Detailed Privacy Notice
The protection of your personal data is a top priority for INVERTO. It is important to us to inform you about what personal data we collect during your visit to our websites, how it is used and what configuration options you have. This data protection notice provides you with answers to the most important questions. (Last Update: May 2023)
The data controller when accessing this website within the meaning of the General Data Protection Regulation (GDPR) and other provisions of data protection law is:
Phone: +49 221 485 687 0
INVERTO has appointed an external Data Protection Officer. They can be contacted at firstname.lastname@example.org.
What data is collected and how is it used?
When you visit our websites, our web servers temporarily record the domain name or IP address of your computer, the client’s file request (file name and URL), the http response code, and the source of your page request, also called referral URL (the website the visitor came from, such as Google).
Detailed information on all cookies used by us and your right to object can be found HERE.
Additional personal data, such as your name, address, telephone number or e-mail address, is not collected unless you provide this information voluntarily when getting in touch with INVERTO.
Where is my data processed?
Your data will generally be processed in Germany. Only in individual cases and within the legally permissible scope does data processing also take place abroad.
Under certain circumstances, your data may be accessed by our employees during business trips from third countries outside the European Economic Area (EEA), e.g. if you make an enquiry and an employee processes it from abroad. This access takes place via VPN connection, encrypted between the notebook of the employee and the server in Germany. Likewise, data processing of your data on the local notebook of our employees abroad is possible.
How secure is my data?
To protect your data from unauthorized access and misuse, we have taken extensive technical and organizational measures to ensure security in accordance with German and European data protection law.
Will my data be shared with third parties?
Yes, some data must be shared under strict contractual and legal requirements.
Due to legal obligation: In certain cases, we are legally obliged to transfer data to a requesting government agency.
To external service providers for data processing: If service providers handle personal data of our clients, we generally do so within the framework of a so-called data processing agreement. This is expressly provided for by law (Art. 28 GDPR). INVERTO remains responsible for the protection of your data even in this case. The service provider is contractually obligated to process all personal data exclusively in accordance with our instructions, which we ensure through strict contractual regulations, through technical and organizational measures and through supplementary controls.
Where processing of personal data takes place outside the EEA, an adequate level of data protection is ensured by the conclusion of the EU standard contractual clauses or other appropriate guarantees pursuant to Art. 44 et. sq. GDPR.
Online Meetings, Telephone and Video Conferences, and Webinars
We use platforms and applications of other providers for the purpose of conducting video and audio conferences, webinars and other types of video and audio meetings (hereinafter referred to as “Online Meetings”). When selecting these providers and their services, we comply with the legal requirements on data protection.
We currently use the providers Zoom (a service of Zoom Video Communications, Inc., 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA) and Microsoft Teams (a service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA) (hereinafter collectively referred to as “Providers”). The Providers act on our behalf (data processing pursuant to Art. 28 GDPR), based on a data processing agreement including the EU standard contractual clauses.
Note: If you access the Zoom or Microsoft Teams websites, the Providers are responsible for data processing. However, calling up the website is only necessary for using Zoom or Microsoft Teams in order to download the software for use or to use the browser version.
Recording of Online Meetings
In individual cases, we may record Online Meetings in order to make the recording available to the participants afterwards or to publish it via our online presence. If a recording is made, all participants will be expressly informed of this fact before the start of the Online Meeting so that they can individually decide whether they wish to be visually or acoustically recognisable on the recording. In addition, the microphones and cameras of all participants will generally be muted at the beginning of the Online Meeting. The fact of recording is indicated to them in the Online Meeting window by a red symbol as soon as and as long as the recording is running. There is no recording by default.
The recording is based on our legitimate interest pursuant to Art. 6 para. 1 p. 1 lit. f) GDPR to make it permanently available to the participants for follow-up purposes or to publish it via our online presences (e.g. website, social media channels, intranet) for marketing purposes. In all other cases, recordings are only made if and to the extent that this is necessary for documentation and follow-up purposes or to optimize our Online Meetings. Online Meetings are recorded exclusively in anonymous form, without the data of the participants being visible.
Data categories processed
To participate in an Online Meeting or to enter the meeting room, you must at least provide information about your name and – in the case of telephone use – your telephone number. You can deactivate the transmission via microphone and camera at any time using the corresponding settings.
The following personal data may be subject to processing:
- User details: first name, last name, display name, e-mail address, telephone, password (if single sign-on is not used), preferred language. Optional: profile picture, department.
- Meeting metadata: Meeting topic and description, meeting ID, date, time and location details, IP addresses, device/hardware information, phone numbers, time of last participant activity, number of chat and channel messages, duration of time for audio, video and screen sharing.
- When dialing in by phone: incoming and outgoing phone number information, country name, start and end time.
- Text, audio, and video data: You may have the option of using the chat, question or poll functions in an Online Meeting. To this extent, the text entries you make are processed in order to display them in the Online Meeting and, if necessary, to log them. To enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device will be processed accordingly for the duration of the Online Meeting, unless you have deactivated these functions.
- For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the Online Meeting chat.
Further privacy related information of the Providers:
Microsoft Teams: https://privacy.microsoft.com/de-de/privacystatement.
Beyond that, we do not share any data with third parties unless you have explicitly consented, or this is required by law.
Is my usage behavior being evaluated, e.g. for advertising?
Within the scope of legal regulations, we create usage profiles under a pseudonym. We can use these for the optimization of our content. It is not possible to draw any direct conclusions about you. A linking of the profile data with further information about your person only takes place with your consent. In the following, we inform you about the procedures used on our websites and how you can object at any time.
Provided you have given your prior consent to its use, this website uses Google Analytics, including the functions of Universal Analytics and Google Analytics 4 (together “Google Analytics”), a web analytics service provided by Google LLC (“Google”). Google Analytics performs an anonymized analysis of your use of the website. The information generated about your use of this website is generally transferred to a Google server in the USA and stored there. However, your IP address will be anonymized by default before transmission within the member states of the European Union or in other contracting states of the European Economic Area. Google will use this information on behalf of INVERTO for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.
By means of the standard anonymization of your IP address, a personal reference can be excluded. In addition, we use Google Analytics exclusively with extended privacy settings. Therefore, if the data collected about you is personally identifiable, this is immediately excluded, and the personal data is immediately deleted.
We use Google Analytics to analyze and regularly improve the use of our website. The statistics obtained enable us to improve our offer and make it more interesting for you as a user.
You can also prevent the collection of data generated by Google Analytics and related to your use of the website to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link (http://tools.google.com/dlpage/gaoptout?hl=de).
Data Control for the Social Media Plugins used
Our website contains buttons from social media networks, which you can use to access our company profiles on the social networks in order to follow us there and network with our contact persons.
To ensure that you have full data control, the buttons used only establish direct contact between the respective social network and the visitor when you actively click on the button (one-click solution).
By activating the social media plugin, the following data may be transmitted to the social media providers: IP address, browser information, operating system, screen resolution, installed browser plugins such as Adobe Flash Player, source of the visitor if you followed a link (referrer) URL of the current website.
The next time you visit the website, the social media plugins are provided again in the pre-set inactive mode, so that when you visit the website again, it is ensured that no data is transmitted.
What is the legal basis for the processing of your personal data?
If our company is subject to a legal obligation by which the processing of personal data becomes necessary, the processing is based on Art. 6 para. 1 p. 1 lit. c) GDPR. If we process your data for the implementation of pre-contractual measures that are carried out at your request or, if you are already our client, for the performance of the contract, Art. 6 para. 1 p. 1 lit. b) GDPR is the legal basis for this data processing. We only process further personal data if you consent to this (Art. 6 para. 1 p. 1 lit. a) GDPR) or we have a legitimate interest in processing your data (Art. 6 para. 1 p. 1 lit. f) GDPR).
What are your rights as a data subject?
Your following rights are stipulated in the European General Data Protection Regulation. We respect these rights and assure you that we will process your request as quickly as possible. You are entitled to the following rights:
- 15 Right of access by the data subject
- 16 Right to rectification
- 17 Right to erasure (“Right to be forgotten”)
- 18 Right to restriction of processing
- 19 Right of communication
- 20 Right to data portability
- 21 Right to object
For more information about your data protection rights, please contact our Data Protection Officer (email@example.com).
Can I access information about my stored data?
You can request information free of charge about the scope, origin and recipients of the stored data and the purpose of storage.
Can I have data corrected?
You can request that incorrect data be corrected at any time.
Can I have my data deleted?
You can demand that your data be deleted at any time.
This right is only restricted if the:
- Data is subject to a statutory retention period, e.g. by the German Tax Ordinance (Abgabenverordnung)
- Data is indispensable for the fulfilment of the purpose of the contract
- Data is processed to exercise the right to freedom of speech and information
- Data is processed for the fulfilment of a legal obligation to which the controller is subject
- Data is processed for the performance of a task carried out in the public interest or in the exercise of official authority
- Data is processed for archival purposes in the public interest, scientific or historical research purposes, or statistical purposes, or
- Data is processed for the assertion, exercise or defence of legal claims.
Can I get my data transferred by machine?
You have the right to receive personal data that you have provided to us pursuant to Art. 20 para. 1 GDPR in a structured, common and machine-readable format.
We will transfer the requested data without hindrance, provided that
- the processing is based on consent pursuant to Article 6 para. 1 p. 1 lit. a) GDPR or Article 9 para. 2 lit. a) GDPR or on a contract pursuant to Article 6 para 1 p. 1 lit. b) GDPR and
- the processing was carried out with the help of automated procedures.
If applicable, this right may be exercised in a restricted manner:
- if the data transfer is not possible or only possible with disproportionate effort due to the special nature of the storage and is not possible for technical reasons.
Do I have the right to object?
Yes. Any person affected by the processing of personal data has the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her which is carried out on the basis of Article 6 para. 1 p. 1 lit. e) or f) GDPR. We shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the assertion, exercise or defense of legal claims.
In order to exercise the right to object, the data subject may directly contact the Data Protection Officer (firstname.lastname@example.org).
Can I revoke a consent given by me for the processing of my personal data?
Yes, you can revoke your consent at any time. To do so, you can click on the unsubscribe link at the end of each of our newsletters or send us an email at email@example.com.
How can I get more information about data protection at INVERTO?
If you have any questions about data protection, you can contact our Data Protection Officer at firstname.lastname@example.org.
Competent supervisory authority
The competent supervisory authority is:
Landesbeauftragte für Datenschutz und Informationsfreiheit
Postfach 20 04 44