PRIVACY NOTE – general
This is the privacy notice hosted by Innerio Heat Exchanger GmbH (“we”, “us” and ” Innerio”), headquartered in 2542 Kottingsbrunn, Austria at https://www.innerio-heatexchanger.com. Our contact details can be found below.
At Innerio, we take your privacy seriously. Please read the following information in this privacy notice to learn how we process your personal data. “personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person).
What this privacy notice covers
We have prepared this privacy notice to describe to you our processing operations in relation to the personal data we collect directly from users of our website https://www.innerio-heatexchanger.com (the / our “Website”), users engaging with our other online content (for example, via social media) and recipients of our e-mails (collectively, “Services”) as a data controller within the meaning of Article 4 of the General Data Protection Regulation (“GDPR”). The privacy notice also applies to the use of our Services with mobile devices or by other means.
Personal data we collect, how we use it and on what legal basis
Depending on how you interact with our Services (through the website, social media, online advertising, etc.), we collect different categories of personal data and use them in different ways based on different legal bases, as set out here below:
- Information that you provide to us when you interact with us.
Personal Contact Information:
This includes your name, home or postal address, telephone number and e-mail address. This may also include information you give us about another person (for example, if you ask us to send product information to another person). We process personal contact information in connection with product orders and customer service. The legal basis for this processing is contract performance / pre-contractual measures.
Information on orders and products:
This includes details of the products you searched for on our website and the time and date of the searches.
We use this information to deliver ordered products to you, as well as to send you promotional e-mails (where appropriate, with your consent) for products and offers tailored to your interests, to provide you with personalised product recommendations when you return to the website, to provide you with advertisements when you visit social media platforms such as LinkedIn or other websites, and to better understand our customers so that we can improve our products and our users’ experience of our website. The legal basis for this processing is contract performance / pre-contractual measures, our legitimate interest in informing you about our products and services, or otherwise your consent.
Legitimate interests is a technical term in data protection law that means that we have a good and legitimate reason to use your personal data and that we do so in a way that does not harm your interests and rights. We will use your data on the basis of our legitimate interests where it is reasonable to be expected in the course of our business and your rights, freedoms or interests will not be significantly harmed.
In some cases, we process personal data on the basis of your explicit consent at the time of collection. If we process personal data on the basis of your consent, you will be expressly informed of this at the time of collection.
User-generated content and contributions:
Any content, posts or requests that you create and then share with us (and potentially others) by uploading them to our website or applications, including our company websites on social media platforms (such as LinkedIn). Examples include queries, photos, videos or other similar media or content. The provision of user-generated content and posts also typically requires the processing of your account information.
In relation to a corporate website, the relevant account information of the respective social media platform is also processed by the provider of the social media platform.
In relation to our website, the legal basis for this processing is either contract performance / pre-contractual measures (where we only provide you with the relevant service involving the sharing of user-generated content) or otherwise our legitimate interest in providing you with the opportunity to share such data.
With regard to the processing of your personal data when you visit our corporate websites, you will find detailed information in Section 4.
- Information collected automatically when you visit the website
When you visit our website, we store certain information about the browser and operating system you use, the date and time of your visit, the access status (for example, whether you were able to access a website or received an error message), the use of functions on the website, search terms you entered, how often you visit individual sub-pages, the name of files you access, the amount of data transferred, the website from which you accessed our website, and the website you visit after visiting our website, whether by clicking on links on our website or by entering a domain directly in the input field of the same tab (or window) of your browser in which you opened our website. In addition, for security reasons, we store your IP address and the name of your Internet provider for seven days, in particular to prevent and detect attacks on our website or attempts at fraud.
The legal basis for this processing is our legitimate interest in the presentation of our website as well as data protection organisation and data security.
- Cookies and similar technologies
When you use the website, we use various technologies (including cookies and pixel tags) to collect certain information (that is, personal data) about how you use the website. These are categorised as “functional cookies”, “performance / analytics cookies” and “marketing cookies”. We use this information to better understand your preferences so that we can improve our website and for security and anti-fraud purposes.
The legal basis for the use of “functional cookies” is our legitimate interest; the use of all other categories of cookies is based on your consent.
Cookies and similar technologies enable you to be recognised when you use the same computer or device to interact with websites and online services, and may be used to manage a range of features and content, as well as to store searches and display personalised content, and enable you to use your social media user profiles in connection with the website, and enable us to target advertisements to you on our website, social media platforms (such as LinkedIn) and other websites and apps (that is, online advertising).
With regard to online advertising, we work with social media platforms and digital advertising platforms to show you advertisements for our products on other websites and social media platforms. For example, if you express interest in a product or purchase a product on our website, we may promote that product or other products we think you may be interested in and show them to you on other websites, LinkedIn or other social networking sites. For this purpose, we share information, in particular collected through cookies, with our social media and digital advertising partners so that they can better understand what you are interested in. Our partners may also retain and use this information to help other companies unrelated to Innerio show you advertisements online. In the “real world” you cannot be identified by this information. Additional information on how to opt-out of this feature can be found below or at http://www.youronlinechoices.eu.
Insofar as cookie / similar technology providers are deemed to be our processors or joint controllers with us for the processing, we have entered into appropriate agreements with those providers where these are available. To the extent required by law, we will provide you upon request with a description of the material terms of any joint controller agreements we have entered into with the relevant cookie providers.
Note about YouTube
We use the YouTube.com platform to post our own videos and make them publicly accessible. This is a video portal of YouTube LLC, 901 Cherry Ave, 94066 San Bruno, CA, USA, hereinafter referred to as “YouTube”. YouTube is a subsidiary of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. We use YouTube with the “extended data protection mode” function. YouTube itself provides this mode and thus ensures that YouTube does not initially save any cookies on your device. The legal basis is Art. 6 Para. 1 lit. f GDPR; our legitimate interest lies in improving the quality of our website. According to YouTube, at least your IP address, the date and time, and the website you visited are only recorded and processed when the video is started. In addition, a connection to Google’s “DoubleClick” advertising network is usually established.
Without this “extended data protection setting”, a connection to the YouTube server in the USA is established as soon as you call up one of our Internet pages on which a YouTube video is embedded. If you are logged in to YouTube at the same time, YouTube will link the connection information to your YouTube account. If you wish to avoid this, you must either log out of YouTube before visiting our website or make the appropriate settings in your YouTube user account.
In order to analyse user behaviour and for the purpose of functionality, YouTube stores cookies via your internet browser on your respective end device. If you do not agree to this processing, you can prevent the storage of cookies through appropriate browser settings and extensions.
Further information on the collection and use of data as well as your rights in this regard can be found in the Google/YouTube data protection information at https://policies.google.com/privacy.
- Company websites
As described in Section 1, we maintain a publicly accessible corporate website on the social media platform LinkedIn. It is likely that the provider of the social media platform will process other information in addition to storing the personal data you specifically provide on the social media platform. When you visit our corporate website on the social media platform, personal data may be transferred to providers in countries outside the European Economic Area that do not ensure an “adequate level of protection” for the processing of personal data according to EU standards from the perspective of the European Union (“EU”). Please consider this before clicking on a relevant link on our website or visiting a company website directly and thereby triggering a transfer of your data.
In the following, we outline our processing activities in connection with your visit to our corporate website. Based on the type of personal data processed, we explain for which purposes and on which legal basis we process your personal data.
Visiting our company website
When you visit our company website, your personal data is also collected, used and stored by the providers of the respective social media platform. This can also happen if you do not have a profile with the respective social media platform. If you are logged in to the respective social media platform with your personal user profile when visiting a social media platform, the provider of the social media platform may link the visit to your user profile. If you do not want such a link, you must log out of your user profile before visiting our company website and delete the cookies where necessary. Details can be found in the data protection information of the provider of the social media platform linked above.
As the operator of the corporate website, we can view the information stored in your respective public user profile when you visit our respective corporate website. However, this is only possible if you have such a user profile on the respective social media platform and are logged in there when you visit our respective corporate website. Accordingly, you can also visit our corporate websites without us having access to the aforementioned information. If we view the information stored in your public user profile, we do so in order to offer you and the rest of our target group the most interesting content possible.
In addition, certain social media platform providers provide us with anonymous usage statistics to varying degrees, which we use to improve the user experience when visiting our respective corporate website. However, we do not have access to the usage data (personal data) that the providers of the respective social media platform collect to create these usage statistics. The providers of the social media platforms are therefore always to be regarded as the responsible parties with regard to the processing of this data. Depending on the social media platform provider and the personal data that provider provides to us, we may be considered joint controllers with the social media platform provider in this regard. To the extent that the social media platform providers are considered joint controllers with us, please note the description in the last paragraph of Section 3 in relation to joint controllers, which will then apply mutatis mutandis to the processing operations described herein.
Our own data processing in connection with our corporate websites serves our (and your) legitimate interest (legal basis) in improving the user experience when visiting the respective corporate website.
Contact via the Messenger (message function) of a social media platform
If you communicate with us via the Messenger of a social media platform or contact us by linking in your own posts or by responding (for example, likes or comments) to one of our posts, we process personal data in this context in the form of:
- Your respective profile name.
- Your first and last name, if this is publicly visible.
- Other information stored as public in your profile.
- Your message or the content of your post or your reaction.
- The date and time of your interaction.
Furthermore, when contacting us via Messenger, you may voluntarily provide additional information that you deem necessary to process your request.
If you contact us, we process the aforementioned personal data to handle your enquiry and the associated technical administration and store it in case follow-up questions arise. Otherwise, we only process the aforementioned personal data to find out whether visitors to our company website like our content.
The processing of the aforementioned personal data is carried out, if you express interest in our products, on the basis of contract fulfilment / pre-contractual measures, that is, for the initiation of a contractual relationship. Otherwise, it is carried out on the basis of mutual interest in providing good service to visitors to our company website and is thus based on our legitimate interest.
There is no obligation to provide the above personal data, but without it we are unable to process enquiries or interact with you.
- Other processing purposes
We use all the information described above for the following general purposes:
- To protect against or deter fraudulent, illegal or harmful activities and to maintain the security and integrity of our services.
- To respond to law enforcement requests and when required by applicable law, court order or government regulations.
The legal basis for this processing is our legitimate interest in protecting our website or in complying with our legal obligations.
As stated in the explanations above, we may communicate with you if you have given us the opportunity to do so. For example, if you have given us your e-mail address, we may send you promotional e-mails or inform you about your use of the services. We may also receive confirmation when you open an e-mail from us, which helps us to improve our services. If you do not wish to receive such marketing communications from us, you can also tell us by e-mailing firstname.lastname@example.org.
The legal basis for this processing is our legitimate interest in informing you about our products and services, or otherwise your consent.
We will not collect additional categories of personal data or use the personal data we collect for substantially different, unrelated or incompatible purposes without informing you.
How personal data can be disclosed to third parties
- Your personal data (as listed above) may be disclosed to the following categories of third parties:
- To our third party service providers who provide services such as website hosting, data analytics, e-mail delivery services, customer relationship management, and other services, or when we use freelancers to provide their services for the purposes described in this Privacy Notice
- Some of these service providers process personal data on our behalf in the United States (“U.S.A.”) and other countries outside the European Economic Area.
- If we are under a duty to disclose or share your personal information in order to comply with any legal obligation or in order to establish, exercise, defend, enforce or apply our conditions of sale and other agreements or legal rights; to investigate or prevent actual or suspected illegal activities, loss or damage in connection with our services and to protect the rights, property or safety of our customers or others; or as otherwise required or permitted by law. This includes sharing information with other companies and organisations to protect against fraud and reduce credit risk and to prevent cybercrime.
- To the extent permitted, to a third party in the event of a reorganisation, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or partnership interests.
- To other companies in the Innerio group of companies from time to time and for the purposes set out in this privacy notice (in the main, the transfer of personal data to companies in the Innerio group of companies is for the fulfilment of product orders; the legal basis in this case is contract performance / pre-contractual measures).
- Your name and contact information (and any other information you disclose) may also be shared with the following categories of third parties:
- To the extent permitted by law to third party strategic partners with whom we may enter into a special relationship for promotional activities.
- To third parties in connection with certain promotions or competitions in which you may participate; where the rules of the promotion regarding the treatment of your personal data are stricter than this Privacy Notice, the rules of the promotion shall apply.
- Information that is automatically collected may be shared with the following categories of third parties:
- To the extent permitted by law, our online and e-mail advertisers, social media partners or other third party providers we use who may provide cookies or other similar technologies for use on our website to manage and improve our online and e-mail advertising campaigns.
- With recipients in so-called “third countries” within the meaning of the GDPR; where applicable, we will use EU standard contractual clauses or binding internal data protection rules to ensure an “adequate level of protection” in accordance with the legal requirements of the GDPR. We will be happy to provide you with more information on this upon request via the contact information below.
No obligation to provide
The provision of personal data by you is usually on a voluntary basis. In principle, there is neither a legal nor a contractual obligation on your part to provide such personal data. However, in the event that you do not provide personal data, it may not be possible to provide some or all of our services properly.
Data security and retention period
We seek to protect your personal data from unauthorised access, use or disclosure by implementing appropriate physical, technical, organisational and administrative safeguards based on the nature of the personal data and the manner in which we process it. For example, the website uses industry standard Transport Layer Security (TSL) technology to enable encryption of the personal data you provide to us.
We will retain your personal data for as long as is necessary to provide you with our services or as necessary to fulfil the purpose(s) for which it was collected. In some cases, we may retain personal information longer if necessary to comply with our legal obligations, resolve disputes or collect fees owed, or as otherwise permitted or required by applicable laws, rules or regulations. We may also retain information in anonymous or aggregate form if that information no longer personally identifies you or makes you unidentifiable.
Information on legal bases as well as rights of the data subjects and transfers of personal data
Legal bases in accordance with the GDPR
We will only process your personal data if we have a lawful legal basis for doing so under the GDPR. The specific legal bases for the various personal data processing operations we undertake are detailed above. For better understanding, these legal bases for processing, that is, consent, performance of contract / pre-contractual measures, our “legitimate interests” or the “legitimate interests” of others, and compliance with legal obligations, are described in general terms below:
- Contract performance / pre-contractual measures: We process personal data in the form of your name, address(es), order details, e-mail address and telephone number in order to fulfil our contractual obligations to supply products to you or to take action at your request before an order can be completed. Where we need to process data on the basis of contract performance / pre-contractual measures, failure to provide this personal data will result in you being unable to use some or all of the parts of our website for which this data is required.
- Consent: In some cases, we process personal data on the basis of your explicit consent at the time of collection. If we process personal data on the basis of your consent, you will be expressly informed of this at the time of collection.
- Compliance with legal obligations: For example, we retain personal data in the form of order and transaction records in order to comply with our tax record-keeping obligations under the law.
Rights of the data subject
You have certain rights in relation to your personal data, including those set out below. For more information about these rights or to make a request, please contact us as follows:
Send us an e-mail to: email@example.com
In some cases, you may need to provide us with additional information, which may include personal data, to verify your identity and the nature of your request.
- Information: You can request more information about the personal data we hold about you and request a copy of that personal data.
- Correction: If you believe that the personal data we hold about you are incorrect or incomplete, you may ask us to correct or supplement that data.
- Deletion: You can request that we delete some or all of your personal data from our systems.
- Withdrawal of consent: If we process your personal data on the basis of your consent (as indicated at the time of collection of that data), you have the right to withdraw your consent at any time. The lawfulness of the processing of your personal data until withdrawal shall not be affected by the withdrawal. Please note, however, that if you exercise this right, you may be required to give explicit consent to the use or disclosure of certain personal data on a case-by-case basis if such use or disclosure is necessary to enable you to use some or all of our services.
- Portability: You can request a copy of your personal data in a machine-readable format. You may also request that we transfer the data to another data controller where this is technically feasible.
- Restriction of processing: You can request us to restrict further processing of your personal data.
|Objection: You can contact us to let us know that you object to the further use or disclosure of your personal data for certain purposes, for example, for direct marketing purposes.
- Right to complain: You have the right to lodge a complaint with the competent supervisory authority about our practices in relation to your personal data.
Transfer of personal data
We will take all reasonable steps to ensure that your data is subject to appropriate safeguards, for example, by using a recognised legal adequacy mechanism including standard contractual clauses, and that it is processed securely and in accordance with this Privacy Notice. Examples of when we transfer your personal data outside the European Economic Area include:
- In order to store them.
- To enable us to provide you with goods or services and to perform our contract with you. This includes the presentation of our products, the fulfilment of orders and the provision of customer services.
- If we are legally obliged to do so.
- To facilitate the operation of our group of companies where it is in our legitimate interest to do so and we have concluded that your rights are not predominant.
We will not use your personal data to make automated decisions (including profiling) about you that have legal effects on you or similarly significantly negatively affect you.
Changes to this Privacy Notice
As we are constantly trying to improve our services, we may also need to change this Privacy Notice from time to time. The use of information we collect is governed by the Privacy Notice in effect at the time that information is collected.
If you have any questions or comments about this Privacy Notice, the way we process your personal data and your choices and rights in relation to that use, please contact us at firstname.lastname@example.org.
Status: 1st of December 2022