Data protection information pursuant to Art. 13/14 GDPR

With the following information, Inyova Impact Investing GmbH (hereinafter referred to as “Inyova” or “we”) provides you with an overview of how Inyova processes your personal data and your rights under data protection law. Which data is processed in detail and how it is used depends largely on the services requested or agreed upon. You are requested to also pass on this information to the current and future authorized representatives and beneficial owners. These include, for example, beneficiaries in the event of death or authorized signatories.

1. Responsibility for data processing

Inyova has the status of a securities service provider approved and licensed by the Federal Financial Supervisory Authority (BaFin) and is subject to the associated audit and quality requirements.

The controller is:

INYOVA IMPACT INVESTING GMBH
GDPR Department

ADDRESS
Inyova Impact Investing GmbH
Taunusanlage 8
60329 Frankfurt

E
[email protected]

The company data protection officer can be reached at:

CONTACT
CTM-COM GmbH

AD
Marienburgstraße 27
64297 Darmstadt
Germany

Phone
+ 49 6151 3942 72

E-MAIL
[email protected]

2. General information and notices

We hereby inform you about the collection of your personal data when you visit our website. Personal data includes all information that can be directly related to your person, such as your name, address, email addresses, and user behavior.

When you contact us, we store the data you provide (e-mail address, your name, and your telephone number) within the scope of our business relationship with you in order to process your inquiries.

This includes, in particular, situations in which you are interested in our products, fill out online contract forms, register for online services, or contact us by email, telephone, or application. When you use products and services within the scope of an ongoing business relationship, Inyova also collects, stores, uses, transfers, or deletes personal data.

In addition, we also process personal data that we have lawfully obtained from other companies (e.g., IDnow GmbH) or from our service providers to the extent necessary for the provision of our services, for example for order execution, contract fulfillment, or based on your consent.
In addition, we process personal data that we have obtained from publicly accessible sources (e.g., land registers, commercial and association registers, federal gazettes, press, media, Internet) and are legally permitted to process. As soon as storage is no longer necessary, this data will be deleted or its processing restricted if statutory retention periods exist.

Where necessary, we also collect personal data from persons who are not directly connected to Inyova and who, for example, belong to one of the following groups of persons:

  • Family members
  • Co-applicants
  • Legal representatives (authorized representatives)
  • Beneficiaries of customers
  • Customers’ beneficial owners
  • Shareholders
  • Representatives of legal entities
  • Employees of service providers or trading partners

The processing of this data is based on Art. 6 (1) (b) GDPR if your request is related to the performance of a contract or is necessary for pre-contractual measures. In all other cases, processing is based on your consent (Art. 6 para. 1 sentence 1 lit. a GDPR) and/or on our legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR), as we have a legitimate interest in the efficient processing of the requests made to us.

If we use service providers for certain functions of our offering or wish to use your data for advertising purposes, we will inform you in detail about the relevant processes here.

3. When you purchase and use products/services, personal data may be collected, processed, and stored.

Inyova processes the following personal data:

 

  • Identity information: (e.g., first and last name, ID card or passport number, nationality, place and date of birth, gender, photo, IP address)

 

  • Contact information: address, email address, and phone number

 

  • Tax information: (tax identification number, tax status)

 

  • Bank, financial, and transaction data: (e.g., bank details (IBAN), money transfers to the customer’s account/deposit account, assets, investor profile provided)

 

  • Habits and preferences data: (IP addresses, data on the use of Inyova’s products and services in relation to banking, financial, and transaction data, data on interactions between the customer and Inyova (visits to the Inyova website, face-to-face meetings, telephone calls, chat histories, email correspondence, surveys)

 

  • Data on sustainability preferences: preference for sustainable corporate priorities (handprint), preference for sustainable business practices (footprint), exclusion criteria, excluded companies (blacklist), preferred companies (whitelist)

 

  • Securities business: Information about knowledge and/or experience with financial instruments, your risk tolerance (MiFID status) Information on education and profession (e.g., level of education, occupation, name of employer, earnings, financial situation including ability to bear losses (assets, liabilities, income, e.g., from employment/self-employment/business operations; expenses), foreseeable changes in financial circumstances (e.g., retirement, education of children), specific goals/significant concerns for the future (e.g., planned purchases, repayment of liabilities), marital status and family situation, tax information (e.g., information on church tax liability), Documentation data (e.g., suitability declarations)

 

  • Interest rate, currency, and liquidity management: Information on knowledge and/or experience with interest rate/currency products/financial investments (MiFID status), investment behavior/strategy (scope, frequency, risk appetite), occupation, financial situation (assets, liabilities, income, e.g., from employment/self-employment/business operations; expenses), foreseeable changes in financial circumstances (e.g., retirement, children’s education), specific goals/key concerns for the future (e.g., planned purchases, repayment of liabilities), tax information (e.g., church tax liability), documentation data (e.g., suitability declarations)

 

  • Customer contact information: During the initial phase of the business relationship and throughout the course of the business relationship, in particular through personal, telephone, or written contact initiated by you or by Inyova, further personal data will be collected, e.g., information about the contact channel, date, reason, and result, (electronic) copies of correspondence, information about participation in direct marketing measures, and details of your interests and wishes that you have expressed to Inyova.

 

  • Audiovisual data: (information from the video identification process, recordings of calls)

 

Special personal data pursuant to Art. 9 GDPR, such as racial or ethnic origin, political beliefs, religious or philosophical views, trade union membership, as well as genetic data, biometric data for the unique identification of a natural person. health data or data concerning sex life or sexual orientation are not processed by Inyova unless it is necessary for the payment of church tax or if it is a copy of an identity document that we require due to obligations under the Money Laundering Act.

3.1 When visiting the website:

When you visit our website, the browser used on your device/computer automatically sends information to the Inyova website server. This information is temporarily stored in a so-called ” ” log file. The following information is collected without your intervention and stored until it is automatically deleted:

 

  • IP address of the requesting computer (or device)
  • Date and time of access
  • Name and URL of the file accessed
  • Website from which access is made
  • Browser used and, if applicable, the operating system of the computer (or end device) used, as well as the name of the customer’s access provider

 

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the website operator, this website uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. If the SSL or TLS connection is activated, the data you transmit to us cannot be read by third parties.

4. Your rights as a data subject

As a data subject, you have the following rights that you can exercise against us and/or our service providers:

  • Right to information,
  • Right to rectification or erasure,
  • Right to restriction of processing,
  • Right to object to processing
  • Right to data portability.

You also have the right to lodge a complaint with a data protection authority regarding the processing of your personal data.

You are welcome to contact us at [email protected] to exercise your rights as a data subject.

Please note that in the event of a request for information, we will retain both the request and the subsequent information for a period of three years for evidence purposes regarding the proper provision of the information.

5. Registration Impact Investing Strategy

General information

1) If you would like to create a free impact investing strategy on our homepage, we ask that you first register with your name and email address. We also ask for your consent to send you information to the email address you provide. In the next step, you can create your investment strategy according to your personal preferences. If you like the strategy, you can open an account with us. To do so, we will ask you for personal data that is important to us and required by law, which we will then process and store.

2) Information about the processing of personal data when registering via our homepage.

When you register on our website, we collect the following data from you:

 

  • First and last name
  • Email
  • Gender
  • Date of birth
  • Place of birth
  • Nationality
  • Contact
  • Address
  • Phone

If further data is required, we will also collect the following data (for the provision of pre-contractual information):

  • Bank

 

3) For identification purposes, we use a contracted service provider (IDNow GmbH). After you have completed the account opening application, you will receive a personal identification code from us, which we will usually send to the mobile phone number you provided via text message. You will then be able to complete the video identification process with IDNow. IDNow employees will ask you to compare your ID (ID card or passport) with the data you provided during registration. For this purpose, photos of your ID will be taken during the process. In addition, the contract with us will be legally signed during this process via a digital button during the identification process. IDNow will therefore also have access to your personal data through the identification process.

As with all our contracted service providers, we have also concluded an order processing agreement with IDNow GmbH in accordance with Art. 28 GDPR. You can find our service provider’s privacy policy at https://www.idnow.io/de/datenschutzerklaerung/

4) After successful identification, IDNow will send us the information, which we will then store securely in your digital customer file in accordance with the provisions of the German Federal Data Protection Act ( ). You will then receive the final contract documents from us by email in signed form.

5) We will delete the data collected in this context once it is no longer necessary for storage, the purpose for which the data was processed no longer applies, or – in the case of statutory retention obligations – we will restrict processing.

6) We only collect data from you that we need for the above-mentioned purposes. The legal basis is, insofar as the processing takes place for the purpose of contract initiation or execution, Art. 6 para. 1 lit. b GDPR. If this is not the case, your personal data will be processed to protect the legitimate interests of Inyova in accordance with Art. 6 (1) sentence 1 lit. f, to fulfill legal obligations in accordance with Art. 6 (1) sentence 1 lit. c or if consent has been given in accordance with Art. 6 (1) sentence 1 lit. a GDPR.

7) Recipients or categories of recipients of the data

Within Inyova, those departments that need your data to fulfill our contractual and legal obligations and legitimate interests will have access to it. Processors employed by us (Art. 28 GDPR) may also receive data for these purposes. These processors are companies in the categories of IT services, telecommunications, marketing, and accounting.

Companies in the categories of legal and tax advice, debt collection, and auditing may also receive data for these purposes.

We only pass on your data to third parties for their own use if we have your consent or if this is provided for by contractual and/or legal regulations. Third parties in the above sense are public bodies/authorities and private companies.
In addition, we may, to the extent permitted by law, transfer your personal data to authorities (e.g., social security institutions, tax authorities, or law enforcement agencies) and courts in the United States and abroad in order to fulfill legal obligations or in the interests of the company.

8) Duration of data storage

The personal data collected by us within the scope of the contract will be stored for the duration of the business relationship and deleted thereafter, unless we are obliged to store it for a longer period in accordance with Article 6 (1) sentence 1 lit. c GDPR due to storage and documentation obligations (e.g. under the German Commercial Code (HGB), the German Code of Criminal Procedure (StGB) or the German Fiscal Code (AO)) – or if there is a legitimate interest in storage in accordance with Article 6 (1) sentence 1 lit. f GDPR, e.g. during the ongoing audit, or if you have consented to processing in accordance with Article 6 (1) sentence 1 lit. a GDPR. StGB or AO) – or if there is a legitimate interest in storage in accordance with Article 6 (1) sentence 1 lit. f GDPR, e.g. during the current limitation period, which is generally three years but may also be up to 30 years in certain cases, – or you have consented to further storage in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.

As soon as the storage of the data is no longer necessary for the purposes for which it was collected or if you withdraw your consent, your data will be deleted immediately.

6. Cookies

What are cookies?

Our website uses cookies to store user-specific data. Cookies are small text files that are stored on your computer by our website and contain certain information about you, such as your language selection or personal page settings. When you visit our site again, your browser sends this user-specific information back to us. This allows our website to recognize you and display your preferred settings. Each cookie contains a name and a value.

Consent to the use of cookies

When you first visit our website, a cookie banner or cookie consent tool will ask you which cookies you would like to allow. Non-essential cookies that are not necessary for the provision of the website’s services will only be used after you have given your consent. However, your decision will be stored in a cookie for verification and implementation purposes.

The processing of your personal data by cookies is based in part on our legitimate interest, which is legitimized by Article 6(1)(1)(f) of the GDPR. In the case of non-essential cookies, your data will only be processed with your consent in accordance with Article 6(1)(1)(a) of the GDPR. The rights to which you are entitled can be viewed at any time in the previous paragraph.

By agreeing to the use of the respective cookies by US providers such as Google, Facebook, YouTube, etc., you also consent to the processing of your data in the USA in accordance with Art. 49 para. 1 sentence 1 lit. a GDPR.

Our information on the tools, plug-ins, and services we use explains in detail whether cookies are set and what data is stored in them under what circumstances.

First-party and third-party cookies

There are both first-party cookies and third-party cookies. First-party cookies are set directly by our website, while third-party cookies are created by partner sites or their tools, plug-ins, and services, such as Google Analytics. Each cookie must be considered individually, as it stores different data. The lifetime of a cookie can range from a few minutes to several years. Cookies are not software programs and do not contain viruses, Trojans, or other malware. Furthermore, cookies cannot access information on your PC.

What types of cookies are there?

 

  • Essential cookies

These cookies are necessary to ensure the basic functions of the website. For example, when a user adds a product to their shopping cart, continues browsing other pages, and only proceeds to checkout later. Thanks to these cookies, the shopping cart remains intact even if the user closes their browser window.

Essential cookies used:

Name Purpose Duration
yova_sti tracking lead source 30 days
yova_pti tracking lead source 30 days
moove_gdpr_popup tracking GDPR cookie 7 days

 

  • Functional cookies

These cookies are not strictly necessary, but they help improve the functionality of the website. This includes information such as user names, language selection, form data already entered, font size, and similar information.

Functional cookies used:

Name Purpose Duration
web-vitals Performance 7 days

 

  • Performance and marketing cookies

These cookies, which are also provided by external advertising companies, are used to collect information about the websites visited by the user, for example to generate targeted advertising.

Other cookies collect information about user behavior on the website, including any error messages, in order to improve the content and structure of the website. They also measure the loading times and behavior of the website in different browsers.

Performance cookies used:

Name Purpose Duration
Google Tag Manager Marketing None
Google Analytics 4 Marketing/Performance 14 months
Facebook Pixel Code Marketing 1 day
Quora Pixel Code Marketing 1 day
Hotjar Performance 1 year
Fullstory Performance 1 month
AutoPilot Marketing Session
LinkedIn Marketing 180 days

Browser-based deactivation or deletion of cookies

You have the option of configuring your web browser so that cookies are not stored on your device or so that you are asked for permission each time a cookie is set. Cookies that have already been stored can be deleted at any time. You will find the relevant instructions in the help section of your web browser.

Disabling cookies may result in restrictions to the functionality of this website.

7. Google Analytics

Google

If you have given your consent, this website uses Google Analytics 4, a web analytics service provided by Google LLC. For users in the EU, the EEA, and Switzerland, the controller is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).

Scope of processing
Google Analytics uses cookies to analyze your use of our websites. The information collected by cookies about your use of the website is usually sent to a Google server in the US and stored there.

In Google Analytics 4, IP anonymization is enabled by default. This means that your IP address will be truncated by Google within the member states of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and truncated there. Google states that the IP address transmitted by Google Analytics is not merged with other Google data.

When you visit our website, the following information relating to your usage behavior is processed:

  • Page views
  • First visit to the website
  • Start of session
  • Your “click path,” interaction with the website
  • Scrolls (whenever a user scrolls to the bottom of the page (90%))
  • Clicks on external links
  • Internal search queries
  • Interaction with videos
  • File downloads
  • Ads viewed/clicked
  • Language settings

The following is also recorded:

  • Your approximate location (region)
  • Your IP address (in abbreviated form)
  • Technical information about your browser and the devices you use (e.g., language settings, screen resolution)
  • Your internet service provider
  • The referrer URL (the website/advertisement that referred you to this website)

Purposes of processing
Google will use this information on behalf of the website operator to evaluate your use of the website anonymously and to compile reports on website activity. The reports provided by Google Analytics help us analyze the performance of our website.

Recipients
The recipients of the data are/may be:

  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor in accordance with Art. 28 GDPR)
  • Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
  • Alphabet Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

Third country transfer
If data is processed outside the EU/EEA and the level of data protection does not meet European standards, we have concluded EU standard contractual clauses with the service provider to ensure an adequate level of data protection. The parent company of Google Ireland, Google LLC, is located in California, USA. Therefore, data transfer to the USA and access by US authorities to data stored by Google cannot be ruled out. Currently, the USA is considered a third country from a data protection perspective, where you do not have the same rights as in the EU/EEA. It is possible that you may not have any legal recourse against access by authorities.

Storage period
The data we send and that is linked to cookies is automatically deleted after two months. Once the intended storage period has expired, the data is automatically deleted on a monthly basis.

Legal
The legal basis for the processing of this data is your consent in accordance with Art. 6 para. 1 sentence 1 letter a of the GDPR.

Withdrawal
You have the option to withdraw your consent at any time for the future by visiting the cookie settings and adjusting your preferences (see section “Cookies”). This does not affect the lawfulness of the processing based on consent until the time of withdrawal.

You have the option of preventing the storage of cookies from the outset by configuring your browser software accordingly. Please note, however, that completely rejecting cookies may result in functional restrictions on this and other websites. In addition, you can prevent Google from collecting and processing the data generated by cookies relating to your use of the website (including your IP address) by:

  • not giving your consent to the setting of cookies, or
  • downloading and installing the browser add-on to disable Google Analytics HERE.

Provider’s privacy policy
Google’s privacy policy can be found here. The terms of use for Google Analytics can be found here.

Data processing may be carried out by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Please note our information on data transfer to the USA.

8. Google Ads Conversion Tracking

Google Ads Conversion Tracking

As part of our online marketing strategy, we use Google Ads to promote our products and services. Our goal is to generate more attention on the internet for the high quality of our offerings and to tailor our advertising to your interests and needs. We use Google Ads for conversion tracking on our website, whereby Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for all Google services in Europe.

Google Ads, formerly known as Google AdWords, is the proprietary online advertising program of Google Inc. We firmly believe in the quality of our offering and want as many people as possible to discover our website. At the same time, it is important to us to carry out a precise cost-benefit analysis of our advertising measures. That is why we rely on the conversion tracking tool from Google Ads.

A conversion occurs when an interested website visitor takes action. This happens when the visitor clicks on an ad and then performs an action, such as visiting our website. Google’s conversion tracking tool tracks the activities that occur after a user clicks on our Google Ads ad. This allows us to determine whether purchases are made, services are used, or newsletter subscriptions are taken out.

We use Google Ads to advertise our offers on other websites. Our goal is to ensure that our advertising campaigns reach people who are interested in our offers. The conversion tracking tool allows us to identify which keywords, ads, ad groups, and campaigns lead to the desired customer actions. It shows us how many customers interact with our ads and then make a conversion. This data helps us calculate our return on investment, evaluate the success of our advertising campaigns, and refine our online marketing strategies. In addition, this information enables us to make our website even more appealing and tailor our advertising offers even better to your needs.

When you perform an action on our website, Google records it as a conversion via a cookie. As long as you remain on our site and the cookie is active, both we and Google know that you came to us via a Google Ads ad. The cookie is then read and the conversion data is sent back to Google Ads. Other cookies may also be used to track conversions. Google Analytics allows Google Ads to further optimize conversion tracking.

We would like to point out that we have no influence on the further use of the data collected by Google. Google states that the data is encrypted and stored on secure servers. Conversion cookies usually expire after 30 days and do not contain any personal information. The cookies named “Conversion” and “gac” used in connection with Google Analytics have a lifetime of three months.

You can choose not to participate in Google Ads conversion tracking. If you disable the conversion tracking cookie in your browser, tracking will be disabled. You will then not be included in the statistics of the tracking tool. You can adjust your cookie settings in your browser at any time, although the procedure varies depending on the browser.

The legal basis for the processing of your data is the consent you have given in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. Further information can be found in the section “Cookies.”

Provider’s privacy policy:

Google’s privacy policy can be found here.

It cannot be ruled out that data processing may be carried out by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Please note our information on data transfers to the USA.

 

9. Social media

General information

We operate publicly accessible profiles on various social networks. A list of the networks we use can be found below.

Social networks are able to comprehensively analyze your user behavior as soon as you visit a website with integrated social media elements such as like buttons or advertising banners. Visiting a social media profile can trigger numerous processes relevant to data protection.

Personal data

If you are logged into your social media account and visit our profile, the operator of the portal can assign the visit to your account. Even if you are not logged in or do not have an account, your personal data may be collected, for example through cookies on your device or the collection of your IP address.

Social media platform operators can use the collected data to create user profiles that contain your preferences and interests. This makes it possible to present you with advertising tailored to your interests, both within and outside your social media profile. If you have an account with the relevant social network, advertising tailored to your interests may appear on all devices on which you are or have been logged in.

Please note that we cannot track all processing procedures of social media portals. Depending on the provider, additional processing operations may be carried out by the operators of the portals. For details, please refer to the terms of use and privacy policies of the respective social media portals.

Note on risks

Please note that user data may be processed by the respective providers outside the European Union. This may entail risks for users, as it may be more difficult to enforce your rights, for example. US providers who guarantee a secure level of data protection through EU standard contractual clauses are required to comply with EU data protection standards.

Please note our information on data transfers to the US.

Purpose of processing/legal basis

The processing of personal data on our social media platforms is based on our legitimate interests pursuant to Art. 6 (1) (1) (f) GDPR. Our goal is to provide information about our services, make posts more appealing, determine the optimal time of publication, and communicate with active customers, interested parties, and users. However, we have no influence on any further processing by the platform operators.

The legal basis for setting the aforementioned cookies is the consent you have given in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. You can find further information on this in the “Cookies” section or under “Social media plugins.”

Joint responsibility

When you visit one of our social media profiles, such as on Facebook, we are jointly responsible with the platform operator for the data processing operations that take place during your visit.

Please be aware that, despite joint responsibility with the operators of social media portals, we have no complete influence on the data processing procedures of these portals. Our options for action depend largely on the company policy of the respective provider.

Exercising your rights

In principle, you can enforce your rights both against us and against the operator of the respective social media portal.

However, we would like to point out that concerns can be most effectively addressed directly to the operators. You are the only one who has access to the user data and can therefore take immediate action and provide information. If you still require assistance, we are of course available to help.

Storage period

The data we collect directly from your social media profile will be deleted from our systems as soon as the purpose for storage no longer exists, you request deletion, you withdraw your consent to storage, or the purpose for storage no longer applies. Cookies stored on your device will remain until you delete them. Mandatory legal provisions, in particular retention periods, remain unaffected by this.

We have no influence on the duration of the storage of your data, which is retained by the operators of social networks for their own purposes. Please contact the operators of the social networks directly for further details (for example, in their privacy policy, see below).

Data protection of providers

For a detailed description of the various processing methods and options for objection (opt-out), we refer you to the privacy policies and information of the operators of the respective social networks, over which we have no control and which apply when using the corresponding services.

Facebook

Own profile: https://www.facebook.com/inyova.impact.investing

Service provider: Facebook Ireland Ltd., also Facebook Inc., 1601 Willow Road, Menlo Park, California 94025, USA;
Facebook website
Facebook privacy policy

“Insights data”

When you use our Facebook fan page, we receive statistical data of various categories, known as “Insights data.” We can access and analyze this data. Page Insights are aggregated data that give us insights into how users interact with our page. They include the total number of page views, “Likes,” activity on the page, interactions with posts, video views, the reach of posts, comments, shared content, responses, the distribution of men and women, information about the origin by country and city, language, views and clicks in the shop, clicks on the route planner, and phone numbers.

For more information about “Insights data,” including how to exercise your rights, please click here.

Joint responsibility

According to Art. 26 GDPR, the fan page operator and Facebook are jointly responsible.

A corresponding agreement has been reached with the fan page operators (available here).

Facebook bears primary responsibility under the GDPR for the processing of Insights data and fulfills all obligations under the GDPR with regard to the processing of this data (including Articles 12 and 13 GDPR, Articles 15 to 22 GDPR, and Articles 32 to 34 GDPR).

You can contact Facebook’s data protection officer via Facebook’s general contact form.

 

Instagram

Own profile: https://www.instagram.com/inyova.impact/

Service provider: Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA;

Instagram website
Instagram privacy policy

 

X (formerly Twitter)

Own profile: https://x.com/Inyova_Impact

Service provider: Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland;

X website
Privacy policy of X

 

LinkedIn

Own profile: http://www.linkedin.com/company/inyova-impact-investing/

Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland;

LinkedIn website
LinkedIn privacy policy
Opt-out option for LinkedIn

 

YouTube

Own profile: https://www.youtube.com/channel/UCYDwW6YqeNabDTGXDXYmlRA

Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA;

YouTube website
YouTube privacy policy

 

TikTok

Own profile: http://www.tiktok.com/@inyova.impact.investing

Service provider: TikTok, Inc., 1237 E 58Th Pl Los Angeles California 90001, USA;

TikTok website
TikTok privacy policy
Opt-out option for TikTok

 

10. Meta Pixel

This website uses the Meta Pixel from Meta Platforms Inc., USA (formerly Facebook).

We have embedded a code known as Meta Pixel on our website. This JavaScript code snippet loads functions that enable Meta (Facebook) to track your interactions when you access our site via Meta ads on . When you purchase a product on our website, Meta Pixel is activated and stores your activities in one or more cookies. These cookies allow Meta to match your user data (such as your IP address and user ID) with the information in your Facebook or Meta account before Meta removes this data. The collected data remains anonymous to us, cannot be viewed, and is used exclusively for advertising purposes. If you are logged in to Meta or Facebook, your visit to our website will be automatically associated with your user account there.

We strive to present our services and products exclusively to those who have a genuine interest in them. By using the Meta pixel, we can tailor our advertising activities more precisely to the wishes and interests of users. This enables Meta users who have consented to personalized advertising to receive relevant ads. Meta also uses the collected data for analysis purposes and to run its own advertising campaigns.

The processing of personal data is based on the consent given by users in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. Further information can be found in the “Cookies” section.

You can find out how the Meta Pixel is used for advertising campaigns here.

You can change your ad settings in Meta/Facebook here, provided you are logged into Facebook.

Here you can manage your preferences regarding usage-based online advertising. You can deactivate or activate many providers at once or adjust the settings for individual providers.

You can find more information about Facebook’s privacy policy here.

It cannot be ruled out that data processing may be carried out by Meta Platforms Inc., USA. Please note our information on data transfers to the USA.

11. LinkedIn Insight Tag

Our website uses the conversion tool “LinkedIn Insight Tag” from LinkedIn Corporation. This tool creates a cookie in your web browser that enables the collection of the following data, among other things: IP address, device and browser characteristics, and page events (e.g., page views). This data is encrypted, anonymized within seven days, and the anonymized data is deleted within 90 days.
This technology enables personalized advertisements to be displayed to visitors to this website on LinkedIn. It also enables anonymous reports on the performance of the advertisements and information on website interaction to be created. For this purpose, the LinkedIn Insight Tag is integrated into this website, which establishes a connection to the LinkedIn server when you visit this website and are logged into your LinkedIn account at the same time.
LinkedIn itself also collects so-called log files (URL, referrer URL, IP address , device and browser properties, and time of access). The IP addresses are shortened or (if they are used to reach LinkedIn members across devices) hashed (pseudonymized). The direct identifiers of LinkedIn members are deleted by LinkedIn after seven days. The remaining pseudonymized data is then deleted within 90 days.
As the website operator, we cannot assign the data collected by LinkedIn to specific individuals. LinkedIn will store the personal data collected from website visitors on its servers in the US and use it for its own advertising purposes.

Details can be found in LinkedIn’s privacy policy at https://de.linkedin.com/legal/privacy-policy?#choices-oblig.

Legal basis
The use of LinkedIn Insight is based on Art. 6 para. 1 lit. f GDPR. Inyova has a legitimate interest in effective advertising measures, including social media. If consent has been requested (e.g., consent to the storage of cookies), processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission.

You can find details here: https://www.linkedin.com/legal/l/dpa and  https://www.linkedin.com/legal/l/eu-sccs.

Objection to the use of LinkedIn Insight Tag
You can object to the analysis of your usage behavior and targeted advertising by LinkedIn at the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Furthermore, LinkedIn members can control the use of their personal data for advertising purposes in their account settings. To prevent LinkedIn from linking data collected on our website to your LinkedIn account, you must log out of your LinkedIn account before visiting our website.

order processing
We have entered into a data processing agreement (DPA) with the above-mentioned provider. This is a contract required by data protection law that ensures that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

12. Purpose of processing and legal basis

Inyova processes the aforementioned personal data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG):

To fulfill contractual obligations (Article 6(1)(b) GDPR):

Personal data is processed for the provision of financial services within the scope of the execution of Inyova’s contracts with you or for the implementation of pre-contractual measures taken at your request. The purposes of data processing are primarily based on the specific product and may include, among other things, needs analysis, consulting, asset management and support, and the execution of transactions. Customers can find further details on the purpose of data processing in the respective contract documents and terms and conditions.

Inyova processes the personal data of individuals within the organization of its suppliers in order to be able to use their services. It also stores financial data so that it can pay for the services of its suppliers.

Within the framework of the balancing of interests (Article 6 (1) lit. f GDPR):

Where necessary, Inyova processes your data beyond the actual fulfillment of the contract to protect the legitimate interests of Inyova or third parties. Examples:

 

  • Assertion of legal claims and defense in legal disputes

 

  • Ensuring the IT security and IT operations of Inyova

 

  • Prevention of criminal offenses, in particular fraud prevention

 

  • Video surveillance to protect property rights and collect evidence in the event of attacks and fraud

 

  • Measures for building and facility security (e.g., access controls)

 

  • Measures to ensure house rules

 

  • Measures for business management and further development of services and products

 

  • Ensuring smooth connection to the website

 

  • Ensuring comfortable use of the Inyova website

 

  • Evaluating system security and stability, and

 

  • for other administrative purposes

Under no circumstances will Inyova use data to draw conclusions about your person.

Based on the customer’s consent (Article 6 (1) (a) GDPR):

If you have given Inyova consent to process personal data for specific purposes (e.g., passing on data within the group or using your data for specific advertising purposes), the lawfulness of this processing is based on your consent. Consent that has been given can be withdrawn at any time. The withdrawal only takes effect for the future. Processing that took place before the withdrawal is not affected. If Inyova wishes to use your personal data for purposes other than those mentioned above, Inyova will inform you accordingly and, if necessary, obtain your consent.

Due to legal requirements (Article 6(1)(c) GDPR) or in the public interest (Article 6(1)(e) GDPR):

As a financial services institution, Inyova is also subject to various legal obligations. This means that legal requirements (e.g., Securities Institutions Act, Money Laundering Act, Securities Trading Act, tax laws) and banking supervisory requirements (e.g., of the European Central Bank, the European Banking Authority, the German Federal Bank, and the Federal Financial Supervisory Authority (BaFin)) must be fulfilled. The purposes of processing include, among other things, identity and age verification, fraud and money laundering prevention, compliance with sanctions and embargo regulations, responding to official inquiries from a competent government agency or judicial authority, fulfilling tax control and reporting obligations, and assessing and managing risks at Inyova.

13. Recipients of your personal data

Within Inyova, those departments that need your data to fulfill their contractual and legal obligations will have access to it. Service providers and vicarious agents employed by Inyova may also receive data for these purposes if they maintain banking secrecy and comply with Inyova’s written data protection instructions.

With regard to the transfer of data to recipients outside Inyova, it should first be noted that Inyova is obliged to maintain confidentiality regarding all customer-related facts and assessments of which it becomes aware.

Inyova may only disclose information about you if required to do so by law, if you have given your consent, or if processors commissioned by Inyova guarantee compliance with banking secrecy and the provisions of the General Data Protection Regulation/the Federal Data Protection Act. Under these conditions, recipients of personal data may include, for example:

 

  • Public authorities and institutions (e.g., the German Federal Bank, the Federal Financial Supervisory Authority, the European Banking Authority, the European Central Bank, tax authorities, the Federal Central Tax Office) in the event of a legal or official obligation

 

  • Other credit and financial services institutions, comparable institutions, and processors to whom Inyova transfers personal data for the purpose of conducting business relations with customers. These companies are also legally or contractually obligated to treat personal data with the necessary care.

 

  • Broker

 

  • Service providers who support Inyova in the following activities, for example: Support/maintenance of EDP/IT applications, archiving, document processing, call center services, compliance services, controlling, data screening for anti-money laundering purposes, data destruction, purchasing/procurement, credit processing services, debt collection, customer management, letter shops, marketing, media technology, reporting, research, risk controlling, expense accounting, telephony, video identification, website management, securities services, share registers, fund management, auditing services, payment transactions

 

  • Members of certain regulated professions such as lawyers, notaries, or auditors

 

  • Other data recipients may be those entities to which you have given your consent for data transfer.

Data transfer to Switzerland: For the purpose of providing services to you, personal data is processed by the parent company of Inyova Impact Investing GmbH, Inyova AG, in Switzerland. An adequacy decision (see Art. 45 (3) GDPR) has been made by the European Commission for Switzerland. This means that your personal data may be lawfully processed in Switzerland, as it enjoys a level of protection comparable to that in the European Union.

Note: Under no circumstances will personal data be sold to third parties.

14. Data storage period

Inyova processes and stores your personal data for as long as it is necessary to fulfill contractual and legal obligations. It should be noted that the business relationship is a continuing obligation that is designed to last for several years. If the data is no longer required for the fulfillment of contractual or legal obligations, it will be deleted regularly, unless further processing is necessary (for a limited period) for the following purposes:

 

  • Compliance with commercial and tax law retention periods. These include obligations arising from the German Commercial Code, the German Fiscal Code, the German Securities Trading Act, the Money Laundering Act, and the Securities Trading Act. The retention and documentation periods specified therein range from two to ten years.

 

  • Preservation of evidence within the scope of the statute of limitations. According to §§ 195 ff. of the German Civil Code (BGB), these limitation periods can be up to 30 years, with the regular limitation period being three years.

For applicants who do not subsequently conclude a contract, an unlimited retention period applies until the applicant withdraws.

15. Protection of personal data

Inyova will take reasonable and appropriate measures to protect stored and processed information from misuse, loss, or unauthorized access. To this end, Inyova has implemented a series of technical and organizational measures.

If you suspect that your personal information has been misused or lost or that unauthorized access has occurred, please inform us as soon as possible.

16. Obligation to provide data

Within the scope of the joint business relationship, you must provide the personal data that is necessary for the establishment and execution of a business relationship and the fulfillment of the associated contractual obligations or that Inyova is legally obliged to collect. Without this data, Inyova will generally have to refuse to conclude the contract or execute the order, or will no longer be able to perform an existing contract and may have to terminate it.

In particular, Inyova is required by money laundering regulations to identify you before establishing a business relationship, for example by means of an identity card, and to collect and record your name, place of birth, date of birth, nationality, residential address, and identity card details. In order for Inyova to comply with this legal obligation, you must provide Inyova with the necessary information and documents in accordance with Section 11 (6) of the Money Laundering Act and notify Inyova immediately of any changes that arise during the course of the business relationship. If you do not provide Inyova with the necessary information and documents, Inyova may not establish or continue the business relationship you desire.

17. Automated decision-making & profiling

Inyova does not use fully automated decision-making in accordance with Article 22 of the GDPR to establish and execute the business relationship. Should Inyova use these procedures in individual cases, you will be informed separately if this is required by law.

Inyova processes your data partially automatically with the aim of evaluating certain personal aspects (profiling). Inyova uses profiling in the following case, for example:

Due to legal requirements, Inyova is obliged to combat money laundering and fraud. This also involves data analysis (including in payment transactions). These measures also serve to protect you.

18. Newsletter

If you subscribe to our newsletter, we will use the necessary data or the information you have provided separately to inform you regularly by email about interesting news or special offers.

The legal basis for this is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. We use the collected data exclusively for sending the newsletter.

You can unsubscribe from the newsletter at any time, either by sending a message to the contact address provided in the privacy policy or via a link provided for this purpose in the newsletter.

After you unsubscribe, we will delete your email address. This provision does not apply if you have expressly consented to further use of your data or if we reserve the right to use data beyond what is permitted by law, as explained here.

19. (Online) application

Purpose and legal basis of processing

We process your personal data for the purpose of establishing an employment relationship in accordance with Art. 6 (1) (b) GDPR in conjunction with Art. 88 GDPR. The processing is carried out exclusively for the purpose of assessing your suitability, qualifications, and professional performance with regard to the position for which you are applying.

We also process your personal data for specific purposes (e.g., for longer storage) if you have given us your consent to data processing within the meaning of Art. 6 para. 1 sentence 1 lit. a GDPR in conjunction with Art. 7 GDPR.

We may be obliged to process your personal data in accordance with Art. 6 (1) (c) GDPR. Various legal obligations may apply in this regard (e.g., obligations under the German Commercial Code, the German Fiscal Code, obligations to retain tax-relevant data, obligations under the German Social Security Code, the General Equal Treatment Act, or other relevant regulations).

Types of data categories processed

We process personal data that we receive from you during the application process, e.g., through your application letter, resume, references, correspondence, telephone calls, or verbal statements.

The following categories of data may be affected:

 

  • Personal details (last name, first name, date of birth)

 

  • Address data (address, place of residence)

 

  • Contact details (telephone number, email address)

 

  • Application data (cover letter, references, resume)

 

  • Special personal data (health data such as illnesses and disabilities)

Recipients or categories of recipients of the data

Your data will initially be accessed by our HR department and accounting department, but also by the department to which you have applied. Our administrators and processors have the technically necessary ability to access data processed by IT. They are strictly bound by our instructions and may not process the data for their own purposes. In certain cases, we may need to disclose your personal data to third parties, such as our bank if you are to receive a refund, or the postal service if we communicate with you by letter.

For the application process, we use the application portal “Greenhouse” from Greenhouse Software, Inc., which processes personal data on our behalf. In this case, we ensure that appropriate safeguards are in place to protect your data (e.g., EU standard contractual clauses). For more information, please refer to Greenhouse’s privacy policy at https://www.greenhouse.com/de/privacy-policy.

Furthermore, third parties may receive data for specific purposes if this is required by law in the context of your application (e.g., reporting to the Federal Employment Agency).

Duration of data storage

Your personal data will be stored for as long as necessary to fulfill our contractual and legal obligations in the application process. If your application is successful, your personal data will be stored in a personnel file and used for the purpose of establishing and terminating the employment relationship.

If we are unable to offer you employment at this time, we will process your data for up to 6 months after sending the rejection letter based on our legitimate interests pursuant to Art. 6 (1) (f) GDPR in order to defend ourselves against any legal claims.

If you consent to the storage of your data beyond the prescribed period, the duration may be extended accordingly (max. two years).

In this case, a “recognition data record” will also be stored. We need this data record to be able to recognize a new application from you. It contains the following data:

 

  • Last name, first name
  • Date
  • Email
  • Applicant number

and will be permanently deleted after 24 months.

If the data is no longer required for the fulfillment of contractual or legal obligations, it will be deleted unless storage is required due to statutory retention periods (e.g., to comply with commercial and tax law retention periods of ten years).

20. Information about your right to object under Article 21 of the General Data Protection Regulation (GDPR)

  1. Right to object on an individual basis

You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data based on Article 6(1)(e) GDPR (data processing in the public interest) and Article 6(1)(f) GDPR (data processing based on a balancing of interests); This also applies to profiling based on this provision within the meaning of Article 4(4) of the GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.

  1. Right to object to the processing of data for advertising purposes

In individual cases, we process your personal data for direct marketing purposes. You have the right to object at any time to the processing of your personal data for such marketing purposes; this also applies to profiling insofar as it is related to such direct marketing. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.

The objection can be made informally and should be sent by email to[email protected] .

Amendment clause

This privacy policy is currently valid and was last updated in August 2025. Inyova reserves the right to change this privacy policy from time to time. Please check regularly, and in particular before using a service, to see if an updated version is available. Inyova will inform you of any fundamental changes on its website and via the usual communication channels.

Close icon

Select your language and country

Choose the country of your residence to learn more about our offering for you.
We would like to offer you some cookies
Inyova

What’s a cookie?Cookies are small bits of information that are saved in your browser. They help us and our partners recognise that you visited our website before and how you interacted with it.

Strictly Necessary Cookies

We need to save strictly necessary cookies for our website to function properly on your device. You cannot deactivate these

Inyova Cookies

We need to save Inyova cookies to optimise your experience on this website. Example: We remember the language to use.

Third-party cookies

We also save cookies from third-party providers, e.g., Google, in your browser. We use them to create anonymised statistics of how people use the Inyova website. They also help us to only show the most relevant ads to you.

If you activate these cookies, you also agree that your anonymised data is processed in the US, according to GDPR law. The US data protection law is less strict than in the EU.