Foreword

Status March 2021

We, INNO Instrument Europe GmbH (hereinafter jointly referred to as "the company", "we" or "us"), take the protection of your personal data seriously and would like to inform you about data protection in our company.

Within the scope of our responsibility under data protection law, additional obligations have been imposed on us as a result of the entry into force of the EU General Data Protection Regulation (Regulation (EU) 2016/679; hereinafter: "GDPR") in order to ensure the protection of personal data of the person affected by a processing operation (we will also refer to you as a data subject as "customer", "user", "you").

Insofar as we decide, either alone or jointly with others, on the purposes and means of data processing, this includes above all the obligation to inform you transparently about the nature, scope, purpose, duration and legal basis for the processing (cf. Art. 13 and 14 GDPR). With this declaration (hereinafter: "privacy policy") we inform you about the way in which your personal data is processed by us within the scope of using the INNO website www.innoinstrument.eu ("website").

Our privacy policy has a modular structure. It consists of a general section for all processing of personal data and processing situations that come into play each time a website is called up (1. General provisions) and a special section whose content relates only to the processing situation indicated there with the designation of the respective offer or product, in particular the visit to our website, which is described in more detail here (2. Visit to our website) and the use of special functions and services (3. Registration of a user account).

1. General provisions

   1. Definitions of terms

      1. “Personal data" (Art. 4 No. 1 GDPR) means all information relating to an identified or identifiable natural person ("data subject"). A person is identifiable if he or she can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, an online identifier, location data or information concerning his or her physical, physiological, genetic, mental, economic, cultural or social identity. Identifiability may also be provided by linking such information or other additional knowledge. The origin, form or embodiment of the information is irrelevant (photographs, video or audio recordings may also contain personal data).

      2. "Processing" (Art. 4 No. 2 GDPR) is any operation in which personal data are handled, whether or not by automated means (i.e. technology-based). This includes in particular the collection (i.e. acquisition), recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data and the alteration of a target or purpose on which a data processing was originally based.

      3. "Controller" (Art. 4 No. 7 GDPR) means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of processing personal data.

      4. "Third party" (Art. 4 No. 10 GDPR) means any natural or legal person, public authority, agency or other body other than the data subject, controller, processor and persons authorised to process the personal data under the direct responsibility of the controller or processor; this also includes other legal persons belonging to the group.

      5. "Processor" (Art. 4 No. 8 GDPR) means a natural or legal person, authority, agency or other body which processes personal data on behalf of the controller, in particular in accordance with the latter's instructions (e.g. IT service provider). In terms of data protection law, a processor is in particular not a third party.

      6. "Consent" (Art. 4 No. 11 GDPR) of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

   2. Name und contact details of the controller

      We are the controller for processing your personal data in accordance with Art. 4 No. 7 GPDPR:

      INNO Instrument Europe GmbH;
      Gothaer Str. 18, 40880 Ratingen, Germany;
      Phone number: +49 (0) 2102 942480
      e-mail address: sales@innoinstrument.com

      Further information about our company can be found in the imprint information on our website.

   3. Legal bases of data protection

      By law, in principle, any processing of personal data is prohibited and only permitted if the data processing falls under one of the following justifications:

      1. Art. 6 para. 1 phr. 1 lit. a GDPR ("consent"): where the data subject has voluntarily given an informed and unambiguous indication, by means of a declaration or other unambiguous affirmative act, that he or she consents to the processing of personal data relating to him or her for one or more specified purposes.

      2. Art. 6 para. 1 phr. 1 lit. b GDPR: If the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

      3. Art. 6 para. 1 phr. 1 lit. c GDPR: If the processing is necessary for the for compliance with a legal obligation to which the controller is subject (e.g. a legal obligation to preserve records).

      4. Art. 6 para. 1 phr. 1 lit. d GDPR: If the processing is necessary in order to protect the vital interests of the data subject or of another natural person.

      5. Art. 6 para. 1 phr. 1 lit. e GDPR: If the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

         Art. 6 para. 1 phr. 1 lit. f GDPR ("legitimate interests"): If the processing is necessary for the purposes of the legitimate (in particular legal or economic) interests pursued by the controller or of a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (in particular if the data subject is a child).

         In the following, we indicate the applicable legal basis for the processing we carry out. A processing can also be based on several legal bases.

   4. Data deletion and storage duration

      1. For the processing carried out by us, we specify in the following how long the data are stored by us and when they are deleted or blocked. Unless an explicit storage period is specified below, your personal data will be deleted or blocked as soon as the purpose or legal basis for storage ceases to apply. As a matter of principle, your data will only be stored on our servers within the European Union and the European Economic Area, subject to possible forwarding in accordance with the regulations in clauses 1.7. and 1.8.

      2. However, data may be stored beyond the specified time in the event of a (threatened) legal dispute with you or other legal proceedings or if storage is provided for by legal regulations to which we are subject as the responsible party (e.g. § 257 HGB (German commercial code), § 147 AO (German fiscal code). If the storage period prescribed by the legal regulations expires, the personal data will be blocked or deleted unless further storage by us is necessary and there is a legal basis for this.

   5. Security of processing

      1. We use appropriate technical and organisational security measures in order to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties (e.g. TSL encryption for our website), taking into account the state of the art, costs of implementation and the nature, scope, context and purpose of the processing as well as the existing risks of a data breach (including the likelihood and consequences thereof) for the data subject. Our security measures are continuously improved in line with technological developments.

      2. We gladly provide you with more detailed information on request. To do this, use the contact details under clause 1.2

   6. Cooperation with processors

      1. As with any larger company, we also use external domestic and foreign service providers to handle our business transactions (for example, for IT, logistics, telecommunications, sales and marketing). These service providers only act on our instructions and have been contractually obliged to comply with data protection regulations in accordance with Art. 28 GDPR.

      2. If personal data is passed on by us (e.g. to our hosting providers), this is done on the legal basis of existing data processing relationships.

   7. No transfer of personal data to third countries

      We will not transfer your personal data to countries outside the European Union and the European Economic Area ("third countries").

   8. No existence of automated decision-making (including profiling)

      We do not intend to use personal data collected from you for any automated decision-making process (including profiling).

   9. No obligation to provide personal data

      We do not make the conclusion of contracts with us dependent on you providing us with personal data in advance. For you as a customer, there is no legal or contractual obligation to provide us with your personal data; however, it is possible that we may only be able to provide certain offers to a limited extent or not at all if you do not provide the necessary data. If this should exceptionally be the case within the scope of the products we offer and which are presented below, you will be informed of this separately.

   10. Legal obligation to communicate certain data

       Under certain circumstances, we may be subject to a special legal or statutory obligation to make the legitimately processed personal data available to third parties, in particular public authorities (Art. 6 para. 1 phr. 1 lit. c GDPR).

   11. Your rights as data subject

       You may assert your rights as a data subject in respect of your personal data processed at any time by contacting us at the address indicated at the beginning of clause 1.2. You have the right as a data subject:

       1. To request information about your data processed by us in accordance with Art. 15 GDPR. In particular, you may request information on the purposes of processing, the category of data, the categories of recipients to whom your data has been or will be disclosed, the envisaged period for which the data will be stored, or, if not possible, the criteria used to determine that period, the existence of a right of rectification, erasure, restriction of processing or objection, the existence of the right to lodge a complaint with a supervisory authority, the origin of your data, if not collected by us, as well as the existence of automated decision-making including profiling and, where applicable, meaningful information on the details of such data;

       2. to immediately request the rectification of inaccurate data or the completion of your data stored by us in accordance with Art. 16 GDPR;

       3. to demand the erasure of your data stored with us in accordance with Art. 17 GDPR, unless the processing is necessary to exercise the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;

       4. to demand, in accordance with Art. 18 GDPR, the restriction of the processing of your data, if the accuracy of the data is disputed by you or the processing is unlawful;

       5. to receive the data, you have provided us with in a structured, commonly used and machine-readable format or to request the transmission to another controller without hindrance in accordance with Art. 20 GDPR ("right of data portability");

       6. to lodge an objection to the processing pursuant to Art. 21 GDPR if the processing is carried out on the legal basis of Art. 6 para. 1 phr. 1 lit. e or f GDPR. This is particularly the case if the processing is not necessary for the performance of a contract with you. Unless it is an objection to direct marketing, we would ask you to state the reasons why we should not process your data as we do when you exercise such objection. In the event of a justified objection, we will examine the situation and either stop or adapt the data processing or show you our compelling and protection-worthy reasons for continuing the processing;

       7. to withdraw your consent in accordance with Art. 7 para. 3 GDPR - i.e. your freely given, informed and unambiguously expressed wish, in the form of a statement or any other clear affirmative action, that you consent to the processing of the personal data concerned for one or more specific purposes - at any time vis-à-vis us, if you have given such consent. As a result, we may not continue to process the data based on this consent in the future;

       8. to lodge a complaint with the relevant supervisory authority about the processing of your personal data in our company, in accordance with Art. 77 GDPR.

   12. Changes of the privacy policy

       Within the framework of the further development of data protection law and technological or organisational changes, our privacy policy is regularly reviewed for the need to adapt or supplement it.

2. Visit of our website

   1. Explanation and function

      Information about our company and the services we offer is available in particular at www.innoinstrument.eu together with the associated sub-pages (hereinafter collectively referred to as "websites"). When you visit our websites, personal data may be processed.

   2. Personal data processed

      When using the websites for information purposes, the following categories of personal data are collected, stored and processed by us:
      "protocol data": When you visit our websites, a so-called protocol data record (so-called server log files) is temporarily and anonymously stored on our web server. This consists of:

      • the web page from which the website was requested (so-called referrer URL);

      • the name and URL of the requested web page;

      • the date and time of the request;

      • the description of the type, language and version of the web browser used;

      • the IP address of the requesting computer, which is shortened in such a way that a personal reference can no longer be established;

      • the amount of data transmitted;

      • the operating system;

      • a message indicating whether the request was successful (access status/http status code);

      • the GMT time zone difference.

   3. Purpose and legal basis of the data processing

      We process the personal data specified above in accordance with the provisions of the GDPR, the other relevant data protection regulations and only to the extent necessary. Insofar as the processing of personal data is based on Art. 6 para. 1 phr. 1 lit. f GDPR, the aforementioned purposes also represent our legitimate interests.

      The processing of log data serves statistical purposes and to improve the quality of our website, in particular the stability and security of the connection (legal basis is Art. 6 para. 1 phr. 1 lit. f GDPR). Contact form data is processed to handle customer enquiries (legal basis is Art. 6 para. 1 phr. 1 lit. b or f GDPR).

   4. Duration of data processing

      Your data will be processed only for as long as necessary to achieve the above-mentioned processing purposes; in this regard the legal bases stated in the context of the processing purposes apply accordingly. With regard to the use and storage period of cookies, please refer to clause 1.5.
      
      Third parties employed by us will store your data on their systems for as long as is necessary in connection with the provision of services for us in accordance with the respective order. For further details on the storage period, please refer to clause 1.5.

   5. Transmission of personal data to third parties; legal basis

      The following categories of recipients, which are normally processors (see clause 1.7.), may have access to your personal data:

      In addition, we only pass on your personal data to third parties if you have given your express consent to do so in accordance with Art. 6 para. 1 phr. 1 lit. a GDPR.

      1. Service providers for the operation of our website and the processing of data stored or transmitted by the systems (e.g. for computer centre services, payment processing, IT security). The basis for the transfer is then Art. 6 para. 1 phr. 1 lit. b or letter f GDPR, insofar as the service providers are not processors;

      2. Public bodies/authorities, insofar as this is necessary to perform a legal obligation. The basis for the transfer is then Art. 6 1 phr. 1 lit. c GDPR;

      3. Persons employed to carry out our business operations (e.g. auditors, banks, insurance companies, legal advisors, supervisory authorities, parties involved in company acquisitions or the establishment of joint ventures). The basis for the transfer is then Art. 6 para. 1 phr. 1 lit. b or lit. f GDPR.

   6. Use of cookies, plugins and other services on our website

      We use cookies on our websites. Cookies are small text files that are assigned and stored on your hard disk to the Internet browser you are using by a characteristic character string and through which certain pieces of information are passed to the body that sets the cookie. Cookies cannot execute programs or transfer viruses to your computer and therefore cannot cause any damage. They are used to make the website as a whole more user-friendly and effective, i.e. more pleasant for you.

      Cookies can contain data that make it possible to recognise the end device used. In some cases, however, cookies only contain information on certain settings that cannot be related to a specific person. However, cookies cannot directly identify a user.

      A distinction is made between session cookies, which are deleted again as soon as you close your Internet browser, and permanent cookies, which are stored beyond the individual session. With regard to their function, a distinction is again made between cookies:

      1. Technical Cookies: These are essential to navigate the website, use basic functions and ensure the security of the website; they do not collect information about you for marketing purposes nor do they record which websites you have visited;

      2. Performance Cookies: They collect information about how you use our website, which pages you visit and, for example, whether errors occur during use of the website; they do not collect any information that could identify you - all information collected is anonymous and is only used to improve our website and find out what interests our users;

      Any use of cookies that is not absolutely technically necessary is only permitted with your express and active consent in accordance with Art. 6 para. 1 phr. 1 lit. a GDPR. This applies in particular to the use of advertising, targeting or sharing cookies. Furthermore, we will only pass on your personal data processed by cookies to third parties if you have given your express consent in accordance with Art. 6 para. 1 phr. 1 lit. a GDPR.
       
      We do not use social media plug-ins on our websites. If our websites contain symbols of social media providers (e.g. Facebook, Twitter, LinkedIn, …), we only use them for passive linking to the pages of the respective providers.

1. Registration of a user account

   1. Explanation and personal data processed

      You can register a user account on our website www.inno-viewpro.com. If you wish to create a user account, you must enter your e-mail address, a password of your choice and a user name of your choice in the fields provided during the registration process ("access data"). There is no obligation to use a clear name, so that pseudonymous use is possible. We use the so-called double-opt-in procedure for registration, i.e. your registration is not complete until you have confirmed your registration by clicking on the link contained in a confirmation e-mail sent to you for this purpose. If your confirmation is not received within 24 hours, your registration and access data will be automatically deleted from our database.

   2. Purpose, storage period and legal basis of data processing

      If you have successfully registered a user account, we will store your access data until the user account is deleted from our database. The legal basis is Art. 6 para. 1 p. 1 lit. f GDPR.