Data protection declaration
I. Name and Address of the Controller
The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states, as well as other data protection regulations, is:
Immodio UG (limited liability)
Birkenweg 6
91244 Reichenschwand
HRB 43524
District Court of Nuremberg
Data Protection Officer: Dominik Hettlich
Managing Director: Leon Blank
Email: service@immodio.app
II. General Information on Data Processing
Scope of Processing Personal Data
We process personal data of our users primarily only as far as necessary to provide a functional website as well as our contents and services.
The processing of personal data of our users occurs regularly only after obtaining the user's consent. An exception applies in cases where obtaining consent beforehand is not possible for actual reasons and the processing of the data is permitted by legal provisions.
Legal Basis for Processing Personal Data
As far as we obtain the consent of the data subject for processing operations involving personal data, Article 6 para. 1 lit. a of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
For the processing of personal data required for the fulfillment of a contract of which the data subject is a party, Article 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations required for the execution of pre-contractual measures.
As far as the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Article 6 para. 1 lit. c GDPR serves as the legal basis.
In cases where vital interests of the data subject or another natural person require the processing of personal data, Article 6 para. 1 lit. d GDPR serves as the legal basis.
If the processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party and the interests, fundamental rights and freedoms of the data subject do not override the first-mentioned interest, Article 6 para. 1 lit. f GDPR serves as the legal basis for the processing.
Data Deletion and Storage Duration
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Further storage may occur if this is provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned norms expires, unless there is a necessity for further storage of the data for the conclusion of a contract or fulfillment of a contract.
III. What Rights Do You Have Regarding Your Data?
Description and Scope of Data Processing
With each call of our website, our system automatically collects data and information from the computer system of the calling computer.
The following data is collected during this:
Information about the browser type and version used
Resolution of the screen/display of the end device screen
Type of end device (based on individual device identification markers)
Geographical location (country and region)
User interactions with the user interface
Information on navigation within our websites
Duration of stay on our websites or individual subpages
Scroll positions
Preferred language when displaying the website
The operating system of the user
The user's Internet service provider
The user's IP address
Date and time of access
Websites from which the user's system accessed our website
Websites that are accessed by the user's system via our website
The data is also stored in the log files of our system.
Legal Basis for Data Processing
The legal basis for the temporary storage of data and log files is Article 6 para. 1 lit. f GDPR.
Purpose of Data Processing
The temporary storage of the IP address by the system is necessary to allow the delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session. Furthermore, for automated requests (bot requests), the IP addresses used are marked accordingly.
The storage in log files is carried out to ensure the functionality of the website and to prevent cyber-attacks. Additionally, the data is used for technical optimization of the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
These purposes also constitute our legitimate interest in data processing according to Article 6 para. 1 lit. f GDPR.
Duration of Storage
The data will be deleted as soon as they are no longer necessary for the purpose of their collection. In the case of data stored in log files, this will occur after a maximum of seven days. Longer storage is possible. In this case, the IP addresses of the users will be deleted or anonymized, so that an association with the calling client is no longer possible. In the case of data collection for website provision, this is the case when the respective session is finished. The IP addresses used for automated requests will be stored for 30 days for the purpose of attack prevention.
Right to Object and Possibility of Removal
The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.
IV. Duration of Storage
Description and Scope of Data Processing
Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When a user accesses a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that allows for the unique identification of the browser when the website is called up again.
We use cookies to make our websites functional. Some elements of our internet pages require that the calling browser can be identified even after a page change.
The following data is stored and transmitted in the cookies:
Login information
Session and authentication information (session cookies)
Information about search queries
Information to confirm user identity
Furthermore, we also use cookies on our website that enable analysis of user behavior.
Detailed information can be found below in the section "VII. Data Transfers to Third Parties".
Legal Basis for Data Processing
The legal basis for the processing of personal data using cookies for analysis purposes is, in the presence of a user's consent in this regard, Article 6 para. 1 lit. a GDPR.
The legal basis for processing personal data using technically necessary cookies is otherwise Article 6 para. 1 lit. f GDPR.
Purpose of Data Processing
The use of analysis cookies is intended to improve the quality of our website, web app, and app and their contents. Through the analysis cookies, we learn how the website, web app, and app are used and can continuously optimize our offerings accordingly.
These purposes also represent our legitimate interest in the subsequent processing of personal data according to Article 6 para. 1 lit. f GDPR.
Duration of Storage, Right to Object and Removal
Cookies are stored on the user's computer and transmitted to our site by this. Therefore, as a user, you also have full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the storage of cookies. Already stored cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may no longer be possible to use all the functionalities of the website, web app, and app fully.
V. Registration and Profile Management
Description and Scope of Data Processing
On our platform, we offer users the possibility to register by providing personal data. The data is entered into an input mask and transmitted and stored with us. There is no transfer of the data to third parties. The following data is collected during the registration process:
At the time of registration, the following data is also stored:
The user's IP address
The user's email address
Uniquely assigned user ID
Encrypted password information (we do not have access to the password)
Information on whether the user performs two-/multi-factor authentication
User's keyboard inputs
Date and time of registration
During the registration process, consent from the user for the processing of this data is obtained.
In the context of profile management, the following data of the rental applicant is stored:
The user's email address
Uniquely assigned user ID
Encrypted password information (we do not have access to the password)
Information on whether the user performs two-/multi-factor authentication
Date and time of registration
The user's IP address
User's keyboard inputs
Legal Basis for Data Processing
The legal basis for processing the data is Article 6 para. 1 lit. b GDPR.
Purpose of Data Processing
Registration of the user and profile management are particularly required for viewing management, applicant management, displaying affiliate links, using the chat function, sending documents, and creating and signing rental contracts.
Duration of Storage
The data will be deleted as soon as they are no longer necessary for the purpose of their collection.
This applies during the registration process for the fulfillment of a contract or for carry out pre-contractual measures when the data is no longer necessary for the performance of the contract. Even after the contract is concluded, there may be a necessity to store personal data of the contractual partner in order to comply with contractual or legal obligations.
Right to Object and Removal
As a user, you have the right to dissolve the registration at any time. The data stored about you can be modified at any time.
If the data is necessary for the fulfillment of a contract or the carrying out of pre-contractual measures, early deletion of the data is only possible to the extent that contractual or legal obligations do not prevent such deletion.
VI. Email Contact
Contact can be made through one of the provided email addresses. In this case, the personal data of the user transmitted with the email will be stored.
No transfer of the data to third parties will occur in this context. The data will only be used for processing the conversation.
Legal Basis for Data Processing
The legal basis for processing the data is, in the presence of the user's consent, Article 6 para. 1 lit. a GDPR.
The legal basis for processing the data transmitted in the course of sending an email is Article 6 para. 1 lit. f GDPR. If the email contact aims at the conclusion of a contract, then an additional legal basis for processing is Article 6 para. 1 lit. b GDPR.
Purpose of Data Processing
In the case of contact via email, there exists the necessary legitimate interest in data processing.
Duration of Storage
The data will be deleted as soon as they are no longer necessary for the purpose of their collection. For the personal data from the input mask of the contact form and those sent via email, this will be the case when the respective conversation with the user has ended. The conversation is considered finished when it can be inferred from the circumstances that the matter in question has been finally clarified.
The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.
Right to Object and Removal
The user has the possibility to withdraw their consent for the processing of personal data at any time. If the user contacts us via email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.
All personal data that has been stored during the contact will be deleted in this case.
VII. Data Transfers to Third Parties
Brevo (Email, Chat, Support & CRM, Telephony)
We use Brevo for the dispatch of our newsletters as well as for email communication, chat support, and as a CRM system for the website, web app, and app.
a. Newsletters and Data Analysis by Brevo
You will only receive our newsletters after a double opt-in procedure. This means that you must actively confirm your subscription to the newsletter. In each newsletter email, you will also find the option to easily unsubscribe at any time.
With the help of Brevo, we can analyze our newsletter campaigns. For example, we can see whether a newsletter has been opened and which links have been clicked in it. This allows us to identify which content is particularly interesting. Additionally, we can determine whether certain predefined actions have been performed after opening or clicking (conversion rate), such as making a purchase.
Moreover, Brevo allows us to categorize recipients into different categories (“clusters”), for example by age, gender, or location. This enables us to better tailor our content to different target groups.
If you do not wish to be analyzed by Brevo, you can unsubscribe from the newsletter at any time via the unsubscribe link in every message.
Detailed information about the functions of Brevo can be found here: https://www.brevo.com/de/newsletter-software/.
b. Legal Basis
The data processing is based on your consent (Article 6 para. 1 lit. a GDPR). You can revoke this consent at any time, without affecting the lawfulness of the processing carried out before the revocation.
c. Duration of Storage
The data you provided for the newsletter subscription will be stored until your unsubscription from the newsletter. After unsubscribing, your data will be deleted from the distribution list. Data that we have stored for other purposes remains unaffected.
To permanently prevent the sending of unwanted newsletters, your email address may also be stored on a blacklist. This storage occurs exclusively for this purpose and is not merged with other data (legitimate interest according to Article 6 para. 1 lit. f GDPR). The blacklist storage is not time-limited; however, you may object to this storage if your interests outweigh our legitimate interest.
Further information can be found in the privacy policy of Brevo:
https://www.brevo.com/de/datenschutz-uebersicht/ and
https://www.brevo.com/de/legal/privacypolicy/.
Google Analytics
Provided that you have given your consent, Google Analytics 4, a web analysis service of Google LLC, is used on the website, web app, and app. The responsible entity for users in the EU/the EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).
Type and Purpose of Processing
Google Analytics uses cookies that enable an analysis of your use of our websites. The information collected via the cookies about your usage of this website will typically be transmitted to a Google server in the USA and stored there.
We use the User ID function. With the aid of the User ID, we can assign a unique, permanent ID to one or more sessions (and the activities within those sessions) and analyze user behavior across devices.
We use Google Signals. This enables additional information to be collected in Google Analytics about users who have activated personalized advertisements (interests and demographic data), and advertisements can be delivered to these users in cross-device remarketing campaigns.
In Google Analytics 4, the anonymization of IP addresses is activated by default. Due to IP anonymization, your IP address is shortened by Google within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by your browser in the context of Google Analytics will not be merged with other data from Google, according to Google.
During your visit to the website, your user behavior is recorded in the form of "events." Events may include:
Page views
First-time visit to the website
Start of the session
Visited web pages
Your “click path,” interaction with the website
Scrolls (every time a user scrolls to the bottom of the page (90%))
Clicks on external links
Internal search queries
Interaction with videos
File downloads
Seen/clicked ads
Language setting
Additionally, the following will be recorded:
Your approximate location (region)
Date and time of the visit
Your IP address (in shortened form)
Technical information about your browser and the devices you use (e.g., language setting, screen resolution)
Your Internet provider
Referrer URL (through which website/advertising medium you arrived at this website)
b. Purposes of Processing
On behalf of the operator of this website, Google will use this information to evaluate your pseudonymous use of the website and to compile reports on website activities. The reports provided by Google Analytics serve to analyze the performance of our website and the success of our marketing campaigns.
c. Recipients
Recipients of the data are/can be:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as a processor according to Article 28 GDPR)
Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
Alphabet Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
d. Third Country Transfer
For the USA, the European Commission adopted its adequacy decision on July 10, 2023. Google LLC is certified under the EU-US Privacy Framework. Since Google servers are distributed worldwide and a transfer to third countries (e.g., to Singapore) cannot be completely ruled out, we have also concluded the EU standard contractual clauses with the provider.
e. Duration of Storage
The data we send and linked with cookies will be automatically deleted after 2 months. The maximum lifespan of Google Analytics cookies is 2 years. The deletion of data whose retention period has been reached occurs automatically once a month.
f. Legal Basis
The legal basis for this data processing is your consent according to Article 6 para. 1 S. 1 lit. a GDPR and § 25 Abs. 1 S. 1 TTDSG.
g. Revocation
You can revoke your consent at any time with effect for the future by calling up the cookie settings and changing your selection there. The lawfulness of processing based on the consent until the revocation remains unaffected.
You can also prevent the storage of cookies by setting your browser software accordingly. If you configure your browser to reject all cookies, it may lead to limitations on functionalities on this and other websites. Furthermore, you can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google, as well as the processing of these data by Google, by
not consenting to the setting of the cookie or
downloading and installing the browser add-on for disabling Google Analytics at https://tools.google.com/dlpage/gaoptout.
Further information on the terms of use of Google Analytics and on data protection at Google can be found at
https://marketingplatform.google.com/about/analytics/terms/de/ and
https://policies.google.com/?hl=de.
Hetzner
Used for: Website, WebApp, App, Help pages
The hosting of our domain, DNS servers, and email addresses is performed by Hetzner Online GmbH, Industriestraße 25, 91710 Gunzenhausen. This service provider receives the data collected according to this privacy policy as a processor, and we have concluded a contract with them according to Article 28 GDPR. Our host takes the technical and organizational measures to protect your data described under https://docs.hetzner.com/de/general/others/technical-and-organizational-measures/.
Google Firebase
For authorization and parts of the backend of our software solution, the cloud platform Google Firebase is provided. This is a platform of the American company Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.
The data storage and processing take place in the data center in Frankfurt. The sending of emails via Firebase occurs from the Netherlands.
For authentication:
Email address
possibly phone number for 2FA authentication
Firestore and Storage and Functions necessary for registration:
Name
Date of birth
Address
Phone number
The privacy policies of Google Firebase can be found at the URL
https://firebase.google.com/support/privacy?hl=de
Google Single Sign-On
On our web app and app, you can also register via the authentication service "Google Single Sign-On." The provider is the US company Google LLC. Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for all Google services in the European area.
Google processes your data, among other things, in the USA. The company participates in the EU-US Data Privacy Framework. This regulates the safe and compliant transfer of personal data of EU citizens to the USA. Further information can be found here:
https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en
In addition, Google uses standard contractual clauses (SCC) (Article 46 para. 2 and 3 GDPR). These are template contracts provided by the EU Commission that ensure that even when transferring data to third countries (e.g. USA), European data protection standards are adhered to. Through the combination of the EU-US Data Privacy Framework and the Standard Contractual Clauses, Google undertakes to process your data at a European data protection level, even if it is stored or processed in the USA. The relevant decision and the clauses can be found here:
https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
The terms and conditions for data processing by Google (Google Ads Data Processing Terms), which also reference the standard contractual clauses, can be found here:
https://business.safety.google/intl/de/adsprocessorterms/
You can revoke your consent to the use of Google Single Sign-On at any time through the opt-out function at the following link:
https://adssettings.google.com/authenticated
Further information on data processing when using Google Single Sign-On can be found in Google's privacy policy:
https://policies.google.com/privacy?hl=de
Strato
Strato delivers the web app.
Further information on data processing when using Strato and the privacy policies can be found in Strato's privacy policy at the following URL:
https://www.strato.de/datenschutz/
Stripe
We transmit the following data to Stripe Payments Europe, Limited (SPEL), 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland based on Article 6 para. 1 lit. b) GDPR for payment processing in connection with the contract: Name, address, email address, IDs for payment identification, customer payment data.
Reference is made to the privacy policy of Stripe Payments Europe at https://stripe.com/de/privacy.
Hotjar
We use Hotjar to better understand the needs of our users and to optimize this service and their experience. Our legitimate interest in this sense is in accordance with Article 6 para. 1 lit. b) GDPR. Hotjar is a technology service that helps us understand user behavior better (e.g., how much time they spend on which pages, which links they choose, what users like and dislike, etc.) and thus enables us to continuously improve our service based on user feedback. Hotjar uses cookies and other technologies to collect data on the behavior of our users and their devices. This includes the IP address of a device (processed during your session and stored in a de-identified form), the screen size of the device, type of device (unique device identifiers), browser information, geographical locations (only country), and the preferred language used to display our website. Hotjar stores this information in a pseudonymized user profile on our behalf. Hotjar is contractually obliged not to sell any of the data collected on our behalf.
VIII. Rights of the Data Subject
If personal data is processed by you, you are a data subject within the meaning of the GDPR and you have the following rights against the controller:
Right to Access
You can request confirmation from the controller as to whether personal data concerning you is being processed by us. You can arrange for this deletion through the "My Data" section in your user account.
If such processing occurs, you can request the following information from the controller:
the purposes for which the personal data are processed;
the categories of personal data that are processed;
the recipients or categories of recipients to whom the personal data concerning you have been disclosed or will be disclosed;
the planned duration of storage of the personal data concerning you or, if concrete details on this cannot be provided, the criteria for determining the storage duration;
the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the controller, or a right to object to such processing;
the existence of a right to lodge a complaint with a supervisory authority;
all available information about the origin of the data if the personal data is not collected from the data subject;
the existence of automated decision-making including profiling in accordance with Article 22 para. 1 and 4 GDPR and – at least in these cases – meaningful information about the involved logic as well as the scope and intended effects of such processing for the data subject.
You have the right to request information on whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed about the appropriate safeguards in accordance with Article 46 GDPR in connection with the transfer.
Right to Rectification
You have the right to rectification and/or completion against the controller, provided that the personal data processed concerning you is inaccurate or incomplete. The controller must carry out the rectification without delay.
Right to Restriction of Processing
You can request the restriction of processing of the personal data concerning you under the following conditions:
if you contest the accuracy of the personal data concerning you for a duration enabling the controller to verify the accuracy of the personal data;
the processing is unlawful and you refuse the deletion of the personal data and instead request the restriction of the use of the personal data;
the controller no longer needs the personal data for the purposes of processing, but you need them for the establishment, exercise, or defense of legal claims, or
if you have objected to the processing pursuant to Article 21 para. 1 GDPR and it has not yet been determined whether the legitimate grounds of the controller override your grounds.
If the processing of the personal data concerning you has been restricted, these data may – apart from their storage – only be processed with your consent or for the establishment, exercise or defense of legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.
If the restriction of processing has been lifted under the above-mentioned conditions, you will be informed by the controller before the restriction is lifted.
Right to Erasure
4.1 Obligation to Delete
You can request from the controller that the personal data concerning you be deleted immediately, and the controller is obliged to delete this data immediately, provided that one of the following reasons applies:
The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
You revoke your consent on which the processing is based according to Article 6 para. 1 lit. a or Article 9 para. 2 lit. a GDPR, and there is no other legal basis for the processing.
You object to the processing pursuant to Article 21 para. 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21 para. 2 GDPR.
The personal data concerning you has been unlawfully processed.
The deletion of the personal data concerning you is necessary for compliance with a legal obligation under Union law or the law of the Member States to which the controller is subject.
The personal data concerning you have been collected in relation to offered services of the information society in accordance with Article 8 para. 1 GDPR.
4.1.1. Duplicate Data Holding and Scope of Deletion for Tenants
The following provision regarding the possibility of deletion applies exclusively to users acting as rental applicants, candidates, or tenants and does not have any effect for or against users acting as landlords.
Your personal data is processed both in the tenant portal and in the software used by the landlord. The data collected in the tenant portal will be transmitted and stored on the basis of the contractual relationship between you and your landlord.
If you delete your user account in the tenant portal, this deletion encompasses the access data, all data stored by you in the portal, and your individual configurations. With the deletion of the user account, the possibility of using the tenant portal also ends; access to the platform there will no longer be possible.
The personal data stored in the landlord's software will explicitly not be affected by the deletion of the user account in the tenant portal. This data will be processed by the landlord as a responsible party within the meaning of Article 4 No. 7 GDPR to fulfill rental obligations and to comply with legal retention obligations and is therefore subject to a separate deletion regulation.
The deletion of these contract-related data can only be asserted against your landlord. You can contact your landlord as the responsible party directly for this purpose. Immodio, as the processor, is not authorized to delete this data independently.
4.2 Information to Third Parties
If the controller has made personal data concerning you publicly available and is obligated to delete them pursuant to Article 17 para. 1 GDPR, they will take appropriate measures, including technical measures, taking into account the available technology and implementation costs, to inform the data controllers processing personal data about you that you, as the data subject, have requested the deletion of all links to that personal data or of copies or replications of that personal data.
4.3 Exceptions
The right to deletion does not exist as far as processing is necessary
for the exercise of the right to free expression and information;
to fulfill a legal obligation requiring processing under Union or Member State law to which the controller is subject, or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;
for reasons of public interest in the area of public health according to Article 9 para. 2 lit. h and i as well as Article 9 para. 3 GDPR;
for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Article 89 para. 1 GDPR, unless the right mentioned under section a) is likely to make it impossible or seriously impede the achievement of the goals of that processing, or
to assert, exercise or defend legal claims.
Right to Notification
If you have asserted the right to rectification, deletion or restriction of processing against the controller, the latter is obliged to inform all recipients to whom the personal data concerning you have been disclosed of the rectification or deletion of the data or the restriction of processing, unless this proves impossible or involves disproportionate effort.
Right to Data Portability
You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used, and machine-readable format. Furthermore, you have the right to transmit these data to another controller without hindrance from the controller to whom the personal data have been provided, provided that
the processing is based on consent in accordance with Article 6 para. 1 lit. a GDPR or Article 9 para. 2 lit. a GDPR or on a contract in accordance with Article 6 para. 1 lit. b GDPR and
the processing is carried out by automated means.
In exercising this right, you also have the right to obtain that the personal data concerning you are transmitted directly from one controller to another, where technically feasible. The freedoms and rights of other persons may not be adversely affected by this.
The right to data portability does not apply to the processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Right to Object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Article 6 para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions.
The controller shall no longer process the personal data concerning you unless he or she demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.
If the personal data concerning you are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling to the extent that it is related to such direct marketing.
If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
You have the opportunity to exercise your right to object in connection with the use of information society services – irrespective of Directive 2002/58/EC – through automated procedures where technical specifications are used.
Right to Withdraw Consent to Data Processing
You have the right to withdraw your consent to data processing at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
Automated Decision-Making Including Profiling
You have the right not to be subject to a decision based solely on automated processing – including profiling – that produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
is necessary for the conclusion or performance of a contract between you and the controller,
is permitted under Union or Member State law to which the controller is subject and that law provides for appropriate measures to safeguard your rights and freedoms as well as your legitimate interests, or
is based on your explicit consent.
However, such decisions must not be based on special categories of personal data as referred to in Article 9 para. 1 GDPR, unless Article 9 para. 2 lit. a or g GDPR applies and appropriate measures to protect the rights and freedoms as well as your legitimate interests are in place.
In relation to the cases mentioned in (a.) and (c.), the controller takes appropriate measures to protect the rights and freedoms as well as your legitimate interests, which includes at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.
Right to Lodge a Complaint with a Supervisory Authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, your workplace or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.
The supervisory authority to which the complaint has been submitted shall inform the complainant about the status and the results of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.
Data Processing on Social Media
We maintain presences in various social media to represent our services and our company. The providers of these platforms process personal data of their users independently and usually also for the purposes of advertising or market research. In this context, usage profiles can be created, which are used for interest-based advertising on and off the respective platform. For this purpose, platform operators often use cookies or similar technologies that are stored on users' devices. A combination of this information with other data that the respective provider has already stored is not excluded.
Please note that individual providers may have their headquarters or server locations outside the European Union. In such cases, it may happen that personal data is also processed in non-EU countries where no data protection level comparable to that of the EU exists. This can pose risks for data subjects, such as difficulties in enforcing the rights of data subjects or potential government access to data.
If users of the networks contact us via one of our social media profiles, we process the data provided to us with a legitimate interest in order to answer the inquiries, so that the legal basis is Article 6 para. 1 S. 1 lit. f GDPR.
For further information on data processing and the respective possibilities of objection, please refer to the data protection notices of the individual providers.
Instagram
We maintain a profile on Instagram. The operator is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. For further information on Instagram's privacy policy, please see:
https://about.instagram.com/de-de/blog/announcements/instagram-community-data-policy
LinkedIn
We maintain a profile on LinkedIn. The operator is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. For further information on LinkedIn's privacy policy, please see:
https://de.linkedin.com/legal/privacy-policy
Contact Information
You can contact us regarding the privacy policy in writing or via email at the following address:
Immodio UG (limited liability)
Birkenweg 6
91244 Reichenschwand
District Court of Nuremberg
HRB 43524
Authorized Executive Director: Leon Rainer Blank
Web: www.immodio.app
Email: kontakt@immodio.app
Imprint: www.immodio.app/Impressum