Data Privacy Notice

Categories of personal data processed, purpose of the processing 

When visiting our external and internal websites or using our online services (an “Online Offering”), we may process the following categories of personal data:

• Your contact information, such as full name, work address, work telephone number, work mobile phone number and work email address
• Organizational information, including job position and company name;
• Information submitted as part of a support request, survey or comment or forum post;
• Further personal data that you provide by filling in forms in our Online Offerings; and
• Information on your interaction with the Online Offering, including your device and user identifier, information on your operating system, sites and services accessed during your visit, the date and time of each visitor request.

We process your personal data for the following purposes:  

• To provide the Online Offering’s services and functions which includes updating, securing, and troubleshooting, providing support, as well as improving and developing our Online Offerings;
• To answer and fulfill your requests or instructions;
• To contact you with information and offers concerning our products and services, to send you further marketing information or to contact you in the context of customer satisfaction surveys as explained in Section 5; and
• As reasonably necessary to enforce the Online Offering’s terms, to establish or preserve a legal claim or defense, to prevent fraud or other illegal activities, including attacks on our information technology systems.

Online Offerings provided by your organization

Our Online Offerings may be provided to you for your use by the organization to which you belong, such as our enterprise customers. If your organization provides you with access to an Online Offering, our processing of personal data provided by or collected from you or your organization in connection with the Online Offering’s content is performed under the direction of your organization and is subject to a data processing agreement between your organization and us. In such instance, your organization is responsible for any personal data contained in such content and you should direct any questions about how personal data contained in such content is used to your organization. 

Categories of personal data processed, and purpose of the processing

When visiting our online stores and marketplaces (each a “Marketplace”), we may process the following categories of personal data:

• Your contact information, such as full name, work address, work telephone number, work mobile phone number and work email address;
• Organizational information, including job position and company name;
• Information submitted as part of a support request, survey or comment or forum post;
• Further personal data that you provide by filling in forms in our Marketplace;
• Information that are legally required compliance screenings or export control checks; such as date of birth, nationality, place of residence, ID numbers, identity cards and information about relevant and significant litigation or other legal proceedings; and
• Information on your interaction with the Marketplace, including your device and user identifier, information on your operating system, sites and services accessed during your visit, the date and time of each visitor request.

We process your personal data for the following purposes:

• Communicating with you about our products, services and projects, e.g. by responding to inquiries or requests or providing you with information about purchased products;
• Planning, performing and managing the (contractual) relationship with customers, e.g. by performing transactions and orders of products or services, processing payments, performing accounting, auditing, billing and collection activities, arranging shipments and deliveries, facilitating repairs and providing support services;
• Contacting you with information and offers concerning our products and services, sending you further marketing messages and conducting customer satisfaction surveys as explained in Section 5;
• Maintaining and protecting the security of our products, services and websites, preventing and detecting security threats, fraud or other criminal or malicious activities;
• Ensuring compliance with legal obligations (such as record keeping obligations), export control and customs, customer compliance screening obligations (to prevent white-collar or money laundering crimes), and our policies or industry standards; and
• Solving disputes, enforce our contractual agreements and to establish, exercise or defend legal claims.

Categories of personal data processed, and purpose of the processing

In the context of the business relationship with us, we may process the following categories of personal data of consumers and contact persons at (prospective) customers, suppliers, vendors and partners (each a “Business Partner”):

• Contact information, such as full name, work address, work telephone number, work mobile phone number and work email address; 
• Payment data, such as data necessary for processing payments and fraud prevention, including credit/debit card numbers, security code numbers and other related billing information; 
• Further information necessarily processed in a project or contractual relationship with us or voluntarily provided by the Business Partner, such as personal data relating to orders placed, payments made, requests, and project milestones; 
• Personal data collected from publicly available resources (including business and employment oriented social networks and websites), integrity data bases and credit agencies; and
• Information that are legally required for Business Partner compliance screenings or export control checks, such as date of birth, nationality, place of residence, ID numbers, identity cards and information about relevant and significant litigation or other legal proceedings against Business Partners. 

We may process the personal data for the following purposes: 

• Communicating with Business Partners about our products, services and projects, e.g. by responding to inquiries or requests or providing you with information about purchased products;
• Planning, performing and managing the (contractual) relationship with Business Partners; e.g. by performing transactions and orders of products or services, processing payments, performing accounting, auditing, billing and collection activities, arranging shipments and deliveries, facilitating repairs and providing support services;
• To create a personal profile containing business-related information on interactions between you and us with the aim of being able to offer you and the company you work for relevant information and suitable offers for our services and products and to improve our personal communication with you;
• Administrating and performing market analysis, sweepstakes, contests, or other customer activities or events;
• Contacting you with information and offers concerning our products and services, sending you further marketing messages and conducting customer satisfaction surveys as explained in Section 5; 
• Maintaining and protecting the security of our products, services and websites, preventing and detecting security threats, fraud or other criminal or malicious activities; 
• Ensuring compliance with legal obligations (such as record keeping obligations), export control and customs, Business Partner compliance screening obligations (to prevent white-collar or money laundering crimes), and our policies or industry standards; and
• Solving disputes, enforce our contractual agreements and to establish, exercise or defend legal claims.

Our whistleblowing reporting channel is designed to provide a safe and confidential means for individuals to report concerns regarding unethical or illegal activities within our organization. In line with our commitment to data privacy, we ensure that any personal data collected through this channel is processed in accordance with applicable data protection laws and regulations.

Purpose of Data Processing

The personal data collected through our whistleblowing reporting channel is used solely for the purpose of investigating and addressing reported concerns. This may include, but is not limited to, allegations of misconduct, fraud, harassment, or violations of company policies. We will only process personal data that is necessary for the investigation and resolution of the reported issue.

Types of Personal Data Collected

When you submit a report through our whistleblowing channel, we may collect the following types of personal data:

• Contact Information: Such as your name, email address, or phone number (if provided).
• Details of the Report: Information regarding the nature of the concern, including any relevant facts, dates, and individuals involved.
• Supporting Documentation: Any additional documents or evidence you choose to provide to support your report.

Legal Basis for Processing

The processing of personal data in the context of our whistleblowing reporting channel is based on the following legal grounds:

• Legitimate Interests: We have a legitimate interest in ensuring compliance with legal and regulatory obligations, as well as maintaining a safe and ethical workplace.
• Consent: If you provide personal data voluntarily, we will rely on your consent to process that data for the purposes outlined above.

Confidentiality and Data Security

We take the confidentiality of your report seriously. All personal data submitted through our whistleblowing reporting channel will be treated with the utmost care and will only be accessible to authorized personnel involved in the investigation process. We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, or destruction.

Data Retention

Personal data collected through the whistleblowing reporting channel will be retained only for as long as necessary to fulfill the purposes for which it was collected, including any legal or regulatory requirements. Once the investigation is complete, and the data is no longer needed, it will be securely deleted or anonymized.

Your Rights

As a data subject, you have certain rights regarding your personal data, including the right to access, rectify, or erase your data, as well as the right to restrict or object to its processing. If you wish to exercise any of these rights, please contact us using the contact information provided in our privacy statement.

Where and as permitted under applicable law, we may process your contact information for direct marketing purposes (e.g. trade show invitations, newsletters with further information and offers concerning our products and services) and to carry out customer satisfactions surveys, in each case also by e-mail. You may object to the processing of your contact data for these purposes at any time by writing to contact@innomotics.com or by using the opt-out mechanism provided in the respective communication you received.

When you apply for a job, we process your personal data as set out in the privacy notice of the Innomotics Recruiting Portal (click here) or of the respective other recruiting platform you may use.

We only transfer your personal data as described below:  

• Affiliated Companies and sales partners
  For the purpose of and to the extent necessary to conduct our business relationship with you, we may share your personal data with affiliates and other third parties (e.g., sales partners and agents). We, for example, sell certain products and services only via local business relationships and in this case, we may transfer your personal data to our respective local affiliates or other sales partners conducting the business relationship with you. 
• Transactions on our Marketplaces
  Via our Marketplaces we make available products, services and offerings of affiliates and other third parties. We share customers' personal data related to those transactions with that affiliate and/or third party. 
• Service Providers
  We employ affiliates and other companies to perform functions on our behalf, such as IT-services or payment processing services. These affiliates and other companies process personal data only for the purpose of such services. 
• Other third parties
  We may transfer personal data to other third parties in connection with complying with legal obligations or establishing, exercising or defending rights or claims (e.g., for court and arbitration proceedings, to regulators, law enforcement and government authorities, to attorneys and consultants).  

The recipients of your personal data may be located outside of the country in which you reside. Personal data published by you on Online Offerings (such as chat rooms or forums) may be globally accessible to other registered users of the respective Online Offering. 

Obtaining Consent

We strive to ensure that any processing of your personal data based on consent is done in a transparent and straightforward manner. When we require your consent, we will ask for it explicitly and ensure you are fully informed about.

The Purpose

Why we need your personal data and how we intend to use it.

The Data Collected 

The specific categories of personal data we are collecting.

Your Rights 

Your right to withdraw consent at any time and any potential consequences of doing so.

Methods of Obtaining Consent

• Online Forms: When you sign up for our services or newsletters, you will be presented with a consent form. You must actively check a box to indicate your consent.
• Pop-up Notices: For cookies and tracking technologies, we use pop-up notices that require you to accept or reject the use of cookies.
• Email Requests: If we need additional consent for specific activities (e.g., marketing), we may send you an email explaining the request and asking for your explicit consent.

Managing Consent

We maintain records of all consents provided by data subjects to ensure compliance with legal requirements. This includes:

• Record Keeping: Storing details of when and how consent was obtained, the information provided at the time, and any changes made.
• Regular Reviews: Periodically reviewing consents to ensure they remain valid and updating our records as necessary.

Withdrawing Consent

You have the right to withdraw your consent at any time. Withdrawing consent will not affect the lawfulness of any processing carried out before your withdrawal, nor will it affect processing conducted under other legal bases.

How to Withdraw Consent:

• Online Dashboards: Visit your account settings on our website and update your consent preferences.
• Email: Contact us at innomotics.legal-compliance@innomotics.com with your request to withdraw consent. Please specify the consent you wish to withdraw.
• Unsubscribe Links: For email marketing, use the "unsubscribe" link provided in any marketing email you receive from us.

Consequences of Withdrawing Consent

Depending on the nature of the consent you withdraw, there may be certain consequences, such as:

• Service Restrictions: Some of our services may require your consent for data processing. Withdrawing consent may limit your ability to use those services.
• Marketing Communications: If you withdraw consent for marketing, you will no longer receive marketing communications from us.

Legal Basis and Further Information

The legal basis for processing your personal data based on consent is Article 6(1)(a) of the General Data Protection Regulation (GDPR). For more details on how we process your personal data, please refer to the relevant sections of our Privacy Notice.
If you have any questions or concerns about our consent mechanisms, please contact us at innomotics.legal-compliance@innomotics.com

Unless indicated otherwise at the time of the collection of your personal data (e.g. within a form completed by you), we erase your personal data if the retention of that personal data is no longer necessary for the purposes for which they were collected or otherwise processed, or to comply with legal obligations (such as retention obligations under tax or commercial laws). 

The data protection laws in the jurisdiction in which you reside may entitle you to specific rights in relation to your personal data.  
In particular, and subject to the legal requirements, you may be entitled to 

• Obtain from us confirmation as to whether or not personal data concerning you are being processed, and where that is the case, access to the personal data;  
• Obtain from us the correction of inaccurate personal data concerning you;   
• Obtain from us the erasure of your personal data;  
• Obtain from us restriction of processing regarding your personal data;  
• Data portability concerning personal data, which you actively provided;  
• Object, on grounds relating to your particular situation, to further processing of personal data concerning you; and  
• Withdraw your consent to our processing of your personal data.  

To protect your personal data against accidental or unlawful destruction, loss, use, or alteration and against unauthorized disclosure or access, we use adequate physical, technical and organizational security measures.

Our data privacy officer and our Innomotics Compliance Organization provides support with any data privacy related questions, comments, concerns or complaints or in case you wish to exercise any of your data privacy related rights. You may reach out to innomotics.legal-compliance@innomotics.com to contact our Compliance Organization. You may also directly contact the data privacy officer at dsb@secjur.com.

The data privacy officer and the Innomotics Compliance Organization will always use reasonable efforts to address and settle any requests or complaints you bring to its attention. Besides contacting the Data Privacy Organization, you always have the right to approach the competent data protection authority with your request or complaint. 

This section applies and provides you with further information if your personal data is processed by one of our companies located in the European Economic Area.  

Data Controller 

Online Offerings 

The specific company identified in the Online Offering as being the operator of the Online Offering is the data controller in the meaning of the General Data Protection Regulation for the processing activities described in this Privacy Notice.  

Marketplaces 

The specific company identified on the Market Place as being the operator of the Marketplace is the data controller.

Business Partner personal data in Customer Relationship Systems 

In the course of our business relationship with you, we may share Business Partner contact information with affiliated companies. We and these affiliated companies are jointly responsible for the proper protection of your personal data (Art. 26 General Data Protection Regulation). To allow you to effectively exercise your data subject rights in the context of this joint controllership, we entered into an agreement with these Innomotics companies granting you the right to centrally exercise your data subject rights under section 9 of this Privacy Notice against Innomotics GmbH.

Contact 

You can contact our data protection officer directly at any time with all questions and suggestions regarding data protection and the exercise of your rights. You can reach our data protection officers as follows: 

secjur GmbH 
Steinhöft 9 
20459 Hamburg 
Phone: +49 40 228 599 520 
Email: dsb@secjur.com 

Details of the processing 

The General Data Protection Regulation requires us to provide you with information on the collection of your personal data, as well as the purposes and legal basis of the processing of your personal data.  

Processing of personal data in the context of Online Offerings - Purpose and Legal Basis

To provide the Online Offering’s services and functions which includes updating, securing, and troubleshooting, providing support, as well as improving and developing our Online Offerings, we process your personal data, such as Date and time of access, IP address, host name of the accessing computer, website from which the website was accessed; websites accessed via the website, visited page on our website; amount of data transferred, Information about the browser type and version used, Operating system, Access status (e.g., whether the web page could be accessed without problems or whether you received an error message); Data volume transferred. 

When we use the data for updating, securing, and troubleshooting, providing support, as well as improving and developing our Online Offerings, we do this based on our legitimate Interests (Article 6 (1) (f) General Data Protection Regulation), to ensure the functionality of the website and the security of the information technology systems and to enhance our services. The temporary storage of data is necessary for the course of a website visit in order to display our website to you. This processing is technically necessary to ensure the functionality of the website and the security of the information technology systems. 
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the provision of the website, this is the case when the respective session has ended. The log files are stored for 24 hours directly and exclusively accessible to administrators. After that, they are only indirectly available via the reconstruction of backup tapes and are finally deleted after four weeks.

For the provision of our online offer, we use storage space, computing capacity and software that we rent or otherwise obtain from the server provider Amazon Web Services Emea Sàrl, 38 avenue John F. Kennedy, L-1855 Luxembourg (“AWS”). The personal data may also be transferred to the US. The European Commission has adopted an adequacy decision (Article 45 (3) General Data Protection Regulation) for the EU-U.S. Data Privacy Framework. Based on this decision, data transfers to organizations located in the U.S. that are certified under the EU-U.S. Data Privacy Framework are permitted, accordingly. AWS is certified under the EU-U.S. Data Privacy Framework. For more information please contact innomotics.legal-compliance@innomotics.com.
To answer and fulfill your requests and to provide you with access to specific information or offers, we process your personal data, such as  

• Your contact information, such as full name, work address, work telephone number, work mobile phone number and work email address; 
• Organizational information, including job position and company name; 
• Information submitted as part of a support request, survey or comment or forum post. 

Legal basis is (Article 6 (1) (b) General Data Protection Regulation), because the data is necessary to fulfil the contract or offer with you. Otherwise, for the protection of our legitimate interests (Article 6 (1) (f) General Data Protection Regulation) to respond to customer/contact inquiries. 

We delete your personal data as soon as they are no longer required to achieve the purpose for which they were collected. In the context of contact inquiries, this is generally the case when the circumstances indicate that the specific matter has been conclusively processed. 

We use services from Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P521, Ireland (“Microsoft”) for the sending, receiving as well as storing of emails, e.g., at the provision of our contact form. For these purposes, the addresses of the recipients and senders as well as further information regarding the email dispatch (e.g., the providers involved) as well as the contents of the respective emails are processed. The aforementioned data may also be processed for SPAM detection purposes. Please note that emails are generally not sent encrypted on the Internet. As a rule, emails are encrypted in transit, but (unless a so-called end-to-end encryption method is used) not on the servers from which they are sent and received. We can therefore not assume any responsibility for the transmission path of the emails between the sender and the reception on our server. The legal basis for the provision of these services is our legitimate interest (Article 6 (1) s. 1 lit. f General Data Protection Regulation) to ensure the provision, security and stability of the email service. 

The personal data may also be transferred to the US. The European Commission has adopted an adequacy decision (Article 45 (3) General Data Protection Regulation) for the EU-U.S. Data Privacy Framework. Based on this decision, data transfers to organizations located in the U.S. that are certified under the EU-U.S. Data Privacy Framework are permitted, accordingly. Microsoft is certified under the EU-U.S. Data Privacy Framework. For more information please contact innomotics.legal-compliance@innomotics.com. 

We also process your contact information to send you marketing information or to contact you in the context of customer satisfaction surveys or for more specific information on products that you show an interest for as further explained in Section 5. As part of customer information on our website, the following personal data may be collected, e.g., name, company, email address, job title. The personal data collected as part of customer surveys is used to conduct and evaluate the surveys. Legal basis for this processing will be your consent, if voluntarily provided (Article 6 (1) (a) General Data Protection Regulation). 

We delete your personal data as soon as they are no longer required to achieve the purpose for which they were collected or once you revoke your consent.

We use services from Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P521, Ireland (“Microsoft”) for the sending, receiving as well as storing of emails, e.g., at the provision of newsletter registrations. For these purposes, the addresses of the recipients and senders as well as further information regarding the email dispatch (e.g., the providers involved) as well as the contents of the respective emails are processed. The aforementioned data may also be processed for SPAM detection purposes. Please note that emails are generally not sent encrypted on the Internet. As a rule, emails are encrypted in transit, but (unless a so-called end-to-end encryption method is used) not on the servers from which they are sent and received. We can therefore not assume any responsibility for the transmission path of the emails between the sender and the reception on our server. 

The personal data may also be transferred to the US. The European Commission has adopted an adequacy decision (Article 45 (3) General Data Protection Regulation) for the EU-U.S. Data Privacy Framework. Based on this decision, data transfers to organizations located in the U.S. that are certified under the EU-U.S. Data Privacy Framework are permitted, accordingly. Microsoft is certified under the EU-U.S. Data Privacy Framework. For more information please contact innomotics.legal-compliance@innomotics.com. 

Processing of personal data in the context of our Online Portal - Purpose and Legal Basis
Processing of Personal data related to your business relationship with us
Categories of personal data processed, and purpose of the processing

In the context of the business relationship with us, we may process the following categories of personal data of consumers and contact persons at (prospective) customers, suppliers, vendors and partners (each a “Business Partner”):

• Contact information, such as full name, work address, work telephone number, work mobile phone number and work email address;
• Further information necessarily processed in a project or contractual relationship with us or voluntarily provided by the Business Partner, such as personal data relating to orders placed, requests, and project milestones.  

We may process the personal data for the following purposes:  

• Communicating with Business Partners about our products, services and projects, e.g. by responding to inquiries or requests or providing you with information about purchased products; 
• Planning, performing and managing the (contractual) relationship with Business Partners; e.g. providing support services; 
• To create a personal profile containing business-related information on interactions between you and us with the aim of being able to offer you and the company you work for relevant information and suitable offers for our services and products and to improve our personal communication with you; 
• Administrating and performing market analysis, sweepstakes, contests, or other customer activities or events; 
• Contacting you with information and offers concerning our products and services, sending you further marketing messages as explained in Section 5;  
• Maintaining and protecting the security of our products, services and websites, preventing and detecting security threats, fraud or other criminal or malicious activities; 
• Ensuring compliance with legal obligations (such as record keeping obligations), export control and customs, Business Partner compliance screening obligations (to prevent white-collar or money laundering crimes), and our policies or industry standards; and 
• Solving disputes, enforce our contractual agreements and to establish, exercise or defend legal claims. 

As far as we process your data for our services and accounts, legal basis is contract performance (Article 6 (1) (b) General Data Protection Regulation), because the data is necessary to fulfil the contract or offer with you. 
To provide the Online Offering’s services and functions which includes creating and administering your online account, updating, securing, and troubleshooting as well as improving and developing our Online Offerings, we process your personal data, such as  

• Your contact information, such as full name, work address, work telephone number, work mobile phone number and work email address and 
• Preferred language, time zone, currency and region of order. 

As far as we process your data for our services and accounts, legal basis is contract performance (Article 6 (1) (b) General Data Protection Regulation), because the data is necessary to fulfil the contract or offer with you.

When we use the data for updating, securing, and troubleshooting, providing support, as well as improving and developing our Online Offerings, we do this based on our legitimate Interests (Article 6 (1) (f) General Data Protection Regulation), to ensure the functionality of the website and the security of the information technology systems and to enhance our services. 

To answer and fulfill your support requests or instructions, we process your personal data, such as

• Your contact information, such as full name, work address, work telephone number, work mobile phone number and work email address;
• Information submitted as part of a support request, i.e., contact information, means of contact and personalized order number. 

Legal basis is contract performance (Article 6 (1) (b) General Data Protection Regulation), because the data is necessary to fulfil the contract or offer with you. 

We also process your contact information to send you marketing information in forms of Newsletters. With your permission we process your email address and newsletter settings to sent you regular marketing and information emails. Legal basis for this processing will be your consent, if voluntarily provided (Article 6 (1) (a) General Data Protection Regulation). 

When you sign up as Partner for our Partner Portal you need to register in our Partner Finder Contact Form. We process your submitted personal data to store the information in the Partner Portal data base and to match you with respective customers searching for Partners, e.g., in their region. The personal data that you enter to become part of the Partner Portal includes your name. We need your name to verify the information provided in the form. Your name will not be displayed in the Partner Finder. We further process your work address, which may reveal personal data. Legal basis is contract performance (Article 6 (1) (b) General Data Protection Regulation) to offer you the participation on the Partner Portal at your request.   

We process your data in connection with our online training contact forms and waiting list. If you sign up for our online training, we process your Profile Data, such as your contact information, such as full name, work address, work telephone number, work mobile phone number and work email address. You may register to our waiting list with your email address. Legal basis is contract performance (Article 6 (1) (b) General Data Protection Regulation) to offer you the participation in our trainings at your request and to administer your registration. 

To display interactive maps directly on the website and enable you to use the map function conveniently, we use the map service Google Maps from Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; (Google)).   

By using Google Maps, information about the use of this website, including your IP address and the (start) address entered as part of the route planner function, is collected. When you call up a web page of our website that contains Google Maps, your browser establishes a direct connection with Google's servers. The map content is transmitted by Google directly to your browser, which then integrates it into the website. We have no influence on the scope of the data collected by Google in this way. According to our knowledge, this is at least the following data: 

• Date and time of the visit to the website in question 
• Internet address or URL of the accessed web page 
• IP address, (start) address entered during route planning 

The data transfer takes place regardless of whether Google provides a user account via which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your user account at Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out, in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right. 

The legal basis for the use of the maps is Article 6 (1) s. 1 lit. a General Data Protection Regulation, i.e., the integration only takes place after your consent. 

The personal data is also transferred to the U.S. The European Commission has issued an adequacy decision pursuant to Article 45 (3) General Data Protection Regulation for the EU-U.S. Data Privacy Framework. Based on this decision, data transfers to organizations located in the U.S. that are certified accordingly are permitted. Google is certified under the EU-U.S. Data Privacy Framework. 

International data transfers 

In the event, that we transfer your personal data outside the European Economic Area, we ensure that your data is protected in a manner which is consistent with the General Data Protection Regulation.  Therefore, and if required by applicable law, we take the following measures: 

• We share your personal data with affiliated companies outside the European Economic Area only if they have entered into the Innomotics Intercompany Agreement incl. the Standard Contract Clauses for international transfer for the protection of personal data. 
• We transfer personal data to external recipients outside the European Economic Area only if the recipient has (i) entered into EU Standard Contractual Clauses with us or (ii) implemented Binding Corporate Rules in its organization. You may request further information about the safeguards implemented in relation to specific transfers by contacting  innomotics.legal-compliance@innomotics.com. 

Your competent data protection authority 

In case of data privacy related concerns and requests, we encourage you to contact our Compliance Organization at  innomotics.legal-compliance@innomotics.com.  Besides contacting the Innomotics Compliance Organization, you always have the right to approach the competent data protection authority with your request or complaint. 
A list and contact details of local data protection authorities is available here. 

This section applies and provides you with further information if the processing by one of our companies (i) occurs in Brazilian territory, (ii) concerns the data of individuals located in Brazilian territory, (iii) comprises personal data collected in Brazilian territory or (iv) has as its objective the offer or supply of goods or services to individuals located in Brazilian territory. In these cases the Brazilian General Data Protection Law (Lei Geral de Proteção de Dados - LGPD) applies to the processing of your personal data and the following additions and/or deviations apply to sections 2, 6, 7, 10, of this Data Privacy Notice: 

Retention Periods 

As allowed under article 16 of LGPD we may retain your personal data to comply with legal or regulatory obligations (such as retention obligations under tax or commercial laws), during the legal statute of limitation period, or for the regular exercise of rights in judicial, administrative or arbitration proceedings 

Your rights 

Additionally, to the rights mentioned in this Data Privacy Notice, you are entitled under LGPD to: 
•    In case you understand your data is not being processed in accordance with the applicable data protection law or in an excessive way, request us to anonymize, block or delete unnecessary or excessive personal data or; 
•    Request information regarding the public and/or private entities we shared your personal data with; 
•    Be informed about the possibility of not giving your consent to process your data and the consequences of not giving the consent in case we request your consent to process your data; 
•    Revoke at any time your consent to our processing of your personal data in case we request your consent to process your data 

Legal basis of the processing 

The Brazilian General Data Protection Law requires us to provide you with information on the legal basis of the processing of your personal data. 
The legal basis for our processing is: 
•    Article 7 V LGPD (“Contract Performance”); 
•    Article 7 II LGPD (“Compliance with Legal Obligations”); 
•    Article 10 I and II LGPD (“Legitimate Interest”). 
•    Article 7 I LGPD (“Consent”). 

International transfers  

Following the LGPD requirements defined in the Article 33 of Brazilian General Data Protection Law, in the event that we transfer your personal data outside the Brazilian territory, we ensure that your data is protected in a manner which is consistent with the Brazilian General Data Protection Law, we will follow the applicable law and decisions imposed by the proper authority. 

Your competent data protection contact 

If this section applies, you may contact our data protection officers in Brazil as follows: 
Person in Charge (DPO): Ms. Thais Rosa Campos
Email: innomotics.legal-compliance@innomotics.com 

Each Innomotics company established in Canada maintains your personal data on secure servers that are accessible to authorized employees, representatives or agents who require access for the purposes descried in this privacy notice.

Residents of Québec: Please note that your personal data could be communicated outside of the Province of Québec (i.e., extra-provincially/territorially and outside of Canada). 

If you have any questions about how a Innomotics in Canada processes your personal data, including with respect to its use of service providers outside of Canada, or if you would like to exercise any of your rights in respect of your personal data under the control of a Innomotics in Canada, you may contact the Innomotics Compliance Organization at innomotics.legal-compliance@innomotics.com.  

This section applies and provides you with further information if the processing by one of our companies is located within the borders of People’s Republic of China (“PRC”) or concerns the data of individuals within the borders of PRC. 

Processing of sensitive personal information 

According to the PIPL, sensitive personal information means personal information that, once leaked or illegally used, may easily cause harm to the dignity of natural persons grave harm to personal or property security, including information on biometric characteristics, religious beliefs, specially-designated status, medical health, financial accounts, individual location tracking, etc. as well as the personal information of minors under the age of 14. 
In addition to the payment data mentioned in section 2 of this Data Private Notice, we will, in principle, not process your sensitive personal information. In case your sensitive personal information will be processed, we will notify you about the necessity of processing and effects on the individual’s rights and interests, and obtain your specific consent if applicable. 

Transfer and disclosure of personal data 

Following the requirements defined in the Article 23 of PIPL, additionally to the contents mentioned in section 5, we, in principle, will not transfer or share your personal information to third party controllers, unless (1) obtain your specific consent if applicable, or (2) to fulfill the statutory duties under local laws and regulations.  

International Transfer 

You acknowledge that your data will be transferred and proceed outside of PRC. We will follow the applicable laws and decisions imposed by the competent authority and ensure that your data is protected in a manner which is consistent with the PRC Personal Information Protection Law. If you or the company you work for is a Business Partner, please be aware that Innomotics is a multi-national company, and for the purpose of concluding or fulfilling the contract/agreement with you or the company you work for, you understand and agree that we may transfer your personal information to foreign affiliated companies. 

Legal Basis of the processing 

The PIPL requires us to provide you with information on the legal basis of the processing of your personal data. The legal basis for our processing is: 
•    PIPL Article 13(2) (“Contract Performance”); 
•    PIPL Article 13(3) (“Statutory duties and responsibilities”) 
•    PIPL Article 13(6) (“Process publicly available data”); 
•    PIPL Article 13(1) (“Consent”) 

Usage by Children 

This Online Offering is not directed to children under the age of fourteen (14). We will not knowingly collect personal data from children under the age of fourteen (14) without prior parental consent if required by applicable law. We will only use or disclose personal data about a child to the extent permitted by law, to seek parental consent, pursuant to local law and regulations or to protect a child.