Intrenion

Terms of service • Privacy policy • Legal notice

Legal notice and privacy policy for these websites, including all subdomains:

• intrenion.com
• christianullrich.com
• comective.com
• verteidigungsentscheidungen.de

Legal notice (Impressum)

Intrenion GmbH
Alemannenallee 2 • 14052 Berlin
+491781988807 • christian.ullrich@intrenion.com
Managing director: Christian Ullrich
USt-IdNr: DE306738055
HR B 178145 B - Amtsgericht Charlottenburg

Legal documents

Privacy policy in English

Introduction

1. We’re glad you’re interested in our company.
2. Intrenion GmbH values data protection highly.
3. You can visit Intrenion GmbH’s website without providing personal information, but some services may require personal data processing.
4. If the personal data processing is needed and lacks a legal basis, we ask for your consent.
5. We always process personal data according to GDPR and relevant country-specific regulations.
6. This policy explains the type, extent, and purpose of the personal data we collect, use, and process.
7. This policy also informs you about your data protection rights.
8. Intrenion GmbH uses various technical and organizational measures to protect personal data on our website.
9. Please note that data transmissions online may have security risks, and absolute protection isn’t guaranteed.
10. You can provide personal data through alternative methods, like phone calls, if preferred.

Definitions

1. Intrenion GmbH privacy policy follows the terms the European legislature sets in the GDPR.
2. We aim for our privacy policy to be clear and easy to understand for everyone, including customers and business partners.
3. To achieve this, we’ll begin by clarifying the terms used.
4. In this privacy policy, we use the following terms, among others:
   1. Personal data
      1. Personal data refers to information about an identifiable person, also called a “data subject.”
      2. Identifiable persons can be recognized through identifiers like name, ID number, location data, online identifiers, or other factors related to their physical, mental, or social identity.
   2. Data subject
      1. A data subject is an identifiable person whose personal data is processed by the responsible controller.
   3. Processing
      1. Processing includes any actions on personal data, such as collecting, organizing, storing, using, sharing, or deleting it manually or automatically.
   4. Restriction of processing
      1. Limiting future processing of stored personal data by marking it.
   5. Profiling
      1. Automated processing of personal data to analyze or predict a person’s traits or behavior, such as work performance, preferences, or location.
   6. Pseudonymization
      1. Processing personal data so it can’t be linked to a specific person without additional information stored separately and protected to prevent re-identification.
   7. Controller
      1. The person or organization decides why and how personal data is processed, as determined by Union or Member State law.
   8. Processor
      1. The person or organization that processes personal data on behalf of the controller.
   9. Recipient
      1. The person or organization that receives personal data, whether a third party or not.
      2. Public authorities receiving personal data for a specific inquiry follow data protection rules for processing purposes.
   10. Third-party
       1. A person or organization other than the data subject, controller, processor, or those authorized to process personal data.
   11. Consent
       1. A data subject’s voluntary, informed, and clear agreement to have their personal data processed.

Name and address of the controller

The controller, according to the GDPR, EU member state data protection laws, and other data protection provisions, is:

Intrenion GmbH Alemannenallee 2 14052 Berlin Germany Phone: +491781988807 Email: christian.ullrich@intrenion.com Website: https://www.intrenion.com

Cookies

1. Intrenion GmbH’s website uses cookies.
2. Cookies are text files stored on your computer through your web browser.
3. Websites and servers often use cookies with unique cookie IDs to identify them.
4. These IDs help link cookies to specific web browsers.
5. This differentiation allows websites to recognize individual browsers and provide a personalized experience.
6. Unique cookie IDs help recognize and identify specific browsers.
7. Cookies enable Intrenion GmbH to offer more user-friendly services on its website.
8. They help optimize the information and offers for individual users.
9. As mentioned, cookies allow us to recognize our website users.
10. This recognition aims to improve user experience on our website.
11. Users with cookies enabled don’t need to enter access data every time they visit the website, as the cookie is stored on their computer.
12. An example is an online shop’s shopping cart cookie, which remembers the items added by a customer.
13. Users can prevent cookies on our website by adjusting their browser settings and can permanently disable cookies.
14. Existing cookies can be deleted at any time through a browser or other software programs.
15. This can be done in all popular browsers. However, disabling cookies may affect some website functions, making them less usable.

Collection of general data and information

1. When someone visits Intrenion GmbH’s website, general data and information are collected.
2. This data is stored in server log files.
3. The collected data may include browser type, operating system, referring website, sub-websites, date and time of access, IP address, internet service provider, and other data that could be useful in case of an attack on our IT systems.
4. Intrenion GmbH doesn’t use this general data to draw conclusions about the individual visitor.
5. The collected information is used to (1) correctly deliver our website content, (2) optimize the content and its advertisement, (3) maintain the long-term functionality of our IT systems and website technology, and (4) provide law enforcement with the necessary information in case of a cyber-attack.
6. Intrenion GmbH analyzes the anonymously collected data to enhance our data protection and security and ensure the best protection for processed personal data.
7. The anonymous server log file data is stored separately from any personal data provided by users.

Subscription to our newsletter

1. Users can subscribe to Intrenion GmbH’s newsletter on the website.
2. The subscription form collects the personal data required for sending the newsletter.
3. The newsletter regularly updates customers and business partners about the company’s offers.
4. To receive the newsletter, the data subject must have a valid email address and sign up.
5. For legal reasons, first-time subscribers are sent a confirmation email using the double opt-in procedure.
6. The confirmation email verifies that the email address owner is authorized to receive the newsletter.
7. During registration, the IP address, date, and time are recorded to track any potential misuse of the email address.
8. This data collection helps protect the controller legally.
9. Personal data collected during registration is used only for sending the newsletter.
10. Subscribers may be informed via email about changes to the newsletter service or technical updates, if necessary.
11. Personal data from the newsletter service won’t be shared with third parties.
12. The data subject can cancel the newsletter subscription anytime.
13. Consent for storing personal data for newsletter purposes can be withdrawn at any time.
14. A revocation link is provided in each newsletter.
15. Unsubscribing from the newsletter can be done on the controller’s website or through other means of communication with the controller.

Event invitation

Response to Your Access Request Under Article 15 GDPR:

Personal Data, Data Categories, and Origin Email Address: We obtained your email address through the company ZenLeads Inc., located at 101 Montgomery Street, Suite 400, San Francisco, CA 94104, United States of America (“ZenLeads”). ZenLeads acts as the data controller within the meaning of Article 4 No. 7 GDPR and guarantees that the provided data was lawfully collected.

Purposes of Processing and Retention Period We processed your email address to send invitations to educational events. We used your email address to send an email. We store the sent email and, consequently, your email address for one day. Afterward, the sent email and your email address are automatically deleted.

Data Recipients We have not shared your data with other organizations.

Data Subject Rights You have the right, under the legal requirements, to request the correction or deletion of your personal data, to restrict its processing, and to object to its processing. Please note that for data processed under ZenLeads’ responsibility, you must exercise these rights directly with ZenLeads. You also have the right to lodge a complaint with a supervisory authority.

Automated Decision-Making Automated decision-making within the meaning of Article 22 GDPR does not take place.

Newsletter tracking

1. Intrenion GmbH newsletter includes tracking pixels.
2. Tracking pixels are tiny graphics in HTML emails used for log file recording and analysis.
3. They enable statistical evaluation of online marketing campaign performance.
4. Intrenion GmbH can see when an email was opened and which links were clicked, using tracking pixels.
5. Personal data from tracking pixels is stored and analyzed by the controller to improve newsletter delivery and tailor future content to the data subject’s interests.
6. Personal data won’t be shared with third parties.
7. At any time, data subjects can revoke their consent given during the double-opt-in process.
8. Upon revocation, the controller will delete the personal data.
9. Unsubscribing from Intrenion GmbH newsletter is considered a revocation.

Contact options through the website

1. Intrenion GmbH’s website provides easy electronic contact options, including an email address for direct communication.
2. When a user contacts the company via email or a contact form, their personal data is automatically saved.
3. This voluntarily provided personal data is stored to process requests or respond to the user.
4. This personal data is not shared with third parties.

Regular deletion and protection of personal data

1. The data controller processes and stores personal data only as long as needed for its purpose or as required by European or other applicable laws and regulations.
2. When the storage purpose no longer applies or the legally required storage period ends, personal data is routinely protected or deleted as per legal requirements.

Rights of the data subject

1. Confirmation right
   1. As per European law, every individual has the right to ask the data controller if their personal data is being processed.
   2. To exercise this right, the individual can contact any employee of the data controller at any time.
2. Access right
   1. As per European law, every individual has the right to request and receive free information about their stored personal data at any time, as well as a copy of that information from the data controller.
   2. European regulations also grant individuals access to the following information:
      1. Processing purposes;
      2. Personal data categories involved;
      3. Recipients or categories of recipients receiving or to receive personal data, including those in third countries or international organizations;
      4. Storage duration, if possible, or criteria determining the storage period;
      5. The right to request rectification, erasure, or processing restriction of personal data, or to object to the processing;
      6. The right to file a complaint with a supervisory authority;
      7. If the data was not collected from the individual, any available source information;
      8. The existence of automated decision-making, including profiling as per GDPR Article 22(1) and (4), and in such cases, details about the logic, significance, and potential consequences of the processing.
   3. Individuals have the right to know if their personal data is transferred to a third country or international organization.
   4. If so, they have the right to learn about the safeguards in place for the transfer.
   5. To exercise this access right, individuals can contact any employee of the data controller at any time.
3. Rectification right
   1. As per European law, every individual has the right to request the data controller to correct inaccurate personal data about them promptly.
   2. Considering the processing purposes, individuals can request the completion of incomplete personal data, including by providing additional information.
   3. To exercise this rectification right, individuals can contact any employee of the data controller at any time.
4. Erasure right (Right to be forgotten)
   1. Every individual has the right, as per European law, to request the data controller to erase their personal data promptly. The data controller is obliged to do so if one of the following grounds applies and the processing is not necessary:
      1. Personal data is no longer needed for its original purpose.
      2. The individual withdraws consent, and there is no other legal basis for processing.
      3. The individual objects to the processing, and there are no overriding legitimate grounds, or the individual objects under GDPR Article 21(2).
      4. Personal data has been processed unlawfully.
      5. Erasing personal data is required to comply with a legal obligation.
      6. Personal data was collected in relation to information society services as per GDPR Article 8(1).
      7. If any of the above reasons apply, individuals can request the erasure of their personal data stored by Intrenion GmbH by contacting any employee at any time. The employee will promptly ensure the request is fulfilled.
   2. If the data controller has made personal data public and is required by GDPR Article 17(1) to erase it, they must take reasonable steps, considering available technology and implementation costs, to inform other data controllers processing the data that the individual has requested the erasure of any links to, copies, or replications of the data, unless the processing is required.
   3. An Intrenion GmbH employee will coordinate the necessary actions in each case.
5. Processing restriction right
   1. Every individual has the right, as per European law, to request the data controller to restrict processing in any of the following situations:
      1. The individual disputes the accuracy of their personal data, allowing the controller time to verify its accuracy.
      2. Processing is unlawful, but the individual requests restricting the data use instead of erasing it.
      3. The controller no longer needs personal data, but the individual requires it for legal claims.
      4. The individual objects to processing under GDPR Article 21(1) while it is being determined if the controller’s legitimate grounds override the individual’s.
      5. If any of the above conditions apply, individuals can request processing restrictions of their personal data stored by Intrenion GmbH by contacting any employee at any time. The employee will arrange for the processing restriction.
6. Data portability right
   1. As per European law, every individual has the right to receive personal data provided to a controller in a structured, commonly used, and machine-readable format.
   2. Individuals have the right to transfer their data to another controller without interference from the current controller as long as the processing is based on consent or a contract and is carried out automatically unless necessary for public interest or official authority tasks.
   3. While exercising data portability under GDPR Article 20(1), individuals can request their data to be directly transmitted from one controller to another, if possible, and without negatively impacting the rights and freedoms of others.
   4. To exercise the data portability right, individuals can contact any Intrenion GmbH employee at any time.
7. Right to object
   1. Every individual has the right, as per European law, to object to the processing of their personal data, based on their specific situation, at any time if the processing is grounded in GDPR Article 6(1)(e) or (f).
   2. This right also applies to profiling based on these provisions.
   3. Intrenion GmbH will stop processing personal data upon objection unless there are strong legitimate reasons for processing that outweigh the individual’s interests, rights, and freedoms or if the data is necessary for legal claims.
   4. Individuals can object to their data being processed for direct marketing purposes at any time.
   5. This includes profiling related to direct marketing. If an individual objects, Intrenion GmbH will no longer process their data for these purposes.
   6. Individuals can also object to data processing for scientific, historical, or statistical purposes based on their specific situation, unless it’s necessary for public interest tasks.
   7. Individuals can contact any GmbH employee to exercise the right to object. Additionally, they can use automated means, in accordance with the technical specifications, to object to the processing of their personal data when using information society services without violating Directive 2002/58/EC.
8. Automated decision-making, including profiling
   1. Individuals have the right not to be subject to decisions based solely on automated processing, including profiling, that have legal effects or significantly affect them unless the decision (1) is necessary for a contract between the individual and the data controller, (2) is authorized by Union or Member State law with suitable measures to protect the individual’s rights, freedoms, and legitimate interests, or (3) is based on the individual’s explicit consent.
   2. If the decision (1) is necessary for a contract between the individual and the data controller or (2) is based on the individual’s explicit consent, Intrenion GmbH will implement measures to protect the individual’s rights, freedoms, and legitimate interests, including the right to human intervention from the controller, the ability to express their viewpoint and contest the decision.
   3. To exercise rights related to automated decision-making, individuals can contact any Intrenion GmbH employee at any time.
9. Right to withdraw data protection consent
   1. Each individual has the right to withdraw their consent for processing their personal data at any time.
   2. To exercise this right, individuals can contact any Intrenion GmbH employee at any time.

Privacy rules for using Google Analytics with the anonymization feature

1. This website uses Google Analytics with an anonymizer function.
2. Google Analytics is a web analytics service.
3. Web analytics involves collecting and analyzing visitor data on websites.
4. This service gathers information such as the referrer site, visited sub-pages, and their frequency and duration.
5. Web analytics mainly helps optimize websites and assess the cost-effectiveness of online advertising.
6. Google Ireland Limited in Dublin, Ireland, operates Google Analytics.
7. The controller uses the “_gat. _anonymizeIp” application for Google Analytics.
8. This application shortens and anonymizes IP addresses for EU and European Economic Area users.
9. Google Analytics aims to analyze our website traffic.
10. Google uses the collected data to evaluate website usage, create online activity reports, and offer additional services related to our website.
11. Google Analytics uses a cookie on the user’s device.
12. Cookies are defined earlier in the policy.
13. The cookie allows Google to analyze website usage.
14. When a user visits a page with Google Analytics, their browser automatically sends data to Google for online advertising and commission purposes.
15. Through this process, Google accesses personal information like IP addresses, helping it track visitor origins and clicks and generate commission settlements.
16. The cookie saves personal information like access time, location, and the user’s visit frequency to the website.
17. Each visit sends personal data, including the user’s IP address, to Google in the United States.
18. Google stores this personal data in the US.
19. Google may share the collected personal data with third parties.
20. Users can block cookies by adjusting their web browser settings, permanently preventing the setting of cookies, as mentioned earlier.
21. Adjusting the browser settings would also prevent Google Analytics from setting cookies on the user’s device.
22. Users can delete existing Google Analytics cookies through their web browser or other software.
23. Users can also object to data collection by Google Analytics related to the website use and its processing by Google.
24. To do this, users need to download and install a browser add-on from https://tools.google.com/dlpage/gaoptout.
25. This add-on communicates to Google Analytics via JavaScript, preventing the transmission of visit data and information to Google Analytics.
26. Google views the installation of the browser add-on as an objection.
27. If the user’s device is later reset or reformatted, the add-on must be reinstalled to disable Google Analytics.
28. If the add-on is uninstalled or disabled by the user or someone else, it can be reinstalled or reactivated.
29. More information about Google’s data protection provisions can be found at https://www.google.com/intl/en/policies/privacy/ and http://www.google.com/analytics/terms/us.html.
30. Further details about Google Analytics are available at https://www.google.com/analytics/.

Legal reasons for processing data

1. We use GDPR Article 6(1)(a) as the legal basis for processing data when we have your consent for a specific purpose.
2. If data processing is needed to fulfill a contract, like providing goods or services, we base it on GDPR Article 6(1)(b).
3. The same applies to pre-contractual actions, such as inquiries about our products or services.
4. If we’re legally required to process data (e.g., for tax purposes), we rely on GDPR Article 6(1)(c).
5. In rare cases, we may process data to protect the vital interests of an individual.
6. In cases like a visitor’s injury at our company, we may share their vital information (name, age, health insurance data) with medical professionals or others for assistance.
7. This type of processing is based on GDPR Article 6(1)(d).
8. Processing may also rely on GDPR Article 6(1)(f).
9. We use this legal basis for processing not covered by other grounds if it’s in our company’s or a third party’s legitimate interests, unless it conflicts with the individual’s rights and freedoms.
10. The European legislator specifically allows such processing operations.
11. Legitimate interests can be assumed if the person whose data is processed is a client of our company, according to GDPR Recital 47, Sentence 2.

Legitimate interests pursued by a third party or us

1. When processing personal data under GDPR Article 6(1)(f), our goal is to conduct business for the benefit of our employees and shareholders.

Duration of personal data storage

1. We determine personal data storage duration based on legal retention requirements.
2. Once the required period expires, we delete the data unless it’s still needed for contract fulfillment or initiation.

Personal data requirements and consequences of non-provision

1. Providing personal data may be required by law or contract and could be necessary to enter into a contract. The individual must provide the data, and failure may result in consequences.
2. Personal data may be required by law (e.g., tax regulations) or contractual agreements (e.g., partner information).
3. Providing personal data may be necessary to finalize a contract with us.
4. When entering a contract with our company, the individual is required to give personal data.
5. Without personal data, we cannot establish a contract with the individual.
6. Before providing personal data, the person should contact an employee.
7. The employee will explain if providing personal data is legally or contractually required and obligatory, and the consequences of not providing it.

Use of automated decision-making

1. As a responsible company, we don’t use automatic decision-making or profiling.

Datenschutzerklärung auf Deutsch

Einführung

1. Wir freuen uns über Ihr Interesse an unserem Unternehmen.
2. Die Intrenion GmbH legt dem Datenschutz einen hohen Stellenwert bei.
3. Sie können die Website der Intrenion GmbH besuchen, ohne personenbezogene Daten anzugeben, aber einige Dienste können die Verarbeitung personenbezogener Daten erfordern.
4. Falls eine Verarbeitung personenbezogener Daten erforderlich ist und keine gesetzliche Grundlage besteht, erheben wir Ihre Einwilligung ein.
5. Wir verarbeiten personenbezogene Daten stets gemäß der DSGVO und den jeweils geltenden landesspezifischen Vorschriften.
6. Diese Richtlinie erklärt die Art, den Umfang und den Zweck der Erhebung, Nutzung und Verarbeitung personenbezogener Daten.
7. Diese Richtlinie informiert Sie auch über Ihre Datenschutzrechte.
8. Die Intrenion GmbH setzt verschiedene technische und organisatorische Maßnahmen ein, um personenbezogene Daten auf unserer Website zu schützen.
9. Bitte beachten Sie, dass die Übertragung von Daten im Internet Sicherheitsrisiken mit sich bringt und ein absoluter Schutz nicht garantiert werden kann.
10. Sie können personenbezogene Daten auch über alternative Methoden wie Telefonanrufe bereitstellen, falls gewünscht.

Definitionen

1. Die Datenschutzrichtlinie der Intrenion GmbH orientiert sich an den Begriffen, die die europäische Gesetzgebung in der DSGVO festlegt.
2. Wir möchten, dass unsere Datenschutzrichtlinie klar und leicht verständlich ist, sowohl für Kunden als auch für Geschäftspartner.
3. Um dies zu erreichen, beginnen wir mit der Erklärung der verwendeten Begriffe.
4. In dieser Datenschutzrichtlinie verwenden wir unter anderem die folgenden Begriffe:
   1. Personenbezogene Daten
      1. Personenbezogene Daten sind Informationen über eine identifizierbare Person, auch “betroffene Person” genannt.
      2. Eine identifizierbare Person kann anhand von Identifikatoren wie Name, Ausweisnummer, Standortdaten, Online-Kennungen oder anderen Faktoren in Bezug auf ihre physische, mentale oder soziale Identität erkannt werden.
   2. Betroffene Person
      1. Eine betroffene Person ist eine identifizierbare Person, deren personenbezogene Daten vom verantwortlichen Datenverarbeiter verarbeitet werden.
   3. Verarbeitung
      1. Verarbeitung umfasst alle Vorgänge in Bezug auf personenbezogene Daten, wie das Erheben, Organisieren, Speichern, Verwenden, Teilen oder Löschen, sei es manuell oder automatisiert.
   4. Einschränkung der Verarbeitung
      1. Die Markierung gespeicherter personenbezogener Daten, um deren zukünftige Verarbeitung einzuschränken.
   5. Profiling
      1. Automatisierte Verarbeitung personenbezogener Daten, um Merkmale oder Verhaltensweisen einer Person zu analysieren oder vorherzusagen, etwa hinsichtlich Arbeitsleistung, Vorlieben oder Standort.
   6. Pseudonymisierung
      1. Die Verarbeitung personenbezogener Daten in einer Weise, dass sie ohne zusätzliche Informationen, die separat gespeichert und geschützt werden, nicht mehr einer spezifischen Person zugeordnet werden können.
   7. Verantwortlicher
      1. Die Person oder Organisation, die über Zweck und Mittel der Verarbeitung personenbezogener Daten entscheidet, wie durch die Union oder das nationale Recht vorgeschrieben.
   8. Auftragsverarbeiter
      1. Die Person oder Organisation, die personenbezogene Daten im Auftrag des Verantwortlichen verarbeitet.
   9. Empfänger
      1. Die Person oder Organisation, die personenbezogene Daten erhält, sei es ein Dritter oder nicht.
      2. Öffentliche Stellen, die personenbezogene Daten im Rahmen eines spezifischen Auftrags erhalten, unterliegen bei der Verarbeitung denselben Datenschutzregeln.
   10. Dritter
       1. Eine Person oder Organisation, die weder betroffene Person, Verantwortlicher oder Auftragsverarbeiter ist noch autorisiert ist, personenbezogene Daten zu verarbeiten.
   11. Einwilligung
       1. Die freiwillige, informierte und eindeutige Zustimmung der betroffenen Person zur Verarbeitung ihrer personenbezogenen Daten.

Name und Anschrift des Verantwortlichen

Der Verantwortliche im Sinne der DSGVO, der Datenschutzgesetze der EU-Mitgliedstaaten und anderer datenschutzrechtlicher Bestimmungen ist:

Intrenion GmbH Alemannenallee 2 14052 Berlin Deutschland Telefon: +491781988807 E-Mail: christian.ullrich@intrenion.com Website: https://www.intrenion.com

Cookies

1. Die Website der Intrenion GmbH verwendet Cookies.
2. Cookies sind Textdateien, die von einem Internetbrowser auf Ihrem Computer gespeichert werden.
3. Websites und Server nutzen häufig Cookies mit einer eindeutigen Cookie-ID, um Cookies zu identifizieren.
4. Diese IDs ermöglichen es, Cookies mit spezifischen Webbrowsern zu verknüpfen.
5. Diese Unterscheidung ermöglicht Websites, einzelne Browser zu erkennen und eine personalisierte Erfahrung zu bieten.
6. Eindeutige Cookie-IDs helfen, bestimmte Browser zu erkennen und zu identifizieren.
7. Cookies ermöglichen der Intrenion GmbH, benutzerfreundlichere Dienste auf ihrer Website anzubieten.
8. Sie helfen dabei, die Informationen und Angebote für individuelle Nutzer zu optimieren.
9. Wie erwähnt, ermöglichen Cookies es uns, unsere Website-Besucher zu erkennen.
10. Diese Erkennung zielt darauf ab, die Benutzererfahrung auf unserer Website zu verbessern.
11. Nutzer, die Cookies aktiviert haben, müssen ihre Zugangsdaten nicht jedes Mal erneut eingeben, da die Cookies auf ihrem Computer gespeichert werden.
12. Ein Beispiel ist das Cookie eines Online-Shopping-Warenkorbs, das sich die vom Kunden hinzugefügten Artikel merkt.
13. Nutzer können Cookies auf unserer Website verhindern, indem sie ihre Browsereinstellungen anpassen, und Cookies dauerhaft deaktivieren.
14. Bestehende Cookies können jederzeit über einen Browser oder andere Softwareprogramme gelöscht werden.
15. Dies ist in allen gängigen Browsern möglich. Allerdings kann die Deaktivierung von Cookies dazu führen, dass einige Funktionen der Website eingeschränkt oder weniger nutzbar sind.

Erhebung allgemeiner Daten und Informationen

1. Beim Besuch der Website der Intrenion GmbH werden allgemeine Daten und Informationen erfasst.
2. Diese Daten werden in Server-Logfiles gespeichert.
3. Zu den gesammelten Daten können der Browsertyp, das Betriebssystem, die verweisende Website, Unterwebsites, Datum und Uhrzeit des Zugriffs, die IP-Adresse, der Internetdienstanbieter und andere Daten gehören, die im Falle eines Angriffs auf unsere IT-Systeme nützlich sein könnten.
4. Die Intrenion GmbH verwendet diese allgemeinen Daten nicht, um Rückschlüsse auf den individuellen Besucher zu ziehen.
5. Die gesammelten Informationen werden verwendet, um (1) die Inhalte unserer Website korrekt auszuliefern, (2) die Inhalte und deren Werbung zu optimieren, (3) die langfristige Funktionalität unserer IT-Systeme und Webtechnologie sicherzustellen und (4) Strafverfolgungsbehörden im Falle eines Cyberangriffs die notwendigen Informationen bereitzustellen.
6. Die Intrenion GmbH analysiert die anonym gesammelten Daten, um unseren Datenschutz und unsere Datensicherheit zu verbessern und den bestmöglichen Schutz der verarbeiteten personenbezogenen Daten zu gewährleisten.
7. Die anonymen Server-Logfile-Daten werden getrennt von den von Nutzern angegebenen personenbezogenen Daten gespeichert.

Anmeldung zu unserem Newsletter

1. Nutzer können sich auf der Website der Intrenion GmbH für den Newsletter anmelden.
2. Das Anmeldeformular erhebt die personenbezogenen Daten, die für den Versand des Newsletters erforderlich sind.
3. Der Newsletter informiert Kunden und Geschäftspartner regelmäßig über die Angebote des Unternehmens.
4. Um den Newsletter zu erhalten, muss die betroffene Person über eine gültige E-Mail-Adresse verfügen und sich dafür anmelden.
5. Aus rechtlichen Gründen erhalten Erstabonnenten im Double-Opt-In-Verfahren eine Bestätigungs-E-Mail.
6. Die Bestätigungs-E-Mail dient dazu, zu überprüfen, ob der Inhaber der E-Mail-Adresse berechtigt ist, den Newsletter zu empfangen.
7. Während der Registrierung werden die IP-Adresse, das Datum und die Uhrzeit erfasst, um einen möglichen Missbrauch der E-Mail-Adresse nachvollziehen zu können.
8. Diese Datenerhebung dient dem rechtlichen Schutz des Verantwortlichen.
9. Die im Rahmen der Registrierung erhobenen personenbezogenen Daten werden ausschließlich zum Versand des Newsletters verwendet.
10. Abonnenten können per E-Mail über Änderungen des Newsletter-Dienstes oder technische Updates informiert werden, sofern erforderlich.
11. Die personenbezogenen Daten des Newsletter-Dienstes werden nicht an Dritte weitergegeben.
12. Die betroffene Person kann das Newsletter-Abonnement jederzeit kündigen.
13. Die Einwilligung zur Speicherung personenbezogener Daten für den Newsletterversand kann jederzeit widerrufen werden.
14. Ein Widerrufslink ist in jedem Newsletter enthalten.
15. Die Abmeldung vom Newsletter kann auf der Website des Verantwortlichen oder über andere Kommunikationswege erfolgen.

Veranstaltungseinladung

Wir beantworten Ihr Auskunftsbegehren gemäß Art. 15 DSGVO wie folgt:

Personenbezogene Daten, Datenkategorien und Herkunft E-Mail-Adresse: Ihre E-Mail-Adresse haben wir über das Unternehmen ZenLeads Inc., 101 Montgomery Street, Suite 400, San Francisco, CA 94104, United States of America (“ZenLeads”) bezogen. ZenLeads agiert im Hinblick auf diese Daten als Verantwortlicher im Sinne von Art. 4 Nr. 7 DSGVO und garantiert, dass die bereitgestellten Daten ordnungsgemäß erhoben wurden.

Verarbeitungszwecke und Speicherdauer Wir verarbeiteten Ihre E-Mail-Adresse zur Einladung zu Bildungsveranstaltungen. Dabei nutzen wir Ihre E-Mail-Adresse zum Versand einer E-Mail. Wir speichern die versandte E-Mail und damit Ihre E-Mail-Adresse für einen Tag. Anschließend löschen wir die versandte E-Mail und damit Ihre E-Mail-Adresse automatisch.

Datenempfänger Wir haben Ihre Daten nicht an andere Organisationen weitergegeben.

Betroffenenrechte Sie haben bei Vorliegen der gesetzlichen Voraussetzungen ein Recht auf Berichtigung oder Löschung der Sie betreffenden personenbezogenen Daten, auf Einschränkung der Verarbeitung und auf Widerspruch gegen die Verarbeitung. Bitte beachten Sie, dass Sie hinsichtlich der von ZenLeads verantwortlich verarbeiteten Daten diese Rechte gegenüber ZenLeads geltend machen müssen. Ihnen steht ein Beschwerderecht bei einer Aufsichtsbehörde zu.

Automatisierte Entscheidungsfindung Eine automatisierte Entscheidungsfindung im Sinne des Art. 22 DSGVO findet nicht statt.

Newsletter-Tracking

1. Der Newsletter der Intrenion GmbH enthält sogenannte Tracking-Pixel.
2. Tracking-Pixel sind kleine Grafiken in HTML-E-Mails, die zur Protokollierung und Analyse in Logdateien verwendet werden.
3. Sie ermöglichen die statistische Auswertung der Leistung von Online-Marketing-Kampagnen.
4. Durch Tracking-Pixel kann die Intrenion GmbH erkennen, wann eine E-Mail geöffnet wurde und welche Links angeklickt wurden.
5. Die durch Tracking-Pixel erhobenen personenbezogenen Daten werden vom Verantwortlichen gespeichert und analysiert, um die Zustellung des Newsletters zu verbessern und zukünftige Inhalte besser auf die Interessen der betroffenen Person abzustimmen.
6. Personenbezogene Daten werden nicht an Dritte weitergegeben.
7. Die betroffene Person kann ihre im Double-Opt-In-Verfahren erteilte Einwilligung jederzeit widerrufen.
8. Im Falle eines Widerrufs werden die personenbezogenen Daten vom Verantwortlichen gelöscht.
9. Die Abmeldung vom Newsletter der Intrenion GmbH gilt als Widerruf.

Kontaktmöglichkeiten über die Website

1. Die Website der Intrenion GmbH bietet einfache elektronische Kontaktmöglichkeiten, einschließlich einer E-Mail-Adresse für direkte Kommunikation.
2. Wenn ein Nutzer das Unternehmen per E-Mail oder über das Kontaktformular kontaktiert, werden die personenbezogenen Daten des Nutzers automatisch gespeichert.
3. Diese freiwillig bereitgestellten personenbezogenen Daten werden gespeichert, um Anfragen zu bearbeiten oder dem Nutzer zu antworten.
4. Diese personenbezogenen Daten werden nicht an Dritte weitergegeben.

Regelmäßige Löschung und Schutz personenbezogener Daten

1. Der Verantwortliche verarbeitet und speichert personenbezogene Daten nur so lange, wie es für den jeweiligen Zweck erforderlich ist oder wie es durch europäische oder andere anwendbare Gesetze und Vorschriften vorgeschrieben ist.
2. Wenn der Speicherzweck entfällt oder die gesetzlich vorgeschriebene Speicherfrist abläuft, werden personenbezogene Daten gemäß den gesetzlichen Anforderungen routinemäßig gelöscht.

Rechte der betroffenen Person

1. Recht auf Bestätigung
   1. Nach europäischem Recht hat jede Person das Recht, vom Verantwortlichen eine Bestätigung darüber zu verlangen, ob ihre personenbezogenen Daten verarbeitet werden.
   2. Zur Ausübung dieses Rechts kann die betroffene Person jederzeit einen Mitarbeiter des Verantwortlichen kontaktieren.
2. Recht auf Auskunft
   1. Nach europäischem Recht hat jede Person das Recht, jederzeit unentgeltlich Auskunft über ihre gespeicherten personenbezogenen Daten und eine Kopie dieser Informationen vom Verantwortlichen zu erhalten.
   2. Die europäischen Vorschriften gewähren auch Zugang zu folgenden Informationen:
      1. Verarbeitungszwecke;
      2. Kategorien personenbezogener Daten, die verarbeitet werden;
      3. Empfänger oder Kategorien von Empfängern, die die Daten erhalten oder erhalten werden, einschließlich Empfänger in Drittländern oder internationalen Organisationen;
      4. Falls möglich, die geplante Speicherdauer oder, falls dies nicht möglich ist, die Kriterien für die Festlegung der Speicherdauer;
      5. Das Recht, Berichtigung, Löschung oder Einschränkung der Verarbeitung der personenbezogenen Daten zu verlangen oder der Verarbeitung zu widersprechen;
      6. Das Recht, eine Beschwerde bei einer Aufsichtsbehörde einzureichen;
      7. Falls die Daten nicht von der betroffenen Person erhoben wurden, alle verfügbaren Informationen über die Herkunft der Daten;
      8. Das Bestehen einer automatisierten Entscheidungsfindung, einschließlich Profiling gemäß Artikel 22 Abs. 1 und 4 DSGVO, sowie in diesen Fällen aussagekräftige Informationen über die Logik, die Tragweite und die angestrebten Auswirkungen einer solchen Verarbeitung.
   3. Die betroffene Person hat das Recht, zu erfahren, ob ihre personenbezogenen Daten in ein Drittland oder an eine internationale Organisation übermittelt werden.
   4. Falls ja, hat die betroffene Person das Recht, über die geeigneten Garantien im Zusammenhang mit der Übermittlung informiert zu werden.
   5. Zur Ausübung dieses Auskunftsrechts kann die betroffene Person jederzeit einen Mitarbeiter des Verantwortlichen kontaktieren.
3. Recht auf Berichtigung
   1. Nach dem europäischen Recht hat jede Person das Recht, vom Verantwortlichen die unverzügliche Berichtigung unrichtiger personenbezogener Daten zu verlangen.
   2. Unter Berücksichtigung der Verarbeitungszwecke kann die betroffene Person die Vervollständigung unvollständiger personenbezogener Daten verlangen, auch durch eine ergänzende Erklärung.
   3. Zur Ausübung dieses Rechts auf Berichtigung kann die betroffene Person jederzeit einen Mitarbeiter des Verantwortlichen kontaktieren.
4. Recht auf Löschung (“Recht auf Vergessenwerden”)
   1. Jede Person hat das Recht, nach europäischem Recht vom Verantwortlichen zu verlangen, ihre personenbezogenen Daten unverzüglich zu löschen, wenn einer der folgenden Gründe vorliegt und die Verarbeitung nicht erforderlich ist:
      1. Die personenbezogenen Daten sind für den ursprünglichen Zweck nicht mehr notwendig.
      2. Die betroffene Person widerruft ihre Einwilligung, und es fehlt an einer anderen Rechtsgrundlage für die Verarbeitung.
      3. Die betroffene Person legt Widerspruch gegen die Verarbeitung ein, und es liegen keine vorrangigen berechtigten Gründe vor, oder sie widerspricht gemäß Artikel 21 Abs. 2 DSGVO.
      4. Die personenbezogenen Daten wurden unrechtmäßig verarbeitet.
      5. Die Löschung der personenbezogenen Daten ist zur Erfüllung einer rechtlichen Verpflichtung erforderlich.
      6. Die personenbezogenen Daten wurden im Zusammenhang mit Diensten der Informationsgesellschaft gemäß Artikel 8 Abs. 1 DSGVO erhoben.
      7. Liegt einer der oben genannten Gründe vor, kann die betroffene Person die Löschung der bei der Intrenion GmbH gespeicherten personenbezogenen Daten verlangen, indem sie sich an einen Mitarbeiter wendet. Der Mitarbeiter wird sicherstellen, dass dem Löschungsersuchen unverzüglich nachgekommen wird.
   2. Hat der Verantwortliche die personenbezogenen Daten öffentlich gemacht und ist er gemäß Artikel 17 Abs. 1 DSGVO zu deren Löschung verpflichtet, so trifft er unter Berücksichtigung der verfügbaren Technologie und der Implementierungskosten angemessene Maßnahmen, um andere Verantwortliche, die die Daten verarbeiten, darüber zu informieren, dass die betroffene Person die Löschung aller Links zu diesen Daten oder von Kopien und Replikationen dieser Daten verlangt hat, sofern die Verarbeitung nicht erforderlich ist.
   3. Ein Mitarbeiter der Intrenion GmbH wird die notwendigen Maßnahmen im Einzelfall veranlassen.
5. Recht auf Einschränkung der Verarbeitung
   1. Jede Person hat nach europäischem Recht das Recht, vom Verantwortlichen die Einschränkung der Verarbeitung zu verlangen, wenn eine der folgenden Bedingungen erfüllt ist:
      1. Die Richtigkeit der personenbezogenen Daten wird von der betroffenen Person bestritten, und zwar für eine Dauer, die es dem Verantwortlichen ermöglicht, die Richtigkeit der Daten zu überprüfen.
      2. Die Verarbeitung ist unrechtmäßig, und die betroffene Person lehnt die Löschung der personenbezogenen Daten ab und verlangt stattdessen die Einschränkung der Nutzung der Daten.
      3. Der Verantwortliche benötigt die personenbezogenen Daten nicht länger, die betroffene Person jedoch zur Geltendmachung, Ausübung oder Verteidigung von Rechtsansprüchen.
      4. Die betroffene Person hat Widerspruch gegen die Verarbeitung gemäß Artikel 21 Abs. 1 DSGVO eingelegt, und es steht noch nicht fest, ob die berechtigten Gründe des Verantwortlichen die der betroffenen Person überwiegen.
      5. Liegt eine der oben genannten Voraussetzungen vor, kann die betroffene Person die Einschränkung der Verarbeitung ihrer personenbezogenen Daten verlangen, indem sie sich jederzeit an einen Mitarbeiter der Intrenion GmbH wendet.
6. Recht auf Datenübertragbarkeit
   1. Nach europäischem Recht hat jede Person das Recht, die sie betreffenden personenbezogenen Daten, die sie einem Verantwortlichen bereitgestellt hat, in einem strukturierten, gängigen und maschinenlesbaren Format zu erhalten.
   2. Die betroffene Person hat außerdem das Recht, diese Daten einem anderen Verantwortlichen ohne Behinderung zu übermitteln, sofern die Verarbeitung auf einer Einwilligung oder einem Vertrag beruht und automatisiert erfolgt, es sei denn, die Verarbeitung ist für Aufgaben von öffentlichem Interesse erforderlich.
   3. Zur Ausübung dieses Rechts kann die betroffene Person jederzeit einen Mitarbeiter der Intrenion GmbH kontaktieren.
7. Recht auf Widerspruch
   1. Jede Person hat das Recht, aus Gründen, die sich aus ihrer besonderen Situation ergeben, der Verarbeitung ihrer personenbezogenen Daten zu widersprechen.

8. Automatisierte Entscheidungen einschließlich Profiling

   (Details überspringen, bitte angeben, falls eine Übersetzung des Abschnitts benötigt wird.)

9. Widerrufsrecht

   Jede betroffene Person hat das Recht, jederzeit ihre Einwilligung zur Verarbeitung ihrer personenbezogenen Daten zu widerrufen.

Datenschutzbestimmungen zur Nutzung von Google Analytics mit Anonymisierungsfunktion

1. Diese Website verwendet Google Analytics mit Anonymisierung.
2. Google Analytics ist ein Webanalysedienst.
3. Webanalyse umfasst die Erhebung und Auswertung von Besucherdaten auf Websites.
4. Dieser Dienst sammelt Informationen wie die verweisende Website, die besuchten Unterseiten sowie deren Häufigkeit und Dauer.
5. Die Webanalyse dient hauptsächlich der Optimierung von Websites und der Bewertung der Kosteneffizienz der Online-Werbung.
6. Betreiber von Google Analytics ist Google Ireland Limited mit Sitz in Dublin, Irland.
7. Der Verantwortliche nutzt die Anwendung „_gat. _anonymizeIp“ für Google Analytics.
8. Diese Anwendung kürzt und anonymisiert IP-Adressen von Nutzern innerhalb der EU und des Europäischen Wirtschaftsraums.
9. Ziel von Google Analytics ist die Analyse des Website-Verkehrs.
10. Google verwendet die erhobenen Daten, um die Nutzung der Website auszuwerten, Berichte über die Online-Aktivitäten zu erstellen und zusätzliche Dienstleistungen im Zusammenhang mit der Website bereitzustellen.
11. Google Analytics setzt ein Cookie auf das Gerät des Nutzers.
12. Cookies wurden bereits in dieser Richtlinie definiert.
13. Das Cookie ermöglicht es Google, die Nutzung der Website zu analysieren.
14. Beim Besuch einer Seite, die Google Analytics verwendet, übermittelt der Browser automatisch Daten an Google zu Zwecken der Online-Werbung und der Provisionsabrechnung.
15. Dabei erhält Google Zugriff auf personenbezogene Informationen wie die IP-Adresse, um die Herkunft der Besucher und Klicks nachzuvollziehen und Provisionsabrechnungen zu erstellen.
16. Das Cookie speichert personenbezogene Daten wie Zugriffszeit, Standort und Häufigkeit der Website-Besuche.
17. Bei jedem Besuch werden personenbezogene Daten, einschließlich der IP-Adresse des Nutzers, an Google in den Vereinigten Staaten übermittelt.
18. Google speichert diese personenbezogenen Daten in den USA.
19. Google kann die gesammelten personenbezogenen Daten an Dritte weitergeben.
20. Nutzer können Cookies durch entsprechende Einstellungen in ihrem Webbrowser blockieren und so das Setzen von Cookies dauerhaft verhindern, wie bereits zuvor beschrieben.
21. Durch die Anpassung der Browsereinstellungen kann auch verhindert werden, dass Google-Analytics-Cookies auf dem Gerät des Nutzers gespeichert werden.
22. Nutzer können bestehende Google-Analytics-Cookies über ihren Webbrowser oder andere Software löschen.
23. Nutzer können der Erfassung von Daten durch Google Analytics im Zusammenhang mit der Nutzung der Website sowie deren Verarbeitung durch Google widersprechen.
24. Dazu müssen Nutzer ein Browser-Add-on von https://tools.google.com/dlpage/gaoptout herunterladen und installieren.
25. Dieses Add-on teilt Google Analytics über JavaScript mit, dass keine Besuchsdaten und Informationen an Google Analytics übermittelt werden dürfen.
26. Google betrachtet die Installation von Browser-Add-ons als Widerspruch.
27. Wird das Gerät des Nutzers später zurückgesetzt oder neu formatiert, muss das Add-on neu installiert werden, um Google Analytics zu deaktivieren.
28. Wird das Add-on vom Nutzer oder von Dritten deinstalliert oder deaktiviert, kann es neu installiert oder reaktiviert werden.
29. Weitere Informationen zu den Datenschutzbestimmungen von Google finden sich unter https://www.google.com/intl/de/policies/privacy/ und http://www.google.com/analytics/terms/de.html.
30. Weitere Details zu Google Analytics sind unter https://www.google.com/analytics/ verfügbar.

Rechtliche Grundlagen für die Datenverarbeitung

1. Wir nutzen Artikel 6 Abs. 1 lit. a DSGVO als Rechtsgrundlage für die Verarbeitung Ihrer Daten, wenn wir Ihre Einwilligung für einen bestimmten Zweck erhalten haben.
2. Ist die Verarbeitung von Daten erforderlich, um einen Vertrag zu erfüllen, beispielsweise zur Bereitstellung von Waren oder Dienstleistungen, stützen wir uns auf Artikel 6 Abs. 1 lit. b DSGVO.
3. Dasselbe gilt für vorvertragliche Maßnahmen, etwa für Anfragen zu unseren Produkten oder Dienstleistungen.
4. Sind wir gesetzlich verpflichtet, Daten zu verarbeiten (z. B. zu steuerlichen Zwecken), berufen wir uns auf Artikel 6 Abs. 1 lit. c DSGVO.
5. In seltenen Fällen können wir Daten verarbeiten, um lebenswichtige Interessen einer Person zu schützen.
6. Zum Beispiel könnten wir bei einer Verletzung eines Besuchers in unserem Unternehmen lebenswichtige Informationen (Name, Alter, Krankenversicherungsdaten) an medizinisches Fachpersonal oder andere Helfer weitergeben.
7. Diese Art der Verarbeitung basiert auf Artikel 6 Abs. 1 lit. d DSGVO.
8. Datenverarbeitung kann auch auf Artikel 6 Abs. 1 lit. f DSGVO beruhen.
9. Wir verwenden diese Rechtsgrundlage für Verarbeitungen, die nicht unter andere Rechtsgrundlagen fallen, wenn dies im berechtigten Interesse unseres Unternehmens oder eines Dritten liegt, es sei denn, die Rechte und Freiheiten der betroffenen Person überwiegen.
10. Der europäische Gesetzgeber erlaubt solche Verarbeitungsvorgänge ausdrücklich.
11. Ein berechtigtes Interesse kann angenommen werden, wenn die betroffene Person Kunde unseres Unternehmens ist, gemäß Erwägungsgrund 47 Satz 2 der DSGVO.

Berechtigte Interessen, die von uns oder einem Dritten verfolgt werden

1. Wenn wir personenbezogene Daten gemäß Artikel 6 Abs. 1 lit. f DSGVO verarbeiten, besteht unser Ziel darin, Geschäfte zum Wohle unserer Mitarbeiter und Anteilseigner zu führen.

Dauer der Speicherung personenbezogener Daten

1. Wir legen die Dauer der Speicherung personenbezogener Daten anhand der gesetzlichen Aufbewahrungsfristen fest.
2. Nach Ablauf der vorgeschriebenen Frist löschen wir die Daten, es sei denn, sie werden weiterhin zur Vertragserfüllung oder -anbahnung benötigt.

Erforderlichkeit personenbezogener Daten und Konsequenzen bei Nichtbereitstellung

1. Die Bereitstellung personenbezogener Daten kann gesetzlich oder vertraglich vorgeschrieben und erforderlich sein, um einen Vertrag abzuschließen. Die betroffene Person muss die Daten bereitstellen; eine Nichtbereitstellung kann Folgen haben.
2. Personenbezogene Daten können gesetzlich vorgeschrieben sein (z. B. durch Steuerregelungen) oder aus vertraglichen Vereinbarungen resultieren (z. B. Informationen zu Vertragspartnern).
3. Die Bereitstellung personenbezogener Daten kann erforderlich sein, um einen Vertrag mit uns abzuschließen.
4. Beim Abschluss eines Vertrags mit unserem Unternehmen ist die betroffene Person verpflichtet, personenbezogene Daten bereitzustellen.
5. Ohne die Bereitstellung personenbezogener Daten können wir keinen Vertrag mit der betroffenen Person abschließen.
6. Bevor personenbezogene Daten bereitgestellt werden, sollte die betroffene Person einen Mitarbeiter kontaktieren.
7. Der Mitarbeiter wird erklären, ob die Bereitstellung personenbezogener Daten gesetzlich oder vertraglich vorgeschrieben und verpflichtend ist und welche Konsequenzen eine Nichtbereitstellung hätte.

Einsatz von automatisierten Entscheidungen

1. Als verantwortungsbewusstes Unternehmen setzen wir keine automatisierten Entscheidungen oder Profiling ein.

Intrenion Ledger

Terms and Conditions for the Use of Intrenion Ledger

Preamble

Intrenion GmbH, Alemannenallee 2, 14052 Berlin, Germany, represented by the managing director Christian Ullrich (“Intrenion” or “we”), provides its customers (“Customer” or “you”) with web-based access to the software system “Intrenion Ledger” (the “System”). The System is provided as a software-as-a-service solution and enables Customers to record, manage, and approve commitments and agreements made during project execution or other business collaborations. This Agreement for the use of the System (“Agreement”), including its Appendix 1 (Data Processing Agreement), governs the entire contractual relationship between Intrenion and the Customer regarding the provision and use of the System.

1. Conclusion of the Agreement

1. Use of the System requires the creation of a user account (“Registration”). If the Customer is a legal entity, the Registration must be carried out by a person authorised to represent the Customer.
2. Registration is completed by submitting the required information via the online registration form and activating the account via the confirmation link sent to the email address provided during registration.
3. The System is offered exclusively to entrepreneurs within the meaning of Section 14 of the German Civil Code (BGB). Intrenion may request appropriate proof that the Customer is not a consumer within the meaning of Section 13 BGB.
4. By completing the Registration, the Customer submits an offer to conclude an Agreement for the use of the System. The Agreement is concluded when Intrenion confirms the Registration by email or activates the Customer’s access to the System.
5. The Customer’s general terms and conditions shall apply only if Intrenion has expressly agreed to them in writing.

2. Services of Intrenion Ledger

1. Intrenion operates and maintains the System and provides the Customer with access to the System via the internet for the duration of the Agreement (Section 7). The System enables the Customer to record, manage, and approve commitments and related information within projects or other business collaborations. A description of the System’s main functionality is available on our website at ledger.intrenion.com.
2. Intrenion will make reasonable efforts to ensure an average annual availability of the System of 98%. Periods of planned maintenance and disruptions outside Intrenion’s reasonable control are excluded from this calculation. Intrenion may carry out maintenance work where necessary, including without prior notice if required for operational or security reasons.
3. Intrenion may provide documentation and instructions for using the System electronically. The Customer may use such documentation solely for the purpose of using the System and may not publish or distribute it.
4. Intrenion may use subcontractors to operate or maintain the System.
5. Intrenion may further develop or modify the System at its discretion, provided that the core functionality of the System is not materially reduced. Additional features may be offered for an additional fee.
6. The System is operated using third-party infrastructure providers. The System’s application interface is hosted on Softr, and the underlying data storage is provided by Airtable. These services are provided by independent third-party providers. Intrenion may replace these providers with equivalent services if required for the operation of the System.
7. Intrenion may temporarily suspend the Customer’s access to the System or remove Customer Content if reasonably necessary, in particular in cases of suspected misuse of the System, violations of applicable law or this Agreement, security risks, legal obligations, payment default, or other circumstances that could harm Intrenion, the System, or third parties.
8. Where reasonably possible, Intrenion will inform the Customer of a suspension of access or deletion of Customer Content at least one working day in advance. This does not apply where prior notification would undermine the purpose of the suspension or is not reasonably possible.
9. Intrenion may provide AI-based features as part of the System. Information submitted by the Customer to such features is considered Input, and any generated results are considered Output. The Customer retains ownership of its Input and, to the extent permitted by law, of the Output generated for the Customer.
10. AI-based features may rely on technology provided by third-party providers.
11. AI-generated Output may be inaccurate, incomplete, or non-unique. The Customer is responsible for reviewing and verifying any Output before using it. Intrenion does not guarantee the accuracy or suitability of AI-generated Output.

3. Technical Requirements and Responsibilities of the Customer

1. The Customer is responsible for providing the technical requirements necessary to access the System, including a stable internet connection and suitable hardware and software (e.g., browser or devices).
2. Certain features of the System may require the Customer to use or connect to third-party services. Where such integrations are required, the Customer will be informed within the System.
3. The Customer is solely responsible for all data, information, and other content uploaded or entered into the System (“Customer Content”). The Customer must ensure that the use of the System and the Customer Content complies with all applicable laws and does not infringe the rights of third parties.
4. The Customer must keep all login credentials confidential and ensure that only authorised persons use the System under the Customer’s account. The Customer must inform Intrenion without undue delay if there is reason to believe that login credentials have been compromised.
5. The Customer must not attempt to circumvent the System’s security mechanisms or use the System in any manner not permitted under this Agreement.
6. The Customer is responsible for maintaining appropriate backups of its data.

4. Intellectual Property

1. Intrenion retains all rights, title, and interest in and to the System, including all related software, technology, documentation, and trademarks.
2. For the duration of the Agreement, Intrenion grants the Customer a non-exclusive, non-transferable right to access and use the System for the Customer’s internal business purposes in accordance with this Agreement.
3. The Customer retains all rights to the data and content uploaded, entered, or created within the System (“Customer Content”). The Customer grants Intrenion a limited right to process, store, and transmit Customer Content solely to the extent necessary to operate and provide the System.
4. The System may include components, services, or infrastructure provided by third parties, including software subject to open-source licenses. Such components remain subject to the respective third-party license terms.
5. Intrenion may reference the Customer as a user of the System in marketing materials and may use the Customer’s company name and logo for this purpose. The Customer may withdraw this consent at any time by written notice.

5. Fees and Payment

1. The Customer shall pay the subscription fees for the use of the System (“Fees”) in accordance with the pricing applicable at the time of registration or as otherwise agreed between the parties.
2. Unless otherwise stated, the Fees are charged monthly in advance and are payable net of applicable value-added tax (VAT).
3. Payments are processed through third-party payment service providers. The Customer agrees to the use of such providers for payment processing.

6. Warranty and Liability

1. Intrenion warrants that the System will substantially perform the functions described in the service description. A defect exists if the System significantly deviates from the agreed functionality and this materially affects its use.
2. If the System is defective, Intrenion will remedy the defect within a reasonable time after receiving notice from the Customer. Intrenion may, at its discretion, correct the defect, provide a workaround, or provide the service again. If the defect cannot be remedied within a reasonable time for reasons for which Intrenion is responsible, the Customer may reduce the Fees proportionally.
3. The Customer must notify Intrenion of any defects without undue delay and provide reasonable assistance in identifying and resolving the issue.
4. Intrenion shall be liable without limitation for damages caused by intent or gross negligence, as well as for damages resulting from injury to life, body, or health.
5. In cases of simple negligence, Intrenion shall only be liable for the breach of a material contractual obligation (“Kardinalpflicht”). In such cases, liability shall be limited to the typical and foreseeable damage at the time the Agreement was concluded.
6. Intrenion shall not be liable for indirect or consequential damages, including loss of profits, except where such liability cannot be excluded under applicable law.
7. Liability for loss of data is limited to the costs that would have been incurred in restoring the data if the Customer had performed appropriate and regular data backups.
8. The above limitations of liability also apply in favour of Intrenion’s employees, representatives, and agents. Liability under the German Product Liability Act, for explicitly assumed guarantees, or under mandatory data protection law, remains unaffected.

7. Term and Termination

1. The Agreement begins upon its conclusion in accordance with Section 1 and continues until terminated by either party.
2. Unless otherwise agreed, the subscription runs on a monthly basis and is billed monthly in advance.
3. The Agreement may be terminated by either party at any time with effect at the end of the current billing period.
4. The right of both parties to terminate the Agreement for good cause remains unaffected.
5. Upon termination of the Agreement, the Customer’s access to the System will end. Intrenion will retain the Customer Content for a period of 30 days after termination (“Grace Period”) in order to allow the Customer to export its data.
6. After the Grace Period, Intrenion may permanently delete the Customer Content unless legal retention obligations require a longer storage period.

8. Indemnification

1. The Customer shall indemnify and hold Intrenion harmless from any third-party claims arising from the Customer’s use of the System, in particular if such claims result from unlawful Customer Content or from the Customer’s violation of this Agreement or applicable law.
2. Intrenion will inform the Customer without undue delay of any such claims and provide the Customer with reasonable information necessary for the defense against such claims.
3. The Customer shall reimburse Intrenion for reasonable costs arising from such claims, including reasonable legal fees, to the extent the Customer is responsible for the underlying violation.

9. Amendments to this Agreement

1. Intrenion may amend or update this Agreement from time to time.
2. Intrenion will notify the Customer of any material changes to this Agreement in text form (e.g., by email) at least 30 days before the changes take effect.
3. If the Customer does not agree to the amended Agreement, the Customer may terminate the Agreement before the changes take effect.
4. If the Customer continues to use the System after the changes take effect, the amended Agreement shall be deemed accepted.
5. Intrenion’s right to terminate the Agreement in accordance with Section 7 remains unaffected.

10. Final Provisions

1. In the event of inconsistencies between this Agreement and Appendix 1 (Data Processing Agreement), the provisions of Appendix 1 shall prevail with respect to data protection matters.
2. The Customer may only offset claims of Intrenion or exercise a right of retention if the counterclaim is undisputed, legally established, or arises from the same contractual relationship.
3. This Agreement shall be governed by the laws of the Federal Republic of Germany, excluding the United Nations Convention on Contracts for the International Sale of Goods (CISG).
4. If the Customer is a merchant within the meaning of German commercial law, the exclusive place of jurisdiction for all disputes arising from or in connection with this Agreement shall be Berlin, Germany.

Appendix 1 - Data Processing Agreement

This Data Processing Agreement (“DPA”) specifies the data protection obligations and rights of the parties in connection with the processing of personal data processed by Intrenion GmbH, Alemannenallee 2, 14052 Berlin, Germany, represented by the managing director Christian Ullrich (hereinafter “Contractor”) on behalf of the Customer (hereinafter “Customer”) under the Terms and Conditions for the Use of Intrenion Ledger (hereinafter “Main Agreement”) concluded between the parties.

1. Scope of application

When providing the services in accordance with the Main Agreement, the Contractor processes personal data that the Customer has made available for the purpose of providing the services (“Customer Data”) and, in respect of which, the Customer acts as the controller in the sense of Art. 4 No. 7 GDPR. In the event of contradictions between this DPA and provisions from other agreements, in particular, the Main Agreement, the provisions of this DPA shall take precedence.

2. Subject-matter and scope of the processing / Customer’s authority to issue instructions

1. The Contractor will process the Customer Data exclusively on behalf of the Customer and in accordance with the Customer’s instructions unless the Contractor is legally required to do so under the law of the European Union or a Member State. In such a case, the Contractor shall inform the Customer of these legal requirements prior to processing, unless the law in question prohibits such information on important grounds of public interest.
2. The processing of Customer data by the Contractor shall be carried out exclusively in the manner, to the extent, and for the purpose specified in Annex 1 to this DPA; the processing shall concern only the types of personal data and categories of data subjects specified therein.
3. The duration of the processing corresponds to the term of the Main Agreement. The Customer shall be entitled to terminate this DPA and the Main Agreement if the Contractor violates obligations arising under this DPA or the Customer’s instructions and fails to remedy the violation immediately upon the Customer’s warning. In the event of a material breach of any obligation under this DPA or any instruction, the Customer may terminate this DPA and the Main Agreement without notice or prior warning.
4. The Contractor may process Customer Data, or have it processed by other processors outside the European Economic Area (“EEA”), if the requirements of Articles 44 to 48 GDPR are met or an exception under Article 49 GDPR applies.
5. The instructions are set out in the Main Agreement. The Customer is entitled to issue instructions on the nature, scope, purposes, and means of processing Customer Data. The Customer will confirm oral instructions in writing or by e-mail.
6. If the Customer issues instructions that extend beyond the services agreed in the Main Agreement and this DPA, the Customer shall bear the costs of executing such instructions. Before carrying out the instructions, the Contractor shall inform the client of the expected costs and await his confirmation. This shall not apply to instructions to refrain from data processing in its entirety, to delete individual or all Customer Data, or to hand it over to the Customer.
7. If the Contractor is of the opinion that an instruction of the Customer violates this DPA, the GDPR, or other data protection regulations of the Union or the Member States, it shall inform the Customer of this immediately in writing or text form. The Contractor is entitled to suspend the execution of such instruction until the Customer confirms it in writing or text form. If the Customer insists on executing the instruction despite the Contractor’s concerns, the Customer shall indemnify the Contractor against all damages and costs incurred by the Contractor as a result of executing the Customer’s instruction. The contractor shall inform the Customer of any damages and costs asserted against him, shall not acknowledge any third-party claims without the Customer’s consent, and shall either conduct the defense in accordance with the Customer’s instructions or leave it to the Customer, at the Contractor’s discretion.

3. Requirements for personnel

1. Contractor shall obligate all personnel processing Customer Data to maintain confidentiality unless they are subject to appropriate statutory confidentiality obligations.
2. Contractor shall ensure that all personnel under his authority who have access to Customer Data only process this data in accordance with this DPA and the Customer’s instructions unless they are required to do so under the law of the European Union or the Member States.

4. Security of processing

1. Taking into account the state of the art, the costs of implementation, and, as far as known to the Contractor, the nature, scope, context, and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of data subjects, the Contractor shall implement appropriate technical and organisational measures to ensure a level of security for the Customer Data appropriate to the risk.
2. Prior to the commencement of processing Customer Data, the Contractor shall, in particular, implement the technical and organisational measures specified in Annex 2 to this DPA, maintain them for the duration of the Main Agreement, and ensure that Customer Data is processed in accordance with these measures.
3. Customer shall verify the technical and organisational measures implemented by the Contractor, in particular whether they are also sufficient with regard to the circumstances of data processing that are unknown to the Contractor.
4. Since the technical and organisational measures are subject to technological progress, the Contractor is entitled and obliged to implement alternative, adequate measures to ensure that the security level specified in Annex 2 is not exceeded. If the Contractor makes significant changes to the measures specified in Annex 2, it will inform the Customer in advance. If the changes fall below the previously defined security level in such a way that they are no longer adequate, taking into account the state of the art, the implementation costs, and the nature, scope, context, and purposes of processing the Customer data, as well as the risk of varying likelihood and severity for the rights and freedoms of data subjects, the Customer shall be entitled to terminate the Main Agreement and this DPA at the time when such changes come into force.

5. Use of sub-processors

1. Contractor uses the sub-processors listed in Annex 3 to process Customer Data. These are deemed to be authorised upon the conclusion of this DPA.
2. Contractor may use additional sub-processors to process Customer Data, subject to the following conditions: Contractor shall inform the Customer before using any additional sub-processor. Unless the Customer raises an objection within 14 days after such information, the use of a further sub-processor shall be deemed to have been authorised.
3. If the Customer objects to the use of a further processor without good cause, the Contractor shall be entitled, at its discretion, to continue providing the services without the relevant processor or to terminate the Main Agreement and these DPA in accordance with the terms of the Main Agreement.
4. Contractor must obligate each sub-processor by means of a written agreement in the same way as Contractor is obligated to the Customer under this DPA.
5. Contractor shall be obliged to select and use only those sub-processors who offer sufficient guarantees that the appropriate technical and organisational measures are implemented in such a way that the processing of Customer Data is carried out in accordance with the requirements of the GDPR and this DPA.
6. If the Contractor employs further processors who process personal data outside member states of the European Union or the EEA and if the conditions of Articles 44 to 48 GDPR are not otherwise fulfilled or an exception under Article 49 GDPR exists, the Contractor shall ensure with respect to these sub-processors that the applicable data protection obligations are met by concluding any such sub-processing agreement using the applicable Module Three (Transfer processor to processor) of the EU Standard Contractual Clauses as of 2021.

6. Rights of data subjects

1. Contractor shall take all reasonable technical and organisational measures to assist the Customer in fulfilling its obligation to respond to data subjects’ requests to exercise their rights.
2. Contractors will, in particular, within the scope of their possibilities:
   1. Inform the Customer if a data subject should contact the Contractor directly with a request to exercise their rights in relation to Customer Data;
   2. Provide the Customer with all information in its possession concerning the processing of Customer Data which the Customer requires in order to respond to the request of a data subject and which is not available to the Customer himself;
   3. correct, delete, or limit the processing of Customer Data without delay at the Customer’s instruction, insofar as this is technically and reasonably possible for the Contractor;
   4. ensure that the Customer can and does receive the Customer Data processed within Contractor’s sphere of responsibility, as far as technically possible, in a structured, commonly used, and machine-readable format, provided that the data subject has a right to data portability with regard to the Customer Data.

7. Other obligations of the Contractor to assist the Customer

1. Contractor shall notify Customer immediately after becoming aware of any Customer Data breach, in particular incidents that lead to the destruction, loss, alteration, or unauthorised disclosure of or access to Customer Data.
2. In the event of any Customer Data breach, the Contractor shall, without delay, take all necessary and reasonable measures to remedy the Customer Data breach and, if necessary, to mitigate its possible adverse effects.
3. If the Customer is obliged to provide information to a government authority or a third party regarding the processing of Customer Data or to cooperate with such entities in any other way, the Contractor is obliged to assist the Customer, insofar as this is possible, in providing such information or in fulfilling other obligations to cooperate, in particular, to provide all information and documents regarding technical and organisational measures taken within the meaning of Art. 32 GDPR, regarding the technical procedures for processing Customer Data, the locations where Customer Data is processed, and the persons involved in the processing.
4. Contractor shall assist Customer in complying with its obligations under Art. 32 GDPR, to the extent possible considering the information Contractor has with respect to Customer’s use of Contractor’s services.
5. In the event that the Customer is obliged to inform the supervisory authorities and/or data subjects in accordance with Art. 33, 34 GDPR, the Contractor shall, to the extent possible, assist the Customer in complying with these obligations at the Customer’s request. In particular, the Contractor is obliged to document all Customer Data breaches, including all related facts, in a manner that enables the Customer to prove compliance with any relevant statutory reporting obligations.
6. Contractor shall support the Customer with the information available to him and assist, within reason, in any data protection impact assessment to be carried out by the Customer and, if necessary, subsequent consultations with the supervisory authorities in accordance with Art. 35, 36 GDPR.
7. Upon request, the Contractor shall provide the Customer with extracts from the records of processing activities in accordance with Art. 30(2) GDPR relating to the processing of Customer Data.

8. Deletion and return of Customer Data

1. Upon termination of the Main Agreement, Contractor shall, upon the Customer’s instruction, either completely delete all Customer Data or return it to the Customer and delete existing copies, unless the law of the European Union or a Member State requires the continued storage of Customer Data.
2. The Contractor is entitled to retain backup copies of Customer Data for a period of 30 days after termination, or longer if required for operational or compliance purposes, provided such retention is subject to continued application of this DPA and Art. 32 GDPR. Deletion from backups shall occur in accordance with the Contractor’s regular backup cycle, subject to technical feasibility.
3. Documentation which serves as proof of the orderly and proper processing of Customer Data is to be kept by Contractor in accordance with the statutory retention periods beyond the term of this DPA.

9. Evidence and inspections

1. Contractor shall ensure and regularly evaluate that the processing of Customer Data is carried our in accordance with this DPA, including the scope of processing of the Customer Data set out in Annex 1 and the Customer’s instructions.
2. Contractor shall document the implementation of the obligations under this DPA in a suitable manner and shall provide the Customer with all necessary evidence of the Contractor’s compliance with its obligations under the GDPR and this DPA at the Customer’s request.
3. Customer audits shall be limited to once per year (unless required by a supervisory authority or a confirmed data breach) and shall be conducted during regular business hours with at least 4 weeks’ prior written notice. Instead of an on-site audit, the Contractor may provide recent third-party audit reports or certifications (e.g., ISO 27001, SOC 2), which the Customer agrees to accept unless it has reasonable doubts about the Contractor’s compliance. The audits shall not obstruct or unduly burden the Contractor in his normal business operations. The reasonable costs actually incurred for such audits and inspections shall be borne by the Customer. Any third-party auditor chosen by the Customer may be declined for good cause, and any third-party auditor may be required to sign adequate confidentiality agreements prior to the start of the audit.
4. In accordance with the GDPR, the Customer and the Contractor are subject to public control by the competent supervisory authority. At the Customer’s request, the Contractor shall provide the supervisory authority with the requested information and allow the supervisory authority or the persons appointed by it to conduct audits, including inspections of the Contractor. In this context, the Contractor shall grant the competent supervisory authority the necessary rights of access, information, and inspection.

10. Liability

1. Each party shall be liable only for damages resulting from breaches of its own obligations under this DPA and the GDPR. Any further liability shall be governed by the liability provisions in the Main Agreement, except where mandatory statutory liability (e.g., Art. 82 GDPR) applies.

11. Miscellaneous

1. Amendments and subsidiary agreements to this DPA must be made in writing. This also applies to clause 11.1 of this written form.
2. Agreements on choice of law and place of jurisdiction in the Main Agreement shall apply to this DPA.

Annex 1: Data Processing Description

Purpose, nature, and extent of data processing, type of data, and categories of data subjects

• Subject matter: Intrenion’s provision of the Services to Customer.
• Duration of the data processing: The Term plus the period from the end of the Term until deletion of all Customer Data by Intrenion pursuant to the terms of this DPA.
• Purpose of the data processing: Intrenion will process Customer Data to provide the Service and related support services in accordance with the Agreement.
• Nature of data processing: Intrenion will process Customer Data only pursuant to written instructions from Customer, who remains responsible as the controller for determining a valid legal basis (pursuant to Article 6 or Article 9, GDPR) for processing in accordance with this DPA.
• Categories of data: Customer Data, the content of which is determined and controlled by the Customer and its users. This may include identification data, contact data, communication content, and usage data. The Customer shall not use the Service to process special categories of personal data within the meaning of Article 9 GDPR unless explicitly agreed in writing with Intrenion.
• Data subjects: Users of the System and other individuals whose personal data are entered into the Service by the Customer or its users, such as employees, contractors, vendor representatives, or business partners.

Annex 2: Technical and Organizational Measures

Introduction

This document describes the technical and organizational measures implemented by Intrenion GmbH to protect personal data processed in connection with the Intrenion Ledger service, in accordance with Article 32 GDPR. The purpose of these measures is to ensure an appropriate level of security, taking into account the nature of the processing and the risks to individuals’ rights and freedoms.

Physical access control

Intrenion Ledger is operated on a professional cloud infrastructure. Physical access to data centers is controlled by providers, who use industry-standard security measures, including access controls, surveillance systems, and restricted-entry procedures. Intrenion itself does not operate physical servers.

System access control

Access to systems used to operate the Service is restricted to authorized persons only.

Measures include:

• Administrative access uses individual user accounts.
• Strong passwords and multi-factor authentication are used where available.
• Administrative access is limited to a small number of authorized persons.
• Remote access occurs over encrypted connections such as HTTPS or TLS.

Data access control

Access to Customer Data is limited to the minimum number of persons necessary to operate and maintain the Service.

Measures include:

• Role-based access permissions are used where supported by the system.
• Access to Customer Data is granted only for operational support, maintenance, or security purposes.
• System activity may be recorded through logging features provided by the infrastructure providers.

Separation of data

Customer data is logically separated within the Service.

Measures include:

• Customer projects and environments are logically separated within the system.
• Development and production environments are separated where possible.
• Test environments do not intentionally contain real personal data.

Data transmission control

Personal data transmitted between users and the Service is encrypted using modern encryption protocols.

Measures include:

• All communication with the Service uses HTTPS or TLS encryption.
• System integrations use secure and encrypted interfaces where available.

Input control

Processing activities within the Service can be traced through system logs and account activity records provided by the underlying platform infrastructure.

Availability and resilience

Measures are implemented to ensure that personal data remains available and protected against accidental loss.

These measures include:

• The Service is hosted on professional cloud infrastructure.
• Infrastructure providers perform automated system backups.
• System availability is monitored through infrastructure monitoring tools.
• Data may be restored from available backups where technically possible.

Procedures for review and improvement

Intrenion regularly reviews its technical and organizational measures and adapts them where necessary to reflect changes in the Service, technology, or regulatory requirements.

Incident response

Intrenion maintains procedures for responding to security incidents or data breaches.

If a personal data breach occurs, Intrenion will:

• Investigate the incident.
• Take reasonable measures to mitigate potential harm.
• Notify the Customer without undue delay where required under Article 33 GDPR.

Data protection management

Intrenion implements the following organizational measures:

• Persons with access to personal data are bound by confidentiality obligations.
• Processing activities are documented where required by law.
• Service providers and subprocessors are selected with attention to data protection and security standards.
• Data Processing Agreements are concluded with subprocessors where required.

Annex 3: Intrenion Sub-processors

To support the delivery of Intrenion Ledger, Intrenion GmbH may engage and use data processors with access to certain Customer Data. This list provides important information about the identity, location, and role of each Sub-processor. Intrenion may use the following Sub-processors to provide the Services to you:

1. Softr Platforms GmbH
   • Rosenthaler Straße 13
   • 10119 Berlin
   • Germany
   • Data location: European Union, United States
   • Purpose: Application hosting and user interface
2. Airtable Inc.
   • 1 Front Street, Floor 28
   • San Francisco, CA 94111
   • United States
   • Data location: European Union, United States
   • Purpose: Database infrastructure and storage of application data