Introduction:

At IIBMF,  we prioritize the privacy and protection of our users’ data. This policy outlines our practices in line with GDPR and U.S. privacy laws, ensuring comprehensive data protection for all users interacting with IIBMF services, accessible via https://www.iibmf.com

1. Personal Data and Processing

• Personal Data: Includes any information related to an identifiable person such as name, ID, location, online identifier, etc.
• Processing: Any operation performed on personal data, whether automated or not, like collection, storage, use, disclosure, etc.

2. Controller Information

• Controller: IIBMF, operated by Alenya Empire LLC, USA.
• Contact: info@iibmf.com , www.iibmf.com

3. Use of Cookies

• The IIBMF website uses cookies, which are text files stored on a computer system through an Internet browser. These cookies are widely used across various websites and contain a unique identifier, the cookie ID. This ID allows websites to recognize and differentiate between different browsers based on the specific cookies they store. Cookies enhance the user experience on the IIBMF website by enabling personalized services and optimizing the website’s functionality. For example, they can remember a user’s login details or the contents of a shopping cart, making website navigation more convenient.
• Users have control over these cookies. They can prevent cookies from being set by adjusting their browser settings and can also delete existing cookies at any time. However, disabling cookies might limit the full functionality of the IIBMF website.

4. Collection of General Data and Information

• Collects data like browser type, operating system, referrer URLs, IP addresses, etc., for improving service quality and security.
• The IIBMF website automatically collects various types of general data and information when visited by a person or an automated system. This data, stored in server log files, includes browser types and versions, operating systems of the accessing systems, referring websites, sub-websites visited, date and time of access, IP addresses, and the Internet service provider of the accessing system. This information might also include data relevant in the event of IT system attacks.
• The IIBMF does not use this information to identify individuals. Instead, the data serves several purposes: ensuring correct website content delivery, optimizing website content and advertising, maintaining the integrity of their IT systems and website technology, and aiding law enforcement in cyber-attack investigations. The IIBMF conducts statistical analysis of this anonymously collected data to enhance data protection and security, aiming to provide a high level of protection for processed personal data. Importantly, this anonymous server log data is kept separate from any personal data provided by visitors.

5. User Registration

• Collects data during registration for internal use and service provision. Includes safeguards against misuse and the option for data modification or deletion.
• Individuals can register on the controller’s website by providing personal data, determined by the registration form used. This data is collected and stored solely for the controller’s internal purposes. The controller may share this data with processors (like a parcel service) for purposes related to the controller.
• Registration also records the user’s IP address, date, and time, provided by their Internet service provider. This is to prevent misuse of services and facilitate investigation of offenses, making it essential for the controller’s security. This data is not shared with third parties unless legally required or for criminal prosecution.
• Registration allows users to access specific content or services available only to registered users. Registered users can modify or completely delete their personal data from the controller’s records at any time.
• The controller is committed to transparency about personal data storage and will provide, correct, or erase users’ data upon request, unless legally required to retain it. The controller’s employees are available to assist users with these requests.

6. Newsletter Subscriptions

• IIBMF offers a newsletter subscription service on its website. To subscribe, users must provide their email address and consent to receive the newsletter. This process involves a double opt-in procedure, where a confirmation email is sent to the provided email address for legal authentication. Additionally, IIBMF records the subscriber’s IP address, date, and time of registration to prevent potential misuse of the email address and for legal protection. The collected personal data is used solely for sending the newsletter and related communications. Subscribers are informed of any changes to the newsletter service or technical updates as necessary. Personal data is not shared with third parties. Subscribers can revoke their consent and unsubscribe from the newsletter at any time through a link in the newsletter or via the IIBMF website.

7. Newsletter Tracking

• The IIBMF’s newsletter uses tracking pixels, tiny graphics in HTML emails, for logging and analyzing online marketing campaigns. These pixels allow the IIBMF to track when and if an email is opened and which links are clicked. The collected data helps optimize newsletter delivery and tailor content to recipients’ interests. This data is not shared with third parties. Recipients can revoke their consent at any time, and upon such revocation, their data is deleted by the controller. Unsubscribing from the newsletter is considered a revocation of consent.

8. Data Erasure and Blocking

• Data is stored as long as necessary or mandated by law, after which it is blocked or deleted.
• The data controller will handle and keep the personal data of the individual only as long as needed for the storage’s intended purpose, or as permitted by U.S. law and other regulations applicable to the controller. When the purpose of storage becomes irrelevant, or upon the expiration of a storage period mandated by U.S. legislation or other relevant authorities, the personal data will be routinely restricted or deleted in compliance with legal obligations.

9. User Rights

Under U.S. law, individuals have several rights regarding their personal data:

Right to Confirmation: Individuals can request and receive confirmation on whether their personal data is being processed by a data controller.

Right of Access: Individuals have the right to access their personal data stored by a controller. This includes information about the processing purposes, data types, recipients, expected storage duration, and rights to correction, deletion, or restriction of processing. They’re also entitled to know about any automated decision-making and international data transfers.

Right to Rectification: Individuals can request the correction of inaccurate personal data and completion of incomplete data.

Right to Erasure (Right to be Forgotten): Individuals can ask for the deletion of their personal data when it’s no longer necessary, consent is withdrawn, processing is unlawful, or for legal compliance. Controllers must inform other controllers processing the publicized personal data about the erasure request.

Right to Restriction of Processing: Individuals can request the restriction of processing their data in cases of contested accuracy, unlawful processing, necessity for legal claims, or pending review of processing objections.
Right to Data Portability: Individuals can receive their personal data in a structured, commonly used, and machine-readable format. They have the right to transfer this data to another controller without obstruction from the original controller, provided the processing is based on consent or contract and carried out by automated means. Direct transmission of data between controllers is possible where technically feasible.

Right to Object: Individuals can object to the processing of their personal data based on certain grounds, including for direct marketing and profiling related to marketing. Processing must cease upon objection unless the controller demonstrates compelling legitimate grounds or needs the data for legal claims. This right also extends to objecting to data processing for research or statistical purposes, unless necessary for public interest tasks.

Automated Individual Decision-Making, Including Profiling: Individuals have the right not to be subject to decisions based solely on automated processing, including profiling, that have significant effects on them, unless necessary for a contract, authorized by law, or based on explicit consent. Where such decisions are necessary for contracts or based on consent, safeguards including human intervention and the right to contest the decision must be provided.

Right to Withdraw Data Protection Consent: Individuals can withdraw their consent for the processing of their personal data at any time.
For exercising these rights, individuals can contact a representative of the data controller at any time.

10. Third-Party Services

Data Protection Regarding Facebook Use on This Website:

• This website incorporates features from Facebook, a social network that allows users to create profiles, upload photos, and connect through friend requests. Facebook, Inc. in the U.S. and Facebook Ireland Ltd. in Ireland are the respective operators, depending on the user’s location.
• When a user visits a page on this website with a Facebook plugin, their browser automatically downloads the relevant Facebook component, enabling interaction with Facebook features directly from the website. Facebook receives information about the user’s specific website visit, which is linked to their Facebook account if they are logged in to Facebook simultaneously. This integration allows actions like clicking the “Like” button or commenting to be associated with the user’s Facebook account.
• Users who do not wish their visit information to be shared with Facebook can avoid this by logging out of their Facebook account before visiting the website. Facebook’s data protection guidelines, available at their privacy page, provide details on data collection, processing, and usage, as well as privacy settings and options to prevent data transmission to Facebook. Users can adjust these settings to control how their data is shared with Facebook.

Google Analytics with Anonymization on This Website: 
This website uses Google Analytics with anonymization, a service for analyzing website visitor behavior. It tracks from where visitors come, which pages they visit, and the duration and frequency of visits, aiding in website optimization and Internet advertising analysis.
Google Inc. is the provider of Google Analytics. The website uses “_gat._anonymizeIp” to shorten and anonymize the IP address of visitors from the European Union or European Economic Area.
Google Analytics’ purpose is to analyze website traffic. It uses collected data to assess website usage, compile activity reports, and offer additional services related to website and internet use. For this analysis, Google Analytics places a cookie on the visitor’s device. This cookie stores data like access time, location, and visit frequency. Whenever a page with Google Analytics is accessed, the visitor’s browser automatically sends this data to Google, which can be used for online advertising and commission settlements.
Personal data, including the IP address, are transmitted to and stored by Google in the United States. Google may share this data with third parties.
Visitors can prevent cookie storage through browser settings, which also stops data collection by Google Analytics. To further opt out of data collection by Google Analytics, visitors can download and install a browser add-on from https://tools.google.com/dlpage/gaoptout. This add-on prevents data transmission to Google Analytics. If the add-on is uninstalled or disabled, it must be reinstalled or reactivated.

For more information on Google’s data protection practices, visit https://www.google.com/intl/en/policies/privacy/ and http://www.google.com/analytics/terms/us.html. More details on Google Analytics can be found at https://www.google.com/analytics/.

Use of Google Remarketing on This Website:

This website utilizes Google Remarketing, a feature of Google AdWords that enables the display of targeted advertising to users who have previously visited the site. This service allows for the creation of user-specific advertisements, showing relevant ads to interested users.

Google Inc. operates Google Remarketing. The primary aim of Google Remarketing is to present interest-based advertisements. It allows the display of ads on the Google network or other websites tailored to the individual needs and interests of users.

Google Remarketing uses cookies on the visitor’s device. These cookies enable Google to recognize visitors to our website when they visit other sites within the Google advertising network. During these visits, the user’s browser automatically communicates with Google, which may receive personal information like the IP address or browsing behavior, used for interest-based advertising.

The cookies store personal data, such as the web pages visited. When visiting our website, personal data, including the IP address of the user’s internet access, are transmitted to Google in the United States and stored there. Google may share this data with third parties.

Users can prevent cookie storage through their browser settings, which also blocks Google from setting cookies. Existing Google cookies can also be deleted at any time via browser or other software programs.

Additionally, users can opt out of Google’s interest-based advertising by visiting www.google.de/settings/ads and adjusting settings for each browser they use.

For more detailed information on Google’s data protection practices, visit https://www.google.com/intl/en/policies/privacy/.

Integration of Google+ on This Website:

This website includes the Google+ button, a feature of the Google+ social network. Google+ is an online platform that facilitates user communication and interaction in a virtual community, allowing for the exchange of opinions, experiences, and personal or business information. Users can create private profiles, upload photos, and connect via friend requests.

Google Inc. operates Google+. Each visit to a page of this website with a Google+ button prompts the visitor’s browser to automatically download the corresponding display of the Google+ button. Through this process, Google is informed about which specific page of the website was visited. Detailed information about Google+ can be found at https://developers.google.com/+/.

If a visitor is logged into Google+ while visiting our website, Google tracks which specific pages were visited and associates this information with the visitor’s Google+ account. Clicking the Google+ button and giving a “+1” recommendation links this action to the user’s Google+ account, storing their personal data. This “+1” recommendation is then used across various Google services, such as in Google search results, the user’s Google account, and elsewhere online, like on web pages or in advertisements. Google may also link website visits with other personal data held by Google to improve its services.

The Google+ button informs Google of a user’s visit to our site if they are logged into Google+ during the visit, regardless of whether they click the Google+ button or not.

Users who do not wish to share personal data with Google can prevent this by logging out of their Google+ account before visiting our website.

For more information on Google’s data protection policies, visit https://www.google.com/intl/en/policies/privacy/. Additional details on the Google+ “+1” button are available at https://developers.google.com/+/web/buttons-policy.

Use of Google AdWords on This Website:

This website employs Google AdWords, a service for internet advertising that allows the placement of ads on Google’s search engine results and its advertising network. Advertisers can specify keywords so that their ads appear in search results relevant to those keywords, and within the Google Advertising Network, ads are distributed on web pages based on these keywords.

Google Inc. operates Google AdWords. The service aims to promote our website by displaying relevant ads on third-party sites and Google search results, and by hosting third-party ads on our site.

When a user arrives at our website via a Google ad, Google places a conversion cookie on their device. This cookie, which expires after 30 days, is not for identifying the user but to track if they visit certain pages like a shopping cart. This data helps Google and us understand the effectiveness of the ads in generating sales.

Google uses data from the conversion cookie to compile visit statistics for our website. These statistics help assess the performance of AdWords ads and optimize future ads. Neither we nor other advertisers receive information from Google that can identify the user.

The conversion cookie records personal data like the web pages visited. Whenever our website is accessed, data including the user’s IP address is transmitted to Google in the United States. Google may share these data with third parties.

Users can refuse cookies via their browser settings, which also prevents Google AdWords from placing a conversion cookie. Additionally, any Google AdWords cookie can be deleted through browser or software settings.

Users can opt out of Google’s interest-based advertising by setting preferences at www.google.de/settings/ads from each browser they use.

For more information on Google’s data protection practices, visit https://www.google.com/intl/en/policies/privacy/.

Use of Instagram on This Website:

This website includes components from Instagram, an audiovisual platform that enables users to share photos and videos and disseminate them across other social networks. Instagram LLC operates these services.

Every visit to a page on this website with an integrated Instagram component (Insta button) prompts the user’s browser to download a display of the Instagram component. Through this process, Instagram is informed about which specific sub-page of our website the user visits.

If the user is logged into Instagram during their visit to our website, Instagram tracks which specific sub-pages are visited and associates this information with the user’s Instagram account. Actions like clicking an Instagram button on our website are linked to the user’s Instagram account and their personal data is stored by Instagram.

Instagram is notified that the user has visited our website if they are logged into Instagram at the time of the visit. This happens whether or not the user clicks on the Instagram button. Users who do not want their information transmitted to Instagram can prevent this by logging out of their Instagram account before visiting our website.

For more information on Instagram’s data protection practices, users can visit https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/.

Use of LinkedIn on This Website:

This website incorporates components from LinkedIn Corporation, a web-based social network focused on professional connections and business networking. LinkedIn is the largest platform for business contacts, used by over 400 million people across more than 200 countries.

LinkedIn Corporation, based in Mountain View, California, operates the service, with LinkedIn Ireland handling privacy matters outside the U.S.

Each visit to a page on this website featuring a LinkedIn component (LinkedIn plug-in) triggers the user’s browser to download that component. More details on LinkedIn plug-ins can be found at https://developer.linkedin.com/plugins. Through this process, LinkedIn learns which specific sub-page of our website the user visits.

If a user is logged into LinkedIn while visiting our website, LinkedIn tracks the specific sub-pages they visit and associates this information with their LinkedIn account. Actions like clicking a LinkedIn button on our website are linked to the user’s LinkedIn account, and their personal data is stored by LinkedIn.

LinkedIn is notified of the user’s visit to our website if they are logged in to LinkedIn during the visit. This occurs whether or not the user interacts with the LinkedIn button. Users can prevent the transmission of information to LinkedIn by logging out of their LinkedIn account before visiting our website.

LinkedIn offers options to unsubscribe from emails, SMS messages, and targeted ads, and to manage ad settings at https://www.linkedin.com/psettings/guest-controls. LinkedIn also partners with several companies like Google Analytics and DoubleClick, and users can refuse their cookies at https://www.linkedin.com/legal/cookie-policy. LinkedIn’s privacy policy is available at https://www.linkedin.com/legal/privacy-policy, and its cookie policy at https://www.linkedin.com/legal/cookie-policy.

Use of Twitter on This Website:

This website includes components from Twitter, a microblogging service that allows users to post and share ‘tweets’—short messages limited to 280 characters. Tweets are publicly available to all users, including those not logged in to Twitter, and are displayed to a user’s followers. Twitter also facilitates reaching a broader audience through hashtags, links, and retweets.

Twitter, Inc., based in San Francisco, California, operates the service.

Visiting a page on this website with an integrated Twitter component (Twitter button) prompts the user’s browser to download the corresponding Twitter component. More information about Twitter buttons can be found at https://about.twitter.com/de/resources/buttons. This process informs Twitter about the specific sub-page of our website visited by the user. The integration of the Twitter component aims to share the content of this website, thereby increasing our visitor numbers.

If a user is logged into Twitter during their visit to our website, Twitter tracks which specific sub-pages they visit and links this information to their Twitter account. Actions like clicking a Twitter button on our website are linked to the user’s Twitter account, and their personal data is stored by Twitter.

Twitter is notified of the user’s visit to our website if they are logged into Twitter at the time of the visit. This happens whether or not the user interacts with the Twitter component. Users can prevent the transmission of information to Twitter by logging out of their Twitter account before visiting our website.

Twitter’s data protection policy is available at https://twitter.com/privacy?lang=en.

Use of YouTube on This Website:

This website incorporates components from YouTube, an internet video portal that allows users to upload, view, and interact with videos freely. YouTube hosts a wide range of content, including movies, TV shows, music videos, trailers, and user-generated videos.

YouTube, LLC, based in San Bruno, California, operates the platform and is a subsidiary of Google Inc.

Visiting a page on this website with an integrated YouTube component (YouTube video) prompts the user’s browser to download the corresponding YouTube component. More information about YouTube can be found at https://www.youtube.com/yt/about/en/. Through this process, YouTube and Google are informed about which specific sub-page of our website the user visits.

If a user is logged into YouTube during their visit, YouTube tracks which specific sub-pages containing YouTube videos are visited and associates this information with the user’s YouTube account.

YouTube and Google are notified of the user’s visit to our website if they are logged into YouTube at the time of the visit. This happens regardless of whether the user interacts with a YouTube video. Users can prevent the transmission of this information to YouTube and Google by logging out of their YouTube account before visiting our website.

YouTube’s data protection policy, providing details on the collection, processing, and use of personal data by YouTube and Google, is available at https://www.google.com/intl/en/policies/privacy/.

Use of DoubleClick by Google on This Website:

This website uses components from DoubleClick by Google, a service primarily providing online marketing solutions for advertising agencies and publishers.

Operated by Google Inc., DoubleClick facilitates data transmission with each ad impression, click, or other interaction, prompting a cookie request in the user’s browser. If accepted, the cookie, used for optimizing and displaying ads, is stored on the user’s device. The cookie’s functions include displaying relevant ads to users, generating advertising campaign reports, and preventing the same ads from being shown repeatedly.

The cookie uses an ID essential for the technical process, like showing ads in a browser or avoiding ad duplications. It also enables conversion tracking, such as recording purchases made on an advertiser’s website after viewing a DoubleClick ad.

DoubleClick cookies do not contain personal data but may include campaign IDs to identify user-interacted campaigns.

Each visit to a page with an integrated DoubleClick component results in the user’s browser sending data to Google for online advertising and commission billing purposes. Through this process, Google may collect data for commission calculation, like recognizing user-clicked links on our site.

Users can prevent cookie setting at any time by adjusting their web browser settings, which also stops Google from setting cookies on their device. Additionally, any existing Google cookies can be deleted via the browser or other software.

For more information on DoubleClick’s data protection practices, visit https://www.google.com/intl/en/policies/.

Use of PayPal as a Payment Processor on This Website:

This website uses PayPal for online payment processing. PayPal is a service that enables payments through PayPal accounts, which are virtual private or business accounts. It can also process payments via credit cards for users without a PayPal account. Managed via an email address instead of traditional account numbers, PayPal facilitates sending and receiving online payments and provides trustee functions and buyer protection services.

PayPal (Europe) S.à.r.l. & Cie. S.C.A., headquartered in Luxembourg, operates PayPal in Europe.

When a user selects PayPal as the payment method in the online shop, their personal data is automatically transmitted to PayPal. This selection implies consent for the transfer of data necessary for payment processing.

Data typically sent to PayPal includes names, address, email, IP address, telephone numbers, and other data essential for processing the transaction. This data is needed for the execution of the purchase contract associated with the order.

The purpose of data transmission is for payment processing and fraud prevention. The data may be shared by PayPal with credit agencies for identity and credit checks, based on a legitimate interest in the transmission.

PayPal may also transfer personal data to its affiliates, service providers, or subcontractors as required to fulfill contractual obligations or for data processing.

Users can revoke their consent for data handling by PayPal at any time. However, revocation does not affect the processing of data required for contractual payment processing.

PayPal’s data protection policy is available at https://www.paypal.com/us/webapps/mpp/ua/privacy-full.

11. Legal Basis for Processing

The legal basis for data processing activities depends on the specific purpose and context in which personal data is collected:
Consent (Art. 6(1) lit. a GDPR): Processing operations that have the data subject’s consent for a particular purpose rely on this basis.

Contractual Necessity (Art. 6(1) lit. b GDPR): If processing is necessary for the performance of a contract to which the data subject is a party, or for pre-contractual measures (e.g., responding to inquiries about products or services), this basis applies.

Legal Obligations (Art. 6(1) lit. c GDPR): Processing required for compliance with legal obligations, such as tax laws, falls under this category.

Vital Interests (Art. 6(1) lit. d GDPR): In rare cases, processing may be necessary to protect the vital interests of the data subject or another person, such as in emergency medical situations.

Legitimate Interests (Art. 6(1) lit. f GDPR): This basis covers processing operations not encompassed by the above categories, where processing is necessary for the legitimate interests of the company or a third party, provided these interests are not overridden by the data subject’s rights and freedoms. The European legislator deems such processing operations permissible, especially when the data subject is a client of the controller.
These legal foundations ensure that data processing adheres to GDPR standards, balancing organizational needs with individual rights and freedoms.

12. Data Storage Period

• Data is stored as per statutory retention periods or as long as necessary for contractual purposes.

13. Requirements and Consequences Regarding the Provision of Personal Data:

Providing personal data may be legally mandatory (e.g., for tax purposes) or arise from contractual agreements (e.g., details about a contractual partner). In some instances, for a contract to be established, it’s essential that the data subject provides personal data that we then process. For example, if our company is to enter into a contract with an individual, they must supply us with certain personal data. If they do not provide this data, it could result in the inability to finalize the contract. Data subjects should consult with a relevant employee before supplying personal data. This employee will inform them whether the provision of data is legally or contractually required, if it’s necessary for concluding a contract, and the implications of not providing the needed data.

14. Automated Decision-Making

• IIBMF does not engage in automated decision-making or profiling.

15. Amendments to the Policy

• IIBMF reserves the right to update this policy as necessary. Users will be notified of significant changes.