PRIVACY POLICY

This translation is provided for information purposes only. In the event of any discrepancies, the German source text shall prevail in order to prevent any translation errors from being interpreted to the detriment of the consumer.

table of contents

1. Introduction

With the following information, we would like to provide you, as the 'data subject,' with an overview of how we process your personal data and your rights under data protection laws. Generally, the use of our website(s) is possible without entering personal data. However, if you wish to use special services of our company, processing of personal data might be necessary. If the processing of personal data is required and there is no legal basis for such processing, we will always obtain your consent.

This policy applies to our website, services, and products under the 'Intao' brand, operated by Intao GmbH.

The processing of personal data, such as your name, address, or email address, is always carried out in accordance with the General Data Protection Regulation (hereinafter GDPR) and in compliance with the country-specific data protection regulations applicable to 'Intao GmbH' (hereinafter 'Intao'). With this privacy policy, we aim to inform you about the scope and purpose of the personal data we collect, use, and process.

We have implemented numerous technical and organizational measures to ensure the most comprehensive protection of personal data processed through this website. Nevertheless, internet-based data transmissions can generally have security gaps, so absolute protection cannot be guaranteed. For this reason, you are free to transmit personal data to us via alternative means, such as by telephone or postal mail.

2. Data Controller

The data controller within the meaning of the GDPR is:
Intao GmbH
Schrimpfstrasse 32e
82131 Gauting
Germany
Phone: +49 (0) 160 858 0505
Email: [email protected]
Website: https://intao.io

3. Definitions

This privacy policy is based on the terms used by the European Directive and Regulation legislator when issuing the General Data Protection Regulation (GDPR). Our privacy policy aims to be easy to read and understand for both the public and our customers and business partners. To ensure this, we would like to first explain the terminology used. In this privacy policy, we use the following terms, among others:

3.1. Personal Data

Personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, particularly by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

3.2. Data Subject

A data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing (our company).

3.3. Processing

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

3.4. Restriction of Processing

Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.

3.5. Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, particularly to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

3.6. Pseudonymization

Pseudonymization means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

3.7. Processor

A processor is a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

3.8. Recipient

A recipient is a natural or legal person, public authority, agency, or another body, to which personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

3.9. Third Party

A third party is a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

3.10. Consent

Consent of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

4. Legal Basis for Processing

Article 6(1)(a) GDPR serves as the legal basis for our company for processing operations where we obtain consent for a specific processing purpose.

If the processing of personal data is necessary for the performance of a contract to which you are a party, such as processing operations required for the supply of goods or to provide any other service or consideration, the processing is based on Article 6(1)(b) GDPR. The same applies to processing operations necessary to carry out pre-contractual measures, for instance in cases of inquiries about our services and products.

If our company is subject to a legal obligation that necessitates the processing of personal data, such as for the fulfillment of tax obligations, the processing is based on Article 6(1)(c) GDPR.

In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured on our premises and their name, age, health insurance data, or other vital information had to be passed on to a doctor, hospital, or other third parties. In such cases, the processing would be based on Article 6(1)(d) GDPR.

Finally, processing operations could be based on Article 6(1)(f) GDPR. This legal basis applies to processing operations not covered by any of the aforementioned legal grounds, if the processing is necessary for the purposes of the legitimate interests pursued by our company or a third party, provided that such interests are not overridden by the interests or fundamental rights and freedoms of the data subject. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. The legislator considered that a legitimate interest could be assumed if you are a client of our company (Recital 47 Sentence 2 GDPR).

5. Data Security

Intao employs appropriate security measures to protect against unauthorized access, alteration, disclosure, or destruction of personal data. These measures include, among other things, an internal review of our data collection, storage, and processing practices, as well as technical and organizational security measures to guard against unauthorized access to systems where we store such sensitive data. All collected data is stored in Frankfurt am Main at the AWS (Amazon Web Services) EU (Frankfurt) location. Therefore, the strict protection level of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) applies. AWS, the cloud provider, is Amazon Web Services Inc. (410 Terry Avenue North, Seattle, WA 98109, USA); it only provides the server platform. AWS is certified according to German IT baseline protection by TÜV Austria Group.

For more information on data protection in relation to AWS, you can find the AWS Data Privacy Notice and the AWS Compliance Resources.

6. Hosting and Technology

6.1. Hosting

Our website is made available on the Internet by a service provider (provider or host). We use the services of NETMOUNTAINS Group GmbH, An der Pönt 46, 40885 Ratingen, Germany.

Our provider processes information, known as server log files, that are automatically transmitted by your browser whenever you visit websites on the Internet. This information includes:

Your IP address
Type and version of your browser
Hostname
Time of visit
The website from which you accessed our website
Name of the accessed website
Exact time of access, and
The amount of data transferred

This data is used only for statistical purposes and does not allow us to identify you as a user.

For more information about data processing by Netmountains, please refer to their Privacy Policy.

Legal Basis

The legal basis for this data processing is, on the one hand, our legitimate interests according to Art. 6 (1) f GDPR in providing and using our website on the Internet, and where applicable, the statutory permission to store data in the context of initiating a contractual relationship according to Art. 6 (1) b GDPR.

Data Processing Agreement

We have concluded a Data Processing Agreement (DPA) for the use of the aforementioned service. This is a contract required by data protection law, ensuring that the service provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

6.2. SSL/TLS Encryption

Our websites use SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login data, or contact requests that you send to us as the operator. You can recognize an encrypted connection by the change in the address line of the browser from 'http://' to 'https://' and by the lock symbol in your browser's address bar. When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

6.3. Use of Cloudflare

We use the Content Delivery Network (CDN) of Cloudflare Germany GmbH, Rosental 7, c/o Mindspace, 80331 Munich, Germany (Cloudflare) to increase the security and delivery speed of our website. This is in line with our legitimate interest (Art. 6 (1) f GDPR). A CDN is a network of distributed servers that is capable of delivering optimized content to website users. For this purpose, personal data may be processed in Cloudflare's server log files (see section 6.1.).

Cloudflare has implemented compliance measures for international data transfers. These apply to all global activities where Cloudflare processes personal data of individuals in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs). More information can be found here: Cloudflare Customer SCCs

For more information about data protection in connection with Cloudflare, please refer to the Cloudflare Privacy Policy.

Legal Basis

The legal basis corresponds to our legitimate interest according to Art. 6 (1) f GDPR, as we do not operate a Content Delivery Network ourselves.

Storage Duration

Your personal data will be stored by Cloudflare for as long as it is necessary for the described purposes.

Data Processing Agreement

7. Cookies

7.1. General Information About Cookies

We use cookies on our website. These are small files that your browser automatically creates and that are stored on your IT system (laptop, tablet, smartphone, etc.) when you visit our site. Cookies do not cause any damage to your device and do not contain viruses, trojans, or other malware. Information is stored in the cookie that arises in each case in connection with the specific end device used. However, this does not mean that we immediately gain knowledge of your identity.

The following data is stored and transmitted in the cookies:

Language settings

Additionally, we use cookies on our website to analyze your surfing behavior. The following data may be transmitted:

Frequency of page views
Use of website functions

When you visit our website, you are informed about the use of cookies for analysis purposes. Your consent to the processing of the personal data used in this context is also obtained. This notice also refers to this privacy policy.

7.2. Purpose of Data Processing

The use of cookies serves, on the one hand, to make the use of our offer more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after you leave our site.

In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your end device for a certain specified period. If you visit our site again to use our services, it is automatically recognized that you have already been with us and what entries and settings you have made so that you do not have to enter them again.

On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you. These cookies enable us to automatically recognize that you have already been to our site when you visit it again.

7.3. Legal Basis for Data Processing

The legal basis for the processing of personal data using cookies is Article 6(1)(f) GDPR.

For the processing of personal data using technically necessary cookies, the legal basis is Article 6(1)(f) GDPR.

For the processing of personal data for analysis purposes using cookies that are not technically necessary, the necessary legal basis is consent according to Article 6(1)(a) GDPR.

7.4. Objection and Removal Options

Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer, or a notice always appears before a new cookie is created. The complete deactivation of cookies may, however, mean that you cannot use all the functions of our website.

8. Web Analysis

8.1. Use of Google Analytics

We use Google Analytics on our websites, a web analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as "Google." In this context, pseudonymized user profiles are created, and cookies (see section 7) are used. The information generated by the cookie about your use of this website such as:

Browser type/version
Used operating system
Referrer URL (the previously visited page)
Hostname of the accessing computer (IP address, anonymized)
Time of the server request

is transmitted to a Google server in the USA and stored there. The information is used to evaluate the use of the website, compile reports on website activity, and provide other services related to website and internet usage for market research and demand-oriented design of these internet pages. This information may also be transferred to third parties if required by law or if third parties process this data on behalf of Google.

We use the function 'anonymizeIP' (so-called IP masking). Due to the activation of IP anonymization on this website, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.

The recipient of the data is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as a processor. We have concluded a data processing agreement with Google for this purpose. Google LLC, based in California, USA, and possibly US authorities can access the data stored by Google.

For more information about the terms of use of Google Analytics and Google's privacy policy, please visit the Google Analytics Terms of Service and Google Privacy Policy.

Legal Basis

The legal basis for this data processing is your consent, Article 6(1)(a) GDPR. You can withdraw your consent at any time with effect for the future by accessing the cookie settings and changing your selection there. The use of Google Analytics is also in the interest of optimizing and designing our website to meet your needs. This constitutes a legitimate interest within the meaning of Article 6(1)(f) GDPR.

Storage Duration

The data sent by us and linked with cookies will be automatically deleted after 14 months. Data whose retention period has been reached is automatically deleted once a month. Additionally, you can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google and the processing of this data by Google by:

Not granting your consent to the setting of the cookie, or
Downloading and installing the browser add-on to deactivate Google Analytics.

You can also prevent the storage of cookies by setting your browser software accordingly. If you configure your browser to reject all cookies, you may experience limitations in functionality on this and other websites.

Data Processing Agreement

We have concluded a data processing agreement (DPA) with Google for the use of the above service. This is a contract required by data protection law, ensuring that Google processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

8.2. Use of Google Tag Manager

This website uses the Google Tag Manager. This service allows website tags to be managed via an interface. The Google Tag Manager only implements tags. This means: no cookies are used, and no personal data is collected. The Google Tag Manager triggers other tags that may collect data. However, the Google Tag Manager does not access this data. If deactivation has been made on the domain or cookie level, it remains in place for all tracking tags implemented with Google Tag Manager.

For more information on data protection related to Google Tag Manager, please visit: Google Tag Manager Use Policy.

8.3. Use of LinkedIn Insight Tag

We use the conversion tracking technology and the retargeting feature of LinkedIn Corporation on our website. With this technology, visitors to this website can be served personalized advertisements on LinkedIn. It also allows us to generate anonymous reports on the performance of advertisements and website interaction information. For this purpose, the LinkedIn Insight Tag is integrated into this website, establishing a connection to the LinkedIn server if you visit this website and are logged into your LinkedIn account at the same time.

For more information on data protection related to LinkedIn Insight Tag, please visit: LinkedIn Privacy Policy.

8.4. Use of Vimeo

We use Vimeo to embed videos on our website. Vimeo is operated by Vimeo, LLC, headquartered at 555 West 18th Street, New York, New York 10011.

When you visit a page that contains an embedded video from Vimeo, a connection to the Vimeo servers is automatically established, and the video is loaded. In this process, Vimeo is informed about which pages you have visited.

If you are logged into Vimeo, this information is associated with your personal user account. This happens regardless of whether you start the video or interact with it in any other way. To prevent Vimeo from associating this data with your user account, you should log out of your Vimeo account before visiting our website and delete all Vimeo cookies from your browser.

For more information about the purpose and scope of data collection and the processing of your data by Vimeo, as well as your rights and privacy settings, please refer to the Vimeo Privacy Policy.

9. Newsletter

9.1. Content of the Newsletter

We send newsletters, emails, and other electronic notifications with promotional information (hereinafter 'Newsletter') only with your consent or a legal permit. If the content of the newsletter is specified at the time of registration, the consent of the users is decisive. Otherwise, our newsletters contain information about our services and us.

9.2. Double-Opt-In and Logging

The registration for our newsletter occurs using a so-called double-opt-in procedure. This means that after registration, you will receive an email asking you to confirm your registration. This confirmation is necessary to ensure that no one can register with foreign email addresses. The newsletter registrations are logged to demonstrate compliance with legal requirements. This includes storing the registration and confirmation time, as well as the IP address. Any changes to the data stored with the mailing service provider are also logged. If you do not confirm your registration, your data will be deleted within 4 weeks.

9.3. Registration Data

To subscribe to the newsletter, you need to provide only your email address. Optionally, we ask you to provide a name for personal addressing in the newsletter.

The sending of the newsletter and the related success measurement is based on the consent of the recipients according to Article 6(1)(a), Article 7 GDPR in conjunction with Section 7(2) No. 3 UWG (German Act Against Unfair Competition), or if consent is not required, based on our legitimate interests in direct marketing according to Article 6(1)(f) GDPR in conjunction with Section 7(3) UWG.

Logging of the registration process is based on our legitimate interests according to Article 6(1)(f) GDPR. Our interest is in using a user-friendly and secure newsletter system that serves both our business interests and meets user expectations, and also allows us to prove consent.

9.4. Cancellation / Revocation

You can unsubscribe from our newsletter at any time, i.e., revoke your consent. A link to unsubscribe from the newsletter can be found at the end of each newsletter, or you can send an email to [email protected] to cancel your subscription. We may store the unsubscribed email addresses for up to three years based on our legitimate interests before deleting them, in order to prove previously given consent. The processing of this data is limited to the purpose of possible defense against claims. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed.

9.5. Use of Zoho Campaigns

This website uses Zoho Campaigns for sending newsletters. The provider is Zoho Corporation Pvt. Ltd., Estancia IT Park, Plot No. 140 151, GST Road, Vallancherry Village, Chengalpattu Taluk, Kanchipuram District 603 202, India (hereinafter 'Zoho Campaigns'). Zoho Campaigns is a service that can be used to organize and analyze the sending of newsletters. The data you enter for receiving the newsletter is stored on Zoho Campaigns' servers.

Data Analysis by Zoho Campaigns

With Zoho Campaigns, we can analyze our newsletter campaigns. For example, we can see if a newsletter message has been opened and which links may have been clicked. This allows us to determine which links were clicked most frequently.

Additionally, we can see if certain predefined actions were performed after opening/clicking (conversion rate). If you do not wish for analysis by Zoho Campaigns, you must unsubscribe from the newsletter. We provide a corresponding link in each newsletter message for this purpose. Zoho Campaigns also allows us to segment newsletter recipients into various categories ("clustering"). For example, we can segment recipients by age, gender, or location. This helps us better tailor the newsletters to specific target groups. If you do not wish for analysis by Zoho Campaigns, you must unsubscribe from the newsletter. We provide a corresponding link in each newsletter message for this purpose.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: Zoho Privacy Policy.

For detailed information on the features of Zoho Campaigns, please visit: Zoho Campaigns Features.

The privacy policy of Zoho Campaigns can be found here: Zoho Privacy Policy.

Legal Basis

The data processing is based on your consent (Article 6(1)(a) GDPR). You can withdraw this consent at any time for the future.

Storage Duration

The data you provided for receiving the newsletter will be stored by us until you unsubscribe from the newsletter or the newsletter service provider. After unsubscribing from the newsletter, the data will be deleted from the newsletter distribution list or after the purpose is fulfilled. We reserve the right to delete or block email addresses from our newsletter distribution list at our discretion within the framework of our legitimate interests according to Article 6(1)(f) GDPR. Data stored for other purposes remains unaffected.

After unsubscribing from the newsletter distribution list, your email address may be stored in a blacklist with us or the newsletter service provider, if this is necessary to prevent future mailings. The data from the blacklist is used only for this purpose and not merged with other data. This serves both your interest and our interest in complying with legal requirements for sending newsletters (legitimate interest according to Article 6(1)(f) GDPR). The storage in the blacklist is not time-limited. You can object to the storage if your interests outweigh our legitimate interest.

Data Processing Agreement

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract required by data protection law, ensuring that the service provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

10. Data Collection and Use

10.1. Contact via Email

When you contact us via email, the information you provide is processed to handle and manage your inquiry in accordance with Article 6(1)(b) GDPR.

User information may be stored in our Customer Relationship Management (CRM) system or similar inquiry management systems (see Sections 10.3. and 11.7.).

10.2. Contact Form

If you send us inquiries via our contact form, your information from the inquiry form, including the contact details you provide, will be stored to process the request and for follow-up questions. We do not share this data without your consent.

Processing of this data is based on Article 6(1)(b) GDPR if your request relates to the fulfillment of a contract or is necessary for the performance of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective handling of inquiries directed to us (Article 6(1)(f) GDPR) or on your consent (Article 6(1)(a) GDPR) if such consent has been requested.

The data you enter in the contact form will remain with us until you request deletion, revoke your consent to storage, or the purpose of data storage no longer applies (e.g., after your request has been processed). Mandatory legal provisions—especially retention periods—remain unaffected.

10.3. Use of Zoho CRM

We use Zoho CRM on this website. The provider is Zoho Corporation Pvt. Ltd., Estancia IT Park, Plot No. 140 151, GST Road, Vallancherry Village, Chengalpattu Taluk, Kanchipuram District 603 202, India (hereinafter 'Zoho CRM').

Zoho CRM allows us to manage existing and potential customers and customer contacts, and to organize sales and communication processes. The use of the CRM system also enables us to analyze and optimize our customer-related processes. Customer data is stored on Zoho CRM’s servers. Details about Zoho CRM’s features can be found here.

Legal Basis

The use of Zoho CRM is based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in efficient customer management and communication. If consent has been requested, processing is carried out exclusively based on Article 6(1)(a) GDPR and Section 25(1) TTDSG, provided the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the scope of the TTDSG. Consent can be withdrawn at any time.

Data transfer to third countries outside the European Union is based on the standard contractual clauses of the EU Commission.

The privacy policy of Zoho CRM can be found here.

Data Processing Agreement

We have entered into a data processing agreement (DPA) for the use of the aforementioned service. This is a contract required by data protection law, ensuring that the service provider processes the personal data of our website visitors only according to our instructions and in compliance with GDPR.

11. Participation and/or Use of Our Services and Products

11.1. Intao Services and Products

We offer the following services and products:

Intao App: A mobile application designed to support individual learning and personal growth. The app provides tools and content to help users expand their skills and knowledge.
Intao Admin Panel: An administration portal for administrators and managers that allows control and monitoring of the Intao App. It includes features for user management, content management, and analysis of learning progress.
Labs: Interactive and hands-on workshops where participants can learn new skills and knowledge in a collaborative environment. These labs promote creative thinking and problem-solving skills.
Impact Calls: Regular, thematic phone or video conferences aimed at discussing important issues, developing strategies, and monitoring progress on projects and initiatives.
Leadership Journey: A comprehensive development program for leaders designed to strengthen their leadership skills and prepare them for future challenges. The program combines training, coaching, and practical exercises.
Unstoppable: A coaching and training program specifically developed for women, aimed at supporting participants in their personal and professional development, overcoming obstacles, and achieving their goals.
Workshops: Planned, interactive training sessions aimed at conveying specific skills or knowledge. Our workshops are practical and encourage active participation among attendees.
Coachings: Individual or group-based sessions where our experienced coaches assist participants in overcoming personal and professional challenges, setting and achieving goals, and enhancing their skills and confidence.
Moderations: Professional facilitation and structuring of meetings, discussions, or workshops to ensure they run smoothly, purposefully, and productively. Our moderators encourage constructive dialogue and effective collaboration among participants.

11.2. Use of Google Calendar

We use Google Calendar, linked to our business account with Google, for organizing the logistics of our services and products. This means that after you register for our programs, we will invite you to events stored in our Google Calendar via email.

By accepting Google Calendar invitations, you agree to the collection, processing, and use of the automatically collected data by Google, its representatives, and third parties.

Google Calendar is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").

Google guarantees compliance with EU data protection requirements even when processing data in the USA through its certification under the EU-U.S. Privacy Shield.

Detailed information on data protection and Google’s general terms of service can be found here.

Legal Basis

The legal basis for the described processing of personal data is Article 6(1)(b) GDPR.

11.3. Use of TuCalendi

For participants in our services and products, we use the TuCalendi.com service for simplified appointment scheduling. The provider of this service is Appload Solutions S.L., C / Bethencourt Alfonso, 33, 7th Floor, 38002 Santa Cruz de Tenerife, CIF: B76813195 – TuCalendi.com, Calle Manuel Bello Ramoz 74, 38670 Adeje S/C Tenerife, Spain.

When scheduling an appointment with us, you can use the provided form. The data you provide will be transmitted through TuCalendi to the relevant contact person and entered into our Google Calendar (see Section 11.2.). Additionally, the data is visible to us in TuCalendi’s login area and stored there. You will receive a confirmation of the appointment by email, with the option to add the data to your calendar.

The purpose of processing the provided data is to coordinate appointments, handle contact requests, and communicate with you.

Further information on TuCalendi and data protection can be found here.

Legal Basis

The legal basis for the described processing of personal data is Article 6(1)(f) GDPR. Our legitimate interest is to provide you with the ability to independently schedule appointments with us, simplifying appointment coordination and allowing efficient scheduling.

Storage Duration

Personal data will be deleted as soon as it is no longer required for the purpose for which it was collected.

Data Processing Agreement

We have entered into a data processing agreement (DPA) for the use of the aforementioned service. This legally required contract ensures that the provider processes personal data only according to our instructions and in compliance with GDPR.

11.4. Use of Paperform

For participants in our services and products, we use Paperform to create surveys. This service is provided by Paperform Pty. Ltd., 64 Tabrett St., Banksia, NSW 2216 Australia. Participation in a survey establishes a connection to Paperform’s server, which will recognize your IP address and the page you visited. When submitting such a form, the entered data is transmitted to Paperform. The use of Paperform enables us to design our offerings attractively and facilitate survey processing.

Further information on Paperform and data protection can be found here.

Legal Basis

The legal basis for the described processing of personal data is Article 6(1)(f) GDPR. Our legitimate interest is to provide you with the opportunity to participate in surveys to improve our services.

Storage Duration

Personal data will be deleted as soon as it is no longer required for the purpose for which it was collected.

Data Processing Agreement

11.5. Use of Pointerpro

For participants in our services and products, we use Pointerpro to create surveys. The service is provided by Objective7 BV, Prins Boudewijnlaan 218A, 2650 Edegem, Belgium. For participants in our programs or services, a personal link to our questionnaire is created. To generate this personal link, first name, last name, and email address are stored. After completing the questionnaire, participants receive an evaluation. Participation in a survey establishes a connection to Pointerpro’s server, which will recognize your IP address and the page you visited. When submitting such a form, the entered data is transmitted to Pointerpro. The use of Pointerpro allows us to design our offerings attractively and simplify survey processing.

Participant data may also be stored in our Customer Relationship Management (CRM) system (see Section 11.7.).

Further information on Pointerpro and data protection can be found here.

Legal Basis

The legal basis for the described processing of personal data is Article 6(1)(b) GDPR.

Storage Duration

Personal data will be deleted as soon as it is no longer required for the purpose for which it was collected.

Data Processing Agreement

11.6. Use of Zoom

For participants in our services and products, we use Zoom provided by ZOOM Video Communications Inc., San Jose Office, 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA. To use Zoom, you must first download and install a web application. During registration, you will be asked for your name and can choose whether to save this for future registrations. Our webinars are recorded and published on various platforms. To participate in our webinars, you must consent to the recording. If you do not wish to be recorded, you have the option to turn off your camera and microphone before joining the webinar. Nevertheless, your consent to recording is still required.

Further information on Zoom and data protection can be found here.

Legal Basis

The legal basis for the described processing of personal data is Article 6(1)(b) GDPR.

Storage Duration

Personal data will be deleted as soon as it is no longer required for the purpose for which it was collected.

Data Processing Agreement

11.7. Use of Evalanche

For participants in our services and products, we use "Evalanche" for sending additional emails. The provider is SC-Networks GmbH, Würmstraße 4, 82319 Starnberg, Germany. Evalanche is a service that organizes and analyzes email dispatches. The data you provide for app usage (email address) is stored on Evalanche’s servers in Germany.

Further information on SC-Networks and data protection can be found here.

Legal Basis

Data processing is based on your consent (Article 6(1)(a) GDPR or Article 6(1)(b) GDPR). You can withdraw this consent at any time by unsubscribing from the emails. The legality of the data processing already carried out remains unaffected by the withdrawal.

If you do not wish to receive emails via Evalanche, you must unsubscribe. A link to unsubscribe is provided in every email.

Storage Duration

Personal data will be deleted as soon as it is no longer required for the purpose for which it was collected.

Data Processing Agreement

12. Use of the Intao App

12.1. Invitation to Use the Intao App

To use the Intao App, you need to be invited by us or one of our customers. This involves entering your email address into our system, which then generates an invitation email. Your email address must already be known to us or our customer.

When you receive an invitation to use the app, it means that you have explicitly expressed interest in the app or are already a customer of ours.

If one of our customers invites you to use the app, Intao acts as a data processor. We are not responsible for whether our customers have legally obtained and are authorized to use the email addresses.

If you do not register through the invitation email link, your data will be deleted within 4 weeks.

Your rights remain unaffected, and you can object to the storage of your data at any time.

The data is stored in our Customer Relationship Management (CRM) system or a similar inquiry organization (see Section 11.7.).

12.2. Registration for the Intao App

You can register on our platform (Intao App) to use our services. The data entered during registration is used solely for the purpose of the service you registered for. Mandatory information such as name and email address must be provided; otherwise, registration cannot be completed.

For important changes, such as modifications to the service or necessary technical updates, we use the email address provided during registration to inform you.

The processing of the data provided during registration is based on your consent (Article 6(1)(a) GDPR). You may withdraw your consent at any time by sending us an informal email. The legality of data processing that occurred prior to the withdrawal remains unaffected.

Data collected during registration is stored as long as you are registered for our services. Legal retention periods remain unaffected.

The data is stored in our Customer Relationship Management (CRM) system or a similar inquiry organization (see Section 11.7.).

12.3. Metadata of Services When Using the Intao App

When an authorized user interacts with our services, metadata is generated that provides additional context about how users work. The data is anonymized, ensuring that there are no inferences about your identity. For example, we log interactions with Sparks, Topics, and the frequency of app usage. We collaborate with a third party to collect this data:

Google Firebase

Google Firebase is a service provided by:

Google Ireland Limited
Gordon House, Barrow Street
Dublin 4
Ireland

You can find more information about Google and data protection here.

12.4. Analysis of Services When Using the Intao Admin Panel

When an authorized user interacts with the services of our admin panel, data is generated that provides additional context about how users work. The data is anonymized, ensuring that there are no inferences about your identity. We use Google Analytics in our Admin Panel (see Section 8.1.), a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (referred to as 'Google'). This involves creating pseudonymized usage profiles and using cookies (see Section 7.). Information generated by the cookies regarding your use of our admin panel, such as:

Browser type/version
Operating system used
Pages visited within the admin panel
Hostname of the accessing computer (IP address, anonymized)
Time of server request
Language

is transferred to a Google server in the USA and stored there. This information is used to evaluate the use of the admin panel, compile reports on activities, and provide additional services related to admin panel usage and internet usage for market research and tailored design purposes.

For more information on Google Analytics terms of use and Google’s data protection practices, please refer to the Google Analytics Terms of Service and Google Privacy Policy.

12.5. Device Data

Intao may collect data about the device used to access the services, including the type of device, operating system used, device settings, application identifiers, unique device identifiers, and crash information. The specifics of the data collected depend on the device type and settings. We work with third parties to collect this data:

Google Analytics (see Section 8.1.)
Google BigQuery

Google Analytics and Google BigQuery are services provided by:

Google Ireland Limited
Gordon House, Barrow Street
Dublin 4
Ireland

For more information on Google Analytics terms of use and Google’s data protection practices, please refer to the Google Analytics Terms of Service and Google Privacy Policy.

12.6. Log Data

Like most websites and technology services provided over the internet, our servers automatically collect and record data in log files when you access our websites or services. This log data may include your IP address, the address of the website visited before using our website or services, browser type, browser settings, date and time of service usage, information about browser configuration and plugins, language settings, and cookie data.

13. Use of the Intao Admin Panel

13.1. Invitation to Use the Intao Admin Panel

To use the Intao Admin Panel, you need to be invited by us. This involves entering your email address into our system, which then generates an invitation email. Your email address must already be known to us.

When you receive an invitation to use the Intao Admin Panel, it indicates that you have explicitly shown interest in the Admin Panel or are already a customer of ours.

If you do not register through the invitation email link, your data will be deleted within 4 weeks.

Your rights remain unaffected, and you can object to the storage of your data at any time.

The data is stored in our Customer Relationship Management (CRM) system or a similar inquiry organization (see Section 11.7.).

13.2. Registration for the Intao Admin Panel

You can register on our platform (Intao Admin Panel) to use our services. The data entered during registration is used solely for the purpose of the service you registered for. Mandatory information, such as name and email address, must be provided; otherwise, registration cannot be completed.

For important changes, such as modifications to the service or necessary technical updates, we use the email address provided during registration to inform you.

Data collected during registration is stored as long as you are registered for our services. Legal retention periods remain unaffected.

The data is stored in our Customer Relationship Management (CRM) system or a similar inquiry organization (see Section 11.7.).

14. Data Disclosure

We only share personal data with third parties with your consent or in the following cases:

Trainers: If you are a participant in our programs/workshops (e.g., Leadership Journey), our trainers may access personal data and content of participants through participant lists or webinars. They are permitted to use this personal data solely for providing services to us or as required by legal provisions.
Service Providers: We work with external service providers to deliver, support, and improve our products and services and technical infrastructure. These providers may access personal data subject to contractual and technical requirements for data protection. They may use this personal data solely for the provision of services to us or as required by legal provisions. We may integrate third-party technologies to offer enhanced functionalities.
Legal Reasons: We may disclose personal data when necessary to: (1) Comply with applicable laws or to respond to valid legal orders and proceedings, including cooperation with law enforcement or other authorities. (2) Enforce or investigate potential violations of terms of use or policies. (3) Detect, prevent, or investigate potential fraud, abuse, security concerns, including threats to public safety. (4) Fulfill our corporate and social responsibility obligations. (5) Protect our rights and the property of our customers. (6) Resolve disputes and enforce contracts.

15. Our Activities on Social Media

To communicate with you and inform you about our services on social media platforms, we maintain our own pages on these networks. We are not the primary controller (responsible party) for these pages, but use them within the scope of the options provided by the respective platforms.

Therefore, we would like to inform you that your data may be processed outside of the European Union (EU) or the European Economic Area (EEA). This can pose privacy risks for you, as your rights, such as the right to access, deletion, objection, etc., may be more difficult to exercise, and processing on social media platforms often involves advertising or user behavior analysis by the providers, which we cannot influence. If the provider creates usage profiles, cookies are often used, and your usage behavior may be directly associated with your social media profile (if you are logged in).

The described processing of personal data is based on our legitimate interest and the legitimate interest of the respective provider to communicate with you in a contemporary manner and to inform you about our services, in accordance with Art. 6(1)(f) GDPR. If you need to give consent to data processing as a user on these platforms, the legal basis refers to Art. 6(1)(a) GDPR in conjunction with Art. 7 GDPR.

Since we do not have access to the data held by the providers, please exercise your rights (e.g., access, correction, deletion, etc.) directly with the respective provider. Further information about the processing of your data on social networks and the option to exercise your right to object or withdraw (i.e., opt-out) is detailed below for each social media provider we use:

15.1. Facebook

Data Controller in Europe:

Meta Platforms Ireland Limited
Merrion Road
Dublin 4
Ireland

For more information on data protection at Meta, refer to the Privacy Policy.
For information on advertising settings, visit the Ad Preferences page.
Meta is a participant in the EU-U.S. Privacy Shield framework.

15.2. LinkedIn

Data Controller in Europe:

LinkedIn Ireland Unlimited Company
Wilton Place
Dublin 2
Ireland

For more information on data protection at LinkedIn, refer to the Privacy Policy.
For information on advertising settings, visit the Ad Preferences page.
LinkedIn is a participant in the EU-U.S. Privacy Shield framework.

15.3. X

Data Controller in Europe:

Twitter International Company
One Cumberland Place
Fenian Street
Dublin 2
D02 AX07
Ireland

For more information on data protection at X, refer to the Privacy Policy.
To access your data, visit the Data Access page.
For information on advertising settings, visit the Ad Preferences page.

16. Social Media Plugins

16.1. Facebook Plugin

We have integrated components from Meta on this website. Facebook is a social network that allows users to communicate and interact in a virtual space. It provides a platform for exchanging opinions, experiences, and personal or business information, allowing users to create private profiles, upload photos, and connect through friend requests.

The operating company of Facebook is Meta Platforms, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. For data processing matters outside the USA or Canada, the responsible party is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, Ireland.

When you visit a page on our website that includes a Facebook component (Facebook plugin), your browser automatically downloads the Facebook component. You can find an overview of all Facebook plugins at https://developers.facebook.com/docs/plugins/. Through this technical process, Facebook becomes aware of which specific page of our website you are visiting.

If you are logged into Facebook at the same time, Facebook can recognize which specific page of our website you are visiting during your stay. This information is collected by the Facebook component and attributed to your Facebook account. If you interact with any Facebook buttons, such as the "Like" button or leave a comment, Facebook assigns this information to your personal Facebook account and stores it.

Facebook receives information that you have visited our website whenever you are logged into Facebook during your visit to our website, regardless of whether you click the Facebook component or not. If you do not want this information to be transmitted to Facebook, you can prevent it by logging out of your Facebook account before visiting our website.

For more details on how Facebook collects, processes, and uses your personal data, and the privacy settings available, refer to Facebook's Privacy Policy. Additionally, there are various applications available that can help you prevent data transmission to Facebook.

16.2. LinkedIn Plugin

We have integrated components from LinkedIn Corporation on this website. LinkedIn is an internet-based social network that allows users to connect with existing business contacts and establish new ones.

The operating company of LinkedIn is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. For data protection matters outside the USA, LinkedIn Ireland Unlimited Company, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland, is responsible.

When you visit a page on our website with a LinkedIn component (LinkedIn plugin), this component prompts your browser to download the corresponding LinkedIn component. You can find more information about LinkedIn plugins at https://developer.linkedin.com/. Through this technical process, LinkedIn becomes aware of which specific page of our website you are visiting.

If you are logged into LinkedIn, LinkedIn recognizes which page of our website you are visiting and assigns this information to your LinkedIn account. If you interact with any LinkedIn buttons on our website, LinkedIn assigns this information to your personal LinkedIn account and stores it.

LinkedIn receives information about your visit to our website whenever you are logged into LinkedIn during your visit, regardless of whether you click the LinkedIn component. If you do not want this information to be transmitted to LinkedIn, you can prevent it by logging out of your LinkedIn account before visiting our website.

For details on managing email messages, SMS messages, targeted ads, and other advertising settings, refer to LinkedIn's Guest Controls. LinkedIn also uses partners like Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua, and Lotame, which may set cookies. You can reject these cookies at LinkedIn Cookie Policy. For LinkedIn's data protection practices, see the Privacy Policy.

16.3. X Plugin

We have integrated components from X on this website. X is a multilingual public microblogging service where users can post and share short messages limited to 280 characters. These messages are accessible to anyone, including non-X users, and can be viewed by the user's followers. X also allows users to reach a broad audience through hashtags, links, or reposts.

The operating company of X is X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.

When you visit a page on our website that includes an X component (X button), your browser automatically downloads the X component. Through this technical process, X becomes aware of which specific page of our website you are visiting.

If you are logged into X, X recognizes which page of our website you are visiting and assigns this information to your X account. If you interact with any X buttons on our website, the data and information are associated with your X account and stored by X.

X receives information about your visit to our website whenever you are logged into X during your visit, regardless of whether you click the X component. If you do not want this information to be transmitted to X, you can prevent it by logging out of your X account before visiting our website.

For more information on X's data protection practices, refer to X's Privacy Policy.

17. Your Rights as a Data Subject

17.1. Right to Confirmation

You have the right to request confirmation from us as to whether your personal data is being processed.

17.2. Right to Access (Art. 15 GDPR)

You have the right to obtain free of charge information about the personal data stored about you at any time, as well as a copy of this data.

17.3. Right to Rectification (Art. 16 GDPR)

You have the right to request the correction of inaccurate personal data concerning you. Additionally, you have the right to request the completion of incomplete personal data, taking into account the purposes of the processing.

17.4. Right to Erasure (Art. 17 GDPR)

You have the right to request the immediate deletion of personal data concerning you if one of the legal grounds for erasure applies and processing is no longer necessary.

17.5. Right to Restriction of Processing (Art. 18 GDPR)

You have the right to request the restriction of processing your personal data if one of the legal conditions is met.

17.6. Right to Data Portability (Art. 20 GDPR)

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format. Additionally, you have the right to transmit these data to another controller without hindrance from us, provided that the processing is based on your consent (Art. 6 Abs. 1a GDPR or Art. 9 Abs. 2a GDPR) or a contract (Art. 6 Abs. 1b GDPR) and the processing is carried out using automated means.

You also have the right to have your personal data transmitted directly from one controller to another, where technically feasible and where it does not adversely affect the rights and freedoms of others.

17.7. Right to Object (Art. 21 GDPR)

You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data based on Art. 6 Abs. 1e (processing in the public interest) or f (processing based on legitimate interests) GDPR. This also applies to profiling based on Art. 4 Nr. 4 GDPR.

If you object, we will cease processing your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.

In certain cases, we process personal data for direct marketing purposes. You can object at any time to the processing of personal data for such marketing purposes. This also applies to profiling, insofar as it is related to such direct marketing. If you object to the processing for direct marketing purposes, we will no longer process the personal data for these purposes.

Additionally, you have the right to object to the processing of personal data for scientific or historical research purposes or statistical purposes under Art. 89 Abs. 1 GDPR, unless the processing is necessary for the performance of a task carried out in the public interest.

You may exercise your right to object in connection with the use of information society services, irrespective of Directive 2002/58/EC, using automated procedures where technical specifications are used.

17.8. Withdrawal of Consent

You have the right to withdraw any consent to the processing of personal data at any time with effect for the future.

17.9. Complaint to a Supervisory Authority

You have the right to lodge a complaint with a supervisory authority responsible for data protection regarding our processing of personal data.

18. Routine Storage, Deletion, and Blocking of Personal Data

We process and store your personal data only for the period necessary to achieve the storage purpose or as required by the legal regulations to which our company is subject.

When the storage purpose ceases or a prescribed storage period expires, personal data will be routinely and in accordance with legal requirements blocked or deleted.

19. Currency and Changes to the Privacy Policy

This Privacy Policy is current and valid as of July 2024. Due to the further development of our websites and services or changes in legal or regulatory requirements, it may be necessary to amend this Privacy Policy. The current Privacy Policy can be accessed and printed at any time on our website at www.intao.io.