Privacy Policy
Introduction
We at innobu GmbH, located at Heidewinkel 1, 24955 Harrislee, Germany, take the protection of your personal data very seriously. This privacy policy outlines how we collect, use, and protect your data when you visit our website www.innobu.com. We comply with all relevant data protection laws, including the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and the Telecommunications-Telemedia-Data-Protection Act (TTDSG).
Data Controller
The data controller responsible for the processing of your personal data is:
innobu GmbH
Heidewinkel 1
24955 Harrislee
Germany
Email: info@innobu.com
Our Data Protection Officer can be contacted at: info@innobu.com
Data We Collect
When you visit our website, we may collect the following personal data:
- Name
- Email address
- Company information
- Telephone number
- Message content when using our contact form
- Browsing data (e.g., IP address, browser type, device information, and browsing behavior)
- Cookie data
- Location data
Automatic Data Collection
When you access our website, certain information is automatically collected by our servers and applications. This data includes:
- IP address (anonymized)
- Date and time of access
- Name and URL of the accessed file
- Website from which the access was made (referrer URL)
- Browser type and version
- Operating system used
We collect this data to ensure the proper functioning of our website, improve user experience, analyze trends, and administer the site.
Purpose of Data Collection
We collect your personal data for the following purposes:
- To provide and maintain our services: To respond to inquiries via our contact form, process requests, and fulfill contractual obligations.
- To analyze website traffic: We use Google Analytics to understand how visitors interact with our website, optimize user experience, and improve our online presence.
- For marketing purposes: We collect your email address to send newsletters using Mailchimp, with your explicit consent.
- To ensure security: We process certain data to detect and prevent potential security threats and unauthorized access.
- To comply with legal obligations: We may process your data to comply with applicable laws and regulations.
Legal Basis for Processing
We process your personal data based on the following legal grounds:
- Consent (Art. 6(1)(a) GDPR): If you opt in to receive newsletters, accept cookies for analytics, or provide your data for specific purposes.
- Legitimate interests (Art. 6(1)(f) GDPR): For analytics, website functionality, security measures, and business development activities.
- Performance of a contract (Art. 6(1)(b) GDPR): For inquiries via the contact form or when providing services to you.
- Legal obligation (Art. 6(1)(c) GDPR): When we are required to process your data to comply with a legal requirement.
Data Transfers
Your data will primarily be processed and stored within the European Union (EU) or the European Economic Area (EEA). However, some of our service providers may be based outside the EU/EEA. In such cases, we ensure that appropriate safeguards are in place to protect your data, such as:
- EU Standard Contractual Clauses
- Adequacy decisions by the European Commission
- Binding Corporate Rules
We only transfer data to countries or organizations that provide an adequate level of data protection in accordance with GDPR standards.
Cookies and Analytics
We use cookies to enhance user experience and analyze traffic via Google Analytics. Cookies are small text files that are stored on your device when you visit our website. We use both session cookies (which expire when you close your browser) and persistent cookies (which remain on your device for a specified period).
Types of Cookies We Use
- Essential cookies: These cookies are necessary for the basic functionality of our website and cannot be switched off.
- Analytics cookies: We use Google Analytics to collect anonymous information about how visitors use our website. These cookies help us understand visitor patterns and improve our website.
- Marketing cookies: These cookies are used to track visitors across websites to enable us to display relevant advertisements.
You can manage your cookie preferences via our cookie consent banner, which complies with GDPR and TTDSG. For more information on how Google Analytics handles your data, please visit Google's Privacy Policy.
Google Analytics Configuration
We have configured Google Analytics to anonymize IP addresses, honor Do Not Track signals, and enable data minimization. The retention period for your data in Google Analytics is set to 14 months, after which it is automatically deleted.
Newsletter
If you sign up for our newsletter, your email address will be stored by our third-party email provider, Mailchimp, for the purpose of sending newsletters. We use double opt-in procedures to confirm your subscription, ensuring your explicit consent.
The newsletters contain information about our services, business updates, and industry insights. We may track opening rates and click-through rates to improve our content. You may unsubscribe from our mailing list at any time via the unsubscribe link in each email or by contacting us directly.
Mailchimp Data Processing
Mailchimp is a service provided by The Rocket Science Group LLC d/b/a Mailchimp, a company based in the United States. Mailchimp processes data in accordance with the EU-US Data Privacy Framework and implements appropriate safeguards for international data transfers. For more information, please see Mailchimp's Privacy Policy.
Data Sharing
We share personal data only with:
- Hosting Provider: IONOS SE, which hosts our website and ensures its availability and security.
- Analytics Provider: Google Analytics, for website usage analysis.
- Email Service Provider: Mailchimp, for sending newsletters and marketing communications.
- IT Service Providers: Technical service providers who help maintain our IT systems and website functionality.
We do not share your data with any other third parties unless legally required to do so or with your explicit consent. We have data processing agreements in place with all service providers to ensure the protection of your data.
Data Security
We implement appropriate technical and organizational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include:
- SSL/TLS encryption for all data transmissions
- Regular security assessments and penetration testing
- Access controls and authentication procedures
- Staff training on data protection and security
- Regular backups to prevent data loss
We regularly review and update our security practices to ensure the continued protection of your data.
User Rights
Under the GDPR, you have the following rights regarding your personal data:
- Right to access (Art. 15 GDPR): You can request access to your personal data.
- Right to rectification (Art. 16 GDPR): You can request the correction of inaccurate data.
- Right to erasure (Art. 17 GDPR): You can request the deletion of your personal data.
- Right to restriction of processing (Art. 18 GDPR): You can request the restriction of processing.
- Right to data portability (Art. 20 GDPR): You can request to receive your data in a machine-readable format.
- Right to object (Art. 21 GDPR): You can object to the processing of your data.
- Right to withdraw consent (Art. 7(3) GDPR): You can withdraw your consent at any time.
To exercise any of these rights, please contact us at datenschutz@innobu.com. We will respond to your request within one month.
Right to Lodge a Complaint
You also have the right to lodge a complaint with your local data protection authority. In Germany, the competent authority is:
Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein
Holstenstraße 98
24103 Kiel
Website: www.datenschutzzentrum.de
Retention of Data
We do not retain your personal data for longer than necessary for the purposes for which it was collected. The criteria used to determine our retention periods include:
- The period necessary to fulfill the purposes outlined in this Privacy Policy
- Legal obligations that require data retention for specific periods
- Limitation periods for legal claims
- Business requirements
Specific retention periods:
- Contact form data: 2 years after last contact
- Newsletter subscription data: Until unsubscription
- Analytics data: 14 months
- Log files: 7 days
Once the purpose for data collection no longer applies, your data will be deleted or anonymized unless retention is required for legal or regulatory purposes.
Protection of Minors
Our services are not intended for individuals under the age of 18. We do not knowingly collect personal data from children under 18. If we become aware that we have collected personal data from a child under 18 without verification of parental consent, we will take steps to remove that information from our servers.
Cookie Consent
Our website uses a cookie consent banner to comply with GDPR and TTDSG. When you first visit our website, you will be presented with a cookie banner that allows you to:
- Accept all cookies
- Reject non-essential cookies
- Customize your cookie preferences
You may revoke or change your consent at any time via the settings on our website. Essential cookies that are necessary for the basic functionality of our website will be set regardless of your preference.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date at the top.
We encourage you to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.
Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us at:
innobu GmbH
Attn: Data Protection
Heidewinkel 1
24955 Harrislee
Germany
Email: info@innobu.com