IBA Hamburg Logo

Data Protection

Privacy Policy

The controller for the collection, processing and use of personal data in the sense of the German Federal Data Protection Act [Bundesdatenschutzgesetz, BDSG] is:

IBA Hamburg GmbH
Am Zollhafen 12
20539 Hamburg

Contact details of the company data protection officer:

Company Data Protection Officer of IBA Hamburg GmbH
Am Zollhafen 12, 20539 Hamburg, Germany

1. Collection, Storage, Type and Purpose of Use of Personal Data

a) When visiting this website

When accessing our website, www.iba-hamburg.de, the browser used by your device will automatically send information to our website’s server. This information will be temporarily saved in a so-called logfile. The following information will be collected without your involvement and saved until its automatic erasure:

  • IP address of the requesting device
  • Time and date of access
  • Name and URL of retrieved file
  • Accessing website (referrer URL)
  • Browser used and, if applicable, operating system of your device and the name of your access provider

We will process the stated data for the following purposes:

  • Guaranteeing smooth connectivity of our website
  • Guaranteeing comfortable use of our website
  • Assessing system security and stability
  • Other administrative purposes

The legal basis for data processing is Article 6(1) Sentence 1 Letter f GDPR. Our legitimate interest is derived from the above-stated purposes for data collection. Under no circumstances do we use the collected data for the purpose of identifying you personally.

Furthermore, when you visit our website, we use cookies and analysis services. Further information is provided in Sections 4 and 5 of this Privacy Policy.

b) When subscribing to our newsletter

With your express consent under Article 6(1) Sentence 1 Letter a GDPR, we will use your email address to regularly send you our newsletter. Your email address suffices to receive our newsletter.

For the technical implementation of our newsletter, your email address will be transferred to and saved by the technical service provider CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany.

You may unsubscribe at any time, e.g., by using the link at the end of each newsletter. Alternatively, you may submit your desire to unsubscribe to us by email at any time. When you unsubscribe, your email address will be deleted at CleverReach.

c) When subscribing to our press distribution list/investor distribution list

With your express consent under Article 6(1) Sentence 1 Letter a GDPR, we will use your contact details to send you press invitations and information (press distribution list) or invitations to and information about topics relevant to investors (investor distribution list). The data you provide will be transferred to us by email and saved in our internal address book, Flowfact. You may withdraw your consent at any time without stating reasons. Simply send an email to .

d) When using our contact form

If you have any questions, you can contact us using our website’s contact form. The data you disclose will be saved and processed by us in accordance with Article 6(1) Sentence 1 Letter a GDPR on the basis of your voluntary consent to process your inquiry.

e) When registering for events online

To manage online registrations for events, this website uses the event management platform eveeno. eveeno uses so-called “cookies.” Cookies are text files which are saved on your computer that enable your use of eveeno to be analysed. eveeno will collect your personal data (your name, address, email address and other data) when you disclose such information when registering for an event and will transfer this data to us as the organiser.

eveeno is a company based in Erlangen, Germany, and complies with the EU General Data Protection Regulation (GDPR). Contact details of organisers, participants and ticket buyers are not transferred to third parties.

The data is stored by the DCSA-certified Cologne-based company, Hosteurope. The data is stored in what is currently the greenest data centre in Europe, Datadock, in Strasbourg, France. eveeno’s privacy policy is available here: https://eveeno.com/de/privacy (German)

2. Data Transfers

We will only transfer your personal data to third parties if:

  • You expressly consent to the transfer in accordance with Article 6(1) Sentence 1 Letter a GDPR.
  • The transfer is necessary under Article 6(1) Sentence 1 Letter f GDPR for the establishment, exercise or defence of legal claims and there is no reason to assume an overriding interest in the non-disclosure of your data.
  • Transferring your data is necessary for compliance with a legal obligation in accordance with Article 6(1) Sentence 1 Letter c GDPR.
  • Legally permissible and necessary under Article 6(1) Sentence 1 Letter b GDPR for the performance of a contract to which you are a party.

Please note that certain situations may require the disclosure of your personal data as part of legal proceedings or to authorities. Your personal data will not be transferred to third parties for purposes other than those listed above.

3. Cookies

Our website uses cookies. Cookies are small files which are automatically created and saved on your device (laptop, tablet, smartphone, etc.) by your browser when you visit our website. Cookies save information related to the specific device used. However, this does not mean that your identity will be disclosed to us.

We use cookies to make using our offer more comfortable for you. We use so-called session cookies to recognise that you have previously visited certain pages of our website. Session cookies are automatically deleted when you leave our website.

To optimise user-friendliness, we also use temporary cookies that are saved on your device for a specified period of time. When you visit our website again to use our services, your previous visits, entries and settings will be recognised automatically, so you won’t have to enter them again.

We also use cookies to assess our website statistically and to optimise our offer for you (see Section 4). These cookies enable us to automatically recognise that you have visited us before when you visit our website again. These cookies will be erased automatically after a specified period of time.

We require the data processed by cookies for the stated purpose to safeguard legitimate interests of ours and of third parties in accordance with Article 6(1) Sentence 1 Letter f GDPR. Most browsers accept cookies automatically. You may, however, configure your browser to not save cookies on your computer or to display a notice before a new cookie is saved. However, completely disabling cookies may prevent you from using all the functions of our website.

4. etracker

The provider of this website uses the services of etracker GmbH from Hamburg, Germany, (www.etracker.com) to analyse usage data. Cookies are used that enable the use of this website by its visitors to be analysed statistically and usage-based contents and advertisements to be displayed. Cookies are small text files which are saved on the user’s device by the user’s Internet browser. etracker cookies do not contain information through which users can be identified.

etracker-generated data is processed on the website provider’s behalf and saved exclusively in Germany and is therefore subject to strict German and EU data protection laws and standards. etracker has been independently assessed, verified and awarded the ePrivacyseal.

Data is processed on the legal basis of Article 6(1) Letter f GDPR (legitimate interest). Our legitimate interest is the optimisation of our online offer and internet presence. Because protecting the privacy of our visitors is especially important to us, etracker anonymises IP addresses as soon as possible and converts login and device identifiers into unique keys that cannot be used to identify a specific person. etracker does not otherwise use, merge or transfer data to third parties.

Under Article 21 GDPR, you may object to the data processing described above at any time where personal data is concerned. Objections will have no adverse consequences for you.

Further information about data protection by etracker is available here.

5. Social Media

IBA Hamburg uses components of the Instagram service. Instagram is a service that qualifies as an audio-visual platform and allows users to share photos and videos and redistribute such data in other social networks. Instagram is operated by Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA. Each time a page on this website containing an Instagram component (Insta button) is called up, Instagram is informed which specific page on our website the data subject has visited. If you are logged into Instagram at the same time, Instagram will recognise which specific sub-page was visited each time you visit our website and for the duration of your stay on our website. This information is collected by the Instagram Component and assigned to your Instagram account by Instagram. If you click on one of the Instagram buttons integrated on our website, the data and information transferred with it will be assigned to your personal Instagram user account and stored and processed by Instagram. Instagram will always be informed by the Instagram Component that you have visited our website if you are logged into Instagram at the same time you access our website, whether or not the Instagram Component is clicked. If you do not want this information to be sent to Instagram, you can prevent the transmission by logging out of your Instagram account before accessing our site. Further information and Instagram's current privacy policy can be found at https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/ .

IBA Hamburg has integrated components of Twitter on this website. Twitter is a multilingual publicly accessible microblogging service where users can post and distribute so-called tweets, i.e. short messages limited to 140 characters. These short messages can be viewed by anyone, including people who are not registered on Twitter. The tweets are also displayed to the so-called followers of the respective user. Followers are other Twitter users who follow the tweets of a user. Twitter also allows a broad audience to be addressed via hashtags, links or retweets.
Twitter is operated by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.
Each time you call up one of the individual pages on this website, which is operated for us by the provider and on which a Twitter component (Twitter button) has been integrated, the internet browser on the information technology system of the data subject is automatically prompted by the respective Twitter component to download a display of the corresponding Twitter component from Twitter. Further information on the Twitter buttons can be found at https://about.twitter.com/de/resources/buttons . As part of this technical process, Twitter is informed about which specific sub-page on our website the data subject visited.

If the data subject is logged into Twitter at the same time, Twitter will recognise which specific sub-page on our website the data subject is visiting each time the data subject visits our website and for the entire duration of the stay on our website. This information is collected by the Twitter Component and assigned by Twitter to the respective Twitter account of the data subject. If the data subject clicks on one of the Twitter buttons integrated on our website, the data and information transferred with it will be assigned to Twitter account of the data subject and stored and processed by Twitter.
Twitter will always be informed by the Twitter Component that the data subject has visited our website if the data subject is logged into Twitter at the same time they access our website, whether or not the Twitter Component is clicked. If the data subject does not want this information to be sent to Twitter, they can prevent the transmission by logging out of their Twitter account before accessing our site.
Twitter’s current privacy policy is available at https://twitter.com/privacy?lang=en .

6. Other

Our website’s layout, the graphics used, individual contributions and the collection of contributions are protected by copyright. Our pages may only be reproduced for private purposes. Changes may not be made and reproductions may not be distributed without permission.

The contents published on this server have been carefully researched. Nevertheless, IBA Hamburg GmbH cannot guarantee that the information provided is up to date, accurate or complete. Under no circumstances will any liability be accepted for damages resulting from the use of the retrieved information.

Use of YouTube/Vimeo Plugins
Our website includes YouTube and/or Vimeo plugins. Information about the collection and use of your data by YouTube or Vimeo is provided by their respective privacy policies at www.youtube.com, www.vimeo.com.

Use of Google Maps

This website uses Google Maps. This allows us to display interactive maps directly on the website and enables you to use the map function conveniently.

When you visit our website, Google will be informed that you have accessed the respective subpage of our website. This will be done irrespective of whether you are logged in to a Google-provided user account or not. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish such assignments to be made to your profile, you must log out before activating the button. Google will save your data as user profiles and use it for the purposes of advertising, market research and/or demand-oriented design of its website. Such assessments will be performed especially (including for non-logged in users) to provide demand-oriented advertisements and inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles which you may exercise by contacting Google.

Further information about the purpose and scope of data collection and its processing by the plugin provider is available in the provider’s privacy policy. There, you can also find additional information about your associated rights and settings options to protect your privacy: https://policies.google.com/privacy. Google also processes your personal data in the US and has subjected itself to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.

Google reCAPTCHA
This website uses “Google reCAPTCHA” (hereinafter: “reCAPTCHA”) provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

reCAPTCHA is used to determine whether data entries on this website (e.g., on a contact form) are made by a human or by an automated program. reCAPTCHA analyses the behaviour of the website visitor based on certain characteristics. This analysis starts automatically when the website visitor accesses our website. reCAPTCHA assesses various information (e.g., IP address, the length of the visitor’s stay on our website or mouse movements made by the user) for the analysis. The data collected for the analysis is transferred to Google.

reCAPTCHA analyses run entirely in the background. Website visitors are not informed that such analyses are being performed.

Data is processed on the basis of Article 6(1) Letter f GDPR. The website operator has a legitimate interest in protecting its web offers from abusive automated spying and against SPAM.

Further information about Google reCAPTCHA and Google’s Privacy Policy are available under the following links: https://policies.google.com/privacy and https://www.google.com/recaptcha/intro/android.html.

7. Data Subject Rights

You have the right:

  • Under Article 15 GDPR, to obtain information from us about personal data processed by us. You may especially obtain information about the purpose of the processing, categories of personal data concerned, categories of recipients to whom the data has been or will be disclosed, the envisaged period for which the data will be stored, the existence of the right to rectification, erasure, restriction of processing or to object to such processing or to lodge a complaint, any available information about the source if the data was not collected by us, the existence of automated decision-making, including profiling, and, if applicable, meaningful information about the logic involved.
  • Under Article 16 GDPR, to obtain without undue delay rectification of inaccurate or incomplete data saved by us concerning you.
  • Under Article 17 GDPR, to obtain erasure of personal data saved by us concerning you, unless processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims.
  • Under Article 18 GDPR, to obtain restriction of processing of your personal data if you contest the accuracy of the data or if processing is unlawful, but you oppose erasure and we no longer need your data for the purposes of processing, but the data is required by you for the establishment, exercise or defence of legal claims or you object to the processing in accordance with Article 21 GDPR.
  • Under Article 20 GDPR, to receive in a structured, commonly used and machine-readable format the personal data that you have provided to us or to have this data transmitted to another controller.
  • Under Article 7(3) GDPR, to withdraw any consent you have granted to us at any time. We will then no longer process the data processed on the basis of this consent.

8. Right to Object

If we process your personal data on the basis of our legitimate interests under Article 6(1) Sentence 1 Letter f GDPR, you have the right, under Article 21 GDPR, to object to such processing of your personal data on grounds related to your particular situation or if your objection is directed at direct marketing. In the latter case, you have a general right to object which we will implement without requiring you to state your particular situation. If you wish to exercise your right to withdrawal or to object, it will suffice to send an email to .

9. Data Security

Our website uses common SSL (Secure Socket Layer) encryptions at the highest encryption level supported by your browser. Whether a page of our website is transferred with encryptions may be determined by the key or lock symbol on the bottom status bar of your browser.

We strive to implement adequate technical and organisational measures to protect your data against random and intentional manipulation, complete and partial loss, destruction and unauthorised third-party access. Our security measures are regularly improved in accordance with technological developments.

10. Current Version and Changes to This Privacy Policy

This Privacy Policy is currently valid as of September 2019.

Updates to our website and offers and changes to legal or official requirements may require changes to this Privacy Policy. The respectively valid version of this Privacy Policy may be retrieved and printed from our website at any time at www.iba-hamburg.de.