Transparent Information

We are aware of the importance of the personal data that you entrust to us. We consider ensuring the confidentiality of your data to be one of our most important duties.

In line with the General Data Protection Regulation (GDPR), which has come into effect on 25 May 2018, we hereby fulfil our obligations regarding information to be provided where personal data are collected from the data subject and provide transparent information on the nature, scope and purposes of the collection of personal data while explaining your rights to you.

 

 

1. Contact Details of the Controller

The controller within the meaning of the General Data Protection Regulation is:

innovaphone AG
Contact person: Nicole Hofmeister
Umberto-Nobile-Str. 15
D-71063 Sindelfingen

Phone: +49 7031 73009 0
E-mail: privacy@innovaphone.com

 

The following data protection officer was appointed:

Mr Stephan Hartinger
Coseco GmbH
Phone: +49 8232 80988-70
E-mail: datenschutz@coseco.de

2. What Sources are Used to Collect Personal Data?

We process personal data that we receive directly from our customers in the scope of our business relationship. We further process personal data that we receive from other enterprises, for instance to carry out orders, to perform contracts or because you have given your consent. We further process personal data that we have lawfully obtained from publicly accessible sources (e.g., commercial register and register of associations, press, media, internet) and are authorised to process.

Personal data that may be relevant to us include:

Customer contact details
When establishing a business relationship and during the relationship, additional personal data, such as information on the contact channel, date, cause and result, (electronic) copies of written communication and information on participation in direct marketing measures, may be obtained through personal contact or communication by phone or mail either through your or at the instigation of one of our employees.

Credit rating information
Business-related credit rating documents: Profit calculations, balance sheets, financial business analysis, time and duration of self-employment.

3. For what Purposes and on which Legal Basis are Personal Data Processed?

We process the aforementioned personal data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the new German Federal Data Protection Act (BDSG neu):

Processing of personal data, for which we have obtained the consent of the data subject, is based on point (a) of Art. 6 (1) General Data Protection Regulation.

Processing of personal data that is necessary for the performance of a contract to which the data subject is party, is based on point (b) of Art. 6 (1) GDPR. This provision also covers processing operations that are required prior to entering into a contract.

Processing of personal data that is necessary for compliance with a legal obligation to which our Company is subject, is based on point (c) of Art. 6 (1) GDPR.

If processing is necessary for the purposes of the legitimate interests pursued by our Company or by a third party, and where the interests or fundamental rights and freedoms of the data subject do not override the former interests, processing is based on point (f) of Art. 6 (1) GDPR. The legitimate interests of our Company refer to performing our business activities.

We process your data for the following purposes:

  • for sending the newsletter, provided you have signed up to receive the newsletter on our website
  • for establishing contact by email, post or telephone for offers, events or training measures that might interest you and to establish and foster a business relationship
  • to understand the training level with respect to innovaphone products
  • use of photos, logos and videos for public relations purposes.

This link takes you to our Data Privacy Policy.

4. Transmission of Data to Third Parties

Within our Company, your personal data will only be transmitted to those persons and business units who need the data to perform our contractual and legal obligations. We only transmit data to third parties if this is required to perform a contractual obligation. We do not transmit data to third parties beyond the purposes specified in item 3. We further transmit data to third parties if we are under a legal obligation to do so. Such obligations include written requests for information by public agencies (e.g., public authorities and offices), judicial orders or a legal provision that allows transmission of such data.

In case of advance performance on our part, like purchase against invoice, we reserve the right to obtain a credit ranking or identity check from specialised service providers (credit agencies) in order to safeguard our legitimate interest.

Your data may be transmitted to certain companies within our Company group when such companies contribute to performing a contractual obligation.

Data may be transmitted to the following companies within our Company Group:

innovaphone SAS
96 Rue Lamarck
11000 Carcassonne
France

innovaphone s.r.l.
Via Ospedaletto, 105/C
37026 Ospedaletto di Pescantina (VR)
Italy

innovaphone nordic AB
c/o Tysk-Svenska Handelskammarens
Box 27104
10252 Stockholm
Sweden

5. Transmission of Data to Third Countries

No personal data is transmitted to so-called third countries, i.e. countries outside the EU/EEA area.

6. Duration of Storage /Erasure Deadlines

We process and store your personal data as long as this is necessary for the performance of our contractual duties and all the other purposes stated in item 3 or as long as necessary in keeping with the preservation periods stipulated by the legislator.

Once the data is no longer required for fulfilling contractual or legal obligations, such data is restricted for processing or erased regularly and in keeping with the statutory provisions.

7. Rights of Data Subjects

Please do not hesitate to contact us in writing at any time when you have questions regarding the personal data concerning you.

Pursuant to GDPR, you have the following rights: right of access (Art. 15 GDPR)
You have the right to receive information on what categories and information with respect to the personal data concerning you we process, for which purpose and for how long and according to what criteria such data are stored and whether we use automated decision-making, including profiling, in this context. You further have the right to receive information on the recipients or categories of recipients to whom your data were or will be disclosed, in particular if this refers to recipients in third countries or international organisations. In this case, you have the right to receive information on appropriate safeguards taken in connection with the transmission of the personal data concerning you.

In addition to the right to lodge a complaint with a supervisory authority and the right to obtain information on the source of the data concerning you, you have a right to erasure, rectification and a right to restrict the processing of your data as well as the right to object against the personal data concerning you being processed.

You have the right, in all of the aforementioned cases, to request that the controller provide, free of charge, a copy of the personal data concerning you that we process. For any additional copies that you might request and that exceed the right to access by the data subject, we are entitled to charge an appropriate administration fee.

Right to rectification (Art. 16 GDPR)
You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking in to account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

if you wish to exercise your right to rectification, please do not hesitate to contact our data protection officer or the person responsible for processing the data.

Right to erasure (Art. 17 GDPR)
You have the right to obtain from the controller the erasure of personal data concerning you without undue delay (“right to be forgotten”), in particular, if storing the personal data is no longer necessary, you withdraw your consent to data processing, your data was unlawfully processed or collected or there is a legal obligation under EU or national law to erase such data.

The right to be forgotten does, however, not apply if an overriding right to freedom of expression and information exists, it is necessary to store the personal data for the performance of a legal obligation (e.g., preservation duties), archiving purposes conflict with the erasure or the data is stored for the establishment, exercise or defence of legal claims.

Right to restriction of processing (Art. 18 GDPR)
You have the right to obtain from the controller restriction of processing if the accuracy of the personal data is contested by you, the processing is unlawful, you oppose the erasure of the personal data and request the restriction of their use instead, the personal data are no longer needed for the purposes of processing or if you have objected to processing pursuant to Article 21 (1) pending the verification whether our legitimate grounds override your grounds.

Right to data portability (Art. 20 GDPR)

You have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format. Further, you have the right to transmit these data to another controller without hindrance from the controller to which the personal data have been provided, where:

the processing is based on given consent and
the processing is carried out by automated means.
In exercising your right to data portability, you further have the right to have your personal data transmitted directly from one controller to another, where technically feasible. The rights and freedoms of others may not be affected.

The right to data portability does not apply to the processing of personal data if this is necessary for the performance of duties, which is in public interest or is carried out in the exercise of official authority, assigned to the controller.

Right to object (Art. 21 GDPR)
You have the right to object to the processing of the personal data concerning you at any time, unless there are legitimate grounds for processing. Legitimate grounds for processing include, for instance, grounds that override the interests, rights and freedoms of the data subject or if processing is required for the establishment, exercise or defence of legal claims. In addition, you can exercise a specific, explicit right to object to the processing of your personal data for direct marketing purposes.

Right to lodge a complaint with the data protection supervisory authority (Art. 77 GDPR in conjunction with Section 19 German Federal Data Protection Act (BDSG).
You have the right to lodge a complaint with the competent supervisory authority if you believe that an infringement was committed in processing your personal data.

Right to withdraw consent under data protection law (Art. 7 (3) GDPR)
You may at any time withdraw your consent to processing of your personal data without stating any reasons. This also applies to the withdrawal of a declaration of consent that was given to us before the EU General Data Protection Regulation came into force.

8. Statutory or Contractual Provisions to Provide Personal Data and Consequences of not Providing such Data

We hereby inform you that, in certain circumstances, it is required by law to provide personal data (e.g., tax provisions) or that such an obligation may arise from a contractual provision (e.g., information regarding the other contractual party). The data subject/other contracting party may, for instance, be required to provide his or her personal data in order to conclude the contract and to put us in a position to actually deal with the data subject’s request (like an order). An obligation to provide personal data arises in particular whenever a contract is concluded. If no personal data are provided in such a situation, the contract with the data subject cannot be concluded. Before providing personal data, the data subject can contact our data protection officer or other person responsible for processing the data. The data protection officer or other person responsible for processing the data will then inform the data subject whether the provision of the required personal data is prescribed by law or contract or required in order to conclude the contract and whether the data subject’s request entails an obligation to provide personal data and what consequences it will have for the data subject if the data is not provided.

9. Statutory Existence of Automated Decision-Making (Including Profiling)

As a responsible company, we do not subject our business relationships to automated decision-making or profiling.