Privacy Policy
This privacy policy provides information about the processing of personal data in connection with our activities and operations, including our website under the domain name inninova.com. In particular, we provide information about what, how, and where we process which personal data. We also provide information about the rights of individuals whose data we process.
We may publish additional privacy statements or other data protection information for individual or additional activities and operations.
1. Contact addresses
Responsible in terms of data protection law is:
​
INNINOVA AG
INNINOVA AG
Büttenenhalde 14
6006 Lucerne
Switzerland
​
​
In individual cases, third parties may be responsible for processing personal data, or there may be joint responsibility with third parties. We will be happy to provide data subjects with information about their respective responsibilities upon request.
2. Terms and legal bases
2.1 Terms
Data subject: Natural person about whom we process personal data.
Personal data : Any information relating to an identified or identifiable natural person.
Personal data requiring particular protection: data concerning trade union, political, religious or ideological views and activities, data concerning health, privacy or ethnic or racial affiliation, genetic data, biometric data that uniquely identify a natural person, data on criminal and administrative sanctions or prosecutions, and data on social assistance measures.
Processing: Any handling of personal data, regardless of the means and procedures used, such as querying, comparing, adapting, archiving, storing, retrieving, disclosing, obtaining, recording, collecting, deleting, disclosing, arranging, organizing, storing, altering, disseminating, linking, destroying and using personal data.
2.2 Legal basis
We process personal data in accordance with Swiss law, in particular the Federal Act on Data Protection (Data Protection Act, DSG) and the Ordinance on Data Protection (Data Protection Ordinance, DSV).
3. Type, scope and purpose of the processing of personal data
We process the personal data necessary to carry out our activities and activities in a sustainable, humane, secure, and reliable manner. The personal data processed may, in particular, fall into the categories of browser and device data, content data, communication data, metadata, usage data, master data including inventory and contact data, location data, transaction data, contract data, and payment data. Furthermore, the personal data may represent particularly sensitive personal data. We also process personal data that we receive from third parties, obtain from publicly accessible sources, or collect in the course of our activities and activities, to the extent that such processing is permissible.
We process personal data, where necessary, with the consent of the data subjects. In many cases, we may process personal data without consent, for example, to comply with legal obligations or to protect overriding interests. We may also request the consent of data subjects when their consent is not required.
We process personal data for the period necessary for the respective purpose. We anonymize or delete personal data, in particular personal data, in particular depending on legal
Retention and limitation periods.
4. Disclosure of personal data
We may disclose personal data to third parties, have it processed by third parties, or process it jointly with third parties. Such third parties may, for example, be specialized providers whose services we utilize.
As part of our activities, we may disclose personal data, in particular, to banks and other financial service providers, public authorities, educational and research institutions, consultants and lawyers, interest groups, IT service providers, cooperation partners, credit and credit agencies, logistics and shipping companies, marketing and advertising agencies, media, parent, sister and subsidiary companies, organizations and associations, social institutions, telecommunications companies, insurance companies and payment service providers.
5. Communication
We process personal data to communicate with individuals, as well as with authorities, organizations, and companies. In particular, we process data that a data subject sends to us when contacting us, for example, by post or email. We may store such data in an address book or using similar tools.
Third parties who transmit data about other individuals to us are obligated to independently ensure the data protection of these data subjects. In particular, they must ensure that such data is correct and permitted to be transmitted.
We use selected services from suitable providers to enable and improve communication with individuals and other communication partners. With such services, we can also manage and otherwise process the data of data subjects beyond direct communication.
In particular, we use:
â–ª Wix CRM: Customer Relationship Management (CRM); Provider: Wix; Wix CRM-specific
Information: «What is CRM?».
6. Data security
We take appropriate technical and organizational measures to ensure data security appropriate to the respective risk. These measures specifically ensure the confidentiality, availability, traceability, and integrity of the personal data processed, but cannot guarantee absolute data security.
Access to our website and our other digital presence is via transport encryption
(SSL / TLS, especially Hypertext Transfer Protocol Secure, abbreviated
HTTPS). Most browsers warn against visiting a website without transport encryption.
Our digital communications – like all digital communications – are subject to mass surveillance without cause or suspicion by security authorities in Switzerland, the rest of Europe, the United States of America (USA), and other countries. We have no direct influence on the corresponding processing of personal data by intelligence agencies, police departments, and other security authorities.
7. Personal data abroad
We generally process personal data in Switzerland. However, we may also disclose or export personal data to other countries, in particular to process it or have it processed there.
We may disclose personal data to any country on Earth and elsewhere in the universe, provided that the laws there ensure adequate data protection in accordance with the decision of the Swiss Federal Council.
We may disclose personal data to countries whose law does not guarantee adequate data protection, provided that suitable data protection is guaranteed for other reasons, in particular on the basis of standard data protection clauses or other appropriate safeguards. Exceptionally, we may export personal data to countries without adequate or suitable data protection if the specific data protection requirements are met, for example, the express consent of the data subjects or a direct connection with the conclusion or performance of a contract. We will be happy to provide data subjects with information about any safeguards or a copy of the safeguards upon request.
8. Rights of data subjects
8.1 Data Protection Rights
We grant data subjects all rights provided under applicable law. In particular, data subjects have the following rights:
• Right of access
Data subjects may request information as to whether we process personal data relating to them and, if so, which personal data is involved. Data subjects also receive the information necessary to exercise their data protection rights and to ensure transparency. This includes the personal data processed as such, as well as information on the purpose of processing, the duration of storage, any disclosure or transfer of data to other countries, and the origin of the personal data.
• Right to rectification and restriction
Data subjects may have inaccurate personal data corrected, incomplete data completed, and the processing of their data restricted.
• Right to express their own point of view and to human review
In the case of decisions based solely on automated processing of personal data that produce legal effects concerning data subjects or significantly affect them, data subjects may express their own point of view and request that the decision be reviewed by a human being.
• Right to erasure and objection
Data subjects may request the deletion of personal data, referred to as the right to be forgotten, and may object to the processing of their data with effect for the future.
• Right to data disclosure and data portability
Data subjects may request the disclosure of their personal data or the transfer of their data to another controller.
We may postpone, restrict or refuse the exercise of data subject rights within the limits permitted by law. We may inform data subjects of any requirements that must be met in order to exercise their data protection rights. For example, we may wholly or partially refuse to provide information by reference to confidentiality obligations, overriding interests or the protection of other persons. We may also wholly or partially refuse the deletion of personal data, in particular by reference to statutory retention obligations.
In exceptional cases, we may charge a fee for the exercise of rights. We will inform data subjects in advance of any such costs.
We are required to identify data subjects who request information or assert other rights using appropriate measures. Data subjects are required to cooperate.
8.2 Legal Remedies
Data subjects have the right to enforce their data protection rights through legal proceedings or to file a report or complaint with a data protection supervisory authority.
The data protection supervisory authority for private controllers and federal authorities in Switzerland is the Federal Data Protection and Information Commissioner.
9. Use of the website
9.1 Cookies
We may use cookies. Cookies—both our own cookies (first-party cookies) and cookies from third-party services we use (third-party cookies)—are data stored in your browser. Such stored data need not be limited to traditional text cookies.
Cookies can be stored temporarily in the browser as "session cookies" or for a specific period of time as so-called permanent cookies. "Session cookies" are automatically deleted when the browser is closed. Permanent cookies have a specific storage period. In particular, cookies make it possible to recognize a browser the next time you visit our website and thus, for example, to measure the reach of our website. Permanent cookies can also be used for online marketing, for example.
Cookies can be fully or partially deactivated, restricted, or deleted at any time using the browser settings. Browser settings often also allow for automated deletion and other cookie management. Without cookies, our website may no longer be fully available. We actively request your express consent to the use of cookies – at least where and to the extent required by applicable law.
For cookies used for performance and reach measurement or for advertising, a general objection ("opt-out") is possible for numerous services via AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).
9.2 Logging
For each access to our website and our other digital presence, we may log at least the following information, provided that it is transmitted to our digital infrastructure during such access: date and time including time zone, IP address, access status (HTTP status code), operating system including user interface and version, browser including language and version, individual subpage of our website accessed including the amount of data transferred, and the last website accessed in the same browser window (referrer).
We log such information, which may also constitute personal data, in log files. This information is necessary to provide our digital presence in a permanent, user-friendly, and reliable manner. Furthermore, this information is required to ensure data security – including through or with the assistance of third parties.
9.3 Web beacons
We may integrate tracking pixels into our digital presence. Tracking pixels are also known as web beacons. Tracking pixels – including those of third parties whose services we use – are typically small, invisible images or JavaScript scripts that are automatically retrieved when you access our digital presence. Tracking pixels can collect at least the same amount of information as log files.
10. Notifications and communications
10.1 Success and reach measurement
Notifications and messages may contain web links or tracking pixels that record whether an individual message has been opened and which web links were clicked. Such web links and tracking pixels can also record the use of notifications and messages on a personal basis. We require this statistical recording of usage for success and reach measurement in order to be able to send notifications and messages effectively and humanely, as well as permanently, securely, and reliably, based on the needs and reading habits of the recipients.
10.2 Consent and objection
You must generally consent to the use of your email address and other contact details, unless such use is permitted for other legal reasons. We may use the "double opt-in" procedure to obtain your consent. In this case, you will receive a notification with instructions for the double confirmation. We may log consents obtained, including the IP address and timestamp, for evidentiary and security purposes.
You can generally opt out of receiving notifications and communications, such as newsletters, at any time. By opting out, you can also opt out of statistical recording of usage for performance and reach measurement purposes. This does not apply to necessary notifications and communications related to our activities.
11. Social Media
We are present on social media platforms and other online platforms to communicate with interested parties and to inform them about our activities. In connection with such platforms, personal data may also be processed outside of Switzerland.
The general terms and conditions (GTC) and terms of use, as well as privacy policies and other provisions of the individual operators of such platforms, also apply. These provisions provide information, in particular, about the rights of data subjects directly vis-à-vis the respective platform, including, for example, the right to information.
12. Third-party services
We use services provided by specialized third parties to ensure the long-term, user-friendly, secure, and reliable performance of our activities and operations. Such services allow us, among other things, to integrate functions and content into our website. When such content is embedded, the services used may, for technically necessary reasons, process users’ IP addresses at least temporarily.
For necessary security-related, statistical, and technical purposes, third parties whose services we use may process data related to our activities and operations in aggregated, anonymized, or pseudonymized form. This includes, for example, performance or usage data required to provide the respective service.
We use in particular:
-
Google services:
Providers: Google LLC (USA) / Google Ireland Limited (Ireland) for users in the European Economic Area (EEA) and Switzerland in part.
General data protection information: “Privacy & Security Principles”, “More information on how Google uses personal data”, Privacy Policy, “Google’s commitment to complying with applicable data protection laws”, “Privacy guide for Google products”, “How we use data from sites or apps that use our services”, Cookie Policy, “Ads Settings” (controls for personalized advertising). -
Microsoft services:
Providers: Microsoft Ireland Operations Limited (Ireland) for users in the European Economic Area (EEA), Switzerland, and the United Kingdom / Microsoft Corporation (USA) for users in the rest of the world.
General data protection information: “Microsoft Privacy”, “Privacy & Personal Data”, Privacy Statement, “Data and privacy settings”.
12.1 Digital Infrastructure
We use services provided by specialized third parties in order to make use of the digital infrastructure required in connection with our activities and operations. This includes, for example, hosting and storage services from selected providers.
We use in particular:
-
Hostpoint:
Hosting services; provider: Hostpoint AG (Switzerland); data protection information: Privacy Policy. -
Wix:
Website builder and other digital infrastructure; providers: Wix.com Ltd. (Israel) and other Wix entities (including in the USA); data protection information: Privacy Policy, “Privacy and Security Overview”, “Wix Help Center – Privacy”, Cookie Policy.
12.2 Audio and Video Conferences
We use specialized services for audio and video conferencing to enable online communication. These services allow us, for example, to hold virtual meetings or to conduct online classes and webinars. Participation in audio and video conferences is additionally subject to the legal terms of the respective services, such as privacy policies and terms of use.
Depending on individual circumstances, we recommend muting the microphone by default and using background blurring or a virtual background when participating in audio or video conferences.
We use in particular:
-
Google Meet:
Video conferencing; provider: Google; Google Meet–specific information: “Google Meet – Security and Privacy for Users”.
12.3 Social Media Functions and Social Media Content
We use services and plugins provided by third parties to embed functions and content from social media platforms, as well as to enable the sharing of content on social media platforms and through other channels.
We use in particular:
-
Facebook (social plugins):
Embedding Facebook functions and Facebook content, such as “Like” or “Share”; providers: Meta Platforms Ireland Limited (Ireland) and other Meta entities (including in the USA); data protection information: Privacy Policy. -
Instagram platform:
Embedding Instagram content; providers: Meta Platforms Ireland Limited (Ireland) and other Meta entities (including in the USA); data protection information: Privacy Policy (Instagram), Privacy Policy (Facebook). -
LinkedIn Consumer Solutions Platform:
Embedding LinkedIn functions and content, for example via plugins such as the “Share Plugin”; provider: Microsoft; LinkedIn-specific information: “Privacy”, Privacy Policy, Cookie Policy, Cookie settings / opt-out of email and SMS communications from LinkedIn, opt-out of interest-based advertising. -
TikTok for Developers:
Embedding TikTok functions and content, such as “Share to TikTok”;
providers: TikTok Information Technologies UK Limited (United Kingdom) and TikTok Technology Limited (Ireland) for users in the European Economic Area (EEA), Switzerland, and the United Kingdom / TikTok Inc. (USA) for users in the United States / TikTok Pte. Ltd. (Singapore) for most users in the rest of the world;
data protection information: Privacy Policy, “Children’s Privacy Policy”, “TikTok Partner Privacy Policy”, Cookie Policy.
12.4 E-Commerce
We operate e-commerce services and use services provided by third parties in order to successfully offer services, content, or goods.
We use in particular:
-
Wix eCommerce:
E-commerce platform; provider: Wix; Wix eCommerce–specific information: “About Wix Stores”, “Selling with Wix”.
12.5 Payments
We use specialized service providers to process payments securely and reliably. The legal texts of the individual service providers, such as their General Terms and Conditions or privacy policies, apply in addition to this Privacy Policy. In particular, we use:
• Apple Pay
Payment processing. Providers: Apple Inc. (USA) and Apple Distribution International Limited (Ireland). Data protection information: Privacy Policy, “Privacy Practices”, “Apple Pay & Privacy”.
• TWINT
Payment processing in Switzerland. Provider: TWINT AG (Switzerland). Data protection information: Privacy Policy, “Security According to Swiss Standards”.
• Wix Payments
Processing of online payments. Provider: Wix. Wix Payments specific information: “About Wix Payments”.
12.6 Advertising
We use the option of displaying targeted advertising for our activities and services through third parties such as social media platforms and search engines. With such advertising, we aim in particular to reach people who are already interested in our activities and services or who may be interested in them. This includes remarketing and targeting. For this purpose, we may transmit relevant information, including personal data where applicable, to third parties that enable such advertising.
We may also determine whether our advertising is successful, in particular whether it leads to visits to our website. This is referred to as conversion tracking. Third parties with whom we advertise and with whom you are registered as a user may be able to associate your use of our website with your profile on their platform.
In particular, we use:
• Google Ads
Search engine advertising. Provider: Google. Advertising is based in part on search queries. Various domain names are used for Google Ads, in particular doubleclick.net, googleadservices.com and googlesyndication.com. Data protection information: Advertising Privacy Policy and “Manage ads shown to you”.
• LinkedIn Ads
Social media advertising. Providers: LinkedIn Corporation (USA) and LinkedIn Ireland Unlimited Company (Ireland). Data protection information includes remarketing and targeting using the LinkedIn Insight Tag, “Privacy”, the Privacy Policy, the Cookie Policy and options to opt out of personalized advertising.
• Meta Ads
Social media advertising on Facebook and Instagram. Providers: Meta Platforms Ireland Limited (Ireland) and other Meta companies, including companies based in the USA. Data protection information includes targeting and retargeting, in particular using the Meta Pixel and Custom Audiences, including Lookalike Audiences. Further information is available in the Privacy Policy and under “Ad Preferences”. User login may be required.
• TikTok Ads
Social media advertising. Providers for users in the European Economic Area, Switzerland and the United Kingdom are TikTok Information Technologies UK Limited (United Kingdom) and TikTok Technology Limited (Ireland). For users in the USA, the provider is TikTok Inc. (USA). For most users in the rest of the world, the provider is TikTok Pte. Ltd. (Singapore). Data protection information includes remarketing and targeting using the TikTok Pixel, the Privacy Policy, the Children’s Privacy Policy, the TikTok Partner Privacy Policy and the Cookie Policy.
13. Performance and Reach Measurement​
We seek to measure the success and reach of our activities and services. In this context, we may also measure the effectiveness of references by third parties or test how different parts or versions of our digital presence are used. This may include A/B testing. Based on the results, we may correct errors, strengthen popular content or make improvements.
For performance and reach measurement, the IP addresses of individual users are usually collected. In such cases, IP addresses are generally shortened using IP masking in order to comply with the principle of data minimization. Cookies may be used and user profiles may be created.
Any user profiles created may include visited pages or viewed content on our digital presence, information about screen size or browser window size and the user’s approximate location. User profiles are created exclusively in pseudonymized form and are not used to identify individual users.
Certain third party services with which users are registered may associate the use of our online services with the corresponding user account or user profile.
In particular, we use:
• Google Marketing Platform
Performance and reach measurement, in particular using Google Analytics. Provider: Google. Measurement may take place across different browsers and devices using cross device tracking with pseudonymized IP addresses. Full IP addresses are transmitted to Google in the USA only in exceptional cases. Further information is available in the Google Analytics Privacy Policy and the “Browser Add on to Disable Google Analytics”.
• Google Tag Manager
Integration and management of services from Google and third parties, in particular for performance and reach measurement. Provider: Google. Further data protection information can be found in the Google Tag Manager Privacy Policy and in the privacy policies of the individual integrated services.
​
14. Final Notes on This Privacy Policy
This Privacy Policy was created using the privacy policy generator of Datenschutzpartner. We may update this Privacy Policy at any time. We will inform you of updates in an appropriate manner, in particular by publishing the current version of this Privacy Policy on our website.