Skip to main content
To the contact formCall

Privacy Policy

Name and Contact Details of the Controller and the Company Data Protection Officer

This privacy notice applies to data processing by:

Ille Papier-Service GmbH
Industriestraße 25
63674 Altenstadt
represented by Marion Gottschalk, Andreas Trostmann and Eric Gottschalk (hereinafter: Ille)

Email: info@ille.de
Phone: +49 (0) 6047 980 - 000
Fax: +49 (0) 6047 980 - 70

The company data protection officer of Ille can be reached at the contact details stated above with the addition "Data Protection Officer".

Overview of Processing Activities

The following overview summarises the types of data processed and the purposes of their processing, and refers to the data subjects concerned.

Types of Data Processed

  • Master data
  • Payment data
  • Contact data
  • Content data
  • Contract data
  • Usage data
  • Meta, communication and procedural data
  • Log data

Categories of Data Subjects

  • Service recipients and clients
  • Prospective customers
  • Communication partners
  • Users
  • Business and contractual partners

Purposes of Processing

  • Provision of contractual services and fulfilment of contractual obligations
  • Communication
  • Office and organisational procedures
  • Organisational and administrative procedures
  • Information technology infrastructure
  • Feedback
  • Provision of our online services and user-friendliness
  • Business processes and commercial procedures

Applicable Legal Bases

  • Performance of a contract and pre-contractual enquiries (Art. 6(1)(b) UK GDPR) – Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
  • Legal obligation (Art. 6(1)(c) UK GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Legitimate interests (Art. 6(1)(f) UK GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

Security Measures

In accordance with legal requirements and taking into account the state of the art, implementation costs, and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, we implement appropriate technical and organisational measures to ensure a level of protection appropriate to the risk.

These measures include in particular ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data, as well as access to, input of, disclosure of, securing the availability of, and separation of the data. We have also established procedures to ensure the exercise of data subjects' rights, the deletion of data, and responses to data threats. Furthermore, we take into account the protection of personal data already during the development and/or selection of hardware, software and procedures in accordance with the principle of data protection by design and by default.

Server Log Files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Hostname of the accessing computer
  • Time of the server request
  • IP address
  • This data is not merged with other data sources.

The legal basis for data processing is Art. 6(1)(f) UK GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures.

The retention period for personal data is determined by the applicable statutory retention periods. These include in particular retention and documentation obligations under commercial and tax law (from the German Commercial Code (HGB), German Criminal Code (StGB) or German Fiscal Code (AO)). After expiry of the period, the relevant data is routinely deleted, provided it is no longer necessary for the performance or initiation of a contract, we have no legitimate interest in further storage, and/or you have not consented to further storage pursuant to Art. 6(1)(a) UK GDPR.

Cookies

The term "cookies" refers to functions that store and retrieve information on users' end devices. Cookies may also be used for various purposes, such as ensuring the functionality, security and convenience of online services, as well as for the analysis of visitor traffic. We use cookies in accordance with legal requirements. Where necessary, we obtain prior consent from users. Where consent is not required, we rely on our legitimate interests. This applies where storing and retrieving information is essential in order to provide explicitly requested content and functions. This includes the storage of settings and ensuring the functionality and security of our online services. Consent may be withdrawn at any time. We provide clear information about the scope of cookies used and which cookies are in use.

Notes on legal bases for data protection purposes: Whether we process personal data using cookies depends on consent. If consent has been given, it serves as the legal basis. Without consent, we rely on our legitimate interests as explained in this section and in the context of the respective services and procedures.

Retention Period

The following types of cookies are distinguished with regard to retention period:

  • Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user has left an online service and closed their end device (e.g. browser or mobile application).
  • Permanent cookies: Permanent cookies remain stored even after the end device is closed. For example, the login status can be saved and preferred content can be displayed directly when the user revisits a website. Likewise, user data collected via cookies can be used for reach measurement. Unless we provide users with explicit information about the type and storage period of cookies (e.g. when obtaining consent), users should assume that cookies are permanent and may be stored for up to two years.

General notes on withdrawal and objection (opt-out): Users may withdraw consent they have given at any time and also object to the processing in accordance with legal requirements, including by means of the privacy settings of their browser.

Types of data processed: Meta, communication and procedural data (e.g. IP addresses, timestamps, identification numbers, persons involved).

Data subjects: Users (e.g. website visitors, users of online services).

Legal bases: Legitimate interests (Art. 6(1)(f) UK GDPR). Consent (Art. 6(1)(a) UK GDPR).

Further Notes on Processing Activities, Procedures and Services

Processing of cookie data on the basis of consent: We use a consent management solution through which users' consent to the use of cookies or to the procedures and providers named in the consent management solution is obtained. This procedure serves to obtain, log, manage and revoke consent, in particular relating to the use of cookies and comparable technologies that are used to store, read and process information on users' end devices. Within the scope of this procedure, users' consent is obtained for the use of cookies and the associated processing of information, including the specific processing activities and providers named in the consent management procedure. Users also have the option to manage and revoke their consents. Consent declarations are stored in order to avoid repeated requests and to provide proof of consent in accordance with legal requirements. Storage takes place server-side and/or in a cookie (so-called opt-in cookie) or by means of comparable technologies, in order to be able to assign consent to a specific user or their device.

Where no specific information is available about the providers of consent management services, the following general notes apply:

The storage period for consent is up to two years. A pseudonymous user identifier is created and stored together with the time of consent, details of the scope of consent (e.g. categories of cookies and/or service providers concerned), as well as information about the browser, the system and the end device used.

Legal bases: Consent (Art. 6(1)(a) UK GDPR).

Contact and Enquiry Management

When contacting us (e.g. by post, contact form, email, telephone or via social media) and in the context of existing user and business relationships, the information provided by the enquiring persons is processed to the extent necessary for responding to the contact enquiries and any requested measures.

Types of data processed: Master data (e.g. full name, residential address, contact information, customer number, etc.); contact data (e.g. postal and email addresses or telephone numbers); content data (e.g. textual or pictorial messages and posts and the information relating to them, such as details of authorship or time of creation); usage data (e.g. page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta, communication and procedural data (e.g. IP addresses, timestamps, identification numbers, persons involved).

Data subjects: Communication partners. Purposes of processing: Communication; organisational and administrative procedures; feedback (e.g. collecting feedback via online form). Provision of our online services and user-friendliness. Retention and deletion: Deletion in accordance with the information in the section "General Information on Data Storage and Deletion". Legal bases: Legitimate interests (Art. 6(1)(f) UK GDPR). Performance of a contract and pre-contractual enquiries (Art. 6(1)(b) UK GDPR).

Further notes on processing activities, procedures and services:

Contact Form

When contacting us via our contact form, by email or other communication channels, we process the personal data transmitted to us in order to respond to and handle the respective enquiry. This generally includes details such as name, contact information and, where applicable, further information communicated to us that is necessary for appropriate handling. We use this data exclusively for the stated purpose of contact and communication; legal bases: performance of a contract and pre-contractual enquiries (Art. 6(1)(b) UK GDPR), legitimate interests (Art. 6(1)(f) UK GDPR).

Customer Account / Registration Function

If you create a customer account with us via our website, we will collect and store the data you enter during registration (e.g. your name, address or email address) exclusively for pre-contractual services, for the performance of the contract or for the purpose of customer care (e.g. to provide you with an overview of your previous orders with us or to offer you the so-called wish list function). At the same time, we store your IP address and the date and time of your registration. This data is not passed on to third parties.

During the registration process, your consent to this processing is obtained and reference is made to this privacy policy. The data we collect in this context is used exclusively for the provision of the customer account.

If you consent to this processing, Art. 6(1)(a) UK GDPR serves as the legal basis for the processing.

If the opening of the customer account also serves pre-contractual measures or the performance of a contract, the legal basis for this processing is additionally Art. 6(1)(b) UK GDPR.

You may withdraw the consent you have given for the opening and maintenance of the customer account at any time with effect for the future pursuant to Art. 7(3) UK GDPR. To do so, you need only inform us of your withdrawal.

The data collected in this context will be deleted as soon as processing is no longer necessary. However, we must observe retention periods under tax and commercial law.

Online Job Applications / Publication of Job Advertisements

We offer you the opportunity to apply to us via our website. In these digital applications, your applicant and application data is collected and processed by us electronically for the purpose of handling the application process.

The legal basis for this processing is § 26(1) sentence 1 of the German Federal Data Protection Act (BDSG) in conjunction with Art. 88(1) UK GDPR.

If an employment contract is concluded following the application process, we store the data you submitted in your application in your personnel file for the purpose of the usual organisational and administrative process – naturally in compliance with the further applicable legal obligations.

The legal basis for this processing is likewise § 26(1) sentence 1 BDSG in conjunction with Art. 88(1) UK GDPR.

If an application is rejected, we automatically delete the data transmitted to us two months after notification of the rejection. Deletion does not take place, however, if the data requires longer storage of up to four months or until the conclusion of legal proceedings due to legal provisions, e.g. on account of the burden of proof under the German General Equal Treatment Act (AGG).

The legal basis in this case is Art. 6(1)(f) UK GDPR and § 24(1) no. 2 BDSG. Our legitimate interest lies in the defence or enforcement of legal claims.

If you expressly consent to a longer storage of your data, e.g. for inclusion in an applicant or candidate database, the data will be further processed on the basis of your consent. The legal basis is then Art. 6(1)(a) UK GDPR. You may of course withdraw your consent at any time pursuant to Art. 7(3) UK GDPR by declaration to us with effect for the future.

General Links to Third-Party Provider Profiles

The provider uses links to the social networks listed below on the website.

The legal basis for this is Art. 6(1)(f) UK GDPR. The provider's legitimate interest lies in improving the quality of use of the website.

The plugins are integrated via a linked graphic. Only by clicking on the corresponding graphic is the user redirected to the service of the respective social network.

After the user is redirected, information about the user is collected by the respective network. These are initially data such as IP address, date, time and the page visited. If the user is logged into their user account of the respective network at that time, the network operator may be able to assign the collected information from the specific visit of the user to the user's personal account. If the user interacts via a "share" button of the respective network, this information may be stored in the user's personal account and possibly published. If the user wishes to prevent the collected information from being directly assigned to their user account, the user must log out before clicking on the graphic. It is also possible to configure the respective user account accordingly.

  • Facebook

    Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. Privacy policy: https://www.facebook.com/policy.php

  • Instagram

    Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. Privacy policy: https://help.instagram.com/519522125107875

  • LinkedIn

    LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, a subsidiary of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085 USA. Privacy policy: https://www.linkedin.com/legal/privacy-policy

  • YouTube
    Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA. Privacy policy: https://policies.google.com/privacy

Web Analytics, Monitoring and Optimisation

Web analytics (also referred to as "reach measurement") serves to evaluate visitor traffic to our online service and may include behaviour, interests or demographic information about visitors, such as age or gender, as pseudonymous values. Using reach analysis, we can, for example, identify at what times our online service or its functions or content are most frequently used, or which areas require optimisation.

In addition to web analytics, we may also use testing procedures, for example to test and optimise different versions of our online service or its components.

Unless otherwise stated below, profiles may be created for these purposes – i.e. data aggregated into a usage session – and information may be stored in and read from a browser or end device. The data collected includes in particular websites visited and elements used thereon, as well as technical information such as the browser used, the computer system used, and details of usage times. Where users have consented to the collection of their location data to us or to the providers of the services we use, location data may also be processed.

In addition, users' IP addresses are stored. However, we use an IP-masking procedure (i.e. pseudonymisation by shortening the IP address) to protect users. In general, no clear-text data of users (such as email addresses or names) is stored in connection with web analytics, A/B testing and optimisation, but rather pseudonyms. This means that neither we nor the providers of the software used know the actual identity of users, but only the information stored in their profiles for the respective procedures.

Notes on legal bases: Where we ask users for their consent to the use of third-party providers, the legal basis for data processing is consent. Otherwise, users' data is processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this privacy policy.

  • Types of data processed: Usage data (e.g. page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta, communication and procedural data (e.g. IP addresses, timestamps, identification numbers, persons involved).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Reach measurement (e.g. access statistics, recognition of returning visitors); profiles with user-related information (creating user profiles). Provision of our online services and user-friendliness.
  • Retention and deletion: Deletion in accordance with the information in the section "General Information on Data Storage and Deletion". Storage of cookies for up to 2 years (Unless otherwise stated, cookies and similar storage methods may be stored on users' devices for a period of up to two years.).
  • Security measures: IP masking (pseudonymisation of the IP address).
  • Legal bases: Consent (Art. 6(1)(a) UK GDPR).

Further Notes on Processing Activities, Procedures and Services:

Google Analytics: We use Google Analytics to measure and analyse the use of our online service on the basis of a pseudonymous user identification number. This identification number contains no unique data such as names or email addresses. It is used to assign analysis information to an end device in order to identify which content users have accessed within one or several usage sessions, which search terms they have used, whether they have accessed it again, or have interacted with our online service. The time of use and its duration are also stored, as well as the sources of users referring to our online service and technical aspects of their end devices and browsers. Pseudonymous profiles of users are created with information from the use of various devices, whereby cookies may be used. Google Analytics does not log or store individual IP addresses for EU users. Analytics does however provide approximate geographic location data by deriving the following metadata from IP addresses: city (and the derived latitude and longitude of the city), continent, country, region, sub-continent (and ID-based counterparts). For EU traffic, IP address data is used exclusively for this derivation of geolocation data before being immediately deleted. It is not logged, is not accessible and is not used for any further purposes. When Google Analytics collects measurement data, all IP queries are executed on EU-based servers before traffic is forwarded to Analytics servers for processing;

Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; legal bases: Consent (Art. 6(1)(a) UK GDPR); website: https://marketingplatform.google.com/intl/de/about/analytics/; security measures: IP masking (pseudonymisation of the IP address); privacy policy: https://policies.google.com/privacy; data processing agreement: https://business.safety.google/adsprocessorterms/; basis for international data transfers: UK-US Data Bridge, International Data Transfer Agreement (IDTA) (https://business.safety.google/adsprocessorterms); opt-out option: opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, settings for the display of advertisements: https://myadcenter.google.com/personalizationoff. Further information: https://business.safety.google/adsservices/ (types of processing and data processed).

Disclosure of Data to Third Parties

In certain cases we disclose personal data to third parties – for example:

to external service providers who support us in the field of IT, or to providers whose services or content we integrate on our website.

We strictly comply with the applicable legal requirements. Where necessary, we conclude special contracts with these third parties to ensure the protection of your data. International data transfers

Where we transfer personal data to countries outside the UK (so-called "third countries") – for example through the use of third-party providers or where data is disclosed to external recipients – this is always done in accordance with the applicable data protection laws.

IP Info

We use IP Info on our website to evaluate IP addresses and obtain location-based information (e.g. city, country, provider, VPN usage). This serves technical optimisation, fraud detection, as well as statistical analysis and presentation.

Service provider: IP Info Inc., 548 Market St. #80852, San Francisco, CA 94104, USA

Legal basis: Art. 6(1)(f) UK GDPR (legitimate interest) in a secure, functional and user-friendly website.

Processing takes place in the USA. IP Info is certified under the UK-US Data Bridge. Further information can be found in IP Info's privacy policy: https://ipinfo.io/privacy-policy

No permanent storage of personal data takes place on our part. The IP address is pseudonymised or deleted after geolocation.

Data Transfers to the USA

For data transfers to the USA, we primarily rely on the UK-US Data Bridge (UK Extension to the EU-U.S. Data Privacy Framework). This was recognised as providing adequate protection by the UK Secretary of State on 12 October 2023. In addition, we use International Data Transfer Agreements (IDTAs), i.e. contractually established safeguards for your data as approved by the UK Information Commissioner's Office (ICO).

The combination of the UK-US Data Bridge and IDTAs offers dual protection:

The UK-US Data Bridge is our primary safeguard.

IDTAs apply if there are any legal or political changes to the UK-US Data Bridge.

For each service provider we inform you whether they are certified under the UK-US Data Bridge and whether we have concluded an IDTA with them.

More information can be found on the website of the UK Information Commissioner's Office: https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/international-transfers/

Other Third Countries

For transfers to other countries outside the UK, we use similar safeguards – depending on the case:

International Data Transfer Agreements (IDTAs)

Your explicit consent or legally required transfers.

Further information on the legal bases can be found on the website of the UK Information Commissioner's Office: https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/international-transfers/

General Information on Data Storage and Deletion

We delete personal data that we process in accordance with legal requirements as soon as the underlying consents are withdrawn or there are no further legal grounds for the processing. This applies in cases where the original processing purpose ceases to apply or the data is no longer needed. Exceptions to this rule exist where statutory obligations or special interests require longer retention or archiving of the data.

In particular, data that must be retained for commercial or tax law reasons, or whose storage is necessary for the pursuit of legal claims or the protection of the rights of other natural or legal persons, must be archived accordingly.

Our privacy notices contain additional information on the retention and deletion of data that apply specifically to certain processing activities.

Where multiple retention periods or deletion deadlines are stated for a piece of data, the longest period shall always prevail.

Where a period does not expressly begin on a specific date and is at least one year in duration, it automatically starts at the end of the calendar year in which the event triggering the period occurred. In the case of ongoing contractual relationships in the context of which data is stored, the event triggering the period is the time at which the termination or other ending of the legal relationship takes effect.

Data that is no longer retained for its originally intended purpose but on account of statutory requirements or other reasons is processed exclusively for the reasons justifying its retention.

Further Notes on Processing Activities, Procedures and Services:
Retention and Deletion of Data: The following general periods apply to retention and archiving under German law:

  • 10 years – Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets, as well as the working instructions and other organisational documents required for their understanding (§ 147(1) no. 1 in conjunction with para. 3 AO, § 14b(1) UStG, § 257(1) no. 1 in conjunction with para. 4 HGB).
  • 8 years – Accounting vouchers, such as invoices and expense receipts (§ 147(1) nos. 4 and 4a in conjunction with para. 3 sentence 1 AO and § 257(1) no. 4 in conjunction with para. 4 HGB).
  • 6 years – Other business documents: received commercial or business letters, reproductions of sent commercial or business letters, other documents insofar as they are relevant for taxation purposes, e.g. hourly wage slips, cost accounting sheets, costing documents, price markings, as well as payroll accounting documents insofar as they are not already accounting vouchers, and cash register strips (§ 147(1) nos. 2, 3, 5 in conjunction with para. 3 AO, § 257(1) nos. 2 and 3 in conjunction with para. 4 HGB).
  • 3 years – Data required to take into account potential warranty and damages claims or similar contractual claims and rights, as well as to handle associated enquiries, based on prior business experience and common industry practice, are stored for the duration of the regular statutory limitation period of three years (§§ 195, 199 BGB).

Collection and Storage of Personal Data in the Shop and for Business Transactions

When you use our services, we collect the following information from you as the owner and/or legal representative of your company:

  • Company name
  • First name, last name
  • Gender
  • Date of birth
  • Address
  • Email address
  • Telephone number (landline and/or mobile)
  • Bank account details
  • Signatory authority
  • Where applicable, further data required for the performance of the contract that you voluntarily provide to us

Purposes of Processing

  • The collection of this data takes place in order to identify you as our customer;
  • to provide you with our services;
  • to enable correspondence with you;
  • for invoicing purposes;
  • for the handling of any liability claims and the assertion of any claims against you

Applicable Legal Bases

Performance of a contract and pre-contractual enquiries (Art. 6(1)(b) UK GDPR) – Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

Payment Procedures

In the context of contractual and other legal relationships, on the basis of legal obligations or otherwise on the basis of our legitimate interests, we offer data subjects efficient and secure payment options and use, in addition to banks and credit institutions, further service providers (collectively "payment service providers").

The data processed by payment service providers includes master data such as name and address, bank data such as account numbers or credit card numbers, passwords, TANs and checksums, as well as contract, transaction and recipient-related information. The details are necessary to process the transactions. The data entered is, however, only processed by payment service providers and stored by them. This means we do not receive any account or credit card related information, but only information confirming or declining the payment. Under certain circumstances, data may be transmitted by payment service providers to credit reference agencies. This transmission is for the purpose of identity and credit checks. We refer to the terms and conditions and the privacy notices of the payment service providers in this regard.

The terms and conditions and the privacy notices of the respective payment service providers apply to payment transactions and are accessible within the respective websites or transaction applications. We also refer to these for further information and the assertion of rights of withdrawal, access and other data subject rights.

  • Types of data processed: Master data (e.g. full name, residential address, contact information, customer number, etc.); payment data (e.g. bank details, invoices, payment history); contract data (e.g. subject matter of contract, duration, customer category); usage data (e.g. page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta, communication and procedural data (e.g. IP addresses, timestamps, identification numbers, persons involved).
  • Data subjects: Service recipients and clients; business and contractual partners. Prospective customers.
  • Purposes of processing: Provision of contractual services and fulfilment of contractual obligations. Business processes and commercial procedures.
  • Retention and deletion: Deletion in accordance with the information in the section "General Information on Data Storage and Deletion".
  • Legal bases: Performance of a contract and pre-contractual enquiries (Art. 6(1)(b) UK GDPR). Legitimate interests (Art. 6(1)(f) UK GDPR).

Further Notes on Processing Activities, Procedures and Services

  • Klarna: Payment services (technical integration of online payment methods); service provider: Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden; legal bases: performance of a contract and pre-contractual enquiries (Art. 6(1)(b) UK GDPR); website: https://www.klarna.com/de. Privacy policy: https://www.klarna.com/de/datenschutz.
  • Mastercard: Payment services (technical integration of online payment methods); service provider: Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium; legal bases: performance of a contract and pre-contractual enquiries (Art. 6(1)(b) UK GDPR); website: https://www.mastercard.de/de-de.html. Privacy policy: https://www.mastercard.de/de-de/datenschutz.html.
  • PayPal: Payment services (technical integration of online payment methods) (e.g. PayPal, PayPal Plus, Braintree); service provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg; legal bases: performance of a contract and pre-contractual enquiries (Art. 6(1)(b) UK GDPR); website: https://www.paypal.com/de. Privacy policy: https://www.paypal.com/de/legalhub/paypal/privacy-full.
  • Visa: Payment services (technical integration of online payment methods); service provider: Visa Europe Services Inc., London Branch, 1 Sheldon Square, London W2 6TT, GB; legal bases: performance of a contract and pre-contractual enquiries (Art. 6(1)(b) UK GDPR); website: https://www.visa.de. Privacy policy: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.

Data Subject Rights

You have the right:

pursuant to Art. 7(3) UK GDPR to withdraw any consent you have given to us at any time. This has the consequence that we may no longer continue the data processing based on this consent for the future;

pursuant to Art. 15 UK GDPR to request information about your personal data processed by us. In particular, you may request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned retention period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data insofar as it was not collected by us, as well as the existence of automated decision-making including profiling and, where applicable, meaningful information about its details;

pursuant to Art. 16 UK GDPR to request the immediate rectification of inaccurate or completion of your personal data stored by us;

pursuant to Art. 17 UK GDPR to request the erasure of your personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;

pursuant to Art. 18 UK GDPR to request the restriction of the processing of your personal data, insofar as the accuracy of the data is contested by you, the processing is unlawful but you oppose the erasure of the data and we no longer need the data but you require it for the establishment, exercise or defence of legal claims, or you have lodged an objection to the processing pursuant to Art. 21 UK GDPR;

pursuant to Art. 20 UK GDPR to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request the transfer to another controller, and pursuant to Art. 77 UK GDPR to lodge a complaint with a supervisory authority.

The supervisory authority responsible for data protection in the United Kingdom is: Information Commissioner's Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, United Kingdom

Right to Object

If your personal data is processed on the basis of legitimate interests pursuant to Art. 6(1)(f) UK GDPR, you have the right pursuant to Art. 21 UK GDPR to object to the processing of your personal data, provided there are grounds relating to your particular situation.

If you wish to exercise your right to object, an email to privacy@ille.eu or a letter to the address stated under item 1 is sufficient.

Altenstadt, 12.08.2025

Language

We detected you're in .
Would you like to switch to your regional site?

Stay hereSwitch to my region