Privacy

'Personal data' is any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

"Processing" means any operation or set of operations which is performed in connection with personal data, whether or not by automated means; the term is extensive and encompasses virtually any handling of Data.

'Pseudonymisation' means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

'Profiling' means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

'Controller' means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

'Processor' means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Further to Article 13 GDPR we provide you with the legal basis for the processing. Where the legal basis is not specified in the Data Protection Policy, the following applies: the legal basis for the collection of consents is Article 6(1)(a) and Article 7 GDPR; the legal basis for processing in the performance of our services and in the implementation of steps under a contract along with the response to requests is Article 6(1)(b) GDPR; the legal basis of processing for compliance with our legal obligations is Article 6(1)(c), and the legal basis of processing for the protection of our legitimate interests is Article 6(1)(f) GDPR. Where processing is necessary in order to protect the vital interests of the data subject or of another natural person, Article 6(1)(d) GDPR serves as the legal basis.

In compliance with Article 32 GDPR, we take into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, appropriate technical and organisational measures to ensure a level of security appropriate to the risk.

These measures include in particular the safeguarding of confidentiality, integrity and availability of Data through the control of physical access to the Data as well as any sharing in relation to it, input, transfer, safeguarding of availability and its segregation. Furthermore, we have put procedures in place that ensure the rights of data subjects are observed, Data is erased and any threats to the Data are addressed. In addition, we factor in the protection of personal data in our development and/or selection of hardware, software and processes in line with the principle of data protection by design and by default (Article 25 GDPR).

To the extent we disclose Data to other persons and organisations (processors or third parties) in the course of processing, transfer it to the latter or otherwise allow them access to the Data, this shall be done only on the basis of a legal authorisation (e.g. if a transfer of the Data is required to third parties, such as payment service providers, under Article 6(1)(b) GDPR for performance of a contract), you have given consent, a legal obligation envisages this or [this is done] on the basis of our legitimate interests (e.g. where subcontractors, web hosting providers etc. are used).

Where we engage third parties to process Data on the basis of a "processing contract", this occurs on the basis of Article 28 GDPR.

To the extent we process Data in a third country (i.e. one outside the European Union (EU) and the European Economic Area (EEA)) or this is done within the framework of our use of third-party services or there is disclosure or transfer of Data to third parties, this occurs only in performance of our (pre-)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process Data or have it processed in a third country only where the particular requirements of Articles 44 et seq. GDPR are in place. This means processing is done, for example, on the basis of special guarantees such as the officially recognised identification of a level of data protection matching that of the EU (e.g. for the USA, through the "privacy shield") or compliance with particular contractual obligations that have been officially recognised ("standard contractual clauses").

You have the right to obtain confirmation as to whether personal data concerning you is being processed, and information about such Data as well as further information and a copy of the Data under Article 15 GDPR.

Under Article 16 GDPR you have the right to have incomplete Data about you completed or inaccurate Data relating to you rectified.

Under Article 17 GDPR you have the right to request the erasure of personal data without undue delay or, alternatively, under Article 18 GDPR, to request a restriction of processing of the Data.

You have the right under Article 20 GDPR to receive the personal data concerning you, which you have provided to us, and have the right to request its transmission to another controller.

Furthermore, under Article 77 GDPR, you have the right to lodge a complaint with a supervisory authority.

Under Article 7(3) GDPR you have the right to withdraw consents given, with future effect.

"Cookies" are small data files that are stored on Users' computers. A variety of information can be stored inside cookies. A cookie primarily serves to store information relating to a User (or to the device on which the cookie is stored) during or even following that User's visit to a website. Temporary, "session" or "transient" cookies are cookies that are erased once the user leaves the website and closes his or her browser. The content of a shopping basket in an online shop or a login status can, for example, be stored in these types of cookies. "Permanent" or "persistent" cookies are those which remain stored even after the browser has been closed. Hence, for example, the login status can be stored if Users look for this several days later. Similarly, the User's interests can be stored on a cookie of this type which are used to measure audience or for marketing purposes. "Third-party cookies" are cookies that are offered by providers other than the controller who operates the website (otherwise, where the cookies are only the latter's, we talk about "first-party cookies").

The innoventis GmbH respects your privacy and does not use any cookies on this website (neither temporary nor persistent nor third-party). Feel free to check that in your browser.

The Data processed by us is erased or restricted in terms of its processing under Articles 17 and 18 GDPR. Unless expressly indicated in this data protection policy, the Data stored with us will be erased as soon as it is no longer needed for its purpose and its erasure does not contravene any statutory retention obligations. Where Data is not erased because it is required for other, legally permitted purposes, its processing shall be restricted. This means the Data is made unavailable to users and not used for other purposes. That applies to Data that has to be retained on commercial or tax law grounds, for example.

Under legal regulations in Germany, records are retained specifically for ten years under Article 147(1) German Fiscal Code, Section 257(1) Nos. 1 and 4, and (4) German Commercial Code (books, records, management reports, vouchers, trading books, tax-relevant documentation, etc.) and six years under Section 257(1) Nos. 2 and 3, and (4) German Commercial Code (business letters).

Within our Website and based on our legitimate interests (meaning our interest in analysing, optimising and the commercial operation of our Website within the meaning of Article 6(1)(f) GDPR), we use content or service packages of third-party providers for the purpose of incorporating their content and services such as, for example, videos or fonts (together referred to as "Content").

This is always conditional upon the third-party providers of such content recognising the users' IP address, as without the IP address they would be unable to send the content to the Users' browser. Hence the IP address is required in order to show such content. We endeavour to use only content in respect of which the relevant providers use the IP address solely for the purpose of delivering the content. Third-party providers may furthermore use "pixel tags" (invisible graphics also referred to as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as user traffic on the pages of this Website. Pseudonymous information can further be stored in cookies on the User's device and may contain, among other things, technical information about the browser and operating system, linked webpages, length of the visit as well as other information on the use of our Website, and may also be linked to such information from other sources.

This site does not use third-party content embedded in this website.