DeutschEnglishFrançais

Data Protection inaia.finance

Privacy Policy

1. Controller

The controller responsible for data processing on this website is:

INAIA GmbH
Managing Director: Emre Akyel
Hanauer Landstraße 196
60314 Frankfurt am Main
Germany

Phone: +49 (0) 69 / 2 73 15 99 20
Email: info@inaia.de

(hereinafter referred to as “INAIA”, “we” or “us”)

2. Principles of Data Processing

We process personal data exclusively in accordance with the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and applicable regulatory requirements for financial institutions.

Our technical systems and processes are designed to ensure a high level of confidentiality, integrity, and availability.

3. Security Measures

We implement comprehensive technical and organizational measures to protect personal data against accidental or intentional manipulation, loss, destruction, or unauthorized access. These measures include in particular:

  • TLS encryption of all data transmissions
  • Role-based access control concepts
  • Multi-factor authentication
  • Logging of security-relevant events
  • Regular security reviews
  • Careful selection and monitoring of our service providers

4. Purposes and Legal Bases of Processing

We process personal data in particular on the basis of the following legal grounds:

  • Art. 6(1)(b) GDPR – Performance of a contract and pre-contractual measures
  • Art. 6(1)(c) GDPR – Compliance with legal obligations
  • Art. 6(1)(a) GDPR – Consent
  • Art. 6(1)(f) GDPR – Legitimate interest

5. Processing Due to Regulatory Requirements

As a provider of digital financial solutions, we are subject to statutory obligations to ensure proper business operations. This includes, in particular, measures relating to fraud prevention, IT security, risk monitoring, tax documentation, and compliance with supervisory reporting requirements.

Without such data processing, certain services cannot be provided.

6. Server Log Files

When accessing our website, information transmitted by your browser is automatically recorded. This includes in particular:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Hostname of the accessing computer
  • Time of the server request
  • IP address

This data is not merged with other data sources.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the secure and stable provision of the website).

7. Cookies and Consent Management

Our website uses cookies. Some cookies are technically necessary, while others are used for analysis or marketing purposes.

Non-essential cookies are set only after your consent. You may withdraw or adjust your consent at any time via our consent tool.

Disabling cookies may limit the functionality of the website.

8. Contact and Forms

If you contact us via a form on the website or by email, we process your information for the purpose of handling your request and any follow-up questions.

Legal basis:
Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR.

9. Registration / Customer Account

If you create a customer account or log in, we process the personal data required for this purpose to set up and manage your access and to provide the requested functions (e.g., login, account management).

Processing takes place within a secure cloud infrastructure in the AWS region Frankfurt (eu-central-1).

For further processing of personal data in connection with the use of the customer account and our financial services, a separate privacy policy applies, which contains detailed information on processing purposes, legal bases, recipients, storage periods, and data subject rights.

Further information is available at:
https://www.inaia.finance/datenschutz/

Legal basis:
Art. 6(1)(b) GDPR (contract or pre-contractual relationship) and Art. 6(1)(f) GDPR (ensuring system security and preventing misuse).

10. Newsletter

If you would like to subscribe to our newsletter, we require your email address. You must also confirm that you are the owner of this email address and consent to receiving the newsletter. After registration, we will send you a confirmation email with a verification link (double opt-in procedure). No further data is collected or only on a voluntary basis. This data is used exclusively for sending the requested information and will not be passed on to third parties.

The processing of the data entered into the newsletter subscription form is based exclusively on your consent (Art. 6(1)(a) GDPR). You may revoke your consent at any time, for example via the “unsubscribe” link in the newsletter. The lawfulness of the data processing operations carried out prior to revocation remains unaffected.

The data stored by us for the purpose of receiving the newsletter will be stored until you unsubscribe and deleted thereafter. Data stored for other purposes (e.g., email addresses for the member area) remain unaffected.

11. Use of External Service Providers (Processors)

For the provision of our services, we engage carefully selected external service providers in accordance with Art. 28 GDPR. These providers are regularly reviewed and contractually obligated to comply with high standards of data protection and information security.

12. Customer Management, Marketing, Support and Collaboration (Zoho One)

We use software solutions provided by:

Zoho Corporation GmbH
II. Hagen 7
45127 Essen
Germany

Data processing is generally carried out via European data centers, in particular by Zoho Corporation B.V., Netherlands.

A data processing agreement has been concluded. Zoho is certified according to internationally recognized security standards, including ISO 27001.

Services Used

  • Zoho CRM – Customer management
  • Zoho Campaigns / Marketing Automation – Newsletter and marketing communication
  • Zoho Desk – Support management
  • Zoho Forms – Digital forms
  • Zoho WorkDrive – Document management
  • Zoho Meeting – Online appointments
  • Zoho SalesIQ – Live chat and pseudonymized analysis of website interactions

Third-Country Access

In individual cases, access by support units of the global Zoho corporate group (e.g., India or USA) may occur. Such access is based exclusively on the EU Standard Contractual Clauses and additional technical and organizational safeguards.

13. Corporate Communication (Google Workspace)

For internal and external communication, we use Google Workspace provided by:

Google Ireland Limited
Gordon House, Barrow Street
Dublin 4, Ireland

This includes in particular email communication, document management, appointment organization, and online meetings.

A data processing agreement has been concluded. Data transfers to the USA cannot be fully excluded and are carried out exclusively on the basis of EU Standard Contractual Clauses and appropriate additional safeguards.

14. Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Ireland Limited.

Google Analytics enables us to analyze website usage in order to continuously improve our services. We use Google Analytics exclusively with activated IP anonymization.

Processing takes place only after your consent.

Legal basis: Art. 6(1)(a) GDPR.

You may withdraw your consent at any time with effect for the future.

Personal data may be transferred to the USA on the basis of the EU Commission’s Standard Contractual Clauses.

15. Facebook Pixel (Meta Pixel)

We use the Meta Pixel provided by:

Meta Platforms Ireland Ltd.
4 Grand Canal Square
Grand Canal Harbour
Dublin 2
Ireland

to measure conversion rates and optimize our advertising measures.

Processing takes place exclusively on the basis of your consent pursuant to Art. 6(1)(a) GDPR.

Meta may process data outside the European Union. Appropriate safeguards pursuant to Art. 46 GDPR are in place.

16. YouTube

Our website embeds videos from the YouTube platform. The provider is Google Ireland Limited.

When accessing a page with embedded videos, a connection to Google servers may be established, and personal data may be transmitted.

Embedding takes place exclusively on the basis of your consent.

Legal basis: Art. 6(1)(a) GDPR.

17. Google Web Fonts

We use Google Web Fonts for the uniform display of fonts. If these are not hosted locally on our server, loading the fonts may establish a connection to Google servers.

Use takes place exclusively after your consent.

Legal basis: Art. 6(1)(a) GDPR.

18. Trustpilot

On our website, we use functions of the review platform Trustpilot A/S, Pilestræde 58, 1112 Copenhagen, Denmark.

Trustpilot enables customers to evaluate our services and publish experience reports. If you access a Trustpilot page via a link or an embedded widget on our website, Trustpilot may receive information that you have visited our website.

In particular, the following data may be processed:

  • IP address
  • Information about your device and browser
  • Referrer URL (the previously visited page)
  • Date and time of access

If you submit a review via Trustpilot, the data processing is carried out directly by Trustpilot. In this case, Trustpilot's privacy policy applies.

In addition, we may ask customers to leave a review by email after using our services. For this purpose, we may transfer your email address as well as information about your interaction with our services to Trustpilot so that Trustpilot can send you an invitation to submit a review. The invitation may be sent automatically via our CRM system.

The use of Trustpilot and the sending of review invitations are based on Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in obtaining transparent customer feedback, improving the quality of our services, and providing interested users with authentic experience reports.

Further information on data processing by Trustpilot can be found in Trustpilot's privacy policy:
https://legal.trustpilot.com/for-reviewers/end-user-privacy-terms

19. Storage Period

We store personal data only for as long as necessary for the respective processing purposes or as required by statutory retention obligations.

Due to commercial and tax law requirements, retention periods may be up to ten years.

20. Data Transfers to Third Countries

If personal data is processed outside the European Economic Area, this takes place exclusively where appropriate safeguards pursuant to Art. 44 et seq. GDPR are in place, in particular through the conclusion of EU Standard Contractual Clauses and supplementary technical protective measures.

21. Your Rights as a Data Subject

You have the right at any time to:

  • Access pursuant to Art. 15 GDPR
  • Rectification pursuant to Art. 16 GDPR
  • Erasure pursuant to Art. 17 GDPR
  • Restriction of processing pursuant to Art. 18 GDPR
  • Data portability pursuant to Art. 20 GDPR
  • Object to processing pursuant to Art. 21 GDPR

You also have the right to lodge a complaint with a supervisory authority.

22. Withdrawal of Consent

Granted consents may be withdrawn at any time with effect for the future. The lawfulness of processing carried out prior to withdrawal remains unaffected.

23. Objection to Advertising Emails

The use of contact data published within the scope of the legal notice for sending unsolicited advertising and information materials is hereby expressly prohibited. The website operators expressly reserve the right to take legal action in the event of unsolicited advertising information, such as spam emails.

24. Obligation to Provide Data

Certain personal data are required to ensure the secure provision of our website or to process inquiries. Without such data, certain functions of the website may be limited or unavailable.