices of other internet services when leaving ista's website.

4. Data Protection Policy for Applicants

In this Data Protection Policy we would like to inform you about the processing of personal data as part of the application and/or appointment procedure. In that respect information shall be made available to you about how we comply with the valid data protection provisions, in particular the EU General Data Protection Regulation (“GDPR”) and the German Federal Data Protection Act (“BDSG”). We also describe the rights you are entitled to in accordance with Articles 15 to 22 GDPR.

1. Controller

Where not stated to the contrary below, ista SE is the controller. Therefore, ista SE is deemed the sole point of contact for data subjects within the meaning of GDPR.

2. Your Application

2.1 What personal data do we process?

In the case of an application we process, in particular, the application data made available by you such as:

  • Master data (in particular surname and date of birth),
  • Contact data (in particular address and e-mail address),
  • Training, qualifications and certificates,
  • Additional data from the application form (in particular termination periods and desired salary),
  • Banking connection to settle travelling expenses,
  • Citizenship and work permit,
  • Picture/sound recordings to conduct virtual discussions (no storage) and/or
  • Former employers.

 

2.2 For what purposes and on which legal basis do we process your data?
 

a) We process your data to initiate an employment relationship.

We use and store your application data for:

  • The assessment and selection of candidates,
  • Preparing and conducting personal, telephone/virtual, application discussions,
  • Evaluating and assessing the results of such discussions,
  • Establishing contact for the purpose of verbal preparation of offers, issuing rejections or consulting about outstanding questions
  • Taking your profile into consideration in the case of vacant positions for which you have not expressly applied and/or
  • Other requirements in the personnel search procedure and,
  • Where applicable, subsequently putting the employment relationship in place.

We conduct reviews on a case by case basis prior to the appointment. In this respect we may obtain information from your former employers or other relevant contact points within the framework of the relevant labour law requirements.

⇒The legal basis for the aforementioned processing is Section 26(1), Sentence 1, GDPR, (necessary for the decision on the establishment of an employment relationship or to honour the rights of works councils resulting from a law or a collective agreement or a company agreement).

b) We process your data to honour legal obligations.

We are subject to statutory obligations that specify the processing and in some cases also the disclosure of your data and which constitute an independent basis for the processing of your data. These are, in particular,

  • Obligations to retain data, in particular from social security, commercial and tax law,
  • Obligations to furnish information to our employee representatives,
  • Reporting obligations.

⇒ The legal basis for processing your application data for these purposes is Article 6(1), Point c), GDPR, in conjunction with special statutory facts (e.g. social data protection, storage obligations in accordance with Sections 257 HGB (German Commercial Code), 147 AO (German Tax Code)).

c) We process your data to safeguard legitimate interests.

We also process your personal data in individual cases to safeguard the following legitimate interest:

  • Defence against asserted legal claims (e.g. according to AGG).

⇒ The legal basis for this processing is Article 6(1), Point f) GDPR.

2.3 Where do your data originate and do you undertake to provide such data?

Generally, we receive all applicant data directly from you or via external personnel service providers. When we conduct pre-employment checks, we also receive data from third parties such as previous employers or other references.

If you do not provide us with the above personal data, this will not have any negative consequences for you. However, incomplete or inaccurately completed applications cannot be considered.

If information is not required for the above-mentioned purposes in individual cases, you will be informed of this separately when the data are collected.

2.4 Who is involved in the processing of my data?

Your application will, where necessary, be forwarded directly to the ista company at which you have applied for a job. Your personal data will be forwarded there to the relevant personnel department, the appropriate specialist departments and, where necessary, the works council or the representative body for severely disabled persons. Furthermore, in the case of applicants who have been suggested by personnel service providers, those personnel service providers will be involved in the application process. In other respects, your personal data will only be transferred to other recipients if we legally undertake to do so (e.g. to authorities).  

If you apply via the TalentLink application system, your applicant data will be processed by Lumesse GmbH, Flughafenstraße 103, D-40474 Düsseldorf, on our behalf. 

2.5 For how long will your data be stored?

Your applicant data will be stored for the duration of the review of your application. If this is unsuccessful or if you withdraw your application, your applicant data will be deleted in full 6 months following the rejection unless longer retention is permitted or required on the basis of another legal basis (e.g. to exercise our statutory rights or to comply with applicable law). 

In the event of recruitment, the data will be transferred to the HR administration system and processed there as employee data. For more information, please see our privacy policy for employees. 

3. Talentpool

3.1 Who is responsible for data processing?

Ista SE is solely responsible for the maintenance of the talent pool within the meaning of GDPR.

3.2 What personal data do we process?

Following conclusion of an unsuccessful application process, we will store your applicant data in our talent pool at your request for the purpose of contacting you again and, where necessary, further process such data. In this case, we may also contact you in the future for suitable job descriptions that match your profile and invite you to other events that may serve to initiate an employment relationship.

3.3    For what purposes and on which legal basis do we process your data?

We process your data on the basis of your consent. You may also withdraw your consent with effect for the future. To that end you can contact our data protection officer using the contact details below. Your data will then be deleted immediately.
⇒ The legal basis for this processing is Article 6(1), Point a), GDPR.

3.4    Where does your data originate and what are the consequences if you do not grant your consent? 

Your data originates from the application process (see Point 2). If you do not grant your consent to the inclusion of your applicant data in our talent pool, this will not result in any disadvantages for you in future application procedures.

3.5    Who is involved in the processing of my data?

In the event of inclusion in the talent pool, your applicant data will be processed via the TalentLink application system by Lumesse GmbH, Flughafenstraße 103, D-40474 Düsseldorf, on our behalf. 

3.6    Are data transferred to third countries or international organisations?

No, no such transfer takes place.

3.7    How long will your data be stored for?

In the event of withdrawal of your consent, your data will be deleted immediately. Otherwise, your data will be deleted after 23 months at the latest.

4. Our selection procedures

4.1    For what purposes and on what legal basis do we process your data?

As part of the selection process we use various test procedures to better assess your suitability for the position in question. In this context, in addition to the applicant data, we process, in particular, your answers to the questions of the test as well as the resulting conclusions about personality traits, skills, performance motivation and interests (“test data”). 

⇒ The legal basis for this processing is Section 26(1), Sentence 1, GDPR (necessity for the decision on the establishment of an employment relationship).

4.2    Are you under any obligation to provide your data or is this necessary to enter into a contract and what happens if you decide not to do so?

You do not undertake to provide your personal data. However, without processing your personal data, it will not be possible to consider your application, or only to a limited extent.

4.3    Who is involved in the processing of my data?

We process your data by way of incorporating our processors Profiles GmbH (Solmsstraße 83, D-06486 Frankfurt a. M.), ELIGO Psychologische Personalsoftware GmbH (Universitätsstr. 142, D-44799 Bochum) and Aon Assessment GmbH (Großer Burstah 18-32, D-20457 Hamburg).

4.4    Are data transferred to third countries or international organisations?

Data are only transferred to third countries (including the United States) in the case of data processing on the part of our order processor Aon Assessment GmbH. Protection of your data is ensured, in particular, by entering into standard contractual clauses.

4.5    For how long are your data stored?

Information about the storage of your applicant and test data can be found in Section 2.6, which applies (accordingly). 
 

5. Social Media

5.1 Who is responsible for processing your data?

The respective social media platform is primarily responsible in accordance with data protection law for data processing when visiting our social media sites on Facebook, Instagram, YouTube, LinkedIn and Twitter. Information about data processing can be found in the respective data protection statements of the social media providers.

The ista company whose social media presence is involved in each case is jointly responsible with the operator of the social media platform for the following processing in accordance with data protection law:

  • Evaluation of statistics on the usage behaviour of visitors. Such data are normally available to us in anonymised form only.
  • Interaction with our social media team or reaction to our posts (e.g. via comments and likes, etc.).

5.2 For what purposes and on which legal basis do we process your data?

a.    Visiting our social media sites, user statistics

When you visit our social media sites, regardless of whether or not you are logged in, the respective social media provider collects personal data of the users (usage data), some of which is shared with us in the form of user statistics. However, we do not have full access to collected data or your profile data.

For example, the following information may be provided to us anonymously:

  • Followers/fans etc.: development of the number of people who follow ista.
  • Reach: e.g. number of people who see a specific post.
  • Ad performance (if relevant): how many people have seen an ad?
  • Demographics: average age of visitors, gender, place of residence, language.

However, we cannot draw any conclusions about individual users from the usage data. Statistics are only used to improve the online offer on our social media sites and to better respond to user interests.

b.    Interaction

If you interact with us via the social media sites, e.g. by sending us an application or other message or commenting on posts, the corresponding content of the interaction will be processed by Ista SE. In addition, it may be able to see the public information of your profile, which you can manage yourself.

⇒ In conjunction with job applications, the legal basis for this processing is normally Section 26(1), Sentence 1, GDPR, (necessity for decision about establishing an employment relationship).

⇒In other respects, Article 6(1), Point f, GDPR, (our justified interest, managing business correspondence or, e.g. to reply to enquiries directed to us as an employer) is the legal basis for the processing.

5.3 Do you in any way undertake to provide your data or is this necessary to enter into a contract and what happens if you decide not to do so?

You do not undertake to provide your personal data. However, without processing your personal data, use of our social media sites in the context of your application will not possible or only possible to a limited extent.

5.4 Who is involved in the processing of my data?

Your data will only be used or forwarded by us internally by the persons responsible in each case. Please refer to the privacy policy of the respective social media network for information about who is involved in the processing of data at the respective social media provider.

5.5 Are data transferred to third countries or international organisations?

We do not transfer your personal data to a third country or international organisation in conjunction with our social media sites.

It may be the case that an operator of social media platforms connects to servers in third countries (e.g. USA) as part of its services and forwards your personal data there. You will find information about this in the privacy policy of the respective social media provider.

5.6 For how long will your data be stored?

As a matter of principle, we do not store any personal data in conjunction with our social media sites on the servers we use, except in the aforementioned cases in which we process your information internally (direct communication, e.g. applications). Section 2.6 applies in these cases.

We also regularly have access to the data stored by the respective social media platform. For more information on the storage of your personal data by the operator of the social media platform itself, please refer to the privacy policy of the respective social media provider.

5.7 Where can you find the privacy statements of the social media providers?

The data protection declarations of the social media platforms we use and your rights in relation to the processing of your personal data can be found here:

6. Rights of data subjects

Where we process your personal data, to an extent in accordance with GDPR you have a right to

  • Information in particular about stored data and processing purposes (Article 15 GDPR),
  • Correction of inaccurate or completion of incomplete data (Article 16 GDPR),
  • Erasure in particular data that are no longer required (Article 17 GDPR),
  • Restriction of processing (Article 18 GDPR),
  • Data portability, provided the processing is based on consent or to enter into a contract or is supported by an automated procedure (Article 20 DSGVO),
  • Object to the processing (Article 21 GDPR),
  • Withdraw the consent you have granted (Article 7(3), Sentence 1, GDPR).

Furthermore, you have the option of making objections

  • to our data protection officer (Luxemburger Straße 1, D-45131 Essen, Datenschutz@ista.de) or
  • to the relevant supervisory authority (State Commissioner for Data Protection and Freedom of Information in North Rhine-Westphalia, PO Box 20 04 44, D-40102 Düsseldorf, poststelle@ldi.nrw.de, Tel.: ++49 211/38424-0).
7. Contact Details

You can contact our data protection officer to exercise your legal rights and for questions regarding data processing. If you contact us with a data protection concern, we shall process your personal data on the basis of Article 6(1), Point f, GDPR, (legitimate interest). Our legitimate interest usually consists of responding to enquiries about data protection. Personal data shall be deleted if no longer required to process your enquiry and any statutory retention periods have expired.

5. Changes to this data protection information

ista reserves the right to amend this disclosures at any time in compliance with the applicable data protection regulations; current status is May 2018.

If you have any questions regarding the processing or security of your personal data, you can contact ista’s data protection officer/responsible directly.