1Controller
Data Controller Information
72762 Reutlingen, Germany
2Purposes & Legal Bases
Legal Basis for Data Processing
- Website operation & IT security (server logs, delivery, troubleshooting): Art. 6(1)(f) GDPR (legitimate interests in secure operation).
- Contact & demo requests (forms/email): Art. 6(1)(b) GDPR (pre-contractual steps).
- Cookies: We currently use only essential cookies. If we later deploy non-essential cookies (analytics/marketing), we will obtain prior consent (Art. 6(1)(a) GDPR + §25 TTDSG).
3Categories of Personal Data
Types of Data We Collect
- Server logs: IP address (shortened where possible), date/time, URL, referrer, user agent, status code.
- Contact/Demo: Name, organization, business email, site type, POS system, free-text message.
4Recipients / Processors
Hosting provider, email service, (optionally) file storage/monitoring. We sign Data Processing Agreements (Art. 28 GDPR) with all processors. Current list: [/sub-processors].
5International Transfers
Currently none. If needed in future, we will use appropriate safeguards (e.g., EU Standard Contractual Clauses) plus supplementary measures.
6Retention
- Server logs: up to 30 days.
- Contact/demo data: typically up to 12 months or until the request is closed, unless statutory retention applies.
7Your Rights (Art. 12–22 GDPR)
Your Data Protection Rights
Access, rectification, erasure, restriction, data portability, objection; withdrawal of consent with future effect. You may lodge a complaint with your supervisory authority.
8Necessity of Provision
Fields marked as required are needed to handle your request; without them we cannot process it.
9Cookies
See [/cookies] for details on essential cookies. Non-essential cookies will only be set after your opt-in.
10Integrations / Fiscal Note
IOMS is not a TSE provider and does not perform fiscalization. We ingest DSFinV-K day-end exports from systems such as SAP Customer Checkout / Oracle MICROS Simphony and link them to waste events for traceability/audit trail.