1. An overview of data protection
Data collection on our website
Who is responsible for the data collection on this website?
The data collected on this website are processed by the website operator. The operator’s contact details can be found in the website’s required legal notice.
How do we collect your data?
Some data are collected when you provide it to us. This could, for example, be data you enter on a contact form.
Other data are collected automatically by our IT systems when you visit the website. These data are primarily technical data such as the browser and operating system you are using or when you accessed the page. These data are collected automatically as soon as you enter our website.
What do we use your data for?
Part of the data is collected to ensure the proper functioning of the website. Other data can be used to analyze how visitors use the site.
What rights do you have regarding your data?
You always have the right to request information about your stored data, its origin, its recipients, and the purpose of its collection at no charge. You also have the right to request that it be corrected, blocked, or deleted. You can contact us at any time using the address given in the legal notice if you have further questions about the issue of privacy and data protection. You may also, of course, file a complaint with the competent regulatory authorities.
Analytics and third-party tools
You can object to this analysis. We will inform you below about how to exercise your options in this regard.
2. General information and mandatory information
Please note that data transmitted via the internet (e.g. via email communication) may be subject to security breaches. Complete protection of your data from third-party access is not possible.
Notice concerning the party responsible for this website
The party responsible for processing data on this website is:
P: +49 89 502 002-0
The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (names, email addresses, etc.).
Revocation of your consent to the processing of your data
Many data processing operations are only possible with your express consent. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
Right to file complaints with regulatory authorities
If there has been a breach of data protection legislation, the person affected may file a complaint with the competent regulatory authorities. The competent regulatory authority for matters related to data protection legislation is the data protection officer of the German state in which our company is headquartered. A list of data protection officers and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Right to data portability
You have the right to have data which we process based on your consent or in fulfillment of a contract automatically delivered to yourself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser’s address line when it changes from “http://” to “https://” and the lock icon is displayed in your browser’s address bar.
If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.
Information, blocking, deletion
As permitted by law, you have the right to be provided at any time with information free of charge about any of your personal data that is stored as well as its origin, the recipient and the purpose for which it has been processed. You also have the right to have this data corrected, blocked or deleted. You can contact us at any time using the address given in our legal notice if you have further questions on the topic of personal data.
3. Data collection on our website
Most of the cookies we use are so-called “session cookies.” They are automatically deleted after your visit. Other cookies remain in your device’s memory until you delete them. These cookies make it possible to recognize your browser when you next visit the site.
Server log files
The website provider automatically collects and stores information that your browser automatically transmits to us in “server log files”. These are:
- Browser type and browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
These data will not be combined with data from other sources.
The basis for data processing is Art. 6 (1) (f) DSGVO, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.
Should you send us questions via the contact form, we will collect the data entered on the form, including the contact details you provide, to answer your question and any follow-up questions. We do not share this information without your permission.
We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1)(a) DSGVO. You may revoke your consent at any time. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision.
4. Analytics and advertising
This website uses Google Analytics, a web analytics service. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.
Google Analytics cookies are stored based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in analyzing user behavior to optimize both its website and its advertising.
We have activated the IP anonymization feature on this website. Your IP address will be shortened by Google within the European Union or other parties to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases is the full IP address sent to a Google server in the US and shortened there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity, and to provide other services regarding website activity and Internet usage for the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.
You can prevent these cookies being stored by selecting the appropriate settings in your browser. However, we wish to point out that doing so may mean you will not be able to enjoy the full functionality of this website. You can also prevent the data generated by cookies about your use of the website (incl. your IP address) from being passed to Google, and the processing of these data by Google, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
Objecting to the collection of data
You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set to prevent your data from being collected on future visits to this site: Disable Google Analytics.
Outsourced data processing
We have entered into an agreement with Google for the outsourcing of our data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
5. Plugins and tools
Our website uses plugins from YouTube, which is operated by Google. The operator of the pages is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
If you visit one of our pages featuring a YouTube plugin, a connection to the YouTube servers is established. Here the YouTube server is informed about which of our pages you have visited.
If you’re logged in to your YouTube account, YouTube allows you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.
YouTube is used to help make our website appealing. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO.
Further information about handling user data, can be found in the data protection declaration of YouTube under https://www.google.de/intl/de/policies/privacy.
Google Web Fonts
For uniform representation of fonts, this page uses web fonts provided by Google. When you open a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.
For this purpose your browser has to establish a direct connection to Google servers. Google thus becomes aware that our web page was accessed via your IP address. The use of Google Web fonts is done in the interest of a uniform and attractive presentation of our website. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO.
If your browser does not support web fonts, a standard font is used by your computer.
Responsible Business Alliance (RBA)
InnoLas Solutions accepts the RBA agreements, but is not a member of the association. Further information on the Responsible Business Alliance please find here.
6. Reporting Office
As part of our Compliance Management System, we have established a whistleblower hotline. You have the opportunity to report incidents covered by the Whistleblower Protection Act (HinSchG) or incidents in which we otherwise have a legitimate interest in obtaining information. For the receipt and evaluation of such reports, we have commissioned the law firm Heuking Kühn Lüer Wojtek as an outsourced internal reporting office (hereinafter referred to as the “Reporting Office”). Reports to the Reporting Office can be submitted via a web form, by phone, by email, or in person. Reports to the Reporting Office can be made anonymously. The use of the Reporting Office is voluntary.
a.) Categories of personal data we process
We receive a report from the Reporting Office, which, after reviewing the report, may contain the following personal data:
- Names and other personal data of the reporting person only if the reporting person does not wish to remain anonymous and agrees to the disclosure to us;
- Names and other personal data resulting from the report of the individuals mentioned in the report. As part of the further clarification of the reported incident and its processing, additional personal data may be collected and processed by us.
b) Purposes of data processing, legal basis
The processing of data transmitted to us by the Reporting Office serves the handling and management of reports of compliance violations, violations of legal regulations, and violations related to our business operations by employees, customers, suppliers, and other third parties. The legal basis for processing your personal data as the reporting person is, if you disclose your identity and agree to the disclosure of your name by the Reporting Office to us, your consent (Art. 6 para. 1 sentence 1 lit. a GDPR). To the extent that incidents fall under the Whistleblower Protection Act (HinSchG), Art. 6 para. 1 sentence 1 lit B GDPR in conjunction with § 10 HinSchG is the legal basis for processing the personal data of you as the reporting person and of the person(s) affected by the report. Outside the scope of the HinSchG, the legal basis for processing your personal data and the personal data of individuals affected by the report is our legitimate interest in uncovering and preventing legal violations and misconduct (Art. 6 para. 1 sentence 1 lit. f GDPR). A legitimate interest in uncovering and preventing legal violations and misconduct exists where we are legally obligated in certain areas. In addition, such violations can cause not only significant economic damage but also substantial reputational loss. If the affected person is one of our employees, the legal basis for processing in the course of processing or further investigation of the reported incident is also Art. 6 para. 1 sentence 1 lit. b GDPR) and, if applicable, our legitimate interest as described above (Art. 6 para. 1 sentence 1 lit. f GDPR).
c) Disclosure to third parties
The confidential treatment of all reports and data by the Reporting Office is ensured at all times and in every processing step. This particularly concerns the personal data of the reporting person as well as the person(s) affected by the report. Only designated, authorized individuals bound to handle information confidentially have access to incoming reports and information about the processing of the report or follow-up measures. If the report concerns another company within our corporate group, we will share the contents of the report and the results of the further investigation with that company within our corporate group. We may also disclose the contents of the report and the results of the further investigation of the reported incident to courts, authorities, and other public entities. This may occur if we are legally obligated to disclose the data or if it is necessary for the assertion, exercise, or defense of legal claims. In the course of investigative measures and in the assertion, exercise, or defense of legal claims, we may also engage the support of law firms or audit firms. Additionally, we may involve (technical) service providers in the investigation and processing of the reported incident, who act as data processors for us within the meaning of Art. 28 GDPR and operate on the basis of corresponding agreements. These service providers may also become aware of the contents of the whistleblower report but are obligated to handle the affected data confidentially. Personal data of the reporting person and the affected individuals may, despite maintaining confidentiality, come to the attention of authorities, courts, or third parties in exceptional situations. This is the case when the disclosure of this information is mandatory for us, such as in the context of an official investigation (e.g., in the course of a criminal investigation) or when it is necessary for the assertion, exercise, or defense of legal claims. Moreover, the reported information must, under certain conditions, be disclosed to the individuals affected by the report.
d) Duration of data storage
Personal data will be stored as long as necessary for the investigation of the report and any subsequent measures, or as long as there is a legitimate interest on our part, or as long as required by law. After that, the data will be deleted in accordance with legal requirements.
e) Transfer of data to third countries
As a rule, no personal data from reports is transferred to countries outside the European Union (EU) or the European Economic Area (EEA), unless the report concerns a company within our corporate group located in a country outside the EU or EEA. Countries outside the European Union or the European Economic Area may have different regulations for the protection of personal data. In such a case, when sharing information, we adhere to the relevant data protection regulations.