Privacy policy

Privacy Policy


The following privacy policy applies to the use of our online offering (hereinafter referred to as “website”).

We attach great importance to data protection. Your personal data is collected and processed in compliance with the applicable data protection regulations, in particular the General Data Protection Regulation (GDPR, german: DSGVO).

1 Responsible party

The controller responsible for the collection, processing, and use of your personal data within the meaning of Art. 4 No. 7 GDPR is

innovate Software GmbH, Talstr. 13, 72218 Wildberg, Germany
Phone.: +49 7054/3021-0
E-Mail: datenschutz@innovate-gmbh.de

If you wish to object to the collection, processing, or use of your data by us in accordance with these data protection provisions, either in whole or for individual measures, you can address your objection to the responsible party.

You can save and print this privacy policy at any time.

2 General purposes of processing

We use personal data for the purpose of operating the website.

3 What data we use and why

3.1 Hosting

The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, security services, and technical maintenance services, which we use for the purpose of operating the website.

In doing so, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta and communication data from customers, interested parties, and visitors to this website on the basis of our legitimate interests in the efficient and secure provision of our website in accordance with Art. 6 (1) (f) GDPR in conjunction with Art. 28 GDPR.

3.2 Access data

We collect information about you when you use this website. We automatically collect information about your usage behavior and your interaction with us and record data about your computer or mobile device. We collect, store, and use data about every access to our website (so-called server log files). The access data includes: 

  • Name and URL of the file accessed
  • Date and time of access
  • Amount of data transferred
  • Notification of successful access (HTTP response code)
  • Browser type and browser version
  • Operating system
  • Referrer URL (i.e., the previously visited page)
  • User’s internet service provider
  • IP address and the requesting provider

We use this log data without assigning it to your person or otherwise creating a profile for statistical evaluations for the purpose of operating, securing, and optimizing our website, but also for anonymously recording the number of visitors to our website (traffic) and the extent and type of use of our website and services, as well as for billing purposes to measure the number of clicks received from cooperation partners. Based on this information, we can provide personalized and location-based content, analyse data traffic, find and fix errors, and improve our services.

This also constitutes our legitimate interest pursuant to Art. 6 (1) (f) GDPR.

We reserve the right to review the log data retrospectively if there are concrete indications that there is justified suspicion of illegal use. We store IP addresses in the log files for a limited period of time if this is necessary for security purposes. We also store IP addresses if we have concrete suspicion of a criminal offense in connection with the use of our website.

3.3 Cookies

We use so-called session cookies to optimize our website. A session cookie is a small text file that is sent by the respective servers when you visit a website and is temporarily stored on your hard drive. This file contains a so-called session ID, which can be used to assign various requests from your browser to the shared session. This allows your computer to be recognized when you return to our website. These cookies are deleted after you close your browser. They are used, for example, to enable you to use the shopping cart function across multiple pages.

Our legitimate interest in the use of cookies pursuant to Art. 6 (1) (f) GDPR lies in making our website more user-friendly, effective, and secure.

You can set your browser so that you are informed in advance about the setting of cookies and can decide in each individual case whether to exclude the acceptance of cookies for certain cases or in general, or to prevent cookies completely. This may restrict the functionality of the website.

3.4 Data for the fulfillment of our contractual obligations

We process personal data that we need to fulfill our contractual obligations, such as name, address, email address, products ordered, billing and payment details. The collection of this data is necessary for the conclusion of the contract. The data is deleted after the warranty periods and statutory retention periods have expired.

The legal basis for processing this data is Art. 6 (1) (b) GDPR, as this data is required for us to fulfill our contractual obligations to you.

3.5 Newsletter

The data requested during the registration process is required to subscribe to the newsletter. Your subscription to the newsletter will be logged. After registering, you will receive a message at the email address you provided asking you to confirm your subscription (“double opt-in”). This is necessary to prevent third parties from registering with your email address. You can revoke your consent to receive the newsletter at any time and thus unsubscribe from the newsletter.

We store the registration data for as long as it is needed to send the newsletter. We store the registration log and the shipping address for as long as there is an interest in proving the originally given consent, usually the limitation periods for civil law claims, i.e. a maximum of three years.

The legal basis for sending the newsletter is your consent in accordance with Art. 6 (1) (a) in conjunction with Art. 7 GDPR in conjunction with § 7 (2) No. 3 UWG (German Unfair Competition Act). The legal basis for logging the registration is our legitimate interest in proving that the newsletter was sent with your consent.

You can cancel your registration at any time. A written notification sent to the contact details listed in section 1 (e.g., email, fax, letter) is sufficient for this purpose. Of course, you will also find an unsubscribe option in every newsletter.

3.6 Product recommendations

Regardless of the newsletter, we regularly send you product recommendations by email. This allows us to send you information about products from our range that may be of interest to you based on your recent purchases of goods or services from us. We strictly adhere to the legal requirements in doing so. You can object to this at any time. A written notification to the contact details specified in section 1 (e.g., email, fax, letter) is sufficient for this purpose. Of course, you will also find an unsubscribe option in every product recommendation email.

The legal basis for this is the statutory permission pursuant to Art. 6 (1) sentence 1 f) GDPR in conjunction with § 7 (3) UWG (German Unfair Competition Act).

3.7 E-Mail contract

When you contact us (e.g., via contact form or email), we process your details for the purpose of handling your inquiry and in case any follow-up questions arise.

If data processing is carried out for the purpose of implementing pre-contractual measures at your request or, if you are already our customer, for the purpose of implementing the contract, the legal basis for this data processing is Art. 6 (1) (b) GDPR.

We only process further personal data if you consent to this (Art. 6 (1) (a) GDPR) or if we have a legitimate interest in processing your data (Art. 6 (1) (f) GDPR). A legitimate interest lies, for example, in responding to your email.

4 Storage period

Unless specifically stated, we only store personal data for as long as is necessary to fulfill the purposes pursued.

In some cases, the law requires the storage of personal data, for example in tax or commercial law. In these cases, we only store the data for these legal purposes, but do not process it in any other way and delete it after the legal retention period has expired.

5 Your rights as a data subject

Under applicable law, you have various rights regarding your personal data. If you wish to exercise these rights, please send your request by email or post, clearly identifying yourself, to the address given in section 1.

Below you will find an overview of your rights.

5.1 Right to confirmation and information

You have the right to receive clear information about the processing of your personal data.

In detail:
You have the right to obtain confirmation from us at any time as to whether personal data concerning you is being processed. If this is the case, you have the right to request information from us free of charge about the personal data stored about you, together with a copy of this data. You also have the right to the following information:

  1. The purposes of the processing;
  2. The categories of personal data that are being processed;
  3. he recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
  4. Where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  5. The existence of a right to rectification or erasure of personal data concerning you, or to restriction of processing by the controller, or a right to object to such processing;
  6. The existence of a right of appeal to a supervisory authority;
  7. If the personal data is not collected from you, all available information about the origin of the data;
  8. The existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in these cases, meaningful information about the logic involved, as well as the significance and the intended consequences of such processing for you;

If personal data is transferred to a third country or to an international organization, you have the right to be informed about the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

5.2 Right to rectification

You have the right to request that we correct and, if necessary, complete personal data concerning you.

In detail:
You have the right to request that we correct any inaccurate personal data concerning you without delay. Taking into account the purposes of the processing, you have the right to request that incomplete personal data be completed, including by means of a supplementary statement.

5.3 Right to erasure ("right to be forgotten")

In a number of cases, we are obliged to delete personal data concerning you.

In detail:
Pursuant to Art. 17 (1) GDPR, you have the right to request that we delete personal data concerning you without delay, and we are obliged to delete personal data without delay if one of the following reasons applies:

  1. The personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
  2. You revoke your consent on which the processing was based in accordance with Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR, and there is no other legal basis for the processing.
  3. You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
  4. The personal data has been processed unlawfully.
  5. The erasure of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which we are subject.
  6. The personal data has been collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.
  7. If we have made the personal data public and are obliged to delete it in accordance with Art. 17 (1) GDPR, we shall take reasonable measures, including technical measures, taking into account the available technology and implementation costs, to inform data controllers who process the personal data that you have requested them to delete all links to this personal data or copies or replications of this personal data.

5.4 Right to restriction of processing

In a number of cases, you are entitled to request that we restrict the processing of your personal data.

In detail:
You have the right to request that we restrict processing if one of the following conditions applies:

  1. You dispute the accuracy of the personal data, for a period enabling us to verify the accuracy of the personal data;
  2. The processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
  3. We no longer need the personal data for the purposes of processing, but you need the data to assert, exercise, or defend legal claims, or
  4. You have lodged an objection to the processing pursuant to Art. 21 (1) GDPR, as long as it is not yet clear whether the legitimate reasons of our company outweigh yours.

5.5 Right to data portability

You have the right to receive, transfer, or have us transfer your personal data in a machine-readable format.

In detail:
You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format, and you have the right to transmit this data to another controller without hindrance from us, provided that

  1. the processing is based on consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR, and
  2. the processing is carried out using automated means.

When exercising your right to data portability pursuant to paragraph 1, you have the right to have the personal data transmitted directly from us to another controller, insofar as this is technically feasible.

5.6 Right to objection

You have the right to object to the lawful processing of your personal data by us if this is justified by your particular situation and our interests in the processing do not outweigh yours.

In detail:
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions. We will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.

If we process personal data for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing purposes; this also applies to profiling insofar as it is related to such direct marketing.

You have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

5.7 Automated decisions, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

No automated decision-making based on the personal data collected takes place.

5.8 Right to revoke consent under data protection law

You have the right to withdraw your consent to the processing of personal data at any time.

5.9 Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of personal data relating to you is unlawful.

6 Data security

We make every effort to ensure the security of your data in accordance with applicable data protection laws and technical capabilities.

Your personal data is transmitted to us in encrypted form. We use the SSL (Secure Socket Layer) encryption system, but would like to point out that data transmission over the Internet (e.g. when communicating by e-mail) may be subject to security vulnerabilities. It is not possible to completely protect data from access by third parties.

To secure your data, we maintain technical and organizational security measures in accordance with Art. 32 GDPR, which we continually adapt to the state of the art.

We also do not guarantee that our services will be available at certain times; disruptions, interruptions, or failures cannot be ruled out. The servers we use are regularly and carefully backed up.

7 Transfer of data to third parties, no data transfer to non EU countries

As a matter of principle, we only use your personal data within our company.

If and to the extent that we engage third parties in the performance of contracts, they will only receive personal data to the extent that the transfer is necessary for the corresponding service.

In the event that we outsource certain parts of data processing (“contract processing”), we contractually oblige processors to use personal data only in accordance with the requirements of data protection laws and to ensure the protection of the rights of the data subject.

Data will not be transferred to locations or persons outside the EU except in the case specified in section 4 of this statement, and no such transfer is planned.

8 Data Protection Officer

If you have any questions or concerns regarding data protection, please contact our data protection officer:

innovate Software GmbH
Data protection officer
Talstr. 13
72218 Wildberg

Phone.: +49 7054/3021-0
E-Mail: datenschutz@innovate-gmbh.de