Call us: +49 40 30 68 03 – 0 | E-mail:
Feel free to contact us or follow us
 

Privacy Statement

PRIVACY POLICY

This is the English Version of our Privacy Policy. In case of doubt the German Version shall be binding.

1 General Information

1.1 Purpose and Responsibility

1. This privacy policy informs you about the nature, scope, and purpose of the processing of personal data in relation to our online offering https://www.iap.de/ and the associated websites, functions, and content (hereinafter collectively referred to as the “online offering” or “website”). Details of these processing activities can be found in Section 2.
2. Details on data processing for the purpose of carrying out our business processes are described in Section 3.
3. The provider of the online offering and the entity responsible for data protection is IAP Ingenieurbüro für Anwendungs-Programmierung GmbH (Valentinskamp 30, D-20355 Hamburg, Germany) – hereinafter referred to as “we” or “us.”
4. Our online offering is provided by 1&1 Versatel Deutschland GmbH (Wanheimer Straße 90, 40468 Düsseldorf, Germany). The server location is Germany.
5. Our data protection officer is: Sven Meyzis - IT.DS Beratung (Telefon: 0049 40-21091514 / E-Mail: ).
6. The term “user” includes all customers and visitors to the online offering.

 

1.2 Legal Basis

In principle, we collect and process personal data based on the following legal grounds:

a. Consent pursuant to Article 6 (1) (a) of the General Data Protection Regulation (GDPR). Consent is any voluntary, informed, and unambiguous indication of intent in the form of a statement or other unequivocal affirmative action by which the data subject indicates that they agree to the processing of their personal data.
b. Necessity for the performance of a contract or in order to take steps prior to entering into a contract pursuant to Article 6 (1) (b) GDPR, i.e. the data is necessary for us to fulfill our contractual obligations towards you or we need the data to prepare for the conclusion of a contract with you.
c. Processing to fulfill a legal obligation pursuant to Article 6 (1) (c) GDPR, i.e., processing of the data is required, for example, by law or other regulations.
d. Processing to safeguard legitimate interests pursuant to Article 6 (1) (f) GDPR, i.e. processing is necessary to safeguard our legitimate interests or those of third parties, unless your interests or fundamental rights and freedoms requiring the protection of personal data prevail.

The specific legal bases for the individual processing operations are listed in the following sections.

 

1.3 Rights of Data Subjects

You have the following rights with regard to our processing of your data:

a. Right to lodge a complaint with a supervisory authority pursuant to Article 13 (2) (d) GDPR and Article 14 (2) (e) GDPR
b. Right of access pursuant to Article 15 GDPR
c. Right to rectification pursuant to Article 16 GDPR
d. Right to erasure (“right to be forgotten”) pursuant to Article 17 GDPR
e. Right to restriction of processing pursuant to Article 18 GDPR
f. Right to data portability pursuant to Article 20 GDPR
g. Right to object pursuant to Article 21 GDPR

Note: Users may object to the processing of their personal data at any time with effect for the future in accordance with the legal requirements. In particular, the objection may be made against processing for direct marketing purposes.

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

 

1.4 Data Deletion and Storage Period

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Storage may also take place if this has been provided for by European or national legislators in EU regulations, laws, or other provisions to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

 

1.5 Security of Processing

1. We have implemented appropriate technical and organizational security measures (TOMs) in line with the state of the art. This protects the data we process from accidental or intentional manipulation, loss, destruction, and unauthorized access.
2. The security measures include, in particular, the encrypted transmission of data between your browser and our server.

 

1.6 Data transfer to third parties, subcontractors, and third-party providers

1. Personal data will only be transferred to third parties within the framework of legal requirements. We only pass on user data to third parties if this is necessary, for example, for billing purposes or for other purposes if the transfer is necessary to fulfill contractual obligations towards users.
2. If we use subcontractors for our online services, we have taken appropriate contractual precautions and technical and organizational measures with regard to these companies.
3. If we use content, tools, or other resources from other companies (hereinafter collectively referred to as “third-party providers”) whose registered office is located in a third country, it can be assumed that data will be transferred to the countries where the third-party providers are based. We only transfer personal data to third countries if an adequate level of data protection is ensured, if the user has given their consent, or if there is other legal permission to do so.

 

2 Processing within the scope of our online offering

 

2.1 Collection of information on the use of the online offering

1. When using the online offer, information is automatically transmitted to us by the user's browser; this includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address, and the requesting provider.
2. This information is processed on the basis of legitimate interests pursuant to Article 6 (1) (f) GDPR (e.g. optimization of the online offering) and to ensure the security of processing pursuant to Article 5 (1) (f) GDPR (e.g. to defend against and investigate cyber attacks).
3. The information is automatically deleted no later than 30 days after the end of the connection—i.e., use of the online offering—unless other retention periods prevent this
4. The collection and storage of data in log files is essential for the provision of the online offering. Therefore, the user has no option to delete, object to, or correct the data.

 

2.2 Complianz GDPR/CCPA cookie consent

1. Our website uses the cookie consent technology from “Complianz GDPR/CCPA Cookie Consent” to obtain your consent to store certain cookies in your browser and to document this in accordance with data protection regulations. This technology is provided by Complianz B.V., Atoomweg 6b, 9743 AK Groningen, Netherlands (hereinafter referred to as Complianz).
2. When you visit our website, a Complianz cookie is stored in your browser, in which the consents you have given or the revocation of these consents are stored.
3. The data collected will be stored until you request us to delete it, delete the Complianz cookie yourself, or the purpose for storing the data no longer applies. Mandatory legal retention periods remain unaffected. Details on Complianz's data processing can be found at https://complianz.io/privacy-statement.

 

2.3 Google Adsense for YouTube

1. We use the “Google AdSense for YouTube” service on our website as part of the ‘YouTube’ service. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
2. The legal basis for the use of Google Adsense for YouTube is your consent in accordance with Article 6 (1) (a) GDPR. You can revoke your consent at any time with effect for the future.
3. The data processed by Google AdSense for YouTube includes your IP address, device information, your surfing behavior, interaction data, and cookies that are set to display personalized advertising.
4. If you are logged into a Google account, Google Adsense for YouTube can link the collected data to your user profile in order to display personalized advertising.
5. Google processes this data to display personalized advertising and analyze user interactions with the ads.
6. It cannot be ruled out that personal data may be transferred to unsafe third countries (United States) where the level of data protection is lower than in the EU. We have concluded a data processing addendum with Google that guarantees that personal data will only be processed in accordance with our instructions and in compliance with the GDPR. Google is certified under the EU-US Data Privacy Framework, which regulates the secure processing of data from EU citizens in the US.
7. For more information on Google Adsense's privacy policy for YouTube, please visit: https://policies.google.com/privacy

 

2.4 Google Fonts

Refer to section 'YouTube'

 

2.5 Google Maps

1. By selecting/clicking on the static map embedded on our website, Google Maps will be reloaded.
2. By using the Google Maps map, you consent to the collection, processing, and use of automatically collected data and data entered by you by Google, one of its representatives, or third-party providers.
3. The terms of use for Google Maps can be found at https://policies.google.com/privacy?hl=de&gl=de.
For detailed information, please visit the Google Privacy Center at https://policies.google.com/privacy?hl=de&gl=de.
4. Processing is based on your consent in accordance with Article 6 (1) (a) GDPR.

 

2.6 Google Photos

Refer to section 'YouTube'

 

2.7 Google reCAPTCHA

1. We use Google reCAPTCHA from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, on our website.
2. reCAPTCHA is a service that can distinguish between a human visitor and a robot/spam visitor. This makes it possible to either not check any boxes or only check one box on forms in order to submit them—without having to solve a puzzle or similar task.
3. The legal basis for data processing is our legitimate interest - in accordance with Article 6(1)(f) GDPR - in protecting the website from bot and spam requests.

 

2.8 jsDelivr CDN

1. This site uses a so-called “content delivery network” (CDN) from jsDelivr.
2. A CDN is a service that helps deliver content from our online offering, especially large media files such as graphics or scripts, more quickly with the help of regionally distributed servers connected via the Internet. User data is processed solely for the aforementioned purposes and to maintain the security and functionality of the CDN.
3. For this purpose, the browser you are using must connect to the CDN servers. This allows the CDN to know that our website has been accessed via your IP address.
4. Use is based on our legitimate interests, i.e., interest in the secure and efficient provision, analysis, and optimization of our online offering in accordance with Article 6 (1) (f) GDPR.
5. Further information can be found in the privacy policy of jsDelivr: https://www.jsdelivr.com/privacy-policy-jsdelivr-net/

 

2.9 Matomo

1. This website uses the open source software Matomo to statistically evaluate visitor traffic.
2. Matomo uses “cookies” (“MATOMO_SESSID”) to evaluate user traffic. These text files, which are stored on the user's computer, enable the analysis of website usage. The information and data generated by cookies are stored on a server in Germany. The IP address is anonymized before storage. You can disable the use of cookies in your browser settings. However, this may mean that you will no longer be able to use our website to its full extent.
3. The data is not passed on to third parties. Matomo uses user data in anonymized form so that we can optimize this website and our offerings. IP addresses are stored by Matomo without the last digits. This allows us to determine which network a request comes from. It is not possible to assign the IP address to a specific computer.
4. If your browser supports the “Do Not Track” technology and you have activated it, your visit will be automatically ignored.
You have the option to prevent your actions here from being analyzed and linked. This will protect your privacy, but will also prevent the owner from learning from your actions and improving usability for you and other users.
5. By using this website, you consent to the processing of data about you by Matomo in the manner and for the purposes set out above.

 

2.10 Three.js

1. Three.js is a cross-browser JavaScript library and application programming interface used to create and display animated 3D computer graphics in a web browser using WebGL. The source code is hosted in a repository on GitHub.
2. Use is based on our legitimate interests, i.e., interest in the appropriate presentation of our online offering in accordance with Article 6 (1) (f) GDPR.

 

2.11 YouTube

1. We use videos from the video portal “YouTube” provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: “Google”) on our website in order to ensure smooth integration of the videos and an appealing design of our website. The legal basis for data processing is your consent in accordance with Article 6 (1) (a) GDPR.
2. We use the “extended data protection mode” option provided by Google.
3. When you visit a page that has an embedded video, a connection to the Google servers is established and the content is displayed on the website by notifying your browser.
4. According to Google, in “extended data protection mode,” your data—in particular, which of our web pages you have visited and device-specific information, including your IP address—will only be transmitted to the YouTube server in the USA when you watch the video. By activating a video, you consent to this transmission.
5. If you are logged in to Google at the same time, this information will be associated with your YouTube member account. You can prevent this by logging out of your member account before visiting our website.
6. In some cases, information is transferred to the parent company Google Inc. based in the USA, to other Google companies and to external partners of Google, which may be located outside the European Union. Google uses standard contractual clauses approved by the European Commission for this purpose and relies on the adequacy decisions issued by the European Commission with regard to certain countries.
7. For more information about data protection in connection with YouTube, please refer to Google's privacy policy.For more information about data protection in connection with YouTube, please refer to Google's privacy policy.
8. When using the video portal, the domains ytimg.com (“YouTube images”), youtube-nocookie.com (“YouTube NoCookie”), googlevideo.com (“Google Video”), ggpht.com (“Google Photos”) and fonts.gstatic.com (Google Fonts) are accessed. Furthermore, Google's “DoubleClick” advertising network is reloaded. The legal basis for this is also your consent.

 

2.12 WordPress

1. We use WordPress for website development based on the balancing of interests pursuant to Article 6 (1) lit. f GDPR.
2. WordPress uses only necessary or functional cookies and similar technologies. No data is transferred to third parties.

 

2.13 Links to other websites, domain access

1. When using some of our services, you will be automatically redirected to other websites.
2. Please note that this privacy policy does not apply to those websites. The privacy policy of the linked website may differ significantly from this one.

 

3 Processing for the purpose of carrying out our business processes

 

3.1 Email newsletter

1. If you have expressly consented in accordance with Article 6 (1) (a) GDPR, we will use your email address to send you our newsletter on a regular basis. To receive the newsletter, you only need to provide your name and email address.
2. You can unsubscribe at any time, for example via a link at the end of each newsletter.

 

3.2 Enquiries via contact form, email, telephone or fax

1. If you contact us via the contact form, email, telephone, or fax, your request, including all resulting personal data (name, request), will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent, unless it is necessary to pass it on to third parties in order to process your request.
2. This data is processed on the basis of Article 6 (1) (b) GDPR, provided that your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of inquiries addressed to us - Art. 6 (1) (f) GDPR - or on your consent - Article 6 (1) (a) GDPR -, if this has been requested.
3. The data you send us via contact request will remain with us until you request us to delete it, revoke your consent to its storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory legal provisions—in particular statutory retention periods—remain unaffected.

 

3.3 Existing customer advertising

1. If you have already used our paid services, we may inform you from time to time by email or letter about similar services we offer (in particular new offers), unless you have objected to this.
2. The legal basis for data processing is Article 6 (1) (f) GDPR. Our legitimate interest lies in direct marketing (Recital 47 GDPR). You can object to the use of your email address and postal address for advertising purposes at any time without additional costs with effect for the future.

3.4 Job applications

For reasons of better readability, the simultaneous use of masculine, feminine, and diverse language forms is avoided in the following explanations. All references to persons apply to all genders: m/f/d.

 

3.4.1 Direct applications

1. We offer you the opportunity to apply for a position with us (e.g., by email or post). Below, we provide information about the scope, purpose, and use of your personal data collected during the application process. We assure you that your data will be collected, processed, and used in accordance with applicable data protection laws and all other legal provisions, and that your data will be treated as strictly confidential.
2. Scope and purpose of data collection
When you send us an application, we process your associated personal data (e.g., contact and communication data, application documents, notes taken during job interviews, etc.) to the extent necessary to decide whether to establish an employment relationship. The legal basis for this is §26 German Federal Data Protection Act / BDSG (initiation of an employment relationship), Article 6 (1) (b) GDPR (general contract initiation) and – if you have given your consent – Article 6 (1) (a) GDPR. Consent can be revoked at any time. Your personal data will only be passed on within our company to persons who are involved in processing your application.
3. If your application is successful, the data you submit will be stored in our data processing systems for the purpose of implementing the employment relationship on the basis of §26 BDSG and Article 6 (1) (b) GDPR.
4. Data retention period
If we are unable to offer you a position, you decline a job offer, or you withdraw your application, we reserve the right to store the data you have provided on the basis of our legitimate interests (Article 6 (1) (f) GDPR) for up to 6 months from the end of the application process (rejection or withdrawal of the application). The data will then be deleted and the physical application documents destroyed. The storage serves in particular for verification purposes in the event of a legal dispute. If it is apparent that the data will be required after the 6-month period has expired (e.g. due to an impending or pending legal dispute), deletion will only take place when the purpose for further storage no longer applies.
Longer storage may also take place if you have given your consent (Article 6 (1) (a) GDPR) or if statutory retention obligations prevent deletion.

 

3.4.2 Inclusion in the applicant pool

1. If we do not offer you a position, we may add you to our applicant pool. If you are added to the pool, all documents and information from your application will be transferred to the applicant pool so that we can contact you if a suitable vacancy arises.
2. Inclusion in the applicant pool is based exclusively on your express consent (Article 6 (1) (a) GDPR). Consent is voluntary and is not related to the current application process. The data subject may revoke their consent at any time. In this case, the data will be irrevocably deleted from the applicant pool, provided there are no legal reasons for retention.
3. The data from the applicant pool will be irrevocably deleted no later than two years after consent has been given.

 

4 Cookie policy

 

4.1 General information

1. Cookies are pieces of information that are transferred from our web server or third-party web servers to users' web browsers and stored there for later retrieval. Cookies can be small files or other types of information storage.
2. If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in their browser's system settings. Stored cookies can be deleted in the browser's system settings. Excluding cookies may lead to functional restrictions of this online offer.

 

4.2 Cookie overview, options for objection

1. You can find a current overview of the cookies used on this website in the consent management platform “Compliance GDPR” (see section 2.2 “Compliance GDPR/CCPA Cookie Consent”).
2. There you can also manage your individual consents and preferences.

 

5 Changes to the privacy policy

1. We reserve the right to amend this privacy policy with regard to data processing in order to adapt it to changes in the legal situation, changes to the online offering, or changes to data processing.
2. If the consent of users is required or if provisions of the contractual relationship with users are included in the privacy policy, changes will only be made with the consent of the users.
3. Users are requested to regularly review the content of this privacy policy.

 

As of December 2025