PRIVACY POLICY OF THE WEBSITE

I. PRIVACY AND DATA PROTECTION

In accordance with the provisions of applicable legislation, [the Website] commits to implementing the necessary technical and organizational measures appropriate to the level of risk related to the collected data.

This Privacy Policy complies with the current Spanish and European regulations on the protection of personal data on the Internet. In particular, the following regulations are observed:

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR).
Organic Law 3/2018 of 5 December on the Protection of Personal Data and Guarantee of Digital Rights (LOPD-GDD).
Royal Decree 1720/2007 of 21 December approving the Regulations implementing Organic Law 15/1999 on the Protection of Personal Data (RDLOPD).
Law 34/2002 of 11 July on Information Society Services and Electronic Commerce (LSSI-CE).

Identity of the Data Controller

The data controller responsible for the personal data collected is:
Im Einklang
Iris Holzinger
Address: In der Pfanne 1, 86720 Nördlingen, Germany
Contact phone number: +49 174 6399200
Contact email: tcm_imeinklang@web.de

Registration of Personal Data

In accordance with GDPR and LOPD-GDD, we inform you that the personal data collected through the forms provided on this website will be included in our files and processed to facilitate, expedite, and comply with the obligations established between the user and the website or to respond to the user’s inquiries or requests.

Unless the exception provided in Article 30.5 of the GDPR applies, a record of processing activities is maintained, listing all processing carried out and the circumstances established by the GDPR according to their purposes.

Principles for Processing Personal Data

The processing of users’ personal data is subject to the following principles established in Article 5 of the GDPR and Articles 4 et seq. of Organic Law 3/2018:

Principle of lawfulness, fairness, and transparency: User consent is required after clear information about the purposes of data collection.
Principle of purpose limitation: Personal data is collected for specific, explicit, and legitimate purposes.
Principle of data minimization: Only the personal data strictly necessary for the purposes are collected.
Principle of accuracy: Personal data must be accurate and kept up to date.
Principle of storage limitation: Personal data will be kept only as long as necessary for the purposes of processing.
Principle of integrity and confidentiality: Personal data will be treated to guarantee security and confidentiality.
Principle of accountability: The data controller will ensure compliance with all these principles.

Categories of Personal Data

Only identification data is processed. Special categories of personal data, as defined in Article 9 of the GDPR, are never processed.

Legal Basis for Processing Personal Data

The legal basis for data processing is the user’s explicit and verifiable consent, which can be withdrawn at any time. Withdrawal of consent will be as easy as giving it and generally will not affect the use of the website.

If the user provides data via forms for inquiries or information requests, they will be informed if completing any field is mandatory for the proper handling of the request.

Purposes of Data Processing

Personal data are collected and processed to facilitate, speed up, and comply with obligations between the website and the user or maintain the relationship established through forms filled out by the user or to attend to requests or inquiries.

Additionally, data may be used for commercial purposes such as personalization, operational and statistical activities, marketing studies, and improving the website’s quality and navigation.

At the time of data collection, users will be informed about the specific purposes of the processing.

Data Retention Periods

Personal data will be retained only for the minimum time necessary to fulfill the purposes of processing or until the user requests deletion.

Data from contact inquiries will be deleted six months after the communication ends, unless another legal basis (e.g., a contract) exists.

If not possible to specify a retention period, criteria used to determine it will be explained to the user at the time of data collection.

Recipients of Personal Data

User personal data will not be shared with third parties.

Users will be informed about any recipients or categories of recipients at the time data is collected.

Personal Data of Minors

Respecting Articles 8 of the GDPR and 7 of Organic Law 3/2018, only persons over 14 years old can legally consent to the processing of their personal data. For minors under 14, parental or guardian consent is required, and the processing is lawful only if authorized by them.

Confidentiality and Security of Personal Data

Im Einklang commits to adopting the necessary technical and organizational measures to guarantee the security and confidentiality of personal data and prevent accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.

The website uses an SSL certificate (Secure Socket Layer) to ensure data is transmitted securely and confidentially through encryption between server and user.

However, as internet security cannot be guaranteed fully, the data controller will inform users without undue delay if a data breach occurs that poses a high risk to individuals’ rights and freedoms.

Personal data will be treated as confidential and subject to legal or contractual confidentiality obligations by employees, associates, or any person with access.

Rights Related to Data Processing

Users have the following rights under GDPR and Organic Law 3/2018, which they can exercise by writing to the data controller:

Right of access: to confirm whether personal data is being processed and receive details about such data and its processing.
Right of rectification: to correct inaccurate or incomplete data.
Right to erasure (“right to be forgotten”): to delete personal data when no longer necessary, consent withdrawn, or processing unlawful.
Right to restriction of processing: to limit the use of personal data in certain circumstances.
Right to data portability: to receive personal data in a structured format and transfer it to another controller when processing is automated.
Right to object: to oppose the processing of personal data.
Right not to be subject to automated decision-making, including profiling, except where permitted by law.

To exercise rights, users should send a written request to:
Postal address: In der Pfanne 1, 86720 Nördlingen, Germany
Email: tcm_imeinklang@web.de

The request should include: full name, ID copy, reason for request, address for notifications, date, signature, and any supporting documents.

Links to Third-Party Websites

This website may contain links to third-party websites that are not operated by Im Einklang. These third parties have their own privacy policies and are responsible for their data handling practices.

Complaints to Supervisory Authority

If users believe their data rights have been violated, they have the right to seek judicial protection and file a complaint with a supervisory authority, especially in the country of residence, work, or where the infringement occurred. In Spain, the authority is the Spanish Data Protection Agency (https://www.aepd.es/).

II. ACCEPTANCE AND CHANGES TO THIS PRIVACY POLICY

Users must read and agree to the terms of this Privacy Policy and consent to the processing of their data for the purposes described.

Use of the website implies acceptance of the Privacy Policy.

Im Einklang reserves the right to modify this Privacy Policy at its discretion, due to legislative, judicial, or doctrinal changes by the Spanish Data Protection Agency.

Changes will not be explicitly notified, so users are advised to check this page periodically for updates.

This Privacy Policy was last updated to comply with Regulation (EU) 2016/679 and Organic Law 3/2018.