Before you go – here's your shortcut to efficient schooling.
In just 1 hour we will show you how to organize employee training flexibly, easily and digitally.
Data as of: December 21, 2023
Contents
I. At a glance
II. General Information and Mandatory Disclosures
A. Responsible body
B. Data Protection Officer
III. Description and scope of data processing
A. Provision of the website and log files
a) Purpose of data processing
b) Legal basis
c) Duration of storage
B. Session cookies
a) Purpose of data processing
b) Legal basis
c) Duration of storage
C. Consent via Cookiebot (“cookie banner”)
a) Purpose of processing
b) Legal basis
c) Storage duration
D. Email and contact form
a) Purpose of processing
b) Legal basis
c) Duration of storage
d) Right to object
E. Cloudflare – Content Delivery Network
a) Purpose of processing
b) Legal basis
F. Website analytics: Google Analytics
a) Purpose of processing
b) Recipients of the data
b) Legal basis
c) Duration of storage
G. Customer management and usage analysis: HubSpot CRM
a) Purpose of processing
b) Legal basis
H. Web analytics with Leadfeeder
a) Purpose of processing
b) Legal basis
c) Storage duration
I. User analysis with Meta Pixel
a) Purpose of processing and functionality
b) Legal basis
J. Google Conversion Tracking
a) Purpose of processing
b) Legal basis
K. Google Ads - Advertisements
a) Purpose of processing
a) Legal basis
L. Google Ads Remarketing
a) Purpose of processing
b) Legal basis
M. Microsoft Advertising (Bing Ads)
a) Purpose of processing
b) Legal basis
N. LinkedIn Insight Tag (analysis and advertising)
a) Purpose of processing
b) Legal basis
O. Mailchimp - Newsletter service and analysis
a) Purpose of processing
b) Legal basis
P. Embedding videos with Vimeo
a) Purpose of processing
b) Legal basis
Q. Embedding videos with YouTube
a) Purpose of processing
b) Legal basis
R. Zendesk - Customer Support
a) Purpose of processing
b) Legal basis
c) Duration of storage / deletion periods
d) Right to object
IV. Your rights
At a glance
As a company that processes large amounts of data daily, the fair handling of your personal data is of particular importance to us at INN-ovativ GmbH & Co. KG.
Our privacy policy below explains how we process personal data on our website.
We also inform you about your rights under data protection laws.
Personal data is always collected in our company solely on the basis of a relevant legal ground, such as your consent, a contract with you, or legal requirements. When collecting data based on so-called legitimate interest, we apply the highest standards when balancing economic/business interests with the fundamental rights and freedoms of the individuals concerned.
Data processing is always carried out in accordance with the principle of good faith, meaning we always inform you properly and comprehensively about the conditions and scope of the use of your data - and this in a transparent and comprehensible form.
It goes without saying that we only use data for predetermined purposes and only as much and as long as necessary or legally required.
We also consider the technical and organizational protection and security of your data, as well as the guarantee of confidentiality, integrity and availability, to be core elements of our responsibility.
We will provide you with information about your data processed by us at any time, as well as the option to correct, delete, and object to the processing. You also have the right to data portability and the right to lodge any complaints with the supervisory authority responsible for us, the Bavarian State Office for Data Protection Supervision, Promenade 18, 91522 Ansbach, or any other supervisory authority in the European Union.
With this in mind, we hope you enjoy your visit to our website and with our products and services!
Your INN-ovativ team
General information and mandatory disclosures
Responsible body
The entity responsible for data processing on this website is:
INN-ovativ GmbH & Co. KG
Am Neugrund 39
83088 Kiefersfelden
Germany
Telephone: +49 8033 97892-0
Email: info@inn-ovativ.vcom
Data Protection Officer
You can reach the data protection officer of INN-ovativ GmbH & Co. KG by post, telephone or email:
msecure GmbH
c/o Christina Bergbauer
Bajuwarenring 21
82041 Oberhaching
Telephone: +49 89 716 8024-0
Email: christina.bergbauer@msecure.de
Description and scope of data processing
Provision of the website and log files
Each time our website is accessed, our system, i.e. the web server, automatically collects information from the system of your accessing computer or device.
We collect the following data:
- Information about the browser type and version used
- the operating system of the terminal device
- the internet service provider
- the IP address
- Date and time of access
- the previous website from which the user accessed our website (referrer URL)
Purpose of data processing
The temporary storage of your IP address by our system is necessary to deliver the website to your device. For this purpose, the IP address of your device must necessarily be stored for the duration of your session. The storage of the aforementioned data in so-called log files is carried out to ensure the functionality of our website. This data also helps us to optimize the website and to guarantee the security of our IT systems (e.g., for attack detection).
Legal basis
The legal basis for the temporary storage of this data and the log files is Art. 6 para. 1 subpara. 1 lit. f GDPR (legitimate interests of us as website operators in the secure, trouble-free and legally compliant provision of the website).
Storage duration
The data mentioned above will be deleted as soon as it is no longer required for the purpose for which it was collected. In the case of data collected for the provision of the website, this is the case when the respective session has ended.
If data is stored in log files, this occurs after a maximum of 14 days. Storage beyond this period is possible. In this case, the user's IP address is deleted or anonymized by us so that it is no longer possible to identify the requesting client and the data no longer contains any personal information.
Session cookies
To ensure certain functions in some areas of our websites, it may be technically necessary to use so-called session cookies. These are data records (strings of characters) that are temporarily stored on your device.
Purpose of data processing
Session cookies are used to recognize a browser even after a page change. The data is not used to analyze user behavior.
Legal basis
The legal basis for the storage of session cookies is Art. 6 para. 1 subpara. 1 lit. f GDPR in conjunction with § 25 para. 2 no. 2 TTDSG (our legitimate interest in providing certain functions on our websites).
Storage duration
Session cookies are deleted when the browser is closed.
Consent via Cookiebot (“cookie banner”)
Our website uses a so-called consent banner to obtain your consent to the storage of certain cookies on your device or the use of certain technologies. The provider of this tool is Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter referred to as "Cookiebot").
When you visit our website, a connection is established to Cookiebot's servers. Cookiebot then stores a cookie in your browser to associate your given consent or its revocation with you.
a) Purpose of processing
The Cookiebot consent banner is used to obtain and document your consent and other declarations regarding cookie usage in compliance with data protection regulations.
b) Legal basis
The legal basis is our legitimate interest in operating our web services in compliance with data protection law, specifically the obtaining and legally required documentation of consents, Art. 6 para. 1 subpara. 1 lit. c, f in conjunction with Art. 5 para. 2 GDPR.
c) Storage duration
The collected data will be stored until you request its deletion, delete the Cookiebot cookie yourself, or the purpose for data storage no longer applies. Mandatory legal retention obligations remain unaffected.
Email and contact form
You can contact us via our contact form and the provided email addresses. In this case, the sender's personal data transmitted with the request (in any case, the name and email address) will be processed along with the content of the message.
a) Purpose of processing
We process this personal data to handle the content of your contact request.
b) Legal basis
The legal basis for processing this data, which is transmitted in the course of sending an inquiry, is Art. 6 para. 1 subpara. 1 lit. f GDPR (legitimate, aligned interest of us as the controller in communicating with the person transmitting the message).
If the request aims at concluding or fulfilling a contract, the legal basis is Art. 6 para. 1 subpara. 1 lit. b GDPR (performance of a contract or pre-contractual measures for this purpose).
c) Duration of storage
The aforementioned data will be deleted as soon as it is no longer required for the purpose for which it was collected. For personal data transmitted via email or the contact form, this is the case when the respective conversation with the user has ended. A conversation is generally considered ended when it is clear from the circumstances that the matter in question has been conclusively resolved. However, longer retention periods may apply, particularly in the case of the preparation or execution of contracts, due to legal reasons and statutory requirements (e.g., tax law).
d) Right to object
As a user, you have the right to object to data processing at any time with effect for the future. In this case, all personal data stored during the contact process will be deleted immediately, unless statutory retention periods or other legal reasons prevent this.
Cloudflare – Content Delivery Network
We use the service “Cloudflare”. The provider is Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA (hereinafter “Cloudflare”).
Purpose of processing
Cloudflare offers a globally distributed Content Delivery Network (CDN) with DNS. Technically, the transfer of information between your browser and our website is routed through the Cloudflare network. This enables Cloudflare to analyze the traffic between your browser and our website and to act as a filter between our servers and potentially malicious traffic from the internet. Cloudflare may also use cookies or other technologies to recognize internet users, but these are used solely for the purpose described here.
Legal basis
The legal basis for the use of Cloudflare is our legitimate interest pursuant to Art. 6 para. 1 subpara. 1 lit. f GDPR in the error-free and secure provision of our website.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which legitimizes the data transfer on the basis of an adequacy decision by the European Commission pursuant to Art. 45 GDPR.
Website analysis: Google Analytics
Provided you have given your consent, this website uses Google Analytics, a web analytics service provided by Google LLC. The responsible service provider in the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
Google Analytics uses cookies to analyze how you use our website. The information generated by the cookie about your use of this website is generally transmitted to and stored on a Google server in the USA.
We use the 'anonymizeIP' function (so-called IP masking): Due to the activation of IP anonymization on this website, your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
During your visit to our website, the following data, among others, will be collected:
• the pages you visited, your “click path”
• Achieving “website goals” (conversions, e.g. newsletter sign-ups, downloads, purchases)
• Your user behavior (e.g., clicks, time spent on site, bounce rates)
• Your approximate location (region)
• Your IP address (in abbreviated form)
• Technical information about your browser and the devices you use (e.g. language settings, screen resolution)
• Your internet provider
• the referrer URL (which website/advertising medium you used to access this website)
Purpose of processing
On behalf of the operator of this website, Google will use this information to evaluate your pseudonymous use of the website and to compile reports on website activity. The reports provided by Google Analytics serve to analyze the performance of our website.
Recipients of the data
The recipient of the data is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, acting as a data processor. We have concluded a data processing agreement with Google for this purpose.
A transfer of data to the USA cannot be ruled out. Google LLC, based in California, USA, and potentially US authorities may access the data stored by Google. Please note that the USA does not offer a level of protection for your personal data comparable to that of the EU. Likewise, you do not have legal remedies comparable to those available in the European Union. Further information on the terms of service for Google Analytics and Google's privacy policy can be found at https://marketingplatform.google.com/about/analytics/terms/de/ and at https://policies.google.com/?hl=de
b) Legal basis
The legal basis for this data processing is your consent, Art. 6 para. 1 subpara. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which legitimizes the data transfer on the basis of an adequacy decision by the European Commission pursuant to Art. 45 GDPR.
c) Duration of storage
The data we send, which is linked to cookies, is automatically deleted after 14 months. Data whose retention period has expired is automatically deleted once a month.
You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by not consenting to the setting of the cookie or by preventing the storage of cookies through a corresponding setting in your browser software. However, if you configure your browser to reject all cookies, this may restrict the functionality of this and other websites.
Customer management and usage analysis: HubSpot CRM
We use HubSpot CRM on this website. The provider is HubSpot Inc., 25th Street, Cambridge, MA 02141, USA (hereinafter referred to as HubSpot CRM).
Purpose of processing
HubSpot CRM allows us to manage existing and potential customers, as well as customer contacts. With HubSpot CRM, we can capture, categorize, and analyze customer interactions across various channels, including email, social media, and telephone. The personal data collected in this way can be evaluated and used for communication with potential customers or for marketing activities (e.g., newsletter mailings).
Furthermore, with Hubspot CRM we are able to record and analyze the user behavior of our contacts on our website.
Legal basis
The use of Hubspot CRM in the context of customer support is based on Art. 6 para. 1 subpara. 1 lit. f GDPR.
The website operator has a legitimate interest in the most efficient possible customer management and communication.
If an analysis of the visitor's user behavior is carried out beyond the purpose of customer support, the processing is based exclusively on the legal basis of Art. 6 para. 1 subpara. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG.
This consent, which you give us via our cookie banner, can be revoked at any time.
You can find further details in Hubspot's privacy policy:
https://legal.hubspot.com/de/privacy-policy
Data transfers to the USA are based on the EU Commission's standard contractual clauses.
Details can be found here: https://www.hubspot.de/data-privacy/privacy-shield
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which legitimizes the data transfer on the basis of an adequacy decision by the European Commission pursuant to Art. 45 GDPR.
Web analytics with Leadfeeder
We use the data processing tool from Leadfeeder on our website, which is operated by the company Liidio Oy, Mikonkatu 17 C, 00100 Helsinki, Finland.
Leadfeeder is based on the detection of business IP addresses. A tracking code is placed on our website, which then allows Leadfeeder to identify the business IP addresses of our website visitors. Leadfeeder matches the identified business IP address against a global database of companies and business information.
Leadfeeder does not identify personal IP addresses, mobile devices, or any data other than that associated with businesses. In addition to information about the business, Leadfeeder provides information about the date and duration of the user's visit and the web pages visited. Leadfeeder does not provide information about specific, identifiable individuals who visit our website, nor does it use cookies to identify and track visitors. No information is provided about visitors using dynamic IP addresses.
Purpose of processing
The information obtained through Leadfeeder allows us to compile statistics on visits to our website. We use these statistics to optimize the website and to measure reach.
Further information can be found at https://www.leadfeeder.com/privacy/ and https://www.leadfeeder.com/leadfeeder-and-gdpr/.
Legal basis
The use of Leadfeeder is based on the legal basis of Art. 6 para. 1 subpara. 1 lit. a GDPR and § 25 para. 1 TTDSG (your consent, which you gave us via our consent banner). You can revoke your consent at any time with effect for the future.
Storage duration
The information collected via the tracking code is deleted after two years. Early deletion of the data can be requested by contacting support@leadfeeder.com. After deletion, the data remains in the system for up to seven days due to backups.
User analysis with Meta Pixel
This website uses the Facebook/Meta pixel for conversion tracking. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, the collected data is also transferred to the USA and other third countries.
Purpose of processing and functionality
The tool used is for behavioral analysis of website visitors.
The behavior of website visitors can be tracked after they have been redirected to the provider's website by clicking on a Facebook ad. This allows the effectiveness of Facebook ads to be evaluated for statistical and market research purposes and future advertising campaigns to be optimized.
The data collected is anonymous for us as the operators of this website; we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook, so a connection to the respective user profile is possible, and Facebook can use the data for its own advertising purposes in accordance with the Facebook Data Policy (https://de-de.facebook.com/about/privacy/). This allows Facebook to display advertisements on Facebook pages as well as on websites outside of Facebook. We, as the website operators, have no influence over this use of data.
Legal basis
The use of this service is based on your consent pursuant to Art. 6 para. 1 subpara. 1 lit. a GDPR and § 25 para. 1 TTDSG, which you have given us via our consent banner.
Consent can be withdrawn at any time.
We use the extended matching function within the meta-pixels.
Advanced Matching allows us to share various types of data (e.g., city, state, postal code, hashed email addresses, names, gender, date of birth, or phone number) of our customers and prospects, which we collect through our website, with Meta (Facebook). By activating this feature, we can tailor our Facebook advertising campaigns even more precisely to people interested in our offers. Advanced Matching also improves the attribution of website conversions and expands Custom Audiences.
To the extent that personal data is collected on our website and forwarded to Facebook using the tool described here, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). This joint responsibility is limited exclusively to the collection of the data and its transfer to Meta (Facebook). The subsequent processing by Facebook is not part of this joint responsibility. Our joint obligations are set out in a joint processing agreement. You can find the text of the agreement here:
https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information when using the Facebook tool and for implementing the tool on our website in a data protection-compliant manner. Facebook is responsible for the data security of its products. You can assert your data subject rights (e.g., requests for access) regarding data processed by Facebook directly with Facebook. If you assert your data subject rights with us, we are obligated to forward them to Facebook.
Data transfers to the USA are based on the EU Commission's standard contractual clauses.
Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and here: https://de-de.facebook.com/help/566994660333381.
You can find further information on protecting your privacy in Facebook's data policy: https://de-de.facebook.com/about/privacy/.
You can also deactivate the "Custom Audiences" remarketing feature in the ad settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.
You need to be logged into Facebook to do this.
If you do not have a Facebook account, you can deactivate Facebook's interest-based advertising on the European Interactive Digital Advertising Alliance website:
http://www.youronlinechoices.com/de/praferenzmanagement/.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which legitimizes the data transfer on the basis of an adequacy decision by the European Commission pursuant to Art. 45 GDPR.
Google Conversion Tracking
This website uses Google Conversion Tracking. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Purpose of processing
With the help of Google conversion tracking, Google and we can recognize whether a user has performed certain actions. For example, we can analyze which buttons on our website are clicked most frequently and which products are viewed or purchased most often. This information is used to create conversion statistics. We learn the total number of users who clicked on our ads and what actions they performed. We do not receive any information that allows us to personally identify the user. Google itself uses cookies or similar recognition technologies for identification.
Legal basis
The use of this service is based on your consent pursuant to Art. 6 para. 1 subpara. 1 lit. a GDPR and § 25 para. 1 TTDSG, which you have given us via our consent banner. You may withdraw your consent at any time.
For more information about Google Conversion Tracking, please see Google's privacy policy: https://policies.google.com/privacy?hl=de.
For possible data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which legitimizes the data transfer on the basis of an adequacy decision by the European Commission pursuant to Art. 45 GDPR.
Google Ads - Advertisements
We use Google Ads. Google Ads is an online advertising program of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Purpose of processing
Google Ads allows us to display advertisements in the Google search engine or on third-party websites when users enter specific search terms into Google (keyword targeting). Furthermore, targeted advertisements can be displayed based on user data available to Google (e.g., location data and interests) (audience targeting). As website operators, we can quantitatively evaluate this data by, for example, analyzing which search terms led to the display of our advertisements and how many advertisements resulted in clicks.
Legal basis
The use of this service is based on your consent pursuant to Art. 6 para. 1 subpara. 1 lit. a GDPR and § 25 para. 1 TTDSG, which you have given us via our consent banner. You may withdraw your consent at any time.
For more information about Google Ads, please see Google's privacy policy: https://policies.google.com/privacy?hl=de.
For possible data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which legitimizes the data transfer on the basis of an adequacy decision by the European Commission pursuant to Art. 45 GDPR.
Google Ads Remarketing
We use Google Ads Remarketing. Google Ads is an online advertising program of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Purpose of processing
Google Ads Remarketing allows us to target people who interact with our online offerings.
assign specific target groups in order to subsequently show them interest-based advertising in Google
To display ads on an advertising network (remarketing or retargeting).
Furthermore, the advertising audiences created with Google Ads Remarketing can be combined with the
Google's cross-device functions are linked. This allows interest-based, personalized advertising messages, tailored to you based on your previous usage and browsing behavior on one device (e.g., mobile phone), to also be displayed on another of your devices (e.g., tablet or PC).
Legal basis
The use of this service is based on your consent pursuant to Art. 6 para. 1 subpara. 1 lit. a GDPR and § 25 para. 1 TTDSG, which you have given us via our consent banner. You may withdraw your consent at any time.
For more information about Google Ads Remarketing, please see Google's privacy policy: https://policies.google.com/privacy?hl=de.
For possible data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which legitimizes the data transfer on the basis of an adequacy decision by the European Commission pursuant to Art. 45 GDPR.
Microsoft Advertising (Bing Ads)
The website operator uses Microsoft Advertising.
Microsoft Advertising is an online advertising program of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.
Purpose of processing
Microsoft Advertising allows us to display ads in the Bing search engine or on third-party websites when users enter specific search terms into Bing (keyword targeting). Furthermore, targeted ads can be displayed based on user data held by Microsoft (e.g., location data and interests) (audience targeting). As website operators, we can quantitatively evaluate this data by, for example, analyzing which search terms led to the display of our ads and how many ads resulted in clicks.
We use Microsoft Advertising's Universal Event Tracking (UET) on this page. This involves collecting pseudonymized data to track your actions on our website after clicking on a Microsoft Advertising ad. UET collects your IP address (anonymized), device identifiers, information about device and browser settings, Microsoft Click ID (stored in a cookie), time spent on the website, which areas of the website were accessed, which ad led you to the website, and clicked keywords.
Legal basis
The use of this service is based on your consent pursuant to Art. 6 para. 1 subpara. 1 lit. a GDPR and § 25 para. 1 TTDSG, which you have given us via our consent banner. You may withdraw your consent at any time.
For possible data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which legitimizes the data transfer on the basis of an adequacy decision by the European Commission pursuant to Art. 45 GDPR.
LinkedIn Insight Tag (analytics and advertising)
This website uses the LinkedIn Insight Tag. The provider of this service is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
Purpose of processing
Using the LinkedIn Insight Tag, we receive information about visitors to our website. If a website visitor is registered with LinkedIn, we can analyze their professional profile (e.g., career level, company size, country, location, industry, and job title) and thus better tailor our site to the respective target groups. Furthermore, we can use
LinkedIn Insight Tags help us measure whether visitors to our website make a purchase or take another action (conversion tracking). Conversion tracking can also be performed across devices (e.g., from PC to tablet). LinkedIn Insight Tags also offer a retargeting function, which allows us to display targeted advertising to visitors of our website outside of our site. According to LinkedIn, this does not involve identifying the individual recipient of the advertisement.
LinkedIn itself also collects so-called log files (URL, referrer URL, IP address, device and browser characteristics, and time of access). The IP addresses are shortened or (if used to reach LinkedIn members across devices) hashed (pseudonymized). The direct identifiers of LinkedIn members are deleted by LinkedIn after seven days. The remaining pseudonymized data is then deleted within 180 days.
The data collected by LinkedIn cannot be linked to specific individuals by us as website operators. LinkedIn will store the collected personal data of website visitors on its servers in the USA and use it for its own advertising purposes. Details can be found in LinkedIn's privacy policy at https://www.linkedin.com/legal/privacy-policy#choices-oblig .
Objection to the use of LinkedIn Insight Tag.
You can opt out of LinkedIn's analysis of user behavior and targeted advertising via the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Furthermore, LinkedIn members can control the use of their personal data for advertising purposes in their account settings. To prevent LinkedIn from linking data collected on our website with your LinkedIn account, you must log out of your LinkedIn account before visiting our website.
Legal basis
The use of this service is based on your consent pursuant to Art. 6 para. 1 subpara. 1 lit. a GDPR and § 25 para. 1 TTDSG, which you have given us via our consent banner. You may withdraw your consent at any time.
For possible data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which legitimizes the data transfer on the basis of an adequacy decision by the European Commission pursuant to Art. 45 GDPR.
Mailchimp - Newsletter service and analytics
We use Mailchimp's services for sending newsletters.
The provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.
Purpose of processing
Mailchimp is a service that can be used to organize and analyze the sending of newsletters, among other things. If you enter data for the purpose of subscribing to the newsletter (e.g., email address), this data will be stored on Mailchimp's servers in the USA.
We use Mailchimp to analyze our newsletter campaigns. When you open an email sent via Mailchimp, a file embedded in the email (a so-called web beacon) connects to Mailchimp's servers in the USA. This allows us to determine whether a newsletter message has been opened and which links, if any, have been clicked. Technical information is also collected (e.g., time of access, IP address, browser type, and operating system). This information cannot be linked to individual newsletter recipients. It is used solely for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better tailor future newsletters to the interests of our recipients.
b) Legal basis
The use of this service is based on your consent pursuant to Art. 6 para. 1 subpara. 1 lit. a GDPR and § 25 para. 1 TTDSG, which you gave us when subscribing to the newsletter. You can withdraw your consent at any time.
If you do not want your data analyzed by Mailchimp, you must unsubscribe from the newsletter. We provide a corresponding link for this purpose in every newsletter email.
For possible data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which legitimizes the data transfer on the basis of an adequacy decision by the European Commission pursuant to Art. 45 GDPR.
Embedding videos with Vimeo
We use the platform Vimeo.com to upload and make our own videos accessible. Vimeo is a service offered by a third party not affiliated with us, namely Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.
Some pages on our website contain links to Vimeo. Generally, we are not responsible for the content of linked websites. However, if you follow a link to Vimeo, please be aware that Vimeo stores and uses its users' data (e.g., personal information, IP address) in accordance with its own data privacy policy for business purposes.
On some of our web pages, we also directly embed videos stored on Vimeo. With this embedding, content from the Vimeo website is displayed in a portion of a browser window. However, the Vimeo videos are only accessed by clicking on them separately. This technique is also known as "framing." When you visit a (sub)page of our website where Vimeo videos are embedded in this way, a connection is established to the Vimeo servers, and the content is displayed on the web page by being sent to your browser.
When you access the relevant pages, your IP address and the aforementioned additional data are transmitted, and in particular, information is shared about which of our websites you have visited.
Once you start playing an embedded video by clicking on it, Vimeo stores cookies. These cookies can be blocked through appropriate browser settings and extensions.
Purpose of processing
The purpose of the processing is to create an appealing design for our website and to inform visitors through video content.
Legal basis
The legal basis for the integration of the content is Art. 6 para. 1 subpara. 1 lit. f GDPR:
Our legitimate interest lies in providing the content in order to inform you as a website visitor in an appealing way and to make content accessible to you.
Address and link to the third-party provider's privacy policy:
Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.
You can view Vimeo's privacy policy here: https://vimeo.com/privacy
The legal basis for storing cookies in this context is your consent, which you gave us via our consent banner or by clicking on the respective preview image before the video, Art. 6 para. 1 subpara. 1 lit. a GDPR, § 25 para. 1 TTDSG. You can revoke this consent at any time with effect for the future. The collected data will be deleted immediately as soon as the purpose of the processing no longer applies and there are no other legal grounds to the contrary.
Embedding videos with YouTube
We use the platform YouTube.com to upload our own videos and make them publicly available. YouTube is a service offered by a third party not affiliated with us, namely Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Some pages on our website contain links to YouTube. Generally, we are not responsible for the content of external websites linked to from our site. However, if you follow a link to YouTube, please be aware that Google/YouTube stores and uses user data (e.g., personal information, IP address) for business purposes in accordance with its own data privacy policy. You can view Google's data privacy policy here: https://policies.google.com/privacy
On some of our web pages, we also directly embed videos stored on YouTube. This embedding displays content from the YouTube website within a portion of a browser window. This technique is also known as "framing." The YouTube videos are only accessed by clicking on them separately. When you visit a (sub)page of our website where YouTube videos are embedded in this way, a connection is established to the YouTube servers, and the content is then displayed by being transmitted to your browser. For technical reasons, this process necessarily involves processing your IP address and other IT traffic and usage data to enable the delivery of the content to your device. This information cannot generally be associated with you personally (apart from the possibility of identification via the IP address), unless you are logged into YouTube or another Google service before or while visiting the page. When YouTube content is activated and displayed on the pages and apps, small data files, known as cookies, are also stored on your device. This is done to record which of our web pages you have visited in order to access the respective video.
Purpose of processing
The purpose of the processing is to create an appealing design for our website and to inform visitors through video content.
Legal basis
Our legitimate interest in embedding YouTube content generally lies in making the content available to you in order to design our website in an appealing way. The legal basis for embedding the content is therefore generally Article 6(1)(f) GDPR.
In this context, we explicitly point out that it cannot be ruled out that personal data, particularly by Google's parent company, may also be processed in the USA and that US authorities or services may gain access to personal data. Although we have implemented appropriate technical and organizational measures, such as the agreement of Standard Contractual Clauses (SCCs) approved by the EU Commission, we would also like to point out that, as things stand, there is no level of data protection in the USA, as a so-called third country, comparable to the standards of the European Union, and you do not have comparable legal remedies available to you.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which legitimizes the data transfer on the basis of an adequacy decision by the European Commission pursuant to Art. 45 GDPR.
Even if we use YouTube in the so-called "NoCookie" version, it cannot be ruled out that Google may load external services onto your device, e.g., for displaying fonts or graphic elements, which may allow conclusions to be drawn about your device.
The legal basis for storing cookies in this context is your consent, which you gave us via our consent banner or by clicking on the respective preview image before the video, Art. 6 para. 1 subpara. 1 lit. a GDPR, § 25 para. 1 TTDSG. You can revoke this consent at any time with effect for the future. The collected data will be deleted immediately as soon as the purpose of the processing no longer applies and there are no other legal grounds to the contrary.
Zendesk - Customer Support
To offer you comprehensive customer service, we use the web-based software platform "Zendesk" for communication with you, for example when you contact us by email or via our contact forms on the websites.
In addition to us as website operators, your data will also be processed in this context by the company Zendesk, Inc., 989 Market Street #300, San Francisco, CA 94102, USA as a data processor.
For this purpose, we collect your name, email address, and the content of each communication (text content), as well as any files you may optionally transmit. Furthermore, we process the IT usage data technically necessary for communication (e.g., IP address). We have concluded a data processing agreement with Zendesk, Inc. in accordance with Articles 28 and 44 et seq. of the GDPR, which guarantees the data protection-compliant processing of the data you provide. Zendesk, Inc. also has binding corporate rules (BCRs) approved by the relevant supervisory authority pursuant to Article 47 of the GDPR. Information on the security of your data processing by Zendesk, Inc. (in English) can be found here: https://www.zendesk.com/product/zendesk-security/
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which legitimizes the data transfer on the basis of an adequacy decision by the European Commission pursuant to Art. 45 GDPR.
Purpose of processing
The purpose of the processing is to communicate with prospective customers, customers and other persons in order to answer inquiries or provide support services (helpdesk service).
For statistical analysis purposes, we sometimes evaluate data in pseudonymized form (generally not personally identifiable) in order to optimize our customer service for you.
Legal basis
The legal basis for processing your data is our legitimate interest in legally and technically secure and efficient communication with you as a communication partner, pursuant to Art. 6 para. 1 subpara. 1 lit. f GDPR. If the content of the communication serves the purpose of initiating or carrying out contractual relationships, this is done on the basis of Art. 6 para. 1 subpara. 1 lit. b GDPR.
Storage period / Deletion periods
Your data will only be stored for as long as necessary to fulfill the purposes (e.g., answering your request) and will then be deleted.
This is generally the case if the content of the communication shows that your request has been fully and conclusively clarified or answered, and no further requirements for storage arise from the course of communication (e.g., contractual or legal).
Right to object
You can also request the deletion of your data at any time, unless there are legal or other legal reasons to the contrary.
Your rights
Under the General Data Protection Regulation (GDPR), you have the right to:
- In accordance with Article 15 of the GDPR, you have the right to request information about your personal data processed by us. This includes the purposes of the processing, the categories of personal data, the categories of recipients of the data, the planned storage period, the origin of your data, and the existence of automated decision-making (profiling).
- In accordance with Article 16 of the GDPR, you have the right to request the rectification of inaccurate or incomplete personal data concerning you that we hold.
- In accordance with Article 17 of the GDPR, you have the right to request the erasure of your personal data stored by us, unless processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims.
- In accordance with Article 18 GDPR, you have the right to request the restriction of the processing of your personal data if you contest the accuracy of the data, the processing is unlawful and you object to the erasure of your data, or we no longer need your data but you require it for the establishment, exercise or defense of legal claims, or in cases where you have objected to the processing pending the verification of whether our legitimate grounds override yours.
- In accordance with Article 20 of the GDPR, you have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format, or to request its transmission to another controller.
- In accordance with Article 7(3) of the GDPR, you have the right to withdraw your consent at any time . Simply send us an email. This will result in us ceasing to process your data based on this consent. The lawfulness of the data processing carried out before the withdrawal remains unaffected.
- In accordance with Article 21 of the GDPR, you have the right to object to the processing of your personal data . If your objection is directed against direct marketing, we will implement it immediately. If the processing of your data is based on the legitimate interests of stock3 AG or third parties and your objection is based on your particular situation, we will comply unless there are compelling legitimate grounds for the processing which override your interests, or we require your data for the establishment, exercise, or defense of legal claims.
- According to Article 77 of the GDPR, you have the right to lodge a complaint with a supervisory authority . If you believe that we have not sufficiently complied with your rights and our obligations under the General Data Protection Regulation, you have the right to lodge a complaint with a data protection authority.
The authority responsible for us is the
Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18
91522 Ansbach
Data as of: December 21, 2023
Contents
I. At a glance
II. General Information and Mandatory Disclosures
A. Responsible body
B. Data Protection Officer
III. Description and scope of data processing
A. Provision of the website and log files
a) Purpose of data processing
b) Legal basis
c) Duration of storage
B. Session cookies
a) Purpose of data processing
b) Legal basis
c) Duration of storage
C. Consent via Cookiebot (“cookie banner”)
a) Purpose of processing
b) Legal basis
c) Storage duration
D. Email and contact form
a) Purpose of processing
b) Legal basis
c) Duration of storage
d) Right to object
E. Cloudflare – Content Delivery Network
a) Purpose of processing
b) Legal basis
F. Website analytics: Google Analytics
a) Purpose of processing
b) Recipients of the data
b) Legal basis
c) Duration of storage
G. Customer management and usage analysis: HubSpot CRM
a) Purpose of processing
b) Legal basis
H. Web analytics with Leadfeeder
a) Purpose of processing
b) Legal basis
c) Storage duration
I. User analysis with Meta Pixel
a) Purpose of processing and functionality
b) Legal basis
J. Google Conversion Tracking
a) Purpose of processing
b) Legal basis
K. Google Ads - Advertisements
a) Purpose of processing
a) Legal basis
L. Google Ads Remarketing
a) Purpose of processing
b) Legal basis
M. Microsoft Advertising (Bing Ads)
a) Purpose of processing
b) Legal basis
N. LinkedIn Insight Tag (analysis and advertising)
a) Purpose of processing
b) Legal basis
O. Mailchimp - Newsletter service and analytics
a) Purpose of processing
b) Legal basis
P. Embedding videos with Vimeo
a) Purpose of processing
b) Legal basis
Q. Embedding videos with YouTube
a) Purpose of processing
b) Legal basis
R. Zendesk - Customer Support
a) Purpose of processing
b) Legal basis
c) Duration of storage / deletion periods
d) Right to object
IV. Your rights
At a glance
As a company that processes large amounts of data daily, the fair handling of your personal data is of particular importance to us at INN-ovativ GmbH & Co. KG.
Our privacy policy below explains how we process personal data on our website.
We also inform you about your rights under data protection laws.
Personal data is always collected in our company solely on the basis of a relevant legal ground, such as your consent, a contract with you, or legal requirements. When collecting data based on so-called legitimate interest, we apply the highest standards when balancing economic/business interests with the fundamental rights and freedoms of the individuals concerned.
Data processing is always carried out in accordance with the principle of good faith, meaning we always inform you properly and comprehensively about the conditions and scope of the use of your data - and this in a transparent and comprehensible form.
It goes without saying that we only use data for predetermined purposes and only as much and as long as necessary or legally required.
We also consider the technical and organizational protection and security of your data, as well as the guarantee of confidentiality, integrity and availability, to be core elements of our responsibility.
We will provide you with information about your data processed by us at any time, as well as the option to correct, delete, and object to the processing. You also have the right to data portability and the right to lodge any complaints with the supervisory authority responsible for us, the Bavarian State Office for Data Protection Supervision, Promenade 18, 91522 Ansbach, or any other supervisory authority in the European Union.
With this in mind, we hope you enjoy your visit to our website and with our products and services!
Your INN-ovativ team
General information and mandatory disclosures
Responsible body
The entity responsible for data processing on this website is:
INN-ovativ GmbH & Co. KG
Am Neugrund 39
83088 Kiefersfelden
Germany
Telephone: +49 8033 97892-0
Email: info@inn-ovativ.vcom
Data Protection Officer
You can reach the data protection officer of INN-ovativ GmbH & Co. KG by post, telephone or email:
msecure GmbH
c/o Christina Bergbauer
Bajuwarenring 21
82041 Oberhaching
Telephone: +49 89 716 8024-0
Email: christina.bergbauer@msecure.de
Description and scope of data processing
Provision of the website and log files
Each time our website is accessed, our system, i.e. the web server, automatically collects information from the system of your accessing computer or device.
We collect the following data:
- Information about the browser type and version used
- the operating system of the terminal device
- the internet service provider
- the IP address
- Date and time of access
- the previous website from which the user accessed our website (referrer URL)
Purpose of data processing
The temporary storage of your IP address by our system is necessary to deliver the website to your device. For this purpose, the IP address of your device must necessarily be stored for the duration of your session. The storage of the aforementioned data in so-called log files is carried out to ensure the functionality of our website. This data also helps us to optimize the website and to guarantee the security of our IT systems (e.g., for attack detection).
Legal basis
The legal basis for the temporary storage of this data and the log files is Art. 6 para. 1 subpara. 1 lit. f GDPR (legitimate interests of us as website operators in the secure, trouble-free and legally compliant provision of the website).
Storage duration
The data mentioned above will be deleted as soon as it is no longer required for the purpose for which it was collected. In the case of data collected for the provision of the website, this is the case when the respective session has ended.
If data is stored in log files, this occurs after a maximum of 14 days. Storage beyond this period is possible. In this case, the user's IP address is deleted or anonymized by us so that it is no longer possible to identify the requesting client and the data no longer contains any personal information.
Session cookies
To ensure certain functions in some areas of our websites, it may be technically necessary to use so-called session cookies. These are data records (strings of characters) that are temporarily stored on your device.
Purpose of data processing
Session cookies are used to recognize a browser even after a page change. The data is not used to analyze user behavior.
Legal basis
The legal basis for the storage of session cookies is Art. 6 para. 1 subpara. 1 lit. f GDPR in conjunction with § 25 para. 2 no. 2 TTDSG (our legitimate interest in providing certain functions on our websites).
Storage duration
Session cookies are deleted when the browser is closed.
Consent via Cookiebot (“cookie banner”)
Our website uses a so-called consent banner to obtain your consent to the storage of certain cookies on your device or the use of certain technologies. The provider of this tool is Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter referred to as "Cookiebot").
When you visit our website, a connection is established to Cookiebot's servers. Cookiebot then stores a cookie in your browser to associate your given consent or its revocation with you.
a) Purpose of processing
The Cookiebot consent banner is used to obtain and document your consent and other declarations regarding cookie usage in compliance with data protection regulations.
b) Legal basis
The legal basis is our legitimate interest in operating our web services in compliance with data protection law, specifically the obtaining and legally required documentation of consents, Art. 6 para. 1 subpara. 1 lit. c, f in conjunction with Art. 5 para. 2 GDPR.
c) Storage duration
The collected data will be stored until you request its deletion, delete the Cookiebot cookie yourself, or the purpose for data storage no longer applies. Mandatory legal retention obligations remain unaffected.
Email and contact form
You can contact us via our contact form and the provided email addresses. In this case, the sender's personal data transmitted with the request (in any case, the name and email address) will be processed along with the content of the message.
a) Purpose of processing
We process this personal data to handle the content of your contact request.
b) Legal basis
The legal basis for processing this data, which is transmitted in the course of sending an inquiry, is Art. 6 para. 1 subpara. 1 lit. f GDPR (legitimate, aligned interest of us as the controller in communicating with the person transmitting the message).
If the request aims at concluding or fulfilling a contract, the legal basis is Art. 6 para. 1 subpara. 1 lit. b GDPR (performance of a contract or pre-contractual measures for this purpose).
c) Duration of storage
The aforementioned data will be deleted as soon as it is no longer required for the purpose for which it was collected. For personal data transmitted via email or the contact form, this is the case when the respective conversation with the user has ended. A conversation is generally considered ended when it is clear from the circumstances that the matter in question has been conclusively resolved. However, longer retention periods may apply, particularly in the case of the preparation or execution of contracts, due to legal reasons and statutory requirements (e.g., tax law).
d) Right to object
As a user, you have the right to object to data processing at any time with effect for the future. In this case, all personal data stored during the contact process will be deleted immediately, unless statutory retention periods or other legal reasons prevent this.
Cloudflare – Content Delivery Network
We use the service “Cloudflare”. The provider is Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA (hereinafter “Cloudflare”).
Purpose of processing
Cloudflare offers a globally distributed Content Delivery Network (CDN) with DNS. Technically, the transfer of information between your browser and our website is routed through the Cloudflare network. This enables Cloudflare to analyze the traffic between your browser and our website and to act as a filter between our servers and potentially malicious traffic from the internet. Cloudflare may also use cookies or other technologies to recognize internet users, but these are used solely for the purpose described here.
Legal basis
The legal basis for the use of Cloudflare is our legitimate interest pursuant to Art. 6 para. 1 subpara. 1 lit. f GDPR in the error-free and secure provision of our website.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which legitimizes the data transfer on the basis of an adequacy decision by the European Commission pursuant to Art. 45 GDPR.
Website analysis: Google Analytics
Provided you have given your consent, this website uses Google Analytics, a web analytics service provided by Google LLC. The responsible service provider in the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
Google Analytics uses cookies to analyze how you use our website. The information generated by the cookie about your use of this website is generally transmitted to and stored on a Google server in the USA.
We use the 'anonymizeIP' function (so-called IP masking): Due to the activation of IP anonymization on this website, your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
During your visit to our website, the following data, among others, will be collected:
• the pages you visited, your “click path”
• Achieving “website goals” (conversions, e.g. newsletter sign-ups, downloads, purchases)
• Your user behavior (e.g., clicks, time spent on site, bounce rates)
• Your approximate location (region)
• Your IP address (in abbreviated form)
• Technical information about your browser and the devices you use (e.g. language settings, screen resolution)
• Your internet provider
• the referrer URL (which website/advertising medium you used to access this website)
Purpose of processing
On behalf of the operator of this website, Google will use this information to evaluate your pseudonymous use of the website and to compile reports on website activity. The reports provided by Google Analytics serve to analyze the performance of our website.
Recipients of the data
The recipient of the data is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, acting as a data processor. We have concluded a data processing agreement with Google for this purpose.
A transfer of data to the USA cannot be ruled out. Google LLC, based in California, USA, and potentially US authorities may access the data stored by Google. Please note that the USA does not offer a level of protection for your personal data comparable to that of the EU. Likewise, you do not have legal remedies comparable to those available in the European Union. Further information on the terms of service for Google Analytics and Google's privacy policy can be found at https://marketingplatform.google.com/about/analytics/terms/de/ and at https://policies.google.com/?hl=de
b) Legal basis
The legal basis for this data processing is your consent, Art. 6 para. 1 subpara. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which legitimizes the data transfer on the basis of an adequacy decision by the European Commission pursuant to Art. 45 GDPR.
c) Duration of storage
The data we send, which is linked to cookies, is automatically deleted after 14 months. Data whose retention period has expired is automatically deleted once a month.
You can also prevent the collection of data generated by the cookie relating to your use of the website (including your IP address) and the processing of this data by Google by not consenting to the setting of the cookie or by preventing the storage of cookies through a corresponding setting in your browser software. However, if you configure your browser to reject all cookies, this may restrict the functionality of this and other websites.
Customer management and usage analysis: HubSpot CRM
We use HubSpot CRM on this website. The provider is HubSpot Inc., 25th Street, Cambridge, MA 02141, USA (hereinafter referred to as HubSpot CRM).
Purpose of processing
HubSpot CRM allows us to manage existing and potential customers, as well as customer contacts. With HubSpot CRM, we can capture, categorize, and analyze customer interactions across various channels, including email, social media, and telephone. The personal data collected in this way can be evaluated and used for communication with potential customers or for marketing activities (e.g., newsletter mailings).
Furthermore, with Hubspot CRM we are able to record and analyze the user behavior of our contacts on our website.
Legal basis
The use of Hubspot CRM in the context of customer support is based on Art. 6 para. 1 subpara. 1 lit. f GDPR.
The website operator has a legitimate interest in the most efficient possible customer management and communication.
If an analysis of the visitor's user behavior is carried out beyond the purpose of customer support, the processing is based exclusively on the legal basis of Art. 6 para. 1 subpara. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG.
This consent, which you give us via our cookie banner, can be revoked at any time.
You can find further details in Hubspot's privacy policy:
https://legal.hubspot.com/de/privacy-policy
Data transfers to the USA are based on the EU Commission's standard contractual clauses.
Details can be found here: https://www.hubspot.de/data-privacy/privacy-shield
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which legitimizes the data transfer on the basis of an adequacy decision by the European Commission pursuant to Art. 45 GDPR.
Web analytics with Leadfeeder
We use the data processing tool from Leadfeeder on our website, which is operated by the company Liidio Oy, Mikonkatu 17 C, 00100 Helsinki, Finland.
Leadfeeder is based on the detection of business IP addresses. A tracking code is placed on our website, which then allows Leadfeeder to identify the business IP addresses of our website visitors. Leadfeeder matches the identified business IP address against a global database of companies and business information.
Leadfeeder does not identify personal IP addresses, mobile devices, or any data other than that associated with businesses. In addition to information about the business, Leadfeeder provides information about the date and duration of the user's visit and the web pages visited. Leadfeeder does not provide information about specific, identifiable individuals who visit our website, nor does it use cookies to identify and track visitors. No information is provided about visitors using dynamic IP addresses.
Purpose of processing
The information obtained through Leadfeeder allows us to compile statistics on visits to our website. We use these statistics to optimize the website and to measure reach.
Further information can be found at https://www.leadfeeder.com/privacy/ and https://www.leadfeeder.com/leadfeeder-and-gdpr/.
Legal basis
The use of Leadfeeder is based on the legal basis of Art. 6 para. 1 subpara. 1 lit. a GDPR and § 25 para. 1 TTDSG (your consent, which you gave us via our consent banner). You can revoke your consent at any time with effect for the future.
Storage duration
The information collected via the tracking code is deleted after two years. Early deletion of the data can be requested by contacting support@leadfeeder.com. After deletion, the data remains in the system for up to seven days due to backups.
User analysis with Meta Pixel
This website uses the Facebook/Meta pixel for conversion tracking. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, the collected data is also transferred to the USA and other third countries.
Purpose of processing and functionality
The tool used is for behavioral analysis of website visitors.
The behavior of website visitors can be tracked after they have been redirected to the provider's website by clicking on a Facebook ad. This allows the effectiveness of Facebook ads to be evaluated for statistical and market research purposes and future advertising campaigns to be optimized.
The data collected is anonymous for us as the operators of this website; we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook, so a connection to the respective user profile is possible, and Facebook can use the data for its own advertising purposes in accordance with the Facebook Data Policy (https://de-de.facebook.com/about/privacy/). This allows Facebook to display advertisements on Facebook pages as well as on websites outside of Facebook. We, as the website operators, have no influence over this use of data.
Legal basis
The use of this service is based on your consent pursuant to Art. 6 para. 1 subpara. 1 lit. a GDPR and § 25 para. 1 TTDSG, which you have given us via our consent banner.
Consent can be withdrawn at any time.
We use the extended matching function within the meta-pixels.
Advanced Matching allows us to share various types of data (e.g., city, state, postal code, hashed email addresses, names, gender, date of birth, or phone number) of our customers and prospects, which we collect through our website, with Meta (Facebook). By activating this feature, we can tailor our Facebook advertising campaigns even more precisely to people interested in our offers. Advanced Matching also improves the attribution of website conversions and expands Custom Audiences.
To the extent that personal data is collected on our website and forwarded to Facebook using the tool described here, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). This joint responsibility is limited exclusively to the collection of the data and its transfer to Meta (Facebook). The subsequent processing by Facebook is not part of this joint responsibility. Our joint obligations are set out in a joint processing agreement. You can find the text of the agreement here:
https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information when using the Facebook tool and for implementing the tool on our website in a data protection-compliant manner. Facebook is responsible for the data security of its products. You can assert your data subject rights (e.g., requests for access) regarding data processed by Facebook directly with Facebook. If you assert your data subject rights with us, we are obligated to forward them to Facebook.
Data transfers to the USA are based on the EU Commission's standard contractual clauses.
Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and here: https://de-de.facebook.com/help/566994660333381.
You can find further information on protecting your privacy in Facebook's data policy: https://de-de.facebook.com/about/privacy/.
You can also deactivate the "Custom Audiences" remarketing feature in the ad settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.
You need to be logged into Facebook to do this.
If you do not have a Facebook account, you can deactivate Facebook's interest-based advertising on the European Interactive Digital Advertising Alliance website:
http://www.youronlinechoices.com/de/praferenzmanagement/.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which legitimizes the data transfer on the basis of an adequacy decision by the European Commission pursuant to Art. 45 GDPR.
Google Conversion Tracking
This website uses Google Conversion Tracking. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Purpose of processing
With the help of Google conversion tracking, Google and we can recognize whether a user has performed certain actions. For example, we can analyze which buttons on our website are clicked most frequently and which products are viewed or purchased most often. This information is used to create conversion statistics. We learn the total number of users who clicked on our ads and what actions they performed. We do not receive any information that allows us to personally identify the user. Google itself uses cookies or similar recognition technologies for identification.
Legal basis
The use of this service is based on your consent pursuant to Art. 6 para. 1 subpara. 1 lit. a GDPR and § 25 para. 1 TTDSG, which you have given us via our consent banner. You may withdraw your consent at any time.
For more information about Google Conversion Tracking, please see Google's privacy policy: https://policies.google.com/privacy?hl=de.
For possible data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which legitimizes the data transfer on the basis of an adequacy decision by the European Commission pursuant to Art. 45 GDPR.
Google Ads - Advertisements
We use Google Ads. Google Ads is an online advertising program of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Purpose of processing
Google Ads allows us to display advertisements in the Google search engine or on third-party websites when users enter specific search terms into Google (keyword targeting). Furthermore, targeted advertisements can be displayed based on user data available to Google (e.g., location data and interests) (audience targeting). As website operators, we can quantitatively evaluate this data by, for example, analyzing which search terms led to the display of our advertisements and how many advertisements resulted in clicks.
Legal basis
The use of this service is based on your consent pursuant to Art. 6 para. 1 subpara. 1 lit. a GDPR and § 25 para. 1 TTDSG, which you have given us via our consent banner. You may withdraw your consent at any time.
For more information about Google Ads, please see Google's privacy policy: https://policies.google.com/privacy?hl=de.
For possible data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which legitimizes the data transfer on the basis of an adequacy decision by the European Commission pursuant to Art. 45 GDPR.
Google Ads Remarketing
We use Google Ads Remarketing. Google Ads is an online advertising program of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Purpose of processing
Google Ads Remarketing allows us to target people who interact with our online offerings.
assign specific target groups in order to subsequently show them interest-based advertising in Google
To display ads on an advertising network (remarketing or retargeting).
Furthermore, the advertising audiences created with Google Ads Remarketing can be combined with the
Google's cross-device functions are linked. This allows interest-based, personalized advertising messages, tailored to you based on your previous usage and browsing behavior on one device (e.g., mobile phone), to also be displayed on another of your devices (e.g., tablet or PC).
Legal basis
The use of this service is based on your consent pursuant to Art. 6 para. 1 subpara. 1 lit. a GDPR and § 25 para. 1 TTDSG, which you have given us via our consent banner. You may withdraw your consent at any time.
For more information about Google Ads Remarketing, please see Google's privacy policy: https://policies.google.com/privacy?hl=de.
For possible data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which legitimizes the data transfer on the basis of an adequacy decision by the European Commission pursuant to Art. 45 GDPR.
Microsoft Advertising (Bing Ads)
The website operator uses Microsoft Advertising.
Microsoft Advertising is an online advertising program of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.
Purpose of processing
Microsoft Advertising allows us to display ads in the Bing search engine or on third-party websites when users enter specific search terms into Bing (keyword targeting). Furthermore, targeted ads can be displayed based on user data held by Microsoft (e.g., location data and interests) (audience targeting). As website operators, we can quantitatively evaluate this data by, for example, analyzing which search terms led to the display of our ads and how many ads resulted in clicks.
We use Microsoft Advertising's Universal Event Tracking (UET) on this page. This involves collecting pseudonymized data to track your actions on our website after clicking on a Microsoft Advertising ad. UET collects your IP address (anonymized), device identifiers, information about device and browser settings, Microsoft Click ID (stored in a cookie), time spent on the website, which areas of the website were accessed, which ad led you to the website, and clicked keywords.
Legal basis
The use of this service is based on your consent pursuant to Art. 6 para. 1 subpara. 1 lit. a GDPR and § 25 para. 1 TTDSG, which you have given us via our consent banner. You may withdraw your consent at any time.
For possible data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which legitimizes the data transfer on the basis of an adequacy decision by the European Commission pursuant to Art. 45 GDPR.
LinkedIn Insight Tag (analytics and advertising)
This website uses the LinkedIn Insight Tag. The provider of this service is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
Purpose of processing
Using the LinkedIn Insight Tag, we receive information about visitors to our website. If a website visitor is registered with LinkedIn, we can analyze their professional profile (e.g., career level, company size, country, location, industry, and job title) and thus better tailor our site to the respective target groups. Furthermore, we can use
LinkedIn Insight Tags help us measure whether visitors to our website make a purchase or take another action (conversion tracking). Conversion tracking can also be performed across devices (e.g., from PC to tablet). LinkedIn Insight Tags also offer a retargeting function, which allows us to display targeted advertising to visitors of our website outside of our site. According to LinkedIn, this does not involve identifying the individual recipient of the advertisement.
LinkedIn itself also collects so-called log files (URL, referrer URL, IP address, device and browser characteristics, and time of access). The IP addresses are shortened or (if used to reach LinkedIn members across devices) hashed (pseudonymized). The direct identifiers of LinkedIn members are deleted by LinkedIn after seven days. The remaining pseudonymized data is then deleted within 180 days.
The data collected by LinkedIn cannot be linked to specific individuals by us as website operators. LinkedIn will store the collected personal data of website visitors on its servers in the USA and use it for its own advertising purposes. Details can be found in LinkedIn's privacy policy at https://www.linkedin.com/legal/privacy-policy#choices-oblig .
Objection to the use of LinkedIn Insight Tag.
You can opt out of LinkedIn's analysis of user behavior and targeted advertising via the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Furthermore, LinkedIn members can control the use of their personal data for advertising purposes in their account settings. To prevent LinkedIn from linking data collected on our website with your LinkedIn account, you must log out of your LinkedIn account before visiting our website.
Legal basis
The use of this service is based on your consent pursuant to Art. 6 para. 1 subpara. 1 lit. a GDPR and § 25 para. 1 TTDSG, which you have given us via our consent banner. You may withdraw your consent at any time.
For possible data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which legitimizes the data transfer on the basis of an adequacy decision by the European Commission pursuant to Art. 45 GDPR.
Mailchimp - Newsletter service and analytics
We use Mailchimp's services for sending newsletters.
The provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.
Purpose of processing
Mailchimp is a service that can be used to organize and analyze the sending of newsletters, among other things. If you enter data for the purpose of subscribing to the newsletter (e.g., email address), this data will be stored on Mailchimp's servers in the USA.
We use Mailchimp to analyze our newsletter campaigns. When you open an email sent via Mailchimp, a file embedded in the email (a so-called web beacon) connects to Mailchimp's servers in the USA. This allows us to determine whether a newsletter message has been opened and which links, if any, have been clicked. Technical information is also collected (e.g., time of access, IP address, browser type, and operating system). This information cannot be linked to individual newsletter recipients. It is used solely for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better tailor future newsletters to the interests of our recipients.
b) Legal basis
The use of this service is based on your consent pursuant to Art. 6 para. 1 subpara. 1 lit. a GDPR and § 25 para. 1 TTDSG, which you gave us when subscribing to the newsletter. You can withdraw your consent at any time.
If you do not want your data analyzed by Mailchimp, you must unsubscribe from the newsletter. We provide a corresponding link for this purpose in every newsletter email.
For possible data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which legitimizes the data transfer on the basis of an adequacy decision by the European Commission pursuant to Art. 45 GDPR.
Embedding videos with Vimeo
We use the platform Vimeo.com to upload and make our own videos accessible. Vimeo is a service offered by a third party not affiliated with us, namely Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.
Some pages on our website contain links to Vimeo. Generally, we are not responsible for the content of linked websites. However, if you follow a link to Vimeo, please be aware that Vimeo stores and uses its users' data (e.g., personal information, IP address) in accordance with its own data privacy policy for business purposes.
On some of our web pages, we also directly embed videos stored on Vimeo. With this embedding, content from the Vimeo website is displayed in a portion of a browser window. However, the Vimeo videos are only accessed by clicking on them separately. This technique is also known as "framing." When you visit a (sub)page of our website where Vimeo videos are embedded in this way, a connection is established to the Vimeo servers, and the content is displayed on the web page by being sent to your browser.
When you access the relevant pages, your IP address and the aforementioned additional data are transmitted, and in particular, information is shared about which of our websites you have visited.
Once you start playing an embedded video by clicking on it, Vimeo stores cookies. These cookies can be blocked through appropriate browser settings and extensions.
Purpose of processing
The purpose of the processing is to create an appealing design for our website and to inform visitors through video content.
Legal basis
The legal basis for the integration of the content is Art. 6 para. 1 subpara. 1 lit. f GDPR:
Our legitimate interest lies in providing the content in order to inform you as a website visitor in an appealing way and to make content accessible to you.
Address and link to the third-party provider's privacy policy:
Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.
You can view Vimeo's privacy policy here: https://vimeo.com/privacy
The legal basis for storing cookies in this context is your consent, which you gave us via our consent banner or by clicking on the respective preview image before the video, Art. 6 para. 1 subpara. 1 lit. a GDPR, § 25 para. 1 TTDSG. You can revoke this consent at any time with effect for the future. The collected data will be deleted immediately as soon as the purpose of the processing no longer applies and there are no other legal grounds to the contrary.
Embedding videos with YouTube
We use the platform YouTube.com to upload and make our own videos publicly available. YouTube is a service offered by a third party not affiliated with us, namely Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Some pages on our website contain links to YouTube. Generally, we are not responsible for the content of external websites linked to from our site. However, if you follow a link to YouTube, please be aware that Google/YouTube stores and uses user data (e.g., personal information, IP address) for business purposes in accordance with its own data privacy policy. You can view Google's data privacy policy here: https://policies.google.com/privacy
On some of our web pages, we also directly embed videos stored on YouTube. This embedding displays content from the YouTube website within a portion of a browser window. This technique is also known as "framing." The YouTube videos are only accessed by clicking on them separately. When you visit a (sub)page of our website where YouTube videos are embedded in this way, a connection is established to the YouTube servers, and the content is then displayed by being transmitted to your browser. For technical reasons, this process necessarily involves processing your IP address and other IT traffic and usage data to enable the delivery of the content to your device. This information cannot generally be associated with you personally (apart from the possibility of identification via the IP address), unless you are logged into YouTube or another Google service before or while visiting the page. When YouTube content is activated and displayed on the pages and apps, small data files, known as cookies, are also stored on your device. This is done to record which of our web pages you have visited in order to access the respective video.
Purpose of processing
The purpose of the processing is to create an appealing design for our website and to inform visitors through video content.
Legal basis
Our legitimate interest in embedding YouTube content generally lies in making the content available to you in order to design our website in an appealing way. The legal basis for embedding the content is therefore generally Article 6(1)(f) GDPR.
In this context, we explicitly point out that it cannot be ruled out that personal data, particularly by Google's parent company, may also be processed in the USA and that US authorities or services may gain access to personal data. Although we have implemented appropriate technical and organizational measures, such as the agreement of Standard Contractual Clauses (SCCs) approved by the EU Commission, we would also like to point out that, as things stand, there is no level of data protection in the USA, as a so-called third country, comparable to the standards of the European Union, and you do not have comparable legal remedies available to you.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which legitimizes the data transfer on the basis of an adequacy decision by the European Commission pursuant to Art. 45 GDPR.
Even if we use YouTube in the so-called "NoCookie" version, it cannot be ruled out that Google may load external services onto your device, e.g., for displaying fonts or graphic elements, which may allow conclusions to be drawn about your device.
The legal basis for storing cookies in this context is your consent, which you gave us via our consent banner or by clicking on the respective preview image before the video, Art. 6 para. 1 subpara. 1 lit. a GDPR, § 25 para. 1 TTDSG. You can revoke this consent at any time with effect for the future. The collected data will be deleted immediately as soon as the purpose of the processing no longer applies and there are no other legal grounds to the contrary.
Zendesk - Customer Support
To offer you comprehensive customer service, we use the web-based software platform "Zendesk" for communication with you, for example when you contact us by email or via our contact forms on the websites.
In addition to us as website operators, your data will also be processed in this context by the company Zendesk, Inc., 989 Market Street #300, San Francisco, CA 94102, USA as a data processor.
For this purpose, we collect your name, email address, and the content of each communication (text content), as well as any files you may optionally transmit. Furthermore, we process the IT usage data technically necessary for communication (e.g., IP address). We have concluded a data processing agreement with Zendesk, Inc. in accordance with Articles 28 and 44 et seq. of the GDPR, which guarantees the data protection-compliant processing of the data you provide. Zendesk, Inc. also has binding corporate rules (BCRs) approved by the relevant supervisory authority pursuant to Article 47 of the GDPR. Information on the security of your data processing by Zendesk, Inc. (in English) can be found here: https://www.zendesk.com/product/zendesk-security/
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which legitimizes the data transfer on the basis of an adequacy decision by the European Commission pursuant to Art. 45 GDPR.
Purpose of processing
The purpose of the processing is to communicate with prospective customers, customers and other persons in order to answer inquiries or provide support services (helpdesk service).
For statistical analysis purposes, we sometimes evaluate data in pseudonymized form (generally not personally identifiable) in order to optimize our customer service for you.
Legal basis
The legal basis for processing your data is our legitimate interest in legally and technically secure and efficient communication with you as a communication partner, pursuant to Art. 6 para. 1 subpara. 1 lit. f GDPR. If the content of the communication serves the purpose of initiating or carrying out contractual relationships, this is done on the basis of Art. 6 para. 1 subpara. 1 lit. b GDPR.
Storage period / Deletion periods
Your data will only be stored for as long as necessary to fulfill the purposes (e.g., answering your request) and will then be deleted.
This is generally the case if the content of the communication shows that your request has been fully and conclusively clarified or answered, and no further requirements for storage arise from the course of communication (e.g., contractual or legal).
Right to object
You can also request the deletion of your data at any time, unless there are legal or other legal reasons to the contrary.
Your rights
Under the General Data Protection Regulation (GDPR), you have the right to:
- In accordance with Article 15 of the GDPR, you have the right to request information about your personal data processed by us. This includes the purposes of the processing, the categories of personal data, the categories of recipients of the data, the planned storage period, the origin of your data, and the existence of automated decision-making (profiling).
- In accordance with Article 16 of the GDPR, you have the right to request the rectification of inaccurate or incomplete personal data concerning you that we hold.
- In accordance with Article 17 of the GDPR, you have the right to request the erasure of your personal data stored by us, unless processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims.
- In accordance with Article 18 GDPR, you have the right to request the restriction of the processing of your personal data if you contest the accuracy of the data, the processing is unlawful and you object to the erasure of your data, or we no longer need your data but you require it for the establishment, exercise or defense of legal claims, or in cases where you have objected to the processing pending the verification of whether our legitimate grounds override yours.
- In accordance with Article 20 of the GDPR, you have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format, or to request its transmission to another controller.
- In accordance with Article 7(3) of the GDPR, you have the right to withdraw your consent at any time . Simply send us an email. This will result in us ceasing to process your data based on this consent. The lawfulness of the data processing carried out before the withdrawal remains unaffected.
- In accordance with Article 21 of the GDPR, you have the right to object to the processing of your personal data . If your objection is directed against direct marketing, we will implement it immediately. If the processing of your data is based on the legitimate interests of stock3 AG or third parties and your objection is based on your particular situation, we will comply unless there are compelling legitimate grounds for the processing which override your interests, or we require your data for the establishment, exercise, or defense of legal claims.
- According to Article 77 of the GDPR, you have the right to lodge a complaint with a supervisory authority . If you believe that we have not sufficiently complied with your rights and our obligations under the General Data Protection Regulation, you have the right to lodge a complaint with a data protection authority.
The authority responsible for us is the
Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18
91522 Ansbach