We, ibc AG, Schloss-Rahe-Straße 15, 52072 Aachen, Germany, Phone: +49 (0)241 9367 3500, email: info@ibc-ag.de (hereinafter also “ibc Group,” “we,” “us”) operate the websites of the companies within the ibc Group and are the data controller for data processing in connection with the use of the websites.
With this Privacy Policy, we inform you about the nature, scope, and purpose of the processing of personal data (also referred to as “data”) within our website (www.ibc-ag.de) and the websites, functions, and content associated with it, as well as external online presences, such as our social media profiles (hereinafter collectively referred to as the “Online Offer”).
If you have questions regarding the processing of your personal data, the exercise of your “data subject rights,” or the revocation of consent you have provided, please contact us
in writing to: ibc AG, Data Protection Officer, Schloss-Rahe-Straße 15, 52072 Aachen, Germany
or by email to: datenschutz@ibc-ag.de.
With our Privacy Policy, we comply with the information obligations of the European General Data Protection Regulation (GDPR) as well as other relevant data protection regulations. For third-party applications and websites, such as those linked to, the privacy policies of those sites apply. Unless otherwise stated, we are not responsible for the processing of your personal data in connection with websites or applications not operated by us, nor for their content.
We generally process personal data only to the extent necessary to provide functional websites as well as our content and services. In principle, personal data is processed only if you have given your consent. However, an exception applies in cases where obtaining prior consent is not possible for practical reasons and this is permitted.
To the extent that we obtain your consent for the processing of personal data, Article 6(1)(a) GDPR serves as the legal basis.
If the processing of personal data is necessary for the performance of a contract to which you are a party, Article 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations necessary for the implementation of pre-contractual measures.
To the extent that the processing of personal data is necessary to comply with a legal obligation to which we are subject, Article 6(1)(c) GDPR serves as the legal basis.
In the event that vital interests of you or another natural person necessitate the processing of personal data, Article 6(1)(d) GDPR serves as the legal basis.
If the processing is necessary to safeguard a legitimate interest of ours or of a third party, and your interests, fundamental rights, and freedoms do not override the aforementioned interest, Article 6(1)(f) GDPR serves as the legal basis.
Your personal data will be deleted as soon as it is no longer necessary for the respective purpose. If data is processed for multiple purposes, the data will be deleted as soon as the last specified purpose has been fulfilled. In this context, personal data may be retained for the period during which claims can be asserted against us. In addition, personal data will be stored to the extent and for as long as we are legally obligated to fulfill documentation and retention requirements.
When you simply visit our website to browse, our system automatically collects data that your device (computer, laptop, tablet, smartphone, etc.) sends to our website’s server via the HTTPS protocol. The server matches these automatic requests and responses based on your IP address.
When you visit our website, our hosting provider processes technical access data in so-called log files. The technical data collected in this process includes, in particular, the IP address of the requesting device, the date and time of access, the page accessed, the browser used, and the operating system.
The technical data collected does not allow for any direct identification of your identity. The data is not merged with other data sources.
The purpose of processing the technical data is to technically enable you to use our website. Storage in log files is technically necessary to display our website to you, establish a smooth connection, ensure the stability and security of the system, and protect against misuse.
The legal basis for data processing is our legitimate interest (Article 6(1)(f) of the GDPR).
The server log files are deleted by the hosting provider after seven days at the latest.
Since the processing of this data is strictly necessary for the provision and operation of our website, you do not have the right to object.
When you visit our website, our web server sends so-called cookies. Cookies are very small text files that are stored on the hard drive of your device and assigned to the browser you are using when you visit our websites. Cookies cannot execute programs or transfer viruses or Trojans to your device. Personal data is not stored in a cookie.
To make it easier for you to use our online services, we use strictly necessary (“essential”) cookies. Essential cookies (“temporary cookies”) include, for example, session cookies, which store information about you during a single browser session, remain in place for each page change, and are deleted when you close your browser; cookies that temporarily store certain settings you have chosen (e.g., login data, language settings, or other settings on our website); cookies for load balancing on the server, contact form cookies that store responses to questions submitted via the contact form, multimedia cookies for playing media content (e.g., Flash Player), opt-out cookies, which allow you to revoke cookie consent; the cookie that records the consent status for other cookies; and cookies from live chat systems and messenger services. You can find out which cookies we use in our cookie banner.
The purpose of using necessary cookies is to enable you to use our website and to ensure optimal usability. Some features of our website cannot be provided without the use of cookies. The user data collected by necessary cookies is not used to create user profiles.
The use of necessary cookies is based on legitimate interests (Article 6(1)(f) GDPR).
In some cases, we use non-essential cookies (“persistent cookies”). Such cookies enable us, for example, to analyze the use of our website in order to make the website more user-friendly and effective and to improve its content. Furthermore, when you visit our website again, the system automatically recognizes that you have already visited our website and recalls the entries and settings you made so that you do not have to re-enter them. You can find out which cookies we use in our cookie banner.
Non-essential cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete cookies at any time in your browser’s security settings.
The use of non-essential cookies is based on your consent (Article 6(1)(a) GDPR). You may revoke your consent at any time with future effect.
Since cookies are stored on your device and transmitted to us from there, you as the user also have full control over the use of cookies. You can independently allow or block temporary, permanent, and other cookies in your browser’s security settings. Help menus for common browsers can be found at the following links:
(i) Microsoft Edge: https://support.microsoft.com/de-de/windows/verwalten-von-cookies-in-microsoft-edge-anzeigen-zulassen-blockieren-l%C3%B6schen-und-verwenden-168dab11-0753-043d-7c16-ede5947fc64d
(ii) Firefox: https://support.mozilla.org/de/kb/verbesserter-schutz-aktivitatenverfolgung-desktop?redirectslug=enable-and-disable-cookies-website-preferences&redirectlocale=en-US
(iii) Chrome: https://support.google.com/chrome/answer/95647
(iv) Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
(v) Opera: https://help.opera.com/en/latest/web-preferences/#cookies
You can browse our website without restrictions even if cookies are disabled. However, you may not be able to use all features of our website if you also disable the necessary cookies.
The use of necessary cookies does not require consent, nor is there an option to object. You can only disable such cookies by adjusting your browser settings.
We require your consent to store and read cookies that are not technically necessary. We will inform you of this on our website.
If you do not consent to the storage and analysis of data from your visit, you may object to the storage and use of non-technically necessary cookies at any time. If you object, the use of cookies and the associated data processing will cease in the future. Your objection will not affect your use of our website, provided you do not also disable the functions of the technically necessary cookies.
You can object to the use of third-party cookies and the associated data processing at any time as follows: (i) You can adjust your browser settings to prevent our website from setting cookies. (ii) You can click the opt-out link provided by the respective service provider for each individual processing activity and disable the continued use of cookies and the associated data processing there. (iii) You can, for example, download and install Google’s “Opt-Out” add-on for your browser. Opt-out cookies prevent Google services from collecting your data in the future when you visit this and other websites. To prevent data collection on different devices, you must install the “Opt-Out” add-on on all devices you use. You can also object to the use of cookies for online marketing purposes through other services, such as the websites https://optout.aboutads.info and https://youronlinechoices.com/.
When you contact us by mail, phone, email, or via a contact form, we process the personal data you provide and the content of the communication solely to address your inquiry and to comply with any applicable legal record-keeping obligations.
Data processing for the purpose of contacting us is generally voluntary. If you use a contact form, we will obtain your consent.
The legal basis depends on the specific purpose of the communication. If consent is given, the legal basis is Article 6(1)(a) GDPR. Often, the legal basis is the protection of our legitimate interests pursuant to Article 6(1)(f) GDPR (e.g., conducting business correspondence, responding to inquiries regarding data protection). If your contact is aimed at concluding a contract, Article 6(1)(b) GDPR also serves as the legal basis. To the extent that further data processing is carried out to fulfill legal retention obligations, the legal basis is Article 6(1), first sentence, (c) GDPR.
We delete the resulting communication data as soon as storage is no longer necessary to fulfill the purpose, unless statutory retention obligations prevent deletion.
You have the option to withdraw your consent to data processing at any time under the statutory conditions (see section “Your Rights as a Data Subject”). If you contact us via email, you may object to data processing at any time, e.g., via email. The data stored in the course of the contact will then be deleted, so that communication with you can no longer be continued.
If you (“applicant”) apply to us electronically (e.g., via email) and submit application documents to us electronically, we process the personal data you provide to us for the purpose of conducting the application process.
If we enter into an employment contract with an applicant, we process the data for the purpose of managing the employment relationship in compliance with legal regulations.
If no employment relationship is established between an applicant and us, the application documents will be deleted six months after notification of the rejection decision or withdrawal of the application by the applicant, provided that no other legitimate interests on our part preclude deletion. Data may also be retained for a longer period if you have given your consent (Article 6(1)(a) GDPR) or if there are statutory retention obligations.
The legal basis for data processing is Article 6(1)(b) GDPR and other data protection provisions regarding the decision to establish an employment relationship.
In the context of our collaboration with business partners, we process personal data of contact persons at prospective clients, customers, sales partners, suppliers, service providers, and other partners. Specifically, this data includes:
(i) Contact information such as last name, first name, and (business) address, telephone number, mobile phone number, fax number, and email address
(ii) Information necessary for processing payments, such as bank details, account numbers, and credit card information
(iii) Information whose processing is necessary for the performance of a contractual relationship with us or that is voluntarily provided by business partners
(iv) personal data collected from publicly available sources, credit bureaus, or information databases
(v) any additional personal data required by law to identify our business partner, such as date of birth, ID issuance date, and ID number
We process personal data for the following purposes:
(i) Communication with business partners in connection with the initiation, establishment, execution, and termination of business relationships
(ii) Conducting and managing the business relationship (e.g., processing orders for goods and services, accounting, billing)
(iii) Asserting and defending against legal claims,
(iv) Conducting marketing campaigns (e.g., invitations to events, sending newsletters to existing customers)
(v) Maintaining and protecting the security of our products and services
(vi) Prevention, deterrence, and detection of security risks and criminal acts
(vii) Compliance with legal requirements (e.g., tax and commercial law retention obligations)
(viii) Compliance with statutory investigation obligations (e.g., under the Money Laundering Act).
We only disclose data to third parties to the extent necessary for the purposes stated above or to fulfill legal obligations (e.g., to involved telecommunications, transportation, and other service providers, as well as to subcontractors, banks, tax and legal advisors, payment service providers, or tax authorities). We will inform you of any further data disclosures within the scope of this Privacy Policy.
The processing of personal data is necessary to achieve the stated purposes. Unless otherwise expressly stated when collecting personal data, the legal bases are:
(i) the performance and fulfillment of a contract with you (Article 6(1)(b) GDPR)
(ii) compliance with legal obligations to which we are subject (Article 6(1)(c) GDPR)
(iii) the protection of our legitimate interests (Article 6(1)(f) GDPR), whereby our legitimate interest lies in the initiation, execution, processing, and management of the business relationship
If you have expressly consented to the processing of your personal data in a specific case, Article 6(1)(a) GDPR serves as the legal basis for the processing.
We delete the personal data collected as soon as storage is no longer necessary to fulfill the purpose, unless further statutory limitation periods or statutory obligations to provide evidence or retain records preclude deletion.
If we offer a newsletter, we will send you our newsletter via email upon request, even outside of a business relationship, to inform you about news and current offers. The only mandatory information required to receive our newsletter is your email address. Providing additional data is voluntary; we use this to address you personally if necessary.
We use the so-called double opt-in procedure for newsletter registration. This means that after you register, we will send an email to the address you provided and ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 48 hours, your data will be blocked and automatically deleted after one month. When you subscribe to the newsletter, we store your IP address and the times of your registration and confirmation in order to demonstrate compliance with legal requirements during the registration process and to investigate any potential misuse of your personal data.
We may share your data with an email service provider and other IT service providers acting as data processors. We contractually require the relevant service provider not to use personal data for its own purposes or to disclose it to third parties.
Your consent is obtained during the registration process for the processing of your data for our newsletter. The legal basis is Article 6(1)(a) GDPR.
You may object to the transmission of the newsletter, as well as to the sending of emails, at any time with future effect. To do so, simply use the unsubscribe option at the end of the newsletter or send a written notice to the contact details provided in the legal notice (e.g., via email or postal mail).
We process your personal data only until you unsubscribe from the newsletter. Once you have withdrawn your consent or unsubscribed from the newsletter, we may retain the data collected during the registration process and your unsubscribed email address for up to three years before deleting it. This storage is based on our legitimate interest in being able to prove that you originally gave your consent. We will comply with a request for deletion before the three-year period expires if you simultaneously confirm to us that you originally consented to the data processing.
Our website is hosted by an external service provider (“host”). The personal data collected via our website is stored on the host’s servers. Our host’s servers are located in Germany.
The use of the host is for the purpose of fulfilling our contractual obligations to our potential and existing customers (Article 6(1)(b) GDPR) and in the interest of providing our online services securely, quickly, and efficiently through a professional provider (Article 6(1)(f) GDPR).
Our hosting provider processes personal data only to the extent necessary to fulfill its contractual obligations to us. We have entered into a Data Processing Agreement (DPA) with our hosting provider. This ensures that the hosting provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the provisions of the GDPR.
We only transfer personal data to third parties if:
(i) you have given your explicit consent (Article 6(1)(a) GDPR), or
(ii) this is necessary to take steps at your request prior to entering into a contract or to fulfill a contractual relationship with you (Article 6(1)(b) GDPR), or
(iii) we are legally obligated to do so (Article 6(1)(c) GDPR), or
(iv) the disclosure is necessary pursuant to Article 6(1)(f) GDPR for the establishment, exercise, or defense of legal claims, and there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your data.
We do not transfer personal data to international organizations.
If, in exceptional cases, personal data is to be processed in third countries (countries outside the European Economic Area – EEA), appropriate safeguards are provided for your protection and the protection of your personal data in connection with such data transfers in accordance with legal requirements (in particular, the use of EU Standard Contractual Clauses), or an adequacy decision has been adopted by the European Commission (Article 45 GDPR). For some third countries, the EU has already determined that their data protection standards are comparable to those in Europe, so that data transfers to these countries do not require any special authorization or agreement. The EU Commission provides the relevant information regarding its adequacy decisions at the following link: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en?prefLang=de.
On our website, you will find buttons from the following social media services: LinkedIn, Xing.
The legal basis for placing these buttons is Article 6(1)(f) GDPR. Our legitimate interest lies in the promotional purpose of increasing the appeal of our website and the visibility of our company. Above all, we offer you the opportunity to interact with social networks and other users, so that we can improve our offerings and make them more interesting for you as a user.
For data protection reasons, we have deliberately decided against using direct plug-ins from social networks on our website. By placing the buttons, we do not establish a direct connection from your internet browser to the servers of the respective provider of the integration. It is merely a redirection via a link. Only when you actively click on a network’s button and thereby activate it does your browser establish a connection to the respective network, and content from that site is loaded. The network provider (operator) receives the information that you have accessed the corresponding page on our website. In addition, the data mentioned in the section “Processing of Personal Data When Visiting Our Website” is transmitted to the respective provider and processed there (in the case of U.S. providers, in the United States). In the case of Xing, according to the respective provider in Germany, the IP address is anonymized immediately after collection.
Network operators store the data collected about you as user profiles and use these profiles for the purposes of advertising, market research, and/or tailoring their websites to user needs. Such analysis is carried out in particular (including for users who are not logged in) to display targeted advertising and to inform other users of the respective social network about your activities on our website. We have no influence over the data collected by the respective provider or the data processing procedures, nor are we aware of the scope of data collection, the purposes of processing, the retention periods, or details regarding the deletion of the collected data.
Since network operators use cookies in particular for data collection, we recommend that you delete all cookies in your browser’s security settings before clicking on a network’s button. We also recommend that you log out of the respective network before visiting our website, and especially before clicking a button, if you wish to prevent the respective provider from directly associating the data collected during your visit to our website with your profile. You also have the right to object to the creation of user profiles; to exercise this right, you must contact the respective network provider.
For further information regarding the nature, scope, purpose, and further processing of your data by network operators, please contact the respective operator. There you will also find further information regarding your rights in this regard and settings options for protecting your privacy:
LinkedIn: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland;
Privacy policy: https://www.linkedin.com/legal/privacy-ploicy; Opt-out option: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Xing: New Work SE, Am Strandkai 1, 20457 Hamburg, Germany;
Privacy policy: https://privacy.xing.com/de/datenschutzerklaerung.
Subject to the legal requirements, you have the following rights regarding your personal data:
(i) Right of access (Article 15 GDPR)
(ii) Right to rectification (Article 16 GDPR)
(iii) Right to erasure (Article 17 GDPR)
(iv) Right to restriction of processing (Article 18 GDPR)
(v) Right to object to processing (Article 21 GDPR)
(vi) Right to data portability (Article 20 GDPR)
If you have given us consent to process your personal data, you have the right to withdraw that consent at any time with future effect (Article 7(3) GDPR). The withdrawal does not affect the lawfulness of processing that took place prior to the withdrawal. After withdrawal, we may continue to process your personal data only to the extent that we can base the processing on another legal basis (e.g., to fulfill a contract).
You have the right to lodge a complaint with your competent data protection supervisory authority regarding our processing of your personal data (Article 77 GDPR).
During your visit to our website, we use the widely adopted TLS protocol in conjunction with the highest encryption level supported by your browser. This is typically 256-bit encryption. You can tell whether a specific page of our website is being transmitted securely by the closed key or lock icon displayed in the status bar at the bottom of your browser. We also employ appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
This Privacy Policy is current as of the date indicated at the end. Due to the ongoing development of our website and the services offered through it, or due to changes in legal or regulatory requirements, it may become necessary to amend this Privacy Policy. The most current version of the Privacy Policy can be accessed and printed from our website at any time.
April 2026