Sorry, item "offcanvas-col1" does not exist.

Sorry, item "offcanvas-col2" does not exist.

Sorry, item "offcanvas-col3" does not exist.

Sorry, item "offcanvas-col4" does not exist.

Privacy Statement ID-ware Group

Introduction
We are very pleased that you have shown interest in our company. Data protection has a particularly high priority for the management of ID-ware International B.V., ID-ware Deutschland GmbH and ID-ware UK Ltd. (hereinafter referred to as ID-ware).
ID-ware and its affiliates (collectively, "ID-ware", "we", "us", or "our") respect your privacy. We hereby develop this Privacy Statement (referred to as "this Statement") to help you understand how we collect, use, disclose, protect, store, and transmit your personal data. Please take a moment to read this Statement carefully and contact us if you have any questions.

This Statement applies to ID-ware products and services that are offered by the ID-ware Group.

Personal information refers to any type of information recorded electronically or otherwise relating to an identified or identifiable natural person, excluding information that has been anonymised. We may collect your personal data when you use our products or services or interact with us. Different types of data will be collected, depending on the service you use and your interactions with us. In some cases, you can choose not to provide such data, but this may prevent us from providing you with corresponding products or services or may mean that we cannot respond to or resolve any issues you might have raised.
When providing you with related products or services, we may also collect and summarise statistics, such as website visits, app downloads, and product sales volume, to understand how our products and services are used. For the purposes of this Statement, the preceding statistics are regarded as non-personal data. We will try our best to isolate your personal data from non-personal data and use them separately. The personal data mixed with non-personal data will still be treated as personal data.

The purpose
We process your personal data accordingly one or more of the legal bases, being: mostly the processing of personal data is necessary for:
•    the performance of a contract to which the data subject is a party, as, for example, if the processing is necessary for the delivery of goods or the performance of another service, the processing is based on Article 6(1)(b) GDPR. The same applies to such processing necessary for the performance of pre-contractual measures, for example in the case of inquiries about our products or services.
•    If our company is subject to a legal obligation to process personal data, such as for the fulfilment of tax obligations, the processing is based on Art.) 6(1) lit. c GDPR.
•    In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor is injured in our company and his name, age, health insurance data or other vital information needs to be transmitted to a doctor, hospital or other third party. Then the processing would be based on Art. 6(1) lit. d GDPR.
•    Finally, the processing could be based on Article 6(1)(f) of the Regulation. This legal basis is used for processing not covered by any of the legal grounds mentioned above, if the processing is necessary for the legitimate interests pursued by our company or by a third party, except when these interests are overridden by the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data. Such processing operations are permitted because they were specifically mentioned by the European legislator. It considered that a legitimate interest can be presumed if the data subject is a client of the controller.
Furthermore, the ID-ware website collects a series of data and information when a data subject or automated system calls up the website. More information about that can be found in our Cookie Policy.
If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain consent from the data subject.
As a responsible company, we do not use automated decision-making or profiling.


Data transfers
In some cases, we may entrust other companies (Data Processors) to process your personal data on behalf of us. For example, we may entrust another company for hotline support, sending emails, and providing technical support. Such companies may only use your personal data to provide services on behalf of us.
We will enter into a strict entrusting agreement or personal data processing terms with the entrusted party. The entrusted party is obligated to process related personal data in accordance with this Statement and our instructions and take relevant confidentiality and security measures to ensure personal data security.

Sharing
Sharing refers to the process in which we provide personal data to other personal data processors, and both parties can independently determine the data processing purposes and methods. We will not share your personal data with external parties, except in the following cases:
•    Sharing with your consent: After obtaining your consent, we will share your authorized personal data with third parties designated by you.
•    Sharing under statutory circumstances: We may share your personal data in accordance with laws/regulations, litigation resolution requirements, or legal requirements of administrative and judicial authorities.
•    Sharing with our affiliates: Your data may be shared with our affiliates. We will share your data with our affiliates only for specific, definite, and legitimate purposes. We will only share data necessary for providing services. For example, to avoid repeated registration of our services, we must verify the global uniqueness of the account to be registered.
•    Sharing with business partners: To ensure the quality of services provided to you, we may share your order, account, device, and location information with our third-party partners. However, we will only share your personal data for legitimate, appropriate, necessary, specific, and definite purposes.

Our partners include
•    Third-party sellers and developers: Some of our products or services are directly provided to you by third parties. In this case, we will share transaction-related information with third parties to fulfil the requirements for products or services you have purchased. For example, when you purchase products from third-party developers, we will share necessary information with them to complete the transaction.
•    Providers of goods or technical services: We may share your personal data with third parties that support our features and functions, including third parties that supply or provide infrastructure technology services, logistics and distribution services, payment services, and data processing services. We share such data to implement the functionality of our products and services. For example, we will share your order information with the logistics service provider to arrange delivery, or your order number and purchase amount with a third-party payment agency to confirm your payment instructions and complete the transaction.
We will perform security assessment on the sharing behaviour and personal data receivers and sign a data protection agreement or strict non-disclosure agreement with them, requiring them to abide by this Statement and take appropriate confidentiality and security measures when processing your personal data.


How we protect your personal data
The security of your personal data is important to us. We have adopted standard industry practices to protect your personal data from unauthorized access/ disclosure/use/ modification/damage, or loss. To this end, we take the following measures:
•    We take all reasonable and feasible measures to ensure that the personal data collected is minimal and relevant to what is necessary in relation to the purposes for which it is processed. We will retain your personal data for no longer than is necessary for the purposes stated in this Statement, unless otherwise extending the retention period is required or permitted by law.
•    We use cryptographic technologies to ensure the confidentiality of data transmission and storage and implement trusted protection mechanisms to protect data and data storage servers from attacks.
•    We deploy access control mechanisms to permit only authorised access to your personal data. In addition, we limit the number of authorized personnel and implement hierarchical permission management based on service requirements and personnel levels. Access to personal data will be logged and reviewed by authorised personnel on a regular basis.
•    We carefully select business partners and service providers and incorporate personal data protection requirements into commercial contracts, audits, and appraisal activities.
•    We organise security and privacy protection training courses, tests, and publicity activities to raise employees' personal data protection awareness.
We are fully committed to protecting your personal data. Nevertheless, no security measure is perfect, and no product, service, website, data transmission, computer system, or network connection is absolutely secure.
In response to possible risks, such as personal data leakage, damage, and loss, we have developed several mechanisms and control measures, clearly defined the rating standards of security incidents and vulnerabilities and the corresponding handling procedures and established a dedicated Security Advisory and Security Notice page. We have also established a dedicated security emergency response team to implement security contingency plans, loss reduction, analysis, locating, and remediation, and to perform backtracking/countering operations with related departments in accordance with security incident handling regulations and requirements.
If any personal data security incident occurs, we (or the Data Controller) will notify you, pursuant to local legal requirements, of the basic information about the security incident and its possible impact, measures that we have taken or will take, suggestions about active defence and risk mitigation, and remedial measures. The notification may take the form of an email, text message, push notification, etc. When it is difficult to inform data subjects individually, we will take appropriate and effective measures to release a Security Notice. In addition, we will also report the handling status of personal data security incidents as required by supervisory authorities.
In addition, ID-ware has implemented numerous technical and organisational measures to ensure the most complete protection of personal data.

How you can manage your personal data
According to local laws, personal data subjects or their representatives can submit requests for exercising data subjects' rights (referred to as "requests") to us.
(1) Requesting methods and channels

Data subjects' requests must be submitted in writing. The requests are equally valid even if the requester does not specify the laws on which the requests are based. In general, verbal requests are not valid unless otherwise permitted by local laws.
Data subjects' requests can be submitted through using an email addressed to the Data Protection Officer (see the contact details at the end)

(2) Validity of requests
Most laws require data subjects to comply with specific requirements when they initiate requests. This Statement requires data subjects to:
a. Submit requests through dedicated request channels. (see contact details: Data Protection Officer email address)
b. Provide sufficient information to verify their identities (to ensure those who initiate the requests are the data subjects themselves or those authorized by them). Please provide as detailed information as possible when submitting your request, such as the request type, specific content, information about the information holder (such as the account name you use for our products and services), and time frame in which the information was generated or processed (requests within a shorter period of time have a higher likelihood of being accepted).
c. Ensure that their requests are specific and feasible.

(3) Request processing details and period
We will make every effort to respond within one month upon receiving a request to access personal data. This period may be extended if necessary, depending on the number of requests and their complexity. If the request period is to be extended, we will notify the data subject of the situation and reason for the delay. In the event of any time conflict between this section and local laws/regulations, the latter shall prevail.

(4) Types of Requests:
a) Right of Information
Any data subject has the right granted by the European legislator to obtain from the controller information as to whether or not personal data concerning him or her are being processed. If a data subject wishes to exercise this right of confirmation, he or she may, at any time, contact the controller.
b) Right of access
Any data subject has the right granted by the European legislator to obtain from the controller at any time, free of charge, information about his or her stored personal data and a copy of this information. In addition, European directives and regulations grant the data subject access to the following information:
- the purposes of the processing;
- the categories of personal data concerned;
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
- if possible, the intended period for which the personal data will be kept, or, if this is not possible, the criteria used to determine that period;
- the existence of the right to request from the controller rectification or erasure of personal data, or restriction of the processing of personal data concerning the data subject, or to object to a data processing.
- the existence of the right to lodge a complaint with a supervisory authority;
- where personal data are not collected from the data subject, any available information on their source;
- the existence of automated decision-making (if any), including profiling, as referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information on the logic involved, as well as the significance and intended consequences of such processing for the data subject.
Furthermore, the data subject has the right to obtain information as to whether personal data is transferred to a third country or to an international organisation. Where this is the case, the data subject has the right to be informed of the appropriate safeguards regarding the transfer.
c) Right of rectification
Any data subject has the right granted by the European legislator to obtain from the controller, without undue delay, the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by providing a supplementary declaration.
d) Right to erasure (right to be forgotten)
Any data subject has the right granted by the European legislator to obtain from the controller the erasure without undue delay of personal data concerning him or her, and the controller is obliged to erase the personal data without undue delay when one of the following grounds applies, as long as the processing is not necessary:
- The personal data are no longer necessary in relation to the purposes for which they are collected or otherwise processed.
- The data subject withdraws the consent to the processing pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR where no other legal ground for the processing exists.
- The data subject objects to the processing under Article 21(1) GDPR and there are no compelling legitimate grounds for the processing, or the data subject objects to the processing under Article 21(2) GDPR.
- The personal data has been processed unlawfully. The personal data must be deleted in order to comply with a legal obligation under Union or Member State law to which the controller is subject.
e) Right to restriction of processing.
Any data subject has the right granted by the European legislator to obtain from the controller a restriction of processing when one of the following applies:
- The accuracy of the personal data is contested by the data subject for a period enabling the controller to verify the accuracy of the personal data.
- The processing is unlawful, and the data subject opposes the erasure of the personal data and requests instead that its use be restricted.
- The controller no longer needs the personal data for the purposes of the processing, but the data subject needs it for the establishment, exercise or defence of legal claims.
- The data subject has objected to the processing pursuant to Article 21(1) of the GDPR, pending verification of whether the controller's legitimate grounds outweigh those of the data subject.
If any of the above conditions are met and a data subject wishes to request the restriction of the processing of personal data stored by the ID-ware, he or she may, at any time, contact any employee of the controller. The employee of the ID-ware will arrange the restriction of processing.
f) Right to data portability
Any data subject shall have the right granted by the European legislator to receive personal data concerning him or her provided to a controller in a structured, commonly used and machine-readable format. He or she shall have the right to transfer these data to another controller without hindrance from the controller to whom the personal data have been disclosed, provided that the processing is based on consent pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR, or on a contract pursuant to Article 6(1)(b) of the GDPR, and the processing is carried out by automated means, as long as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
g) Right to object
Any data subject shall have the right to object at any time under Article 6(1)(e) or (f) of the GDPR to the processing of personal data concerning him/her on grounds relating to his/her particular situation. This also applies to profiling based on these provisions.
ID-ware will no longer process the personal data in case of objection, unless we can demonstrate compelling legitimate grounds for the processing which outweigh the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.

h) Right to withdraw data protection consent
Any data subject has the right to withdraw his or her consent to the processing of his or her personal data at any time.
(5) Request results
After a request is submitted, the following may occur:
a. The request is rejected.
Requests from data subjects may be declined in the following situations, including but not limited to:
(a) Local laws do not grant relevant rights to data subjects;
(b) The identity of the requester cannot be verified;
(c) The request cannot be verified or is out of scope, especially when requests are sent repeatedly;
(d) The requested information is related to the compensation that we will make or receive as a result of an ongoing dispute, and the disclosure of such information is likely to damage our interests;
(e) The retained information is used for statistical and research purposes only, and the publication of statistics and research results does not reveal personal identities;
(f) Other situations stipulated by laws.
If we decline a request from a data subject, we will provide the requester with a formal explanation.

b. The request is accepted.

(6) Special notes
a. Most laws/regulations specify the circumstances under which an organisation may not provide data to data subjects. These cases include scenarios when providing data may undermine ongoing efforts against terrorism; when the data subject has made repeated requests, or when obtaining and providing such information would consume disproportionate resources.
b. Typically, we will not provide the following information:
(a) Information about others: Requests from data subjects may involve other individuals besides the data subject. We will not provide such information, unless authorized by the relevant individuals.
(b) Repeated requests: If the data subject initiates the same or similar requests related to one data subject for multiple times, and the data has not changed since the last time we provided the data, we will not provide a copy of the data in most cases. Additionally, we have no obligation to provide information that has been publicly available.
(c) Confidential opinions: We are not obligated to provide the requested information if such information is a confidential opinion.
(d) Special documents: We will not disclose any special information in response to requests for accessing personal data. Typically, special information includes any confidential documents (such as attorney/client communication), and information that obtains or expresses a corresponding legal opinion (irrespective of whether it is related to the lawsuit itself or related to information from court proceedings).

Period of retention of personal data
The criteria used to determine the retention period of personal data are the respective legal retention period. After this period's expiration, the relevant data are routinely deleted if they are no longer required for the performance of the contract or the conclusion of a contract.

How to contact us
Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in the member states of the European Union and other data protection provisions is:

ID-ware Group B. V.
Rhone 30
2491 AP The Hague
The Netherlands
Telephone: +31-70-3371500
Email to Data Protection Officer at: privacy@id-ware.com

Copyright 2025 ID-ware.com | All Rights Reserved.
Settings saved
Cookie Policy

We use cookies and other technologies on our website. Some of them are essential, while others help us to improve this website and your experience. You can find more information about how we use your data in our Privacy Policy. You can revoke or adjust your selection at any time under Settings.

By clicking on "Accept all", you consent to the use of cookies.

 

user_privacy_settings

Domainname: id-ware.com
Ablauf: 30 Tage
Speicherort: Localstorage
Beschreibung: Speichert die Privacy Level Einstellungen aus dem Cookie Consent Tool "Privacy Manager".

user_privacy_settings_expires

Domainname: id-ware.com
Ablauf: 30 Tage
Speicherort: Localstorage
Beschreibung: Speichert die Speicherdauer der Privacy Level Einstellungen aus dem Cookie Consent Tool "Privacy Manager".

ce_popup_isClosed

Domainname: id-ware.com
Ablauf: 30 Tage
Speicherort: Localstorage
Beschreibung: Speichert, dass das Popup (Inhaltselement - Popup) durch einen Klick des Benutzers geschlossen wurde.

onepage_animate

Domainname: id-ware.com
Ablauf: 30 Tage
Speicherort: Localstorage
Beschreibung: Speichert, dass der Scrollscript für die Onepage Navigation gestartet wurde.

onepage_position

Domainname: id-ware.com
Ablauf: 30 Tage
Speicherort: Localstorage
Beschreibung: Speichert die Offset-Position für die Onepage Navigation.

onepage_active

Domainname: id-ware.com
Ablauf: 30 Tage
Speicherort: Localstorage
Beschreibung: Speichert, dass die aktuelle Seite eine "Onepage" Seite ist.

view_isGrid

Domainname: id-ware.com
Ablauf: 30 Tage
Speicherort: Localstorage
Beschreibung: Speichert die gewählte Listen/Grid Ansicht in der Demo CarDealer / CustomCatalog List.

portfolio_MODULE_ID

Domainname: id-ware.com
Ablauf: 30 Tage
Speicherort: Localstorage
Beschreibung: Speichert den gewählten Filter des Portfoliofilters.

Eclipse.outdated-browser: "confirmed"

Domainname: id-ware.com
Ablauf: 30 Tage
Speicherort: Localstorage
Beschreibung: Speichert den Zustand der Hinweisleiste "Outdated Browser".
You are using an outdated browser. The website may not be displayed correctly. Close