Privacy Policy
This Privacy Policy informs you about the nature, scope, and purpose of the processing of personal data (hereinafter referred to as “data”) within our online offering and the related websites, functions, and content, as well as external online presences, such as our social media profiles (hereinafter collectively referred to as the “online offering”). With regard to the terminology used, such as “processing” or “controller,” we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
Controller
INOSO GmbH
Justus-von-Liebig-Str. 3
74532 Ilshofen
Germany
Managing Director
Tanja Palatzky
If you have any questions regarding the processing of your data, you can contact us as follows:
By mail to the address listed above, to the attention of the Data Protection Officer.
By email: Contact Data Protection Officer
Types of Data Processed
- Master data (e.g., names, addresses)
- Contact data (e.g., email addresses, telephone numbers)
- Content data (e.g., text entries, photographs, videos)
- Usage data (e.g., websites visited, interest in content, access times)
- Meta/communication data (e.g., device information, IP addresses)
Categories of Data Subjects
Visitors and users of the online offering (hereinafter collectively referred to as “users”).
Purpose of Processing
- Provision of the online offering, its functions, and content
- Responding to contact inquiries and communicating with users
- Security measures
- Reach measurement/marketing
Terminology Used
“Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier (e.g., cookie), or to one or more specific characteristics that express the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
“Processing” means any operation or set of operations performed on personal data, whether or not by automated means. The term is broad and covers practically any handling of data.
“Pseudonymization” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that person’s work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
“Controller” means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
“Processor” means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
Applicable Legal Bases
In accordance with Article 13 GDPR, we inform you of the legal bases for our data processing activities. Unless the legal basis is specifically stated in this Privacy Policy, the following applies: The legal basis for obtaining consent is Article 6(1)(a) and Article 7 GDPR; the legal basis for processing for the performance of our services and implementation of contractual measures as well as responding to inquiries is Article 6(1)(b) GDPR; the legal basis for processing to fulfill our legal obligations is Article 6(1)(c) GDPR; and the legal basis for processing to safeguard our legitimate interests is Article 6(1)(f) GDPR. In cases where vital interests of the data subject or another natural person require the processing of personal data, Article 6(1)(d) GDPR serves as the legal basis.
Security Measures
In accordance with Article 32 GDPR, and taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
These measures include, in particular, safeguarding the confidentiality, integrity, and availability of data by controlling physical access to the data, as well as access, input, disclosure, ensuring availability, and separation of the data. Furthermore, we have established procedures to ensure the exercise of data subject rights, deletion of data, and responses to data breaches. We also consider the protection of personal data during the development or selection of hardware, software, and procedures, in accordance with the principle of data protection by design and by default settings (Article 25 GDPR).
Cooperation with Processors and Third Parties
If, as part of our processing, we disclose data to other persons or companies (processors or third parties), transfer data to them, or otherwise grant them access to the data, this is done only on the basis of legal permission (e.g., if the transfer of data to third parties, such as payment service providers, is necessary for contract performance pursuant to Article 6(1)(b) GDPR), if you have consented, if a legal obligation provides for this, or on the basis of our legitimate interests (e.g., when using agents, web hosts, etc.).
If we commission third parties to process data on the basis of a so-called “data processing agreement,” this is done in accordance with Article 28 GDPR.
Transfers to Third Countries
If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of using services of third parties or disclosing or transferring data to third parties, this will only take place if it is necessary for the fulfillment of our (pre-)contractual obligations, based on your consent, due to a legal obligation, or based on our legitimate interests. Subject to legal or contractual permissions, we process or have data processed in a third country only if the special requirements of Articles 44 et seq. GDPR are met. This means that processing takes place, for example, on the basis of special guarantees, such as an officially recognized determination of a level of data protection equivalent to that of the EU (e.g., for the USA through the “Privacy Shield”) or compliance with officially recognized specific contractual obligations (so-called “Standard Contractual Clauses”).
Rights of Data Subjects
You have the right to request confirmation as to whether the data in question are being processed and to obtain information about such data, as well as further information and a copy of the data in accordance with Article 15 GDPR.
In accordance with Article 16 GDPR, you have the right to request the completion of data concerning you or the correction of inaccurate data concerning you.
In accordance with Article 17 GDPR, you have the right to request that the data in question be deleted without undue delay, or alternatively, in accordance with Article 18 GDPR, to request restriction of the processing of the data.
You have the right to receive the data concerning you that you have provided to us in accordance with Article 20 GDPR and to request its transmission to other controllers.
Furthermore, pursuant to Article 77 GDPR, you have the right to lodge a complaint with the competent supervisory authority.
Right to Withdraw Consent
You have the right to withdraw consent given in accordance with Article 7(3) GDPR with effect for the future.
Right to Object
You may object at any time to the future processing of data concerning you in accordance with Article 21 GDPR. The objection may, in particular, be made against processing for direct marketing purposes.