IDM interactive digital media

Legal

Privacy Policy

Last updated: April 2026

interactive digital media GmbH (hereinafter "IDM", "we" or "us") takes the protection of your personal data very seriously. This Privacy Policy informs you in accordance with Art. 13 and 14 of the General Data Protection Regulation (GDPR) about the personal data we collect, how we process it and what rights you have as a data subject.

1. Data Controller

The controller within the meaning of the GDPR is:

interactive digital media GmbH
Moislinger Allee 9D
23558 Lübeck
Germany

Phone: +49 451 317021-0
Email: datenschutz@i-digital-m.com
Web: www.i-digital-m.com

Managing Director: Boris Hoppe
Commercial Register: Amtsgericht Lübeck, HRB 9738

2. Principles of Data Processing

We process personal data only where one of the following legal bases under Art. 6 (1) GDPR applies:

  • Art. 6(1)(a) GDPR – Consent of the data subject (e.g. newsletter, non-essential cookies)
  • Art. 6(1)(b) GDPR – Performance of a contract or pre-contractual measures
  • Art. 6(1)(c) GDPR – Compliance with a legal obligation
  • Art. 6(1)(f) GDPR – Legitimate interests (unless overridden by the data subject's interests)

We collect and process personal data in accordance with the principle of data minimisation. All data is processed exclusively for the stated purpose and deleted after that purpose is fulfilled, unless statutory retention obligations apply.

3. Hosting and Server Log Files

Our website is hosted on our own servers in a German data centre. Each time the website is accessed, our web server automatically collects information in server log files transmitted by your browser:

  • IP address (anonymised after 7 days)
  • Date and time of the request
  • Browser type and version
  • Operating system
  • Referrer URL (previously visited page)
  • Hostname of the accessing computer
  • Data volume transferred and HTTP status code

Purpose: Ensuring stable operation, detecting and defending against attacks, technical error analysis.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the security and stability of our services).

Retention period: Server log files are retained for a maximum of 30 days and then automatically deleted.

4. Cookies and Consent Management

Our website uses cookies — small text files stored in your browser. We distinguish between:

4.1 Technically Necessary Cookies

These cookies are strictly required for the operation of the website (e.g. session management, CSRF protection, cookie consent status). They are set without your consent.

Legal basis: Art. 6(1)(f) GDPR.

4.2 Analytics Cookies (Matomo)

With your consent, we set Matomo cookies for web analytics (see Section 5). These cookies are only activated after your explicit consent via our cookie consent banner.

Legal basis: Art. 6(1)(a) GDPR.

4.3 Cookie Management

You can adjust your cookie settings at any time via the "Cookie Settings" link in the footer of this website. You can also disable cookies in your browser — please note that this may impair the functionality of the website.

5. Web Analytics with Matomo

We use Matomo (formerly Piwik), a self-hosted open-source web analytics platform. Matomo is operated entirely on our own servers in Germany — no data is transmitted to third parties or to third countries.

Data processed:

  • Anonymised IP address (last octet removed before storage)
  • Pages visited and time spent
  • Referrer (source page)
  • Browser type, operating system, screen resolution
  • Country (derived from anonymised IP)

Purpose: Analysis of website usage to optimise our content and user experience.

Legal basis: Art. 6(1)(a) GDPR (consent).

Opt-Out: You can object to Matomo analysis at any time by unchecking the box in our cookie consent banner or by enabling "Do Not Track" in your browser. Matomo respects the DNT setting.

Retention period: Analytics data is automatically deleted after 13 months.

6. Contact Form and Email Contact

When you contact us via our contact form or by email, we process the data you provide to handle your enquiry:

  • First and last name
  • Email address
  • Company and role (optional)
  • Phone number (optional)
  • Content of your message
  • Time of enquiry

Purpose: Processing your enquiry, answering your questions, and where applicable, initiating a contractual relationship.

Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures) or Art. 6(1)(f) GDPR (legitimate interest in responding to enquiries).

Retention period: Enquiry data is deleted after final processing, and no later than 3 years, unless a contractual relationship has been established. Where relevant for tax purposes, statutory retention periods apply (10 years, § 147 AO).

7. Newsletter and Email Marketing

With your consent, we send a newsletter containing information about our products, whitepapers, industry news and events.

7.1 Registration (Double Opt-In)

Newsletter registration uses a double opt-in process: after entering your email address, you receive a confirmation email with an activation link. Only after confirming this link will your email address be added to our newsletter list. We store:

  • Email address
  • Time of registration and confirmation
  • IP address at the time of registration (as evidence of consent)
  • Company and role (if provided)

7.2 Unsubscribing

You can unsubscribe from the newsletter at any time — by clicking the unsubscribe link in any newsletter email or by emailing datenschutz@i-digital-m.com. After unsubscribing, your data will be removed from the active newsletter list. Consent records are retained for up to 3 years as evidence under Art. 7(1) GDPR.

Legal basis: Art. 6(1)(a) GDPR.

8. Whitepaper Downloads and Lead Generation

When downloading certain whitepapers and technical documentation, we ask you to provide your contact details:

  • Name
  • Business email address
  • Company
  • Optional: consent to newsletter

Purpose: Provision of the requested document and — with separate consent — follow-up contact regarding related IDM offerings.

Legal basis: Art. 6(1)(b) GDPR (contract performance for document provision) and Art. 6(1)(a) GDPR (for optional newsletter consent).

Retention period: Contact data is stored for a maximum of 24 months after the download, unless a business relationship is established.

10. Processing under B2B Contracts

IDM is a B2B provider of cloud communications solutions. In the context of contractual relationships with business customers, we process personal data of contact persons, users and technical contacts of our customers:

10.1 Contract Performance

For contract performance, we process names, roles, business contact details (email, phone), technical access credentials (API keys, account IDs) and communication and billing data.

Legal basis: Art. 6(1)(b) GDPR.

10.2 Data Processing Agreements

Where we process personal data of our customers' end users on their behalf (e.g. mobile numbers for SMS delivery), we act as a data processor under Art. 28 GDPR. We conclude a Data Processing Agreement (DPA) with each customer.

To request a DPA, please contact: datenschutz@i-digital-m.com

10.3 Telecommunications and Messaging Data

As a provider of telecommunications services, we process traffic data in the course of service delivery in accordance with applicable telecommunications legislation. This data is used exclusively for service provision and billing, and is deleted in accordance with statutory retention periods.

11. Recipients and Third-Country Transfers

Principle: We do not share your personal data with third parties without your explicit consent.

11.1 Internal Processing

Your data is processed exclusively by IDM employees responsible for the relevant task, who are bound to confidentiality under data protection law.

11.2 Processors

We use carefully selected technical service providers acting exclusively on our instructions, with whom we have concluded DPAs under Art. 28 GDPR. All data processing takes place in Germany or the EEA.

11.3 Third-Country Transfers

Transfer of personal data to countries outside the European Economic Area (EEA) does not generally take place. In the exceptional case where such a transfer is required, we ensure an adequate level of protection through EU Standard Contractual Clauses (SCCs) or an adequacy decision of the EU Commission.

11.4 Statutory Disclosure Obligations

We are obliged to disclose personal data upon official or judicial request. In this case, disclosure is based on Art. 6(1)(c) GDPR.

12. Retention Periods and Deletion

Personal data is deleted or blocked as soon as the purpose of storage ceases to apply and no statutory retention obligations prevent deletion:

Data CategoryRetention PeriodLegal Basis
Server log files30 daysArt. 6(1)(f) GDPR
Contact enquiries3 years (from last contact)Art. 6(1)(b)/(f) GDPR
Newsletter data (active)Until unsubscriptionArt. 6(1)(a) GDPR
Consent records3 years after unsubscriptionArt. 7(1) GDPR
Contract data10 years (§ 147 AO, § 257 HGB)Art. 6(1)(c) GDPR
Whitepaper leads24 monthsArt. 6(1)(a)/(b) GDPR
Matomo analytics13 monthsArt. 6(1)(a) GDPR

13. Your Rights as a Data Subject

Under the GDPR, you have the following rights. Please direct requests to datenschutz@i-digital-m.com:

Art. 15 GDPR — Right of Access

You have the right to obtain confirmation of whether we process personal data concerning you, and to receive information about that data and all information listed in Art. 15 GDPR.

Art. 16 GDPR — Right to Rectification

You have the right to obtain without undue delay the rectification of inaccurate or completion of incomplete personal data.

Art. 17 GDPR — Right to Erasure

You have the right to obtain erasure of your data where the conditions of Art. 17 GDPR are met and no retention obligations apply.

Art. 18 GDPR — Right to Restriction

You have the right to obtain restriction of processing where the conditions of Art. 18(1) GDPR apply.

Art. 20 GDPR — Right to Data Portability

You have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format and to transmit it to another controller, where processing is based on consent or contract and carried out by automated means.

Art. 21 GDPR — Right to Object

You have the right to object at any time to processing based on Art. 6(1)(f) GDPR. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests.

Art. 7(3) GDPR — Right to Withdraw Consent

Where you have given consent, you may withdraw it at any time with effect for the future. Processing carried out before withdrawal remains lawful.

Art. 77 GDPR — Right to Lodge a Complaint

You have the right to lodge a complaint with the competent supervisory authority:

Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein (ULD)
Holstenstraße 98, 24103 Kiel, Germany
Phone: +49 431 988-1200
Email: mail@datenschutzzentrum.de
Web: www.datenschutzzentrum.de

14. Technical and Organisational Security Measures

We implement appropriate technical and organisational measures (TOMs) pursuant to Art. 32 GDPR to ensure a level of security appropriate to the risk:

  • Encryption of data in transit via TLS 1.3 (HTTPS)
  • Encryption of data at rest
  • Access control based on need-to-know and role concepts
  • Regular security updates and patch management
  • Firewalls and intrusion detection systems
  • Regular backups with tested restoration processes
  • Data protection training for employees
  • Physical access control to server rooms (ISO 27001-certified data centre)
  • Pseudonymisation and anonymisation where technically feasible
  • Incident response plan

15. Changes to this Privacy Policy

We reserve the right to update this Privacy Policy to reflect changes in the legal situation or our services and data processing activities. The current version is always available at www.i-digital-m.com/en/privacy. For material changes affecting your rights, we will notify you by email where we hold your contact details.

This Privacy Policy was last updated in April 2026.

© 2026 interactive digital media GmbH · Moislinger Allee 9D · 23558 Lübeck · datenschutz@i-digital-m.com