Legal
Privacy Policy
This notice explains how we process personal data when you use the Inoventra website, in line with the EU General Data Protection Regulation (GDPR) and applicable national laws.
1. Data controller
The controller responsible for processing personal data in connection with this website is: [Legal entity name], [Registered office address], [Country].
Email: [privacy@example.com]
If you have appointed a data protection officer (DPO): [dpo@example.com]
2. Scope
This policy applies to personal data collected through inoventra.com (or the domain where this policy is published) and related informational services. It does not cover third-party websites linked from our site.
3. Categories of personal data
Depending on how you use the site, we may process:
- Technical / usage data: IP address, date and time of request, browser type and version, device type, referrer URL, and similar HTTP log data transmitted by your browser (server logs).
- Communication data: Information you submit via contact or enquiry forms (e.g. name, organisation, email address, message content).
- Preference data: Language selection or similar preferences stored locally in your browser where technically required or where you have consented.
4. Purposes and legal bases (GDPR Art. 6)
- Website operation and security (Art. 6(1)(f) GDPR): Delivering the site, maintaining IT security, fraud prevention, and abuse detection (limited retention).
- Responding to enquiries (Art. 6(1)(b) or (f) GDPR): Handling messages you send us in connection with a request or pre-contractual steps.
- Optional features (Art. 6(1)(a) GDPR): Non-essential cookies or similar technologies only where you have given consent via our cookie controls.
- Compliance (Art. 6(1)(c) GDPR): Where processing is required by applicable law.
5. Recipients and processors
We use infrastructure and service providers (e.g. hosting, email delivery) who process data on our behalf as processors under Article 28 GDPR, bound by written agreements and, where relevant, Standard Contractual Clauses (SCCs) or other transfer safeguards for third-country transfers.
6. International transfers
If personal data is transferred outside the European Economic Area (EEA), we implement appropriate safeguards under Chapter V GDPR (e.g. adequacy decisions, SCCs, supplementary measures as required).
7. Retention
We retain personal data only as long as necessary for the purposes described, unless longer retention is required by law. Server logs are typically retained for a limited period compatible with security and legal obligations. Contact enquiries are retained for the time needed to fulfil the request and any follow-up, unless a longer period applies for legitimate interests or legal claims.
8. Your rights
Subject to conditions in the GDPR, you may have the right to:
- Access (Art. 15 GDPR)
- Rectification (Art. 16 GDPR)
- Erasure (“right to be forgotten”, Art. 17 GDPR)
- Restriction of processing (Art. 18 GDPR)
- Data portability (Art. 20 GDPR), where applicable
- Object to processing based on legitimate interests (Art. 21 GDPR)
- Withdraw consent at any time, without affecting the lawfulness of processing before withdrawal (Art. 7(3) GDPR)
- Lodge a complaint with a supervisory authority (Art. 77 GDPR)
To exercise your rights, contact us at the email address in section 1. You may also contact the supervisory authority in your Member State; for example, where the controller is established in [Member State], the lead authority may be [link or name of authority].
9. Automated decision-making
We do not use automated decision-making or profiling within the meaning of Article 22 GDPR on this website.
10. Children
This website is not directed at children. We do not knowingly collect personal data from children.
11. Changes
We may update this policy to reflect legal, technical, or organisational changes. The “last updated” date at the bottom will be revised accordingly. Material changes may be highlighted on the site where appropriate.
Last updated: 13 May 2026 · Version 1.0