Privacy Policy

We are committed to protecting your privacy and ensuring the security of your personal information. This policy explains how we collect, use, and safeguard your data.

Data Protection

Your data is protected with industry-standard encryption

Secure Storage

All information is stored securely and access-controlled

Transparency

Clear information about how we use your data

Your Rights

Full control over your personal information

Minimal Collection

We only collect what's necessary for our services

Global Standards

Compliant with international privacy regulations

Privacy Policy Details
Effective Date: 31.07.2025

Data Controller:
Beyer & Jdaa IPM Consulting GbR
Bahnhofstr. 76
25715 Eddelak
Germany

Contact:
Email: info@ipm-consulting.org



1. Introduction



This Privacy Policy explains how CertNX ("we," "our," or "us") collects, uses, and protects your personal data in accordance with the General Data Protection Regulation (GDPR) and German data protection laws. We are committed to protecting your privacy and ensuring the security of your personal information.



2. Legal Basis for Data Processing



We process your personal data based on the following legal grounds:

- Consent (Art. 6(1)(a) GDPR): When you explicitly consent to data processing
- Contract Performance (Art. 6(1)(b) GDPR): To fulfill our contractual obligations
- Legitimate Interest (Art. 6(1)(f) GDPR): For website functionality and security
- Legal Obligation (Art. 6(1)(c) GDPR): To comply with applicable laws



3. Data We Collect



#### 3.1 Information You Provide

- Contact Information: Name, email address, phone number
- Business Information: Company name, job title, industry
- Service Requests: Information about your compliance needs
- Communication: Messages and correspondence with us

#### 3.2 Automatically Collected Information

- Technical Data: IP address, browser type, operating system
- Usage Data: Pages visited, time spent, navigation patterns
- Device Information: Device type, screen resolution, language settings
- Cookies: Essential and functional cookies for website operation

#### 3.3 Third-Party Data

We may receive information from:
- Business partners and service providers
- Public sources and directories
- Referral sources



4. How We Use Your Data



#### 4.1 Primary Purposes

- Service Delivery: Providing compliance auditing and certification services
- Communication: Responding to inquiries and providing support
- Contract Management: Managing client relationships and agreements
- Quality Assurance: Improving our services and processes

#### 4.2 Secondary Purposes

- Marketing: Sending relevant information about our services (with consent)
- Analytics: Understanding website usage and improving user experience
- Security: Protecting against fraud and ensuring system security
- Compliance: Meeting legal and regulatory requirements



5. Data Sharing and Transfers



#### 5.1 Internal Sharing

Your data may be shared within our organization for:
- Service delivery and support
- Quality assurance and training
- Administrative purposes

#### 5.2 External Sharing

We may share your data with:

- Service Providers: IT services, hosting, analytics
- Business Partners: Certification bodies, compliance tools
- Legal Authorities: When required by law
- Professional Advisors: Legal, accounting, and consulting services

#### 5.3 International Transfers

Data may be transferred to countries outside the EU/EEA. We ensure adequate protection through:
- Standard Contractual Clauses (SCCs)
- Adequacy decisions by the European Commission
- Binding corporate rules where applicable



6. Data Security



We implement appropriate technical and organizational measures to protect your data:

- Encryption: Data encrypted in transit and at rest
- Access Controls: Role-based access and authentication
- Regular Audits: Security assessments and penetration testing
- Employee Training: Regular privacy and security training
- Incident Response: Procedures for data breach notification



7. Data Retention



We retain your data only as long as necessary:

- Active Clients: Duration of service relationship + 7 years
- Prospects: 2 years from last contact
- Website Analytics: 26 months
- Legal Requirements: As required by applicable laws
- Consent-Based: Until consent is withdrawn



8. Your Rights



Under GDPR, you have the following rights:

#### 8.1 Access and Information

- Right of Access: Request a copy of your personal data
- Right to Information: Understand how your data is processed
- Right to Portability: Receive your data in a structured format

#### 8.2 Control and Correction

- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure: Request deletion of your data ("right to be forgotten")
- Right to Restriction: Limit how your data is processed

#### 8.3 Objection and Withdrawal

- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent at any time
- Right to Complain: Lodge a complaint with supervisory authorities

#### 8.4 Automated Decision Making

- Right to Human Review: Request human intervention in automated decisions
- Right to Explanation: Understand the logic behind automated decisions



9. Cookies and Tracking



#### 9.1 Essential Cookies

These cookies are necessary for website functionality:
- Session management and security
- Language preferences
- Form submissions

#### 9.2 Functional Cookies

These cookies enhance user experience:
- Analytics and performance monitoring
- User interface customization
- Service optimization

#### 9.3 Cookie Management

You can control cookies through:
- Browser settings
- Our cookie consent banner
- Third-party opt-out mechanisms



10. Children's Privacy



Our services are not intended for children under 16. We do not knowingly collect personal data from children. If we become aware of such collection, we will delete the information promptly.



11. Third-Party Services



We use third-party services that may collect data:

- Analytics: Google Analytics (with anonymization)
- Hosting: Secure cloud hosting providers
- Communication: Email and messaging services
- Payment Processing: Secure payment gateways

Each service has its own privacy policy, and we recommend reviewing them.



12. Data Breach Procedures



In the event of a data breach, we will:

1. Immediate Response: Contain and assess the breach
2. Notification: Inform supervisory authorities within 72 hours
3. Communication: Notify affected individuals when required
4. Documentation: Maintain records of all breach incidents
5. Remediation: Implement measures to prevent future breaches



13. Changes to This Policy



We may update this Privacy Policy periodically. Changes will be:

- Posted on our website with updated effective date
- Communicated to active clients via email
- Available upon request



14. Contact Information



For privacy-related inquiries, please contact us:

Data Protection Officer:
Email: privacy@ipm-consulting.org

General Inquiries:
Email: info@ipm-consulting.org

Postal Address:
Beyer & Jdaa IPM Consulting GbR
Bahnhofstr. 76
25715 Eddelak
Germany

Supervisory Authority:
The Hamburg Commissioner for Data Protection and Freedom of Information



15. Complaints



If you have concerns about our data processing, you may:

1. Contact our Data Protection Officer
2. Lodge a complaint with the supervisory authority
3. Seek legal remedies under GDPR

We are committed to resolving privacy concerns promptly and transparently.

Questions About Privacy?

If you have any questions about our privacy policy, please don't hesitate to contact us.

Contact UsEmail Privacy Team

Last updated: July 31, 2025 • Version 2.1