Data Privacy Policy

1. Data Protection at a Glance

General Information

The following notes provide a simple overview of what happens to your personal data when you visit this website. Personal data means any data with which you can be personally identified. For detailed information on data protection, please refer to the full privacy policy below.

Data Collection on this Website

Who is responsible for data collection on this site?
The data processing on this website is carried out by the website operator. You can find the contact details in the section “Controller Information” of this privacy policy.

How do we collect your data?

  • You provide some data directly (e.g., when filling out a contact form).

  • Other data is collected automatically or after your consent (e.g., browser type, operating system, time of visit).

For what purposes do we use your data?

  • To ensure the website functions properly.

  • To analyze user behavior.

What rights do you have concerning your data?
You may request information at any time about the origin, recipient, and purpose of your stored personal data. You also have the right to request correction or deletion of your data, withdraw your consent, restrict processing, or file a complaint with the relevant supervisory authority.

Analytics and third-party tools
Your browsing behavior may be statistically evaluated, mainly with analytics programs. Detailed info is provided below.

2. Hosting

External Hosting
The website’s content is hosted externally. The personal data collected (e.g., IP addresses, contact requests, meta and communication data, website access) is stored on the hoster’s servers. This is done to fulfill contracts with customers (Art. 6(1)(b) GDPR) and to ensure secure, efficient site delivery (Art. 6(1)(f) GDPR). If consent is requested for cookies or device access (e.g., device fingerprinting), processing is based on Art. 6(1)(a) GDPR and § 25 TTDSG, and can be revoked at any time.

Data Processing Agreement
A data processing agreement ensures that the host processes your data strictly per our instructions and GDPR compliance.

3. General Information and Mandatory Data

Data protection commitment

We treat your personal data confidentially and in accordance with legal requirements and this privacy policy. Data transmission online (e.g. via email) may have security gaps. A complete protection against third-party access is not possible.

Controller contact information:
INVAC International GmbH
Mielestraße 1, 14542 Werder (Havel)
Represented by Dr. Alexander Repp
Phone: +49 3327 465 95‑0, Email: info@invac.eu

Data retention

Unless otherwise specified, data is stored until its purpose ceases. Data will be deleted or blocked upon your request unless legal obligations require longer retention.

Legal basis

  • Consent: Art. 6(1)(a), Art. 9(2)(a) GDPR

  • Contract: Art. 6(1)(b) GDPR

  • Legal obligation: Art. 6(1)(c) GDPR

  • Legitimate interest: Art. 6(1)(f) GDPR

  • TTDSG (cookies, device data): § 25 TTDSG

Cross-border data transfers

Some tools operate in non-EU countries (like the US), which may store your personal data there. These countries do not guarantee an equivalent level of data protection. US authorities may access data stored on US servers.

Withdrawal of consent & objection rights

You can withdraw consent at any time. If the processing is based on Art. 6(1)(e), (f), you may object at any time for reasons related to your situation. For direct marketing, you have an absolute right to object.

Other rights

  • Complaint to supervisory authority

  • Right to data portability

  • Right to correction or deletion

  • Right to restrict processing

SSL/TLS encryption

The site uses SSL/TLS encryption to protect transmitted data. You can recognize this by “https://” and the padlock icon.

4. Data Collection Components

Cookies

We use session and persistent cookies, both first‑party and third‑party. Necessary cookies ensure basic functionality. Others are used for performance, analytics, advertising, etc. Consent-based cookies are processed per Art. 6(1)(a) GDPR and § 25 TTDSG. You can configure or block cookies in your browser.

Server Log Files

Automatically logged data: browser type/version, OS, referrer URL, host name, request time, IP address. Logged per Art. 6(1)(f) GDPR. No merging with other data sources.

Contact forms

Data submitted via forms is stored to handle your inquiry. Processing under Art. 6(1)(b) or (f), or Art. 6(1)(a) if consented. Data is retained until deleted, consent withdrawn, or purpose lapsed.

Email, telephone, fax inquiries

Information from these inquiries (name, request) is stored similarly to contact forms—under Art. 6(1)(b) or (f) or with consent.

Applicant data

Personal data is collected to process applications under Art. 6(1)(b) GDPR and § 26 BDSG. Unsuccessful applications are deleted within six months, unless legal requirements stipulate otherwise.

Postal advertising

We reserve the right to use your name and address for postal advertising unless you object. Processing based on our legitimate interest (Art. 6(1)(f)). You may object at any time.

5. Newsletter

Newsletter data
To receive our newsletter, we require your email and confirmation of consent. No other data is collected. Processed under Art. 6(1)(a) GDPR. You can unsubscribe anytime via the link in the newsletter. Data is stored until unsubscribed or purpose expired. Upon removal, your email may be blacklisted indefinitely to prevent future mailings.

6. Plugins and Tools

Google Fonts (local hosting)

Fonts are hosted locally; no connection to Google servers is made.

Google Maps

Uses IP address and may transmit it to US servers. Processing under Art. 6(1)(f) or consent (Art. 6(1)(a), § 25 TTDSG).

Google Tag Manager

Does not collect personal data itself but triggers other tags. If disabled at cookie/domain level, it remains deactivated.

Google Analytics (anonymized IP)

Uses anonymized IP tracking. Data may be transferred to US servers but anonymized. Reports on usage, no personal identification. Consent required for cookies.

Google DoubleClick

Uses pseudonymous cookies for ads. Data may be transferred to US servers. No merging with personal data.

Google Ads Conversion Tracking

Sets a conversion cookie when clicking ads, without personal identification. Data used for conversion statistics. Transferred to the US; consent required.

Google Web Fonts

Loaded into browser cache from Google domains. No cookies are stored. No merging with authenticated Google services.

Google reCaptcha

Detects bots/humans. IP and other data sent to Google. Processed under Art. 6(1)(a) or (f), consent revocable. IP anonymized within EU.

Google Ads Remarketing

Allows interest-based ads via Google Ads network. Uses cookies; can be disabled via ad settings.

Google AdSense

Shows context-based ads. Uses cookies and pseudonymous IDs. Data may be transferred to US under EU standard contractual clauses.

7. Changes to the Privacy Policy

We reserve the right to modify this privacy policy at any time. The current version is always available on our website. Please visit regularly.

8. Final Provisions

Invalid provisions do not affect the validity of the remaining policy. German law applies.

Effective Date: April 24, 2023

© INVAC INTERNATIONAL