Data protection

1. Data processing

Inyova has the status of a securities service provider authorised and licensed by the German Federal Financial Supervisory Authority (BaFin) and is subject to the associated auditing and quality requirements.

2. Processing of personal data

Inyova processes personal data that it receives from its customers in the context of the business relationship. This is the case when customers come into contact with Inyova (e.g. as an interested individual, an applicant or a customer and particularly when customers are interested in Inyova’s products and complete online agreement sections, sign up for online services or contact Inyova by email, phone or application, as well as when they use the products and services as part of an active business relationship). In all these cases, Inyova collects, stores, uses, transfers or deletes personal data.

To the extent necessary for the provision of the service, Inyova also processes personal data that it has received from other companies, such as IDnow GmbH, or from other third parties (Inyova’s other service providers) in a permissible manner (e.g. for the execution of orders, for the performance of agreements or based on consent given by customers). Beyond this, Inyova processes personal data that it has permissibly obtained from publicly accessible sources (e.g. land registers, commercial registers and registers of associations, Bundesanzeiger, press, media, internet) and that it is entitled to process.

In certain cases, Inyova collects personal data from potential customers and interested individuals.

To the extent necessary, Inyova shall also collect personal data from people who have no direct connection with it and who, for example, belong to one of the following groups of people:

• Family members

• Co-applicants

• Legal representatives (authorised signatories)

• Customers’ beneficiaries

• Customers’ beneficial owners

• Shareholders

• Representatives of legal entities

• Employees of service providers or trading partners

2.2.1 Registration Impact Investing Strategy

General Information

1) If you want to create a free impact investing strategy on our homepage, we ask you to register first with your name and email address. At this point we also ask for your consent to send you information to the email address you have given us. In the next step, you can create your investment strategy according to your personal ideas. If you like the strategy, you can open an account with us. To do this, we ask you for your personal data that is important to us and required by regulation, which we then process and store.

2) Information on the processing of personal data when registering via our homepage.

When you register via our homepage, we collect the following data from you:

• First and last name
• e-mail address
• Gender
• Date of birth
• Place of birth
• Nationality
• Contact details
• Address
• Telephone

If extended data collection is required, we also collect the following data (to provide pre-contractual information):

Bank data

3) For the purpose of identification we use a commissioned service provider (IDNow GmbH). After you have filled out the account opening application, you will receive a personal ID code from us, which we usually send to you by SMS to the mobile phone number you have provided. You will then be able to complete the video identification process at IDNow. You will be asked by IDNow staff to compare your ID (identity card or passport) with the data you provided when you registered. Photos will be taken of your ID during the procedure. In addition, the contract with us is legally signed during this procedure, which is done via a digital button during the identification procedure. IDNow also gains access to your personal data during the identification process.

As with all our commissioned service providers, we have also concluded an order processing contract with IDNow GmbH in accordance with Art. 28 DSGVO. You can find the data protection information of our service provider at https://www.idnow.io/de/datenschutzerklaerung/.

4) After the identification procedure has been successfully completed, IDNow will send us the information, which we will then store securely in your digital customer file in accordance with legal requirements. You will then receive the final signed contract documents from us by e-mail.

5) We delete the data accruing in this context after the storage is no longer necessary, the purpose for processing the data no longer applies or – in the case of statutory retention obligations – we restrict the processing.

6) We only collect the data from you that we need for the above-mentioned purposes. The legal basis, insofar as the processing takes place for the purpose of initiating or executing a contract, is Art. 6 para. 1 lit. b DSGVO. If this is not the case, the processing of your personal data is carried out to protect the legitimate interests of Inyova according to Art. 6 para. 1 p. 1 lit. f, to fulfil legal obligations according to Art. 6 para. 1 p. 1 lit. c or in case of consent according to Art. 6 para. 1 p. 1 lit. a DSGVO.

7) Recipients or categories of recipients of the data

Within Inyova, access to your data is granted to those offices that need it to fulfil our contractual and legal obligations as well as for legitimate interest. Processors appointed by us (Art. 28 DSGVO) may also receive data for these purposes. These processors are companies in the categories of IT services, telecommunications, marketing, accounting.

Companies in the categories of legal and tax advice, debt collection companies and audits may also receive data for these purposes.

We will only pass on your data to third parties for their own use if we have been given permission to do so or if this is provided for by contractual and/or legal regulations. Third parties in the above sense are public bodies/authorities and private companies.

In addition, we may, to the extent legally permissible, transfer your personal data to authorities (e.g. social insurance institutions, tax authorities or law enforcement agencies) and courts in Germany and abroad in order to fulfil legal obligations or in the interests of the company.

Is there a transfer to third countries in the course of processing?

Duration of data storage

The personal data collected by us within the scope of the contract will be stored for the duration of the business relationship and then deleted, unless we are obliged to store it for a longer period – pursuant to Article 6 para. 1 p. 1 lit. c DSGVO due to storage and documentation obligations (e.g. from HGB, StGB or AO) – or if there is a legitimate interest in storing it pursuant to Article 6 para. 1 p. 1 lit. f DSGVO, e.g. during the current statute of limitations, which is usually three years, but can also be up to 30 years in certain cases, – or you have consented to storage beyond this in accordance with Art. 6 para. 1 p. 1 lit. a DSGVO.

As soon as the storage of the data is no longer required for the aforementioned storage purposes or in the event of a revocation of your consent, your data will be deleted immediately.

Your rights as a data subject:

You have the following rights as a data subject of this data processing, which you can exercise against us and/or our service providers:

• Right to information,
• Right to correction or deletion,
• Right to restriction of processing,
• Right to object to processing,
• Right to data portability.

You are welcome to contact us at gdpr@inyova.de to exercise your data protection rights.

You also have the right to complain to a data protection supervisory authority about the processing of your personal data in our company.

3. Purpose of processing and legal basis

Inyova processes the aforementioned personal data in accordance with the provisions set out in the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG):

4. Recipients of personal data belonging to customers

Within Inyova, access to the customer’s data is granted to those offices that need it to fulfil contractual and legal obligations. Service providers and vicarious agents employed by Inyova may also receive data for these purposes if they comply with banking secrecy and Inyova’s written instructions under data protection law.

With regard to the disclosure of data to recipients outside Inyova, it should first be noted that Inyova is obligated to maintain secrecy about all customer-related facts and evaluations that it becomes aware of.

Inyova may only pass on information about customers if doing so is required by law, if the customer has given their consent, and if processors commissioned by Inyova guarantee compliance with banking secrecy and the specifications set out in the General Data Protection Regulation / German Federal Data Protection Act in the same way. Under these conditions, recipients of personal data may be (for example):

• Public bodies and institutions (e.g. Deutsche Bundesbank, the Federal Financial Supervisory Authority, the European Banking Authority, the European Central Bank, tax authorities, the Federal Central Tax Office) if a legal or regulatory obligation exists

• Other credit and financial services providers, comparable institutions and processors to whom Inyova transfers personal data to carry out the business relationship with the customers. These companies are also legally or contractually obligated to treat personal data with the necessary care

• Brokers

• Service providers who support Inyova, for example in the following activities: Supporting / maintaining EDP/IT applications, archiving, document processing, call centre services, compliance services, controlling, data screening for anti-money laundering purposes, data destruction, purchasing / procurement, credit processing service, recovery, customer management, letter shops, marketing, media technology, reporting, research, risk controlling, expense reporting, telephony, video identification, website management, securities services, share register, fund management, auditing services, payment transactions

• Members of certain regulated professions such as lawyers, notaries or auditors

• Other data recipients may be those bodies that the customers have given their consent to data transfer for

Note: Under no circumstances shall personal data be sold to third parties.

5. Data transfer to the USA or other third countries

The European Commission and US President Joe Biden have agreed on a new transatlantic data protection framework (EU-US Data Privacy Framework). This came into force on 10 July 2023. With the EU-US Privacy Shield, the use of tracking/analytics and marketing tools from the USA is permitted again.

In particular, note the further information on the tools and services we use in this data protection information regarding data transmission to the USA.

If other service providers from a third country are used, they are obliged to comply with the data protection level in Europe in addition to written instructions through the agreement of the EU standard contractual clauses. If you require a hard copy of these Terms or information as to their availability, you may contact Inyova in writing.

Many tools and services use so-called “cookies”. Typically, with their use, data transmissions to the USA with US providers such as Google, Facebook, Twitter, YouTube, LinkedIn, Instagram, etc. along. If you do not want this, make sure not to give the corresponding consent that we obtain when you visit the website.

Data transmission to Switzerland: For the provision of services to you, personal data is processed by the parent company of Inyova Impact Investing GmbH, Inyova AG in Switzerland. For Switzerland, there is an adequacy decision (Art. 45 Para. 3 GDPR) of the European Commission. This means that your personal data may be lawfully processed in Switzerland, as they enjoy adequate protection in Switzerland that is comparable to that in the European Union.

6. Data storage period

Inyova processes and stores personal data belonging to customers for as long as doing so is necessary for the fulfilment of contractual and legal obligations. It should be noted that the business relationship is a continuing obligation that is intended to last for several years. If the data is no longer required for the fulfilment of contractual or legal obligations, it is regularly deleted, unless further processing is (temporarily) necessary for the following purposes:

• Fulfilment of retention periods under commercial and tax law. These include obligations arising from the German Commercial Code, the German Tax Code, the German Banking Act, the German Money Laundering Act and the German Securities Trading Act. The retention and documentation periods stipulated therein range from two to ten years.

• Preservation of evidence under the statute of limitations. According to Section 195 et seq. of the German Civil Code (BGB), these limitation periods may be up to 30 years, with the regular limitation period being three years.

An indefinite retention period shall apply to applicants with whom an agreement is not subsequently concluded, but applicants retain the right to object to data storage and erasure at any point in time.

7. Protection of personal data

Inyova shall take reasonable and adequate measures that protect stored and processed information from misuse, loss or unauthorised access. Inyova has taken a number of technical and organizational measures for this purpose.

If you suspect that your personal information has been misused, lost or accessed without authorisation, please notify us as soon as possible.

8. Data protection rights under the General Data Protection Regulation

Every data subject has a right of access under Article 15 of the GDPR, a right to rectification under Article 16 of the GDPR, a right to erasure under Article 17 of the GDPR, a right to restriction of processing under Article 18 of the GDPR, a right to object under Article 21 of the GDPR, and the right to data portability under Article 20 of the GDPR. The restrictions according to Sections 34 and 35 of the German Federal Data Protection Act apply to the right of access and the right to erasure.

The right of access includes information about the purposes of processing, the categories of personal data, the categories of recipients to whom your data has been or is being disclosed, the planned duration of storage, the existence of a right to rectification, erasure, restriction of processing, objection or data portability, the existence of a right to lodge a complaint, the origin of your data if it was not collected by Inyova, and the existence of automated decision-making including profiling, as well as any meaningful information regarding details of the same.

The customer may (at any time) request that incorrect personal data be rectified immediately, or that personal data collected by Inyova be completed.

The customer may request that their personal data that Inyova stores about them be erased insofar as processing is unnecessary for exercising the right to freedom of expression and information, for fulfilling a legal obligation, for reasons of public interest or for establishing, exercising or defending legal claims. Inyova shall delete this data if none of the cases mentioned above apply. Inyova shall usually also include the customer’s name in the list of people who do not wish to be contacted. In this way, Inyova minimises the chance that customers will be contacted in the future if their data is collected separately under other circumstances.

Under certain circumstances, the customer may request that Inyova restrict processing of their personal data. This means that Inyova shall only store the customer’s data in the future and cannot carry out any further processing activities until: (i) one of the conditions listed below has been cleared, (ii) the customer has given their consent, or (iii) further processing is necessary to assert, exercise or defend legal claims, to protect the rights of others, or if doing so is necessary due to legitimate public interest of the EU or a Member State. The customer may request that Inyova restrict processing of their personal data under the following circumstances:

• If the customer disputes the accuracy of the personal data that Inyova processes about them. In this case, Inyova’s processing of the customer’s personal data shall be restricted until the accuracy of the data has been verified.

• If the customer objects to Inyova’s processing of their personal data in accordance with Inyova’s legitimate interests. In this case, the customer may request that the data be restricted while Inyova reviews its reasons for processing the customer’s personal data.

• If Inyova’s processing of the customer’s data is unlawful, but the customer prefers to restrict Inyova’s processing instead of having the data deleted.

• When there is no longer a need for Inyova to process the customer’s personal data, but the customer needs the data to assert, exercise or defend legal claims.

The customer may request receipt of their personal data that they provided to Inyova in a structured, commonly used and machine-readable format or transfer to another controller.

If a decision to conclude or perform an agreement has only been made in an automated process (Art. 22 of the GDPR) and this decision has a legal effect on the customer or the customer is significantly affected in a similar way, the customer may request that Inyova carry out a manual review again after they have explained their position to Inyova and requested the manual review. If such a decision is made, Inyova shall also inform the customer separately of the reason for and the scope and intended effects of such data processing.

The customer also has a right to lodge a complaint (according to Article 77 of the GDPR in conjunction with Section 19 of the German Federal Data Protection Act). The customer may contact the data protection officer in this regard on gdpr@inyova.de.

In addition, the customer can contact the supervisory authority of their usual place of residence or workplace, or Inyova’s company headquarters for this purpose.

The customer may revoke their consent to personal data processing at any time. The revocation is only effective for the future. Processing that took place before the revocation is not affected by the revocation. In this regard, please also refer to the separate notice at the end of this privacy policy.

Inyova shall cease the relevant activities when the customer objects. This shall apply with the exception that Inyova can demonstrate that it has overriding legitimate grounds for processing that override the customer’s interests or that the data is processed to assert, exercise or defend a legal claim.

9. Obligation to provide data

In the context of the joint business relationship, the customer must provide such personal data as is required for establishing and performing a business relationship and fulfilling the associated contractual obligations or that Inyova is legally obligated to collect. Without this data, Inyova shall generally have to refuse to conclude the agreement or execute the order, or shall no longer be able to execute an existing agreement and may have to terminate it. In particular, Inyova is obligated under anti-money laundering regulations to identify the customer before the business relationship is established (e.g. by means of an ID card) and to collect and record the customer’s name, place of birth, date of birth, nationality, residential address and identification data. For Inyova to be able to comply with this statutory obligation, the customer must provideInyova with the necessary information and documents in accordance with Section 11 (6) of the German Money Laundering Act and immediately inform it of any changes arising in the course of the business relationship. If the customer fails to provide Inyova with the necessary information and documents, Inyova may not enter into or continue the business relationship requested by the customer.

10. Automated decision-making

As a matter of principle, Inyova does not use fully automated decision-making processes according to Article 22 of the GDPR to establish and implement the business relationship. If Inyova uses these processes in individual cases, customers shall be informed to this effect separately, insofar as is required by law.

11. Profiling

To some extent, Inyova processes customers’ data automatically with the aim of assessing certain personal aspects (profiling). In so doing, Inyova uses profiling in the following case, for example:

Due to legal requirements, Inyova is obligated to combat money laundering and fraud. Data evaluations (e.g. in payment transactions) are also carried out. These measures also serve to protect customers.

12. Newsletters

If you register for our newsletter, we use the data required for this or separately provided by you in order to inform you regularly by e-mail about innovations, products or special offers that are of interest to you
The legal basis for this is your consent in accordance with Article 6 Paragraph 1 Clause 1 Letter a GDPR. We use the data collected in this way exclusively for sending the newsletter.

Unsubscribing from the newsletter is possible at any time and can be done either by sending a message to the contact option specified in this data protection declaration or via a link provided for this purpose in the newsletter.

After you have unsubscribed, we will delete your e-mail address from the newsletter account, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we will inform you in this declaration.

13. (Online) application

Purpose and legal basis of processing
We process your personal data to establish an employment relationship in compliance with Article 6 (1) sentence 1 lit. b GDPR i. V. m. Art. 88 GDPR. The processing is carried out exclusively for the purpose of assessing your suitability, qualifications and professional performance with regard to the position for which you are applying.

We also process your personal data for specific purposes (e.g. for longer storage) if you have given us your consent to data processing within the meaning of Article 6 (1) sentence 1 lit. V. m. Art. 7 DSGVO have given.

We may be obliged to process your personal data in accordance with Article 6 Paragraph 1 Clause 1 Letter c GDPR. There may be various legal obligations in this regard (e.g. obligations under the German Commercial Code; the Tax Code; to store tax-relevant data; under the Social Code; under the General Equal Treatment Act; or other relevant regulations).

Type of data categories processed
We process personal data that we collect as part of the application process, e.g. B. through letter of application, CV, certificates, correspondence, telephone or oral information from you.

The following categories of data may be affected:

• Personal details (surname, first name, date of birth)
• Address data (address, place of residence)
• Contact details (telephone no., e-mail address)
• Application data (cover letter, certificates, CV)
• Special personal data (health data such as illnesses and disabilities)
• Recipients or categories of recipients of the data

Our human resources department and accounting department have access to your data, as does the specialist department for the position you applied for. Our administrators and processors have the technical ability to access data processed by IT. They are strictly bound by our instructions and may not process the data for their own purposes. In certain cases we have to disclose your personal data to third parties, such as our bank if you receive a reimbursement or the post office if we communicate with you by letter.

Furthermore, third parties may receive data for specific purposes if this is required by law as part of your application (e.g. notification to the Federal Employment Agency).

Duration of data storage
Your personal data will be stored for as long as is necessary to fulfill our contractual and legal obligations in the application process. If your application is successful, your personal data will be stored in your personnel file and used to implement and terminate the employment relationship.

If we are currently unable to offer you employment, we will process your data on the basis of our legitimate interests in accordance with Article 6 (1) sentence 1 lit. f GDPR for up to 6 months after the rejection was sent in order to be able to defend ourselves against any legal claims.

If you consent to the storage of your data beyond the prescribed period, the period can be correspondingly longer (max. two years).

In this case, a “recognition data record” is also saved. We need this data record in order to be able to recognize a renewed application from you. This contains the following data:

• Name first Name
• birth date
• E-mail address
• applicant number

and will be permanently deleted after 24 months.

If the data is no longer required for the fulfillment of contractual or legal obligations, it will be deleted, unless the storage is required due to legal retention periods (e.g. to fulfill commercial and tax retention periods of ten years).

14. Social media

General information
We maintain publicly accessible profiles on social networks. You can find the individual social networks we use below.

Social networks can usually analyse your user behaviour comprehensively when you visit their website or a website with integrated social media content (e.g. Like buttons or advertising banners). Visiting our social media profile triggers numerous data protection-related processing operations.

Personal Data
If you are logged into your social media account and visit our social media profile, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be recorded if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies that are stored on your end device or by recording your IP address.

With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, you can be shown interest-based advertising inside and outside of the respective social media profile. If you have an account with the respective social network, interest-based advertising can be displayed on all devices on which you are logged in or were logged in.

Please also note that we cannot trace all processing procedures on the social media portals. Depending on the provider, additional processing operations may therefore be carried out by the operators of the social media portals. You can find details on this in the terms of use and data protection regulations of the respective social media portals.

Notice of Risks
We would like to point out that the respective providers may process user data outside of the European Union. This can result in risks for users, because e.g. B. the enforcement of user rights could be made more difficult. With regard to US providers who offer guarantees of a secure level of data protection through, for example, EU standard contractual clauses, we would like to point out that they undertake to comply with the data protection standards of the EU.

Purpose of Processing/Legal Basis
Our own processing of personal data on our social media presence is based on our legitimate interests in accordance with Article 6 Paragraph 1 Sentence 1 lit to find the publication and to communicate with the customers, interested parties and users active there. We have no influence on any further processing by the provider.

The legal basis for setting the aforementioned cookies is your consent in accordance with Article 6 Paragraph 1 Clause 1 Letter a GDPR. You can find details on this under “Cookies” or “Social Media Plugins” above.

Shared Accountability
If you visit one of our social media presences (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit.

Please note that despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are largely based on the corporate policy of the respective provider.

Rights Management
In principle, you can exercise your rights both against us as well as the operator of the respective social media portal.

However, we would like to point out that these can be asserted most effectively with the operators. Only the operators have access to the data of the users and can directly take appropriate measures and provide information. If you still need help, feel free to contact Inyova.

Storage duration
The data collected directly by us via the social media profile will be deleted from our systems as soon as the purpose for storing it no longer applies, you request us to delete it, you revoke your consent to storage or the purpose for storing the data no longer applies. Saved cookies remain on your end device until you delete them. Mandatory legal provisions – especially retention periods – remain unaffected.

We have no influence on the storage period of your data, which is stored by the operators of the social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their data protection declaration, see below).

Provider data protection
For a detailed description of the respective forms of processing and the possibility of objection (opt-out), we refer to the data protection declarations and information provided by the providers of the respective social media networks, over which we have no influence and which apply when the respective sites are accessed.

Existing social media profiles

Facebook
https://www.facebook.com/inyova.impact.investing
Service Provider: Facebook Ireland Ltd. also Facebook Inc., 1601 Willow Road, Menlo Park, California 94025, USA; Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/about/privacy

“Insights Data”

Furthermore, when using our fan page, Facebook provides us with statistical data of different categories (so-called “Insights data”), which we can call up accordingly. These Page Insights are aggregated data that help us understand how people interact with our Page. This includes: the total number of page views, likes, page activity, post interactions, video views, post reach, comments, shared content, replies, proportion of males and females, country and city origin, language, views and clicks in the shop, Clicks on route planners and clicks on phone numbers.

Learn more about Insights Data, including: to exercise your rights, you can get it at: https://www.facebook.com/legal/terms/information_about_page_insights_data.

Shared Accountability
According to Art. 26 GDPR, the fan page operator and Facebook are jointly responsible.
A corresponding agreement was made with the fan page operators (available at: https://www.facebook.com/legal/terms/page_controller_addendum).

Facebook assumes primary responsibility according to the GDPR for the processing of Insights data and will fulfill all obligations under the GDPR with regard to the processing of Insights data (including Articles 12 and 13 GDPR, Articles 15 to 22 GDPR and Articles 32 to 34 GDPR ) fulfill.

You can reach Facebook’s data protection officer via the general contact form at https://www.facebook.com/help/contact/540977946302970 or for insights data at https://www.facebook.com/help/contact/308592359910928

Instagram
www.instagram.com/inyova.impact
Service Provider: Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA; Website: https://www.instagram.com; Privacy Policy: http://instagram.com/about/legal/privacy; Opt-out option: https://help.instagram.com/519522125107875

Twitter
www.twitter.com/Inyova_Impact
Service Provider: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; website: www.twitter.com; Data protection declaration: https://twitter.com/de/privacy, (settings) https://twitter.com/personalization

LinkedIn
www.linkedin.com/company/inyova-impact-investing/
Service Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy; Opt-out option: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

YouTube
https://www.youtube.com/channel/UCYDwW6YqeNabDTGXDXYmlRA
Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043 USA; Website: www.youtube.com; Privacy Policy: https://policies.google.com/privacy.

tik tok
www.tiktok.com/@inyova.impact.investing

Service Provider: TikTok Technology Limits (“TikTok Ireland”), 10 Earlsfort Terrace, Dublin, D02 T380, Ireland; Data protection declaration: https://www.tiktok.com/legal/privacy-policy-eea?lang=de

15. Modification clause

This privacy policy is currently valid and was last updated in April 2021. Inyova reserves the right to change this privacy policy from time to time. Please check whether an updated version is available regularly, particularly before using a service. Inyova shall inform customers of fundamental changes on its website and through the usual communication channels.

1. Individual right to object

You have the right, on grounds relating to your particular situation, to object at any time to processing of the personal data concerning you based on Art. 6 (1) (e) of the GDPR (data processing in the public interest) and Art. 6 (1) (f) of the GDPR (data processing based on balancing of interests); this also applies to profiling under the terms of Art. 4 (4) of the GDPR. If you file an objection, we shall no longer process your personal data unless we can demonstrate compelling and legitimate grounds for processing that override your interests, rights and freedoms, or if processing serves to assert, exercise or defend legal claims.

2. Right to object to data processing for advertising purpose

In individual cases, we process your personal data for the purpose of carrying out direct advertising. You have the right at any time to object to processing of the personal data concerning you for the purposes of such advertising; this also applies to profiling if it is in conjunction with such direct advertising. If you object to processing for the purposes of direct advertising, we shall no longer use your personal data for these purposes.

The objection can be made without any formalities and should, if possible, be sent by email to gdpr@inyova.de.