We appreciate your interest in our company and our products and services.
By means of the following data protection information, we would like to inform you which personal data, to what extent and for what purpose is collected, processed and, if applicable, transmitted during your visit to our website. This applies equally to the services and offers available via the website (ICAROS App, ICAROS Shop, ICARACE).
As far as this website refers to external pages of other providers (links), you leave our internet offer when you follow these links. The providers of these linked sites are solely responsible for compliance with legal data protection provisions on them.
Data protection principles
The protection of your privacy as well as the security of all business data is a very important concern for us, which we take into consideration in our business processes. Data protection and information security are part of our corporate policy.
We place great importance to the protection of your personal data and process them exclusively in accordance with the laws and regulations of the Federal Republic of Germany and superordinate European legislation, including the EU General Data Protection Regulation (GDPR). Your personal data is processed to the extent described below for the purposes explained. This means that we only use your personal data if the data protection laws expressly permit this or if you have given us your prior explicit consent.
Icaros takes technical and organizational safety precautions to protect your personal data provided by us against manipulation, loss, destruction, or access by unauthorized persons. This includes that only authorized persons have access to your personal data, and this only to the extent that it is necessary within the scope of the purposes mentioned. Our security measures are regularly reviewed and constantly improved in line with technological developments. Our employees are obliged to maintain confidentiality.
The EU General Data Protection Regulation uses specific terms, which are defined in Article 4, e.g. personal data, processing, pseudonymisation, controllers, processors, recipients, third parties and consent.
Learn more about what certain expressions mean in the context of the General Data Protection Regulation
Name and contact details of the controller
Phone: +49 89 414 1821 00
Further websites of ICAROS GmbH:
ICAROS Shop: https://shop.icaros.com/
ICAROS Hub: https://hub.icaros.com/
Name and address of the Data Protection Officer
Dr. Eddie Kohfeldt
Phone: +49 89 414 1821 00
E-Mail: data protection(at)icaros.com
General information on the processing of personal data
Scope of processing
As a matter of principle, we only process personal data to the extent that this is necessary to provide a functioning website and to use the content and services we offer. Personal data is solely processed based on currently applicable legal foundations.
Purposes of the processing
The purposes of the processing of personal data lie in conducting the business of the controller and all associated secondary business.
Legal basis for the processing
- The legal basis for processing personal data that is necessary for the performance of a contract to which the data subject is party is Article 6 (1)(b) GDPR. This also applies for processing operations that are necessary for the implementation of pre-contractual measures.
- If the processing is necessary for the protection of the legitimate interests of our company or a third-party and such interests are not overridden by the interests or fundamental rights and freedoms of the data subject, Article 6 (1)(f) GDPR forms the legal basis for the processing.
- When we obtain consent for processing operations for personal data from the data subject, Article 6 (1)(a) GDPR forms the legal basis.
- When the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Article 6 (1)(c) GDPR forms the legal basis.
- If the processing of personal data is necessary to protect the vital interests of the data subject or of another natural person, Article 6 (1)(d) GDPR forms the legal basis.
Statutory or contractual duties to provide personal data
There may be statutory or contractual requirements for you to provide personal data under certain circumstances.
In particular, you may be obliged to provide personal data to us for the conclusion of contracts. Failure to provide the personal data could mean it is not possible to enter the contract with you.
Transfer of personal data
We only share your personal data with third parties if
- this is necessary for the execution of an existing contractual relationship with you.
- it is necessary for the protection of our legitimate interests or those of a third-party unless such interests are overridden by your (the data subject’s) interests or fundamental rights and freedoms requiring the protection of personal data.
- we are legally obliged to do so.
- it is necessary to enforce our claims and rights.
- we receive requests from official institutions (e.g. supervisory authorities or law enforcement authorities, when transfer is necessary for the prevention of threats to public security and order and the prosecution of criminal offences).
- if you have given us your consent to do so
However, in the case of such transfer, the personal data may only be used for the purpose concerned.
Involvement of external service providers
Like most other companies, we are not specialists in everything. We therefore use service providers to support us in some areas of our business activity, e.g.
- IT service providers to maintain our infrastructure
- IT developers in the further development of our applications
- IT service provider for business applications (ERP, CRM, Online-Shop)
- Service provider for specific applications used on our website
- Data centres for the secure operation of our services
- Agencies and printers to send e-mail or printed information
We have entered the legally required contracts on processing that specifically state what the service provider is allowed do with which data. Transfer to third parties is also excluded here. In these contracts, service providers are placed under obligation to comply with the applicable data protection regulations.
Data erasure and storage period
Personal data will be erased or made unavailable as soon as the purpose of storage ceases to apply. Storage can also be carried out if this is provided for by the European or national legislator in Union regulations, laws, or other rules to which the controller is subject. Data will also be blocked or erased if a storage period prescribed by the aforementioned standards lapses unless continued storage of the data is necessary.
Details on the processing of personal data
Provision of the website and creation of log files
In principle, you can visit our website without registering or logging in. When you visit our website, data is collected by the web server for the transfer of data (information on the system of the computer used) and sometimes stored in log files on the web server. This data is so-called “usage data”.
Learn more about the creation of log files when visiting our websites
In principle, cookies are not bad; they enable user interaction and other useful things when visiting websites. Cookies are small text files that your browser saves on your device at our website’s command. Cookies do not damage your computer or contain viruses.
To make the visit to our website appealing and to enable usage of certain functions we use various cookies.
Contact via contact form or e-mail
Our website contains a contact form and e-mail addresses that can be used for electronic contact. If you choose this option, the data entered in the contact form/e-mail will be transmitted to us and stored.
Learn more about the processing of data entered when making contact electronically
Subscription to our newsletter
On our website you can subscribe to a free newsletter. When registering for the newsletter, data from the input mask is transmitted to us and stored.
Learn more about the processing of personal data when you sign up for our newsletter
Registration for the ICAROS Hub
On our website we offer users the possibility to register for the ICAROS Hub by entering personal data to create a central login. The data entered in an input mask is transmitted to us and stored.
Learn more about the processing of personal data when you register for the ICAROS Hub
Registration for ICARACE
On our website we offer users the possibility to register for the multiplayer racing simulation ICARACE by entering personal data. The data entered in an input mask is transmitted to us and stored.
Learn more about the processing of personal data when you register for ICARACE
Using our online shop
On our website we run an online shop. To purchase goods in our online shop, you must register with an online account first.
Learn more about the processing of personal data in our online shop
Use of payment services
For certain payment methods, you will be redirected to a website of the respective payment service provider as part of the payment process. The processing of data is carried out by the payment service provider.
Learn more about the processing of data using payment services
Processing of business contacts
For business reasons, we receive or collect contact information from employees and managing directors of other companies as well as from officials of public institutions on various occasions. This information, which is usually provided in person, is stored in our contact database as business contact.
Learn more about the processing and storing business contacts
Use of third-party providers’ add-ons
Like other companies, we use third-party extensions (social media, analysis tools, marketing tools, etc.). Here, personal data (e.g. IP numbers, information from pseudonymised cookies, geodata, etc.) may be passed on to the third-party providers or transmitted automatically. The type, scope, purpose, and duration of this processing of personal data may vary in individual cases.
Learn more about the processing of data through third-party extensions used by us
When you make an application with us
You have the possibility to apply by e-mail or by post. We solely process the personal data that you send us during an application to carry out the application process.
Learn more about the processing of personal data when you send us an application
Processing of data when visiting the ICAROS Facebook - or Instagram page
In addition to our own website, we use a Facebook - and an Instagram page for communication and interaction with our customers and prospects. We and Facebook/Instagram are responsible as joint controllers for processing personal data of visitors to these sites.
Learn more about the processing and storage of personal data when visiting our Facebook or Instagram page
Your rights as a data subject
If your personal data is processed, you are a data subject in accordance with GDPR and you have the following rights against the controller:
Right of information
You can request confirmation from us on whether and which personal data concerning you will be processed by us.
Right to rectification
You have a right to rectification and/or completion if the processed personal data concerning you is incorrect or incomplete.
Right to erasure (“Right to be forgotten”)
You can request the personal data concerning you to be erased immediately and the controller is obliged to erase this data immediately where certain grounds apply.
Right to restriction of processing
Under certain circumstances, you can request restriction of processing of personal data concerning you (e.g. by making it unavailable for use or temporarily removing it from the website, if it is published there).
Right to information
If you have enforced the right to rectification, erasure or restriction of processing, the controller is obliged to inform all recipients to whom the personal data concerning you has been disclosed of this rectification or erasure of the data or restriction of processing.
Right to data portability
You have the right to receive personal data concerning you that you have provided to the controller in a structured, commonly used, and machine-readable format.
Right to object
You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you that is performed in accordance with Article 6 (1)(e) or (f) GDPR.
Right to withdraw the legal data protection declaration of consent
You have the right to withdraw your legal data protection declaration of consent at any time. The withdrawal of consent will not affect the lawfulness of processing carried out based on the consent prior to withdrawal.
Automated decision-making including profiling
You have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or similar significantly affects you.
Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a data protection supervisory authority.
Learn more about your rights as a data subject
Changes to the Data Protection Information
We reserve the right to adapt this Data Protection Information when new services are introduced or changed so that it always complies with current legal requirements. The current version will then apply for your next visit to our website.
Martinsried, October 2020