Data Protection Declaration INOSOFT GmbH

Version 2.00 as of 2018-05-25

 

We, Inosoft GmbH, inform you by way of these data protection declaration about the type, scope and purpose of our processing of your personal data within our website and the associated services.

I. Definitions

These data protection declaration is based on terms used by European legislators and regulators when adopting the General Data Protection Regulation (GDPR). To ensure that this explanation is comprehensible, we will explain the terms used in advance. Should you encounter references to legal regulations without an exact specification of the name of the legislation, the GDPR is intended.

1. Personal data

"Personal data" means any information relating to an identified or identifiable natural person (hereinafter, a "data subject"); an “identifiable natural person” is one who can be identified, directly or indirectly, in particular by ascription to an identifier such as a name, identification number, location data, online identifier or to one or more special characteristics that express the physical, physiological, genetic, psychological, economic, cultural or social identity of such natural person.

2. Controller

"Controller" means the natural or legal person, authority, institution or other body which decides jointly with others or alone on the purposes and means of processing personal data; where the purposes and means of such processing are specified by Union law or the law of Member States, the controller and/or certain criteria for the appointment of a controller my be provided in accordance with Union law or the law of the Member States.

3. Processing

"Processing" means any operation or series of operations carried out with or without the aid of automated procedures relating to personal data, such as the collection, recording, organisation, arrangement, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of provision, reconciliation or linking, restriction, erasure or destruction.

4. Third party

"Third party" means a natural or legal person, authority, institution or other body other than the data subject, the controller, the data processor and the persons authorised to process the personal data under the direct responsibility of the controller or the data processor.

5. Consent

"Consent" means any voluntary, informed and unequivocal statement of intent by the data subject in the form of a statement or other clear affirmative act by way of which the data subject indicates his or her consent to the processing of personal data concerning him or her.

6. Profiling

"Profiling" means any automated processing of personal data consisting in the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the work performance, financial situation, health, personal preferences, interests, reliability, behaviour, location or relocation of such natural person.

II. Contact details of the controller and the data protection officer

Controller of the processing:

 

Inosoft GmbH

Bünder Str. 194, 32120 Hiddenhausen, Germany

Phone: +49 5221 1666-02

E-mail: info@inosoft.com

 

Contact details of the data protection officer:

 

Inosoft GmbH

Datenschutzbeauftragter

Bünder Str. 194, 32120 Hiddenhausen, Germany

Phone: +49 5221 1666-02

E-mail: privacy@inosoft.com

III. Type and scope of processing of personal data

We process your personal data only to the extent necessary to provide this website and our services. The data will only be processed if permitted by law. If you give your consent, further processing is also possible.

1. Visiting our website

When you visit our website, the browser you use automatically sends information to the server of our website. The following information is temporarily stored in log files:

 

•        date and time of access to the website,

•        your Internet protocol (IP) address,

•        the Internet service provider of the accessing system,

•        the type of browser used and the operating system,

•        websites from which you accessed our website,

•        websites accessed from your system through our website.

 

The legal basis for the storage of data and log files is Article 6(1), Litera f GDPR.

The data is processed to ensure the functionality of our website. The data also serve the technical optimisation of the website as well as the security and stability of our information technology systems.

We do not use these data for marketing purposes or to draw conclusions about your person.

The personal data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected.

When the data are stored in log files, the data is deleted after seven days at the latest.

If any other data are stored, your IP address will be deleted or anonymised.

The processing of these data in log files is indispensable for the provision of the website. This means that you have no right of objection in this regard.

When you visit our website, we process further personal data by using certain analysis services. You will find more detailed explanations on these under Part IV. of this declaration.

2. Registration on our website

You can register by name on our website and open a user account. This requires the provision of personal data. We ask for a title, first and last name, contact information and a password. We use the data you enter exclusively to provide our personalised online offerings, thus only for internal use and for our own purposes. The data will not be passed on to third parties.

When you register on our website, we also store your IP address, the date and time of your registration. By storing these data, we want to prevent misuse of our services and be in a position to clarify any cases of misuse. These data will not be passed on to third parties unless there is a legal obligation to pass the data on or the passing on serves purposes of criminal prosecution.

The legal basis for processing the registration data you have entered is Article 6(1), Literi b and f. We will delete your personal registration data as soon as you have declared to us that you wish to delete the user account.

3. Initiation of contact

If you contact us (e.g. by e-mail, contact form, telephone or social media), your personal data will be processed so that we can respond to and resolve the contact request. The legal basis for this processing of the transmitted data is Article 6(1), Litera b GDPR. We delete these data as soon as they are no longer necessary to achieve the purpose of their collection, i.e. normally when the respective conversation with you has ended. The conversation is over when the matter in question has been definitively resolved. Otherwise, the statutory retention periods shall apply. These data will not be passed on to third parties.

4. Newsletter

a. Subscribe to our newsletter

On our website you can subscribe to a free newsletter at any time, i.e. agree to receive the newsletter.

You can order our newsletter using the double opt-in procedure. This procedure consists of receiving an e-mail after registration asking you to confirm your registration. This step is necessary so that no one can log in with a different e-mail address. We log this registration in order to document the registration process as required by law and to prevent misuse. For this purpose, we process the time of registration and confirmation and your IP address.

Moreover, your personal data from the input mask will be transmitted to us when you register. To order the newsletter, it is sufficient to provide an e-mail address. Optionally, you can enter your first and last name and, if applicable, your title. This information is required in order to address you personally with the newsletter.

Your personal data will be stored for as long as you subscribe to the newsletter. These data will not be passed on to third parties and will be used exclusively for sending the newsletter. However, we reserve the right to use professional service providers (e.g. CleverReach GmbH & Co. KG) when sending and managing our newsletter. The service providers used for these purposes may also receive your data, but only if and to the extent that, as job processors, they guarantee compliance with the legal requirements of the GDPR and have concluded an agreement with us on job data processing.

If you have consented, we will use your e-mail address to send you our newsletter regularly. The legal basis is Article 6(1), Litera a GDPR.

b. Unsubscribe from the newsletter

You can unsubscribe from our newsletter at any time and thus revoke your consent to receive the newsletter. You can unsubscribe from the newsletter using a link at the end of each newsletter. Alternatively, you can unsubscribe from the newsletter by sending your unsubscribe request by e-mail to info@inosoft.com.

IV. Analytics Services: cookies and tracking

1. Use of cookies

We use so-called “cookies” on our website. These are small text files that are automatically saved in or by the Internet browser on your terminal device (e.g. computer, tablet, smartphone, etc.) when you visit our website. These cookies contain characteristic character strings that enable a unique identification of the Internet browser when the website is called up again. Some functions of our website require that it be possible to identify the calling browser even after a page change. As a rule, we use pseudonyms, i.e. it is not possible for us to identify you personally. This only applies if you have logged in as a customer on our website. In order for you as a registered customer/user to be able to fully use the functions of our website, it is necessary that we recognise you and your browser. Of course, no user profiles are created with the help of cookies. We also delete the cookies after you definitively leave our website.

The data processed with the help of cookies are required for the aforementioned purposes to protect our legitimate interests and those of third parties pursuant to Article 6(1), Litera f GDPR.

You can prevent the placement of cookies by our website at any time by setting the Internet browser used accordingly and thus permanently object to the placement of cookies. Furthermore, cookies that have already been placed can be deleted at any time via the Internet browser or other software programs. This is possible in all common Internet browsers. If you deactivate the placement of cookies in the Internet browser used, not all functions of our website may be fully usable.

2. Google Analytics

We also use Google Analytics, a web analysis service of Google Inc (1600 Amphitheatre Parkway Mountain View, CA 94043, USA; hereinafter, "Google").

Google Analytics also uses "cookies", which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the United States of America and stored there.

However, if IP anonymisation is activated on this website, Google will reduce your IP address within Member States of the European Union or in other states party to the Agreement on the European Economic Area beforehand. Only in exceptional cases will the full IP address be transmitted to a Google server in the US and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website and Internet use. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data. On our behalf, Google will use this information to evaluate your use, compile reports on website activity and provide us with other services relating to your use of the website.

The legal basis for the use of Google Analytics is Article 6(1), Litera f GDPR.

You may prevent the storage of cookies by selecting the appropriate settings in your browser; however, please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie relating to your use of the website (including your IP address) and from processing these data by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en.

Further information on data protection in connection with Google Analytics can be found in the Google Analytics Help available at the following link: https://support.google.com/analytics/answer/6004245?hl=en.

V. Your rights as a data subject

If your personal data are processed, you are affected within the meaning of the GDPR. This gives you the following rights in relation to the controller:

1. Right to information

As a data subject, you have the right to ask the controller to confirm whether personal data concerning you are being processed; if this is the case, you have a right to access this personal data (Article 15 GDPR). You can request information about the following:

 

a.      the purposes for which the personal data are processed;

b.      the categories of personal data processed;

c.       the recipients or categories of recipients to whom the personal data concerning you have been or are still being disclosed;

d.      if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration;

e.      the existence of a right to have the personal data concerning you corrected or deleted or to have the controller restrict such processing or to oppose such processing;

f.       the existence of a right to appeal to a supervisory authority;

g.      if the personal data are not collected from the data subject, all available information on the origin of the data;

h.      the existence of automated decision-making, including profiling in accordance with Article 22, Paragraphs 1 and 4 and, at least in these cases, meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.

Furthermore, you have the right to request information as to whether the personal data concerning you are transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate guarantees pursuant to Article 46 GDPR in connection with the transmission.

2. Right to correction

As the data subject, you have the right to request the controller to correct any inaccurate personal data concerning you without delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data, also by means of a supplementary declaration (Article 16 GDPR).

3. Right to deletion

As the data subject, you have the right to request the controller to delete the personal data relating to you immediately, provided one of the following reasons applies:

a.    The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.

b.    The data subject withdraws his or her consent on which the processing was based pursuant to Article 6(1)a or Article 9(2)a, and there is no other legal basis for the processing.

c.     The data subject objects to the processing in accordance with Article 21(1) and there are no overriding legitimate grounds for processing, or the data subject opposes the processing in accordance with Article 21(2).

d.    The personal data have been processed unlawfully.

e.    The deletion of personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the controller is subject.

f.     The personal data were collected in relation to information society services offered in accordance with Article 8(1).

If the controller has made the personal data concerning you public and is obliged to delete them for the above reasons, the controller shall take appropriate measures, including technical measures, taking into account the available technology and implementation costs, to inform processors who are processing the personal data for the controller that a data subject has requested that they delete all links to these personal data or copies or replications thereof.

This right to cancellation shall not exist if the processing is necessary:

a.    to exercise freedom of expression and information;

b.    to perform a legal obligation required for processing in accordance with the law of the Union or of the Member States to which the controller is subject or to safeguard a task in the public interest or in exercise of official authority conferred on the controller;

c.     for reasons of public interest in the field of public health in accordance with Article 9(2), Literi h and i and Article 9(3);

d.    for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes in accordance with Article 89(1), insofar as the right referred to in Paragraph 1 is will tentatively render impossible or seriously impair the attainment of the objectives of such processing; or

e.    to assert, exercise or defend against legal claims.

4. Right to limitation of processing

You have the right to require the controller to restrict the processing if one of the following prerequisites is met:

a.       the accuracy of the personal data is disputed by the data subject for a period which enables the controller to verify the accuracy of the personal data;

b.       the processing is unlawful and the data subject refuses to delete the personal data and instead requests that the use of the personal data be restricted;

c.       the controller no longer needs the personal data for the purposes of the processing, but the data subject needs them for the assertion, exercise or defence against legal claims; or

d.       the data subject has lodged an objection to the processing pursuant to Article 21(1), until it has been established whether the controller's legitimate reasons outweigh those of the data subject.

Where processing has been restricted, such personal data may only be processed - apart from being stored - with your consent or for the purpose of asserting, exercising or defending against legal claims or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or a Member State.

If you have instigated a restriction on processing, you will be informed by the controller before the restriction is lifted.

5. Right of objection

As a data subject, you have the right to object at any time to the processing of personal data concerning you on the basis of Article 6(1), Literi e or f GDPR for reasons arising from your specific situation. This also applies to profiling based on these provisions.

In the event of an objection, the controller will no longer process the personal data, unless we can prove compelling reasons for the processing that are worthy of protection and outweigh the interests, rights and freedoms of the data subject or the processing serves to assert, exercise or defend against legal claims.

If the controller processes personal data for direct marketing purposes, you have the right to object at any time to the processing of personal data for the purpose of such advertising. This also applies to profiling insofar as it is connected with such direct advertising. If you lodge an objection to the controller regarding the processing for direct marketing purposes, the controller will no longer process the personal data for these purposes.

If you wish to exercise your right of objection, simply send a message to our data protection officer(s) (for contact details, see Part II).

You also have the option of exercising your right of opposition in connection with the use of information society services by means of automated procedures using technical specifications, without prejudice to Directive 2002/58/EC.

6. Right to revoke consent under data protection law

You have the right to revoke your declaration of consent in data protection law at any time with effect for the future. The revocation shall not affect the legality of the processing carried out on the basis of the consent until the revocation.

7. Right to information

If you have exercised your right of rectification, deletion or restriction of processing vis-à-vis the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or deletion of the data or restriction of processing, unless this proves impossible or involves disproportionate effort.

You have a right vis-à-vis the controller to be informed of such recipients.

8. Right to data transferability

You have the right to receive the personal data concerning you that you have provided to the controller in a structured, common and machine-readable format. In addition, you have the right to pass these data on to another controller without obstruction by the controller to whom the personal data was provided, provided that:

a.       processing is based on consent pursuant to Article 6(1)a or Article 9(2)a or on a contract pursuant to Article 6(1)b; and

b.       processing is carried out using automated methods.

In exercising this right, you also have the right to request that the personal data be transferred directly from one controller to another controller, as technically feasible.

You do not have the right to transfer data if the processing of the data is necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the controller.

9. Automatic decision in specific cases including profiling

You have the right not to be subject to a decision based exclusively on automated processing - including profiling - that has legal effect against you or significantly impairs you in a similar manner.

This does not apply if the decision:

a.       is necessary for the conclusion or performance of a contract between the data subject and the controller;

b.       is admissible by law of the Union or of the Member States to which the controller is subject and that law contains appropriate measures to safeguard the rights, freedoms and legitimate interests of the data subject; or

c.       is made with your express consent.

In the cases referred to in Literi a and b above, the controller shall take appropriate measures to safeguard the rights, freedoms and legitimate interests of the data subject, including at least the right to bring about the intervention of a person by the controller, to state its own position and to challenge the decision.

10. Right of lodge a complaint

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint to a supervisory authority, in particular in the Member State where you are domiciled, working or suspected of having committed an infringement, if the data subject is of the opinion that the processing of personal data concerning you is contrary to the GDPR.

The supervisory authority to whom the complaint was lodged will inform you as the complainant about the status and the results of the complaint, including the possibility of a legal remedy under Article 78 GDPR.

VI. Data security

We use technical and organisational measures to ensure that your personal data is protected as completely as possible. Nevertheless, Internet-based data transmissions can have security gaps, so that no one can guarantee absolute protection. For this reason, you are also free to transmit personal data to us by alternative means, for example by post, fax or telephone.