As of December 2024
I. Name and Address of the Controller
The controller, as defined by the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection provisions, is:
Inovatools Eckerle & Ertel GmbH
Im Hüttental 3-6
85125 Kinding/Haunstetten
Germany
+49 (0) 8467 8400-0
info@inovatools.eu
www.inovatools.eu
II. Name and Address of the Data Protection Officer
The data protection officer of the controller is:
DataCo GmbH
Nymphenburger Straße 86
80636 Munich
Germany
datenschutz@dataguard.de
www.dataguard.de
III. General Information on Data Processing
1. Scope of Processing of Personal Data
We process personal data of our users only to the extent necessary to provide a functional website and our content and services. Personal data is regularly processed only after obtaining the user's consent. Exceptions apply in cases where obtaining prior consent is not possible for practical reasons and processing is permitted by legal regulations.
2. Legal Basis for Processing Personal Data
If we obtain the data subject's consent for the processing of personal data, Art. 6(1)(1)(a) GDPR serves as the legal basis.
When processing personal data necessary for the performance of a contract to which the data subject is a party, Art. 6(1)(1)(b) GDPR serves as the legal basis. This also applies to processing required to carry out pre-contractual measures.
If processing personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6(1)(1)(c) GDPR serves as the legal basis.
In cases where processing is necessary to protect the vital interests of the data subject or another natural person, Art. 6(1)(1)(d) GDPR serves as the legal basis.
If processing is necessary for the purposes of legitimate interests pursued by our company or a third party, and these are not overridden by the interests or fundamental rights and freedoms of the data subject, Art. 6(1)(1)(f) GDPR serves as the legal basis.
3. Data Deletion and Storage Period
Personal data is deleted or blocked as soon as the purpose of storage no longer applies. Storage beyond this may occur if provided for by European or national legislation in EU regulations, laws, or other provisions to which the controller is subject. Data is also deleted or blocked when a storage period required by the aforementioned regulations expires, unless further storage is necessary for contract conclusion or fulfillment.
IV. Rights of the Data Subject
If your personal data is processed, you are a data subject as defined by the GDPR, and you have the following rights:
1. Right to Information
You may request confirmation from the controller as to whether personal data concerning you is being processed. If such processing exists, you may request information on:
· The purposes of processing;
· The categories of personal data being processed;
· The recipients or categories of recipients to whom the personal data has been disclosed or will be disclosed;
· The planned storage duration or, if specific information is not possible, the criteria for determining the storage period;
· The existence of rights to rectification, erasure, restriction of processing, or objection;
· The existence of a right to lodge a complaint with a supervisory authority;
· The source of the data if it was not collected from the data subject;
· The existence of automated decision-making, including profiling, as per Art. 22(1) and (4) GDPR, and meaningful information about the logic, significance, and intended effects of such processing.
You have the right to request information on whether your personal data is transferred to a third country or an international organization. In this context, you can request to be informed about appropriate safeguards as per Art. 46 GDPR relating to the transfer.
2. Right to Rectification
You have the right to have inaccurate or incomplete personal data rectified or completed by the controller without undue delay.
3. Right to Restriction of Processing
Under the following conditions, you may request the restriction of processing of your personal data:
· If you contest the accuracy of your personal data, for a period enabling the controller to verify its accuracy;
· If the processing is unlawful, and you oppose the erasure of your personal data and instead request the restriction of its use;
· If the controller no longer needs your personal data for the purposes of processing, but you require it for the establishment, exercise, or defense of legal claims;
· If you have objected to processing pursuant to Art. 21(1) GDPR and it has not yet been determined whether the legitimate grounds of the controller override your grounds.
Where processing has been restricted, your data may only be processed (apart from storage) with your consent or for the establishment, exercise, or defense of legal claims, or for protecting the rights of another person, or for reasons of important public interest of the EU or a member state. If the restriction is lifted, you will be notified by the controller in advance.
4. Right to Erasure
a) Obligation to Erase
You can request the immediate deletion of your personal data, and the controller is obligated to delete it if one of the following applies:
· Your personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
· You withdraw your consent, and no other legal ground for processing exists.
· You object to processing pursuant to Art. 21(1) GDPR, and there are no overriding legitimate grounds for processing, or you object pursuant to Art. 21(2) GDPR.
· Your personal data has been unlawfully processed.
· Deletion is necessary for compliance with a legal obligation under EU or member state law.
· Your personal data was collected in relation to services offered by the information society as per Art. 8(1) GDPR.
b) Notification of Third Parties
If the controller has made your personal data public and is required to delete it under Art. 17(1) GDPR, they will take reasonable steps, including technical measures, to inform other controllers processing the data that you have requested deletion of all links to, or copies of, your data.
c) Exceptions
The right to erasure does not apply where processing is necessary:
1. For exercising the right of freedom of expression and information;
2. For compliance with a legal obligation or for the performance of a task carried out in the public interest;
3. For reasons of public interest in the area of public health;
4. For archiving, research, or statistical purposes where deletion would seriously impair processing objectives;
5. For the establishment, exercise, or defense of legal claims.
5. Right to Notification
If you have exercised your right to rectification, erasure, or restriction of processing, the controller must inform all recipients to whom your data has been disclosed, unless this proves impossible or involves disproportionate effort. You have the right to be informed about such recipients.
6. Right to Data Portability
You have the right to receive your personal data, which you provided to the controller, in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller without hindrance, where:
· The processing is based on consent or a contract as per Art. 6(1)(1)(a) or (b) GDPR;
· Processing is carried out by automated means.
In exercising this right, you may request that your data be transmitted directly from one controller to another, where technically feasible. This must not adversely affect the rights of others. The right does not apply to processing necessary for a task carried out in the public interest.
7. Right to Object
You have the right to object, at any time, to the processing of your personal data based on Art. 6(1)(1)(e) or (f) GDPR for reasons relating to your particular situation. This includes profiling. The controller will cease processing unless compelling legitimate grounds for processing exist that override your interests, or the processing is for the establishment, exercise, or defense of legal claims.
If your data is processed for direct marketing purposes, you have the right to object at any time to such processing, including profiling related to direct marketing. If you object, your data will no longer be processed for such purposes.
You may exercise this right through automated procedures using technical specifications, in connection with the use of information society services.
8. Right to Withdraw Consent
You may withdraw your consent for data processing at any time. The withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.
9. Automated Decision-Making Including Profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects or significantly affects you. Exceptions apply if the decision:
1. Is necessary for entering into or performing a contract;
2. Is authorized by EU or member state law;
3. Is based on your explicit consent.
For such cases, the controller will implement measures to protect your rights, including the right to human intervention, expression of your viewpoint, and contesting the decision.
10. Right to Lodge a Complaint with a Supervisory Authority
You have the right to lodge a complaint with a supervisory authority, particularly in your place of residence, work, or the location of the alleged infringement, if you believe your data processing violates the GDPR.
V. Provision of the Website and Creation of Log Files
1. Description and Scope of Data Processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing device. The following data is collected:
· The user’s IP address
· Date and time of access
The data is also stored in our system's log files. These data are not stored together with other personal data of the user.
2. Legal Basis for Data Processing
The legal basis for the temporary storage of data and log files is Art. 6(1)(1)(f) GDPR.
3. Purpose of Data Processing
Temporary storage of the IP address by the system is necessary to enable the delivery of the website to the user’s computer. For this purpose, the IP address must be stored for the duration of the session.
Storage in log files is carried out to ensure the functionality of the website, optimize the website, and safeguard the security of our IT systems. No evaluation of the data for marketing purposes is conducted in this context.
These purposes constitute our legitimate interest in data processing under Art. 6(1)(1)(f) GDPR.
4. Duration of Storage
The data is deleted once it is no longer required to achieve the purpose for which it was collected. For data collected to provide the website, this is the case at the end of each session.
Data stored in log files is deleted after seven days at the latest. Extended storage may occur; in such cases, the IP addresses are deleted or anonymized so that they can no longer be associated with the accessing client.
5. Objection and Removal Options
The collection of data for the provision of the website and storage of data in log files is essential for the operation of the website. As such, users cannot object to this processing.
VI. INOBOT – Chatbot
1. Scope of Processing Personal Data
We use INOBOT, a chatbot developed in-house by Inovatools and based on a specially trained ChatGPT model by OpenAI (OpenAI, L.L.C., 3180 18th Street, San Francisco, CA 94110, USA). During use, data entered by users is processed but not stored for training purposes. Inovatools does not share these data with OpenAI. OpenAI retains the data solely for up to 30 days to prevent misuse and deletes it thereafter.
2. Purpose of Data Processing
The data is processed to respond to inquiries, provide information, and facilitate interaction with users.
3. Legal Basis for Data Processing
The processing of personal data by INOBOT is based on consent in accordance with Art. 6(1)(1)(a) GDPR.
4. Duration of Storage
Data processed by INOBOT is retained by OpenAI for up to 30 days and then deleted. Inovatools itself does not store any entered data.
5. Exercising Your Rights
You can prevent the collection and processing of your personal data by INOBOT by refraining from using the chatbot. Further information about your rights and data processing by OpenAI can be found in OpenAI's Privacy Policy: https://openai.com/privacy/.
VII. Use of Cookies
1. Description and Scope of Data Processing
Our website uses cookies, which are text files stored on the user’s computer by the web browser. Cookies can contain a unique identifier to recognize the user’s browser on subsequent visits.
We use cookies to enhance the user-friendliness of our website. Some website functions require that the browser is recognized across page transitions.
The cookies store the following data:
· Language settings
· Username for the content management system
2. Legal Basis for Data Processing
The legal basis for processing personal data through cookies is Art. 6(1)(1)(f) GDPR.
3. Purpose of Data Processing
Technically necessary cookies simplify the use of the website. Some functions cannot be provided without the use of cookies. These purposes also constitute our legitimate interest in processing personal data under Art. 6(1)(1)(f) GDPR.
4. Duration of Storage, Objection, and Removal Options
Cookies are stored on the user’s device and transmitted to our site. Users have full control over the use of cookies and can disable or restrict cookie transmission through browser settings. Previously stored cookies can be deleted at any time. Disabling cookies may affect website functionality.
VIII. Newsletter
1. Description and Scope of Data Processing
If you purchase goods or services on our website and provide your email address, it may be used for sending newsletters featuring direct advertising for similar goods or services.
The data processed for the newsletter is not shared with third parties and is used exclusively for the newsletter.
2. Legal Basis for Data Processing
The legal basis for sending newsletters following the sale of goods or services is § 7(3) UWG (Unfair Competition Act).
3. Purpose of Data Processing
The email address is collected to deliver the newsletter.
4. Duration of Storage
Data collected during the registration process is typically deleted after seven days.
5. Objection and Removal Options
Users can unsubscribe from the newsletter at any time by clicking the corresponding link in any newsletter.
IContact Form and Email Communication
1. Description and Scope of Data Processing
Our website features a contact form for electronic communication. When a user submits this form, the data entered in the form fields is transmitted to and stored by us.
The following data may be collected upon submission:
· Email address
· Name
· Address
· Phone/mobile number
· Catalog requests (e.g., general catalog, CD, USB stick INOCUT)
· Your message
At the time of submission, the following additional data may also be stored:
· The user's IP address
· Date and time of submission
For processing these data, the user's consent is obtained during the submission process, with reference to this privacy policy. Alternatively, users may contact us via the provided email address. In this case, the data transmitted with the email will be stored.
No data is shared with third parties in this context. Data is solely used to process the conversation.
2. Legal Basis for Data Processing
The legal basis for processing data based on user consent is Art. 6(1)(1)(a) GDPR. If the purpose of the email communication is the conclusion of a contract, Art. 6(1)(1)(b) GDPR serves as an additional legal basis.
3. Purpose of Data Processing
The processing of personal data from the input form is solely to facilitate communication. If contact is made via email, this constitutes our legitimate interest in processing the data.
The additional personal data processed during the submission process ensures that the contact form is not misused and maintains the security of our IT systems.
4. Duration of Storage
Data will be deleted as soon as it is no longer needed for its purpose. For data from the contact form or email communication, this is the case when the respective conversation is concluded.
Additional personal data collected during submission is deleted within seven days.
5. Objection and Removal Options
Users may withdraw their consent to data processing at any time. If contact is made via email, users can object to the storage of their data at any time. In such cases, the conversation cannot continue.
To withdraw consent or object, users may contact:
Inovatools Eckerle & Ertel GmbH
Im Hüttental 3-6
85125 Kinding/Haunstetten
Tel: +49 (0) 8467 / 8400-0
Fax: +49 (0) 8467 / 796
Email: info@inovatools.eu
All personal data stored during the communication will be deleted upon withdrawal.
Job Applications via Email
1. Scope of Data Processing
You may submit job applications via email. In this process, we collect your email address and any personal data included in your application.
Upon receiving your application, we will send an acknowledgment of receipt. The data will not be shared with third parties and will be used solely to process your application.
2. Legal Basis for Data Processing
The legal basis for processing your data is Art. 6(1)(1)(a) GDPR and §26 BDSG (German Federal Data Protection Act).
3. Purpose of Data Processing
The processing of your application data is solely for evaluating and managing your application.
4. Duration of Storage
After the conclusion of the application process, your data will be stored for up to 6 months. After this period, all data will be deleted unless required by legal obligations.
5. Objection and Removal Options
Applicants may withdraw their consent to data processing at any time. In such cases, the application process cannot continue. To withdraw consent or request changes, contact us via email or phone. Any stored application data will be deleted upon withdrawal.
XI. Use of Plugins
1. Friendly Captcha
We use Friendly Captcha, a tool provided by Friendly Captcha GmbH, to protect against automated access (bots). Friendly Captcha processes IP addresses and technical connection data locally in the browser, minimizing data transmission.
· Purpose: To protect online forms and ensure the functionality of our services.
· Legal Basis: Art. 6(1)(1)(f) GDPR (legitimate interest).
· Storage Duration: Data is anonymized after use or stored only as long as necessary to fulfill legal obligations.
For details, see the privacy policy of Friendly Captcha: https://friendlycaptcha.com/legal/privacy/.
2. Google Analytics
We use Google Analytics to analyze website usage, provided by Google LLC. Google Analytics uses cookies to gather information about website usage. IP anonymization is enabled.
· Purpose: Website performance and audience analysis.
· Legal Basis: Art. 6(1)(1)(f) GDPR.
· Storage Duration: Data is anonymized after 9-18 months.
For more information, visit: https://www.google.com/intl/en/policies/privacy/.
3. Google Maps
Google Maps is used for displaying maps and route planning, provided by Google LLC. User data (e.g., IP address, search data) is transmitted to Google servers.
· Purpose: Improved navigation and usability.
· Legal Basis: Art. 6(1)(1)(f) GDPR.
More information: https://www.google.com/intl/en/policies/privacy/.
4. YouTube Plugin
We use YouTube plugins provided by Google LLC. When accessing our site, user data is transmitted to YouTube. Logged-in YouTube accounts may associate browsing behavior with user accounts.
· Purpose: User-friendly content delivery.
· Legal Basis: Art. 6(1)(1)(f) GDPR.
For more details: https://www.google.com/intl/en/policies/privacy/.
5. Newsletter2Go
We use Newsletter2Go for email marketing. User data is processed solely for newsletter distribution and not shared with third parties.
· Purpose: Customer communication via newsletters.
· Legal Basis: Art. 6(1)(1)(a) GDPR.
· Storage Duration: Data is retained as required to fulfill its purpose or legal obligations.
Unsubscribe at any time using the link in the newsletter or contact Newsletter2Go. Details: https://www.newsletter2go.de/datenschutz/.
This Privacy Policy was created with the support of https://www.dataguard.de.
Sie wurden vom Newsletter abgemeldet.
You have been unsubscribed from the newsletter.