Privacy Policy

Data protection information

Below you will find information on the processing of your personal data in accordance with Art. 13 of the European General Data Protection Regulation (GDPR).

1. Basic information

inveox GmbH is committed to protecting and respecting your privacy. With this privacy policy, we would like to inform you as a user of this website about the type, scope and purpose of the collection and use of personal data by of our website. If we refer to websites of other providers, e.g. via a link, the data protection notices and declarations there apply.

2. Provider/Contact person

The controller within the meaning of the General Data Protection Regulation (GDPR) is

Our data protection officer is :

Dr. Sebastian Kraska
Marienplatz 2
80331 Munich

Any data subject can contact us or our data protection officer directly at any time with questions and suggestions regarding data protection using the aforementioned contact details.

3. Handling the collection, processing, storage and use of your personal data

Personal data is any information relating to an identified or identifiable natural person in accordance with the provisions of Article 4 No. 1 GDPR. As part of this website, contact information in particular is processed (e.g. name, telephone number, email address, address, IP address).

How do we collect your data?

On the one hand, your data is collected when you provide it to us. This may, for example, be data that you enter in a contact form.

Other data is collected automatically or with your consent by our IT systems when you visit the website. This is primarily technical data (e.g. internet browser, operating system or time of page view). This data is collected automatically as soon as you enter this website.

When do we process your data?

Data processing on our part only takes place if there is a legal basis for this (e.g. consent, our legitimate interests, fulfillment of a legal obligation, etc.). Data processing on the basis of legitimate interest only takes place if it is necessary for the legitimate interests of inveox or third parties and your interests worthy of protection do not outweigh this and you have not objected to its use.

In the following, we will introduce you to the purposes for which we or one of our service providers process your data (processing purposes):

3.1 Data processing for the purpose of providing the website

inveox will also convert personal data into anonymous data and use it (generally on an aggregated statistical basis) for purposes such as market research and analysis, improving the inveox website, analyzing trends and monitoring the success of advertising campaigns. Aggregated personal data does not allow you to be identified or attributed to any other use of the inveox websites. Direct marketing takes place either on the basis of an existing overriding legitimate interest on our part or on the basis of your consent (Art. 6 para. 1 lit. a or f GDPR).

3.2 Data processing for the purpose of processing customer inquiries in the context of a contact form

The data that you transmit via the contact form will be collected and processed by us on your behalf and exclusively on your instructions. This order processing is regulated in an order processing agreement.

We will be happy to provide you with our template for such an order processing agreement. Please contact us at

3.3 Data processing for security reasons and to detect faults

We collect data about every access to the server on which this platform service is located (so-called server log files) on the basis of our legitimate interests in eliminating malfunctions, ensuring system security and detecting and tracking unauthorized access or access attempts within the meaning of Art. 6 para. 1 lit. f. GDPR data about every access to the server on which this platform service is located (so-called server log files). The access data includes the address of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.

3.4 Data processing through voluntary newsletter registration

We are permitted to send you our newsletter only if you have given us your prior consent (Art. 6 (1) (a) GDPR). In addition, the logging of the registration process is based on our legitimate interest (Art. 6 para. 1 lit. f GDPR). Further information can be found at under section 11 .

3.5  Data processing in connection with the use of online appointment booking

Legal legitimation: We are permitted to use the online appointment booking program and the associated data processing on the basis of the existing (pre-)contractual relationship with you (Art. 6 para. 1 lit. b GDPR).


You may at any time, with effect for the future, terminate the processing of your data on the basis of your previously given consent by withdrawing your consent (see Section 13).

4. Protocol data

We adhere to the principles of data avoidance and data economy. We therefore only store your personal data for as long as is necessary to achieve the purposes stated here or for as long as we are required to do so by law

Each time our website is accessed, our system automatically collects data and information about the computer system of the accessing computer and transmits this to our server. The following data is recorded and stored during the ongoing communication:

Visited website
Date and time at the time of access and duration of access
Amount of data sent
Name of the service provider
Browser used
Operating system
used IP address used

For reasons of data security, in particular to defend against attempted attacks on our web server, as already described in 3.3, we will store these access logs for a period of 7 days and then delete them. This does not apply to data that is required to be stored for evidence purposes due to other obligations. This data will be stored until the incident has been clarified by us and may be passed on to investigating authorities in individual cases.

5. Forwarding of your data

Your data will only be passed on to persons who need it to fulfill their tasks, if necessary to fulfill contracts with you, for data processing with your consent or to protect our overriding legitimate interests . In this context, we would like to inform you that we may transfer your data to companies affiliated with us, insofar as this is permitted under the purposes and legal bases set out in section 3.

Furthermore, your data will be forwarded to recipients outside this company, if we are legally obliged to disclose your personal data or if we consider this necessary to protect the rights, property or security of inveox, our customers or third parties..

Transmissions to authorities and/or law enforcement agencies are made if this is required by law or necessary to protect our legitimate interests in accordance with applicable law. Any other transfer of your personal data takes place on the basis of order processing contracts in accordance with Art. 28 GDPR. In doing so, we ensure with our contractual partner that data processing only takes place if all data protection obligations are complied with. We entrust these external service providers with tasks such as marketing services. The categories of recipients and the processing that takes place in this context are described below from sections 8 to 10.

Your personal data will be passed on to companies that provide services on behalf of inveox GmbH. The collection takes place without transmission via inveox GmbH. These companies fall into the categories of IT services (software providers, website hosters and analytics services, IT support, call centers), advertising agencies, logistics, print services, telecommunications, data management & data analysis, customer service, billing. Such third-party providers are not “recipients” of inveox GmbH within the meaning of Art. 13 para. 1 lit. e) of the GDPR. They collect your data independently and on the basis of your own decision to choose this payment process. Please note that your contractual relationship with PayPal is independent of your contractual relationship with inveox GmbH.

6. Data transfer to third countries (outside the EU/EEA)

 Third countries are countries in which the GDPR is not directly applicable law, i.e. countries outside the EU or the European Economic Area. Data is only transferred to third countries if there is either an adequate level of data protection, consent or other legal permission, in particular a corresponding guarantee in accordance with Art. 46 GDPR. Please note that not all third countries can demonstrate such an adequate level of data protection (e.g. USA). If we nevertheless seek to transfer data to such third countries, we will ensure that standard contractual clauses have been agreed with the recipient, e.g. through EU standard contractual clauses, before entering into the contractual relationship. Furthermore, data transfer would also be permissible if we have your consent to the transfer.

7. Deleting of data and storage duration

 inveox processes and stores personal data of data subjects only for as long as is necessary for the purpose pursued or as required by law. For example, retention periods under commercial and tax law may prevent deletion. These statutory retention or documentation periods are regularly up to ten years. If the purpose of storage no longer applies or if a legally prescribed retention period expires, the personal data is routinely deleted or anonymized, unless it is used for evidence purposes.

8. Use of cookies and user-based online marketing

Our website uses cookies. A cookie is a small text file that is transferred from our web server to your browser using software when you visit our website and stored there for later retrieval . This makes it possible to recognize you when you visit the website again. Cookies are generally used for the user-friendly design of our website and analysis of log data. In the context of this privacy policy, cookies also include other technologies that have a similar functionality.

We use two different types of cookies and analysis tools. On the one hand, there are those that are necessary for the functionality of our website and those that are not. We will explain the meaning and use of these in more detail below:

8.1 Technically necessary cookies

When you visit our website, cookies are set that are absolutely necessary for the operation of the website. For example, these are required to identify the installation language of the respective browser in order to be able to display the website content in the correct language for you.

The legal basis for the processing of personal data using essential cookies is our legitimate interest pursuant to Art. 6 (1) lit. f) GDPR. Our overriding legitimate interest is the operation, analysis and optimization of our website and our customer interactions.

For this reason, there is no opt-out option for these cookies. These cookies are deleted after you end your visit to our website.

8.2 Technically not necessary cookies

These are cookies that we use, but which go beyond the necessity for the technical feasibility of the online offer. We use marketing cookies and tracking methods on the condition that you have given us your consent (opt-in option) to their use in advance.

The use of our tracking methods enables us to gain insights into your user behavior through analysis, so that we can provide you with an individual offer derived from your personal interests.

8.3 Evaluation of usage data and use of tracking methods

We use external service providers (processors), e.g. for the dispatch of goods, newsletters or payment processing. A separate contract data processing agreement has been concluded with the service provider to ensure the protection of your personal data.

Records of your user behavior and preferences are evaluated by programs from our tracking providers, which use them to compile statistics and reports for us. By setting cookies, for example, we can recognize whether and how often you as a user have clicked on a particular ad.

By confirming (opting in) the cookies in our cookie banner, you give us your consent to use your data as described above. You have the option to revoke this consent at any time.

If you reject the cookies in the context of the banner queries (objection), we will set an opt-out cookie in your browser in order to enforce an assignment to your objection. These cookies are only set in the browser in which you have expressed your objection. If you use a different browser, it is necessary for you to object to their use again.

We use a statistics tool (see Google Analytics) to analyze usage data. These tools are also only activated after you have given your consent.

The following marketing tools are used by us in connection with this website:

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Data protection provisions:

Google Analytics is used by us to collect information and analyze the general user behavior of our website visitors in the context of the online services provided by us and to report usage statistics in this regard.

Google will also inform you about your right of revocation under the following link:

E-mail marketing (see section 11., Newsletter)

Customer database management

Contact management (enrichment of data records in connection with the collected knowledge of the individual)

Individual analysis and reporting, e.g. on e-mail performance or web analytics regarding our customers and interested parties

Sales and online marketing We use the CRM tool from Pipedrive, a company based at Pipedrive OÜ, Mustamäe tee 3a, 10615 Tallinn, Estonia, for efficient customer management and sales activities. We use various functions such as:

– Contact forms,
– Newsletter subscriptions and
– Analytics of sales and marketing activities.

Your data, for example from contact forms or newsletter registrations, is stored on Pipedrive’s servers. Further information on data protection and cookies can be found on their website: Privacy Policy | Pipedrive.
Lead generation through contact form
Newsletter registration form
Information gathering and analysis of general user behavior We use the Google Analytics tool to collect and analyze general user behavior data and to report relevant usage statistics through Google. The data is processed by Google Ireland Limited, based in Dublin 4, Ireland, and stored on its servers.

Google Analytics enables us to better understand user behavior on our website and adapt our services accordingly by collecting information such as page views, time spent on the website and user demographics. The data is used for statistical purposes only and helps us to improve our website and services.

For more information about Google Analytics’ privacy policy, please visit Privacy Policy – Privacy Policy & Terms of Use – Google
Reporting of related usage statistics


When using Google Analytics , the information collected by the cookies may be transmitted to a server in the USA. In principle, the USA does not have a level of data protection comparable to the data protection law of the European Union. Google has implemented the EU standard contractual clauses in the terms of use that apply to us.

9. Data protection information in the application procedure

As part of the application procedure, we process your personal data in accordance with the legal requirements. The application procedure requires that you provide us with your application data in an online form provided on this website. In order to be able to provide you with this service, we require the support of an external service provider mandated by us in accordance with section 5 of this privacy policy. You will receive further information on data processing as part of the application process.

10. Social plug-ins

We use so-called social plug-ins on our website. In principle, these are deactivated when you visit our site. They are activated by clicking on the respective social plug-in. This establishes a connection with the server of the network. In this way, the network provider receives information about the fact that you have called up our web offer via your Internet browser. It is not important that you have an account with the respective network provider. Furthermore, your protocol data will be transmitted to the network provider and, in case of doubt, stored there.

The servers of the network providers may be located outside the EU/EEA. For more information on the handling of your personal data, please refer to the privacy policy of the respective provider.

Facebook and Instagram plug-ins Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA Facebook Ireland Limited, Hanover Reach, 5–7 Hanover Quay, Dublin 2, Irland

Privacy policy:

Instagram Plug-ins Facebook Ireland Limited, 4 Grand Canal Square, Dub-lin 2, Ireland

Data protection provisions:

LinkedIn Plug-ins Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland

Data protection provisions:

Twitter Plug-ins Twitter International Company, One Cumberland Place, Fe-nian Street, Dublin 2, D02 AX07, Ireland

Data protection provisions:

11. Newsletter

11.1 General Information

You can register to receive our e-mail newsletter on our website. With your consent, we will send you newsletters, emails and other electronic notifications containing promotional information (hereinafter “newsletter”) . The data requested as mandatory fields are necessary for sending the newsletter. All other information is voluntary. When you register, the data from the input screen, the IP address of the accessing computer and the date and time of registration are transmitted to us. When you register, your consent is obtained for the processing of the data and reference is made to this data protection notice..

Double opt-in procedure and logging: Registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registering, you will receive a confirmation email asking you to confirm your registration. Registration for the newsletter is only complete when a confirmation link contained in the confirmation email is activated. The IP address of the accessing computer and the date and time of activation of the confirmation link will also be transmitted to us

You can unsubscribe from the newsletter at any time using the unsubscribe link contained in every newsletter or by contacting us using the contact details provided above.

11.2 E-mail newsletter in the context of an existing customer relationship

If you register as a user of the platform and provide your e-mail address, we may subsequently use it to send you an e-mail newsletter, provided you have not objected to such use. In this case, the e-mail newsletter will only be used to send direct advertising for our own similar goods or services. You can object to the use of your e-mail address at any time, without incurring any costs other than the transmission costs according to the basic rates, by using the unsubscribe link contained in each newsletter or by contacting us using the contact details given above.

The legal basis for sending the newsletter in the context of the sale of goods or services is Art. 6 para. 1 lit. f) GDPR.

11.3 Newsletter evaluation

A statistical analysis of usage data can be carried out with our newsletter. For this purpose, we may record both the opening of the email and the internal clicks, as well as information about the time of opening and the IP address. This information is used to measure and optimize the success of our newsletter campaigns by making the content of the newsletter more relevant to our target group and technically optimizing the newsletter in terms of presentability. This information can be assigned to individual newsletter recipients. However, this is merely a technical necessity and it is not our intention to observe and analyze the usage behavior of individual users. We are only interested in an aggregated statistical evaluation.

The legal basis for this analysis is your consent in accordance with Art. 6 para. 1 lit. a) GDPR. You can withdraw your consent at any time by contacting us using the contact details provided above.

11.4 Newsletter success measurement

The newsletters contain a so-called “web beacon”, i.e. a pixel-sized file that is retrieved from our server when the newsletter is opened or, if we use a dispatch service provider, from their server. As part of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and time of retrieval, is initially collected. This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined with the help of the IP address) or the access times. The statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to individual newsletter recipients. However, it is neither our intention nor, if used, that of the mailing service provider to observe you as a user. The success is measured subject to the express consent of the user on the basis of our legitimate interests (Article 6(1)(F) GDPR) for the purposes of using a user-friendly and secure newsletter system that serves both our business interests and meets the expectations of users.

A separate revocation of the performance measurement is unfortunately not possible, in this case the entire newsletter subscription must be canceled.

12. Security

Our employees and the service providers mandated by us are obliged to maintain secrecy and comply with the provisions of the applicable data protection laws.

We take all necessary technical and organizational measures in accordance with Art. 32 ff. GDPR to ensure an appropriate level of data protection and to protect your data processed by us against the following risks in particular: accidental or unlawful destruction, manipulation, loss, modification or unauthorized disclosure or access. Our security measures are constantly improved in line with technological developments.

13. Right of affected persons

As a user of our website, you are entitled in particular to the rights arising from Art. 15-18, 21 GDPR within the framework of the GDPR:

Right to information:

According to Art. 15 GDPR you have the right to receive access about the processing of your data, which you can assert against us. For this purpose you can contact us by e-mail at to contact us.

Right to rectification:

In accordance with Art. 16 GDPR, you can also demand that we correct any incorrect data we hold about you. In the event that your data is not complete, you can request that your data be completed.

Right to erasure:

Furthermore, we will delete your data at your request in accordance with Art. 17 GDPR. Unless we need this data to fulfil our legal obligations.

Right to restriction:

You have the right to request the restriction of the processing of data concerning you under the conditions set out in Art. 18 GDPR

Right to data portability:

If the requirements of Art. 20 GDPR are met, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format or, where technically feasible, to have this data transmitted to a third party.

Right to withdrawal:

In accordance with Art. 7 (3) GDPR, you can revoke the consent you have given us to process your data at any time with effect for the future. All you need to do is send us an informal email. The revocation does not affect the legality of the processing carried out until the revocation.

Right of objection:

If your personal data is processed in accordance with Art. 6 para. 1 lit. f GDPR to protect a legitimate interest, you have the right under Art. 21 GDPR to object to future data processing at any time for reasons arising from your particular situation.

If you have exercised your right to object, your personal data will no longer be processed unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

If the processing is for direct marketing purposes, you can exercise your right to object at any time and your personal data will then no longer be processed for direct marketing purposes, regardless of the reasons for the objection.

Right to lodge a complaint:

Finally, according to Art. 77 GDPR, you still have the right to lodge a complaint if you are of the opinion that we have not observed data protection regulations in the course of processing your data. In this case, please contact the supervisory authority responsible for your place of residence or your federal state, or the supervisory authority responsible for us. This is the Bavarian State Office for Data Protection Supervision.

14. Amendment of this data protection information

We reserve the right to amend this Privacy Policy from time to time to ensure that it always complies with current legal requirements or to implement changes to our services in the Privacy Policy, e.g. the introduction of new services. The new privacy policy will then apply to your next visit.

Status April 2024.
+49 (0) 89 / 57 84 76 01

inveox GmbH
Lichtenbergstraße 8
85748 Garching
near Munich
inveox Sp. z o.o.
ul. Kurniki 9
31-156 Kraków
inveox Inc.
Houston, Texas 77259
PO Box 590306
+1 8329 4603 77