Legal

Privacy Policy

Information on the processing of personal data under Articles 13 and 14 of the EU General Data Protection Regulation (GDPR).

This page is an English-language translation for transparency. The legally binding version of the privacy policy is the German one, available at datenschutz.de.html.

1. Controller

The controller within the meaning of the GDPR is:

JPS EMEA Group Holding GmbH
Prof.-Pluecker Str. 1, 38302 Wolfenbüttel, Germany
Email: welcome@jps-iq.com
Managing Director: Joerg H. Paul Schaefer

2. Data collected when visiting the website

When you access jps-iq.com, our hosting provider (STRATO AG, Pascalstraße 10, 10587 Berlin, Germany) automatically records the following technical data in server log files: IP address (anonymised), date and time of access, referrer URL, page requested, browser and operating system, language preference. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in secure delivery and abuse prevention). The data is deleted after a maximum of 7 days, unless a security incident needs to be documented.

3. Contact

If you contact us by email, Outlook meeting booking or a contact form, we process the information you provide (name, email address, message, and where applicable company and phone) to handle your enquiry on the basis of Art. 6(1)(b) GDPR (pre-contractual measures) and Art. 6(1)(f) GDPR (legitimate interest in responding to business enquiries). The data is deleted as soon as it is no longer required for the processing purpose and no statutory retention obligations apply.

4. Appointment booking via Microsoft Bookings

We use Microsoft Bookings for appointment bookings (Microsoft Ireland Operations Ltd., One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland). When you make a booking, you transmit your name, email and optional details to Microsoft. Microsoft processes this data on our behalf under a data processing agreement and the Microsoft privacy statement: https://privacy.microsoft.com/.

5. Embedded third-party services

We currently embed the following services:

  • Google Fonts — only as a preconnect hint; no font delivery from Google servers unless explicitly activated.
  • LinkedIn — only as a linked network; no tracking script is embedded.
  • Google Analytics 4 (web analytics) — only after active consent via our consent banner (see section 5a).

We do not use advertising pixels, social-media tracking scripts or third-party profiling cookies on this website.

5a. Google Analytics 4 and Google Consent Mode v2

To measure reach and improve our information offering, we use Google Analytics 4 on jps-iq.com and on the subdomains of our Business Units (netsuite.jps-iq.com, microsoft.jps-iq.com, xentral.jps-iq.com, odoo.jps-iq.com, weclapp.jps-iq.com, zoho.jps-iq.com, opcon.jps-iq.com, bpo.jps-iq.com and others). A separate GA4 property is operated per subdomain. The provider within the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; its affiliated parent company is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Purpose. Evaluation of anonymous or pseudonymous usage statistics (e.g. pages viewed, time on page, approximate geographic area at country/region level, device class) in order to iteratively improve the content, structure and performance of our websites. We do not use GA4 for personalised advertising, remarketing or lead scoring.

Data collected. Pseudonymous client ID (GA4 cookie _ga), truncated IP address (IP anonymisation is enabled — the IP address is truncated within the EU prior to any storage by Google and is never transmitted to Google in its full form), referrer URL, pages viewed, timestamps, browser, operating system, screen resolution, language preference, coarse geolocation.

Legal basis. Art. 6(1)(a) GDPR (consent) in conjunction with § 25(1) TTDSG (German act implementing the ePrivacy Directive). Consent is given actively via our consent banner on first visit. Until consent is given, no measurement data is transmitted to Google and no cookies are set — we operate Google Consent Mode v2 for this: the signals analytics_storage, ad_storage, ad_user_data and ad_personalization are set to denied by default and are only updated to granted after your consent.

Cookie lifetimes. Once consent is given, the following cookies are set in your browser:

  • _ga — pseudonymous client ID, lifetime up to 24 months
  • _ga_<property-id> — session state per GA4 property, lifetime up to 24 months
  • jps-iq-consent — storage of your consent decision (first-party, not transmitted to third parties), lifetime 12 months

Withdrawal / opt-out. You can withdraw your consent at any time with effect for the future. Please use the link reopen the cookie settings or delete the jps-iq-consent cookie in your browser — on your next visit the banner will reappear. In addition, you may install the browser add-on provided by Google to disable Google Analytics: tools.google.com/dlpage/gaoptout.

Retention at Google. Aggregated GA4 event data is retained for 14 months by default and then automatically deleted.

Transfer to third countries. Despite the EU location of Google Ireland Limited, access by Google LLC (USA) cannot be fully excluded technically or legally. Any transfer to the USA is based on (i) the EU-US Data Privacy Framework (adequacy decision of the EU Commission of 10 July 2023; Google LLC is certified) and, as an additional safeguard, on (ii) the EU Standard Contractual Clauses (SCC) under Implementing Decision (EU) 2021/914 together with supplementary technical measures (including IP truncation and encrypted transmission). Details: business.safety.google/privacy/.

6. Cookies and consent banner

The website uses two categories of cookies or local-storage entries:

  • Strictly necessary — only for session management (e.g. language selection, storage of your consent decision in the local-storage key jps-iq-consent). These are set without consent; the legal basis is § 25(2)(2) TTDSG in conjunction with Art. 6(1)(f) GDPR.
  • Analytics (consent-based) — GA4 cookies (_ga, _ga_*) are only set after active consent via the consent banner. The legal basis is Art. 6(1)(a) GDPR / § 25(1) TTDSG.

No tracking or marketing cookies from third parties are set.

7. Contact and enquiry forms (NetSuite Business Unit)

On our NetSuite landing pages (in particular netsuite-manufacturing.html and netsuite-system-health-check.html on netsuite.jps-iq.com) we offer forms through which you can request an assessment or obtain our Manufacturing whitepaper. The processing is carried out by Tech IQ EMEA GmbH, Prof.-Plücker Str. 1, 38302 Wolfenbüttel, Germany, as the controller for the NetSuite Business Unit.

What data do we collect?

Mandatory fields: first name, last name, business email address, company name. Optional, where provided: role, country (location), phone number, free-text message. For assessment requests we additionally record which of the offered packages you requested. Technically we also record the timestamp of submission and a hashed value of your IP address for abuse prevention (rate limiting); the IP address itself is not stored in clear text.

For what purpose do we process this data?

Processing is carried out exclusively for the following purposes: (a) handling your enquiry, including internal routing to the responsible senior team of the NetSuite Business Unit and personal follow-up; (b) sending an automatic acknowledgement to the email address you provided; (c) if the "professional insights" box is actively ticked: occasional dispatch of professional NetSuite information (approx. 4–6 emails per year), revocable at any time; (d) technical abuse prevention (rate limiting, spam defence).

On what legal basis?

Processing of your information for answering a specific enquiry or for preparing a potential contract (e.g. scoping call, assessment, proposal) is based on Art. 6(1)(b) GDPR (pre-contractual and contractual measures). The optional dispatch of professional insights is based solely on your actively given consent under Art. 6(1)(a) GDPR. You can withdraw this consent at any time without formality — either via the unsubscribe link in every email or by a short message to unsubscribe@jps-iq.com. Technical abuse prevention is based on our legitimate interest under Art. 6(1)(f) GDPR.

With whom do we share this data?

Your information is shared within the JPS-iQ Solutions Group only with those employees responsible for answering your enquiry (typically management and senior consultants of the NetSuite Business Unit of Tech IQ EMEA GmbH). For the technical processing of form submissions we use STRATO AG as our hosting provider (data processor under Art. 28 GDPR); for the delivery of the automatic acknowledgement email we use the email service of our hosting provider. In the future, enquiries will be migrated into our CRM system Oracle NetSuite (EU data centre, under a separate data processing agreement). Until that migration, no transfer to third countries takes place. No further disclosure to third parties occurs; in particular no sale of data, no advertising targeting by third parties and no scoring for credit decisions.

How long do we store your data?

We store enquiry data for as long as necessary to handle the enquiry, and for a maximum of three years after the last contact with you. Commercial and tax-law retention obligations (e.g. in the case of contracts actually concluded) remain unaffected. Your consent for the insights dispatch is stored until you withdraw it; after withdrawal we move your email address onto a suppression list on the basis of our legitimate interest in the technical implementation of your withdrawal (Art. 6(1)(f) GDPR). Hashed IP values are deleted after a maximum of 30 days.

8. Your rights as a data subject

You have the right at any time to access (Art. 15 GDPR), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20) and objection (Art. 21). Please send requests to privacy@jps-iq.com.

You also have the right to lodge a complaint with a supervisory authority. The competent authority for us is the State Commissioner for Data Protection of Lower Saxony (Landesbeauftragte für den Datenschutz Niedersachsen), Prinzenstraße 5, 30159 Hannover, Germany.

9. Data security

We use TLS encryption (HTTPS) for all transmission. Access to personal data within the group is limited to persons who need it to perform their duties (need-to-know).

10. International transfers

Personal data is only transferred to third countries outside the EU/EEA — in particular to the USA — where required for the services named in this policy. Affected services are in particular:

  • Microsoft Bookings (Microsoft Ireland Operations Ltd.; corporate parent Microsoft Corporation, USA) — for appointment booking (see section 4).
  • Google Analytics 4 (Google Ireland Limited; corporate parent Google LLC, USA) — only with consent (see section 5a).

The basis for any such transfer to the USA is (i) the adequacy decision of the EU Commission of 10 July 2023 on the EU-US Data Privacy Framework (both corporate groups mentioned above are DPF-certified) and, as an additional safeguard, (ii) the EU Standard Contractual Clauses under Art. 46(2)(c) GDPR (Implementing Decision (EU) 2021/914) together with supplementary technical and organisational measures (encryption in transit and at rest, IP truncation for GA4, role segregation, access logging). We regularly review whether these legal bases remain valid and adjust our processing activities if the legal situation changes.

As of April 2026. Changes to this privacy policy will be published here. The template was generated from existing entity data and should be reviewed by a lawyer before going live.