privacy POLICY

1. GENERAL
This privacy policy always applies, unless otherwise agreed in writing, for the processing of personal data performed by inoqo GmbH registered at Webgasse 43, Vienna, 1060, Austria (“inoqo”).

The terminology on this privacy policy, such as “data controller”, “data processor”, “data subject”, “personal data”, “data processing”, “standard contractual clauses” and “supervisory authority” carries the meaning ascribed to them in Regulation (EU) 2016/679 of the European Parliament and of the Council (the “GDPR”) or otherwise in the, where applicable, unless the circumstances distinctly require another order of interpretation.

This privacy policy aims to describe the way inoqo processes personal data and showcase that the processing is done in accordance with applicable privacy laws and regulations.

This document describes how inoqo processes personal data, informs about the rights of the data subjects and explains how the data subjects can exercise their rights.

2. PRIVACY POLICY IS TO SUBJECT TO CHANGE  
inoqo may at its sole discretion make changes to this privacy policy. inoqo undertakes to inform affected data subjects of any material changes to the privacy policy.

3. GOALS AND LEGAL BASIS FOR PROCESSING PERSONAL DATA
The main goal of personal data processing by inoqo is to offer its services to full extent, provide information about inoqo’s services and market the services. Personal data can also be processed due to a legal obligation, such as following the rules of employment or accounting. Personal information can also be processed by inoqo in the purpose of defense against legal claims.

Personal data is collected and processed by inoqo to provide the services, inform about the services or conduct marketing of the services. This is done based on one of the following legal grounds: the data subject’s consent, a contractual obligation between the data subject and inoqo, or an existing legal requirement for inoqo. There are exceptions where obtaining prior consent is not feasible, or the processing is allowed by law, or inoqo has a legitimate interest in processing the personal data. Such legitimate interests may include marketing, service follow-ups, or the exercise or defense of legal claims, according to a balance of interests assessment.

Personal data is collected and processed to comply with legal requirements or to defend inoqo against legal claims, based on either a legal obligation or a legitimate interest assessment.

Inoqo does not handle any sensitive personal data about the data subject without their explicit consent (whether given to inoqo or its principal, if applicable).

4. STORING OF PERSONAL DATA
All personal data held by inoqo is stored either by an external server provided within the EU/EEA or locally. Personal data will only be retained for as long as necessary to fulfill the processing objectives, considering inoqo's legal obligations such as accounting regulations. 

As part of its information management routines inoqo deletes personal data that is no longer required for its processing purposes, in compliance with the applicable regulations in effect at the time.

5. PERSONAL DATA SHARING TO SUBCONTRACTORS AND OTHER THIRD PARTIES
Inoqo will not disclose personal data to third parties beyond what is described in this privacy policy, unless prior consent is obtained from the data subject, or inoqo is required to do so by applicable laws, or the data is shared as part of a legal, administrative, or recovery process involving both the data subject and inoqo.

Inoqo may employ subcontractors (referred to as personal data assistants) for processing personal data and may also use their services for data storage. In such cases, inoqo will restrict the subcontractors' access to the minimal amount of personal data necessary to achieve the processing objectives.

Inoqo mandates that all subcontractors protect personal data in line with this privacy policy and refrain from using or disclosing personal data for any purpose other than providing the agreed services to inoqo.

6. TRANSFER OF PERSONAL DATA OUTSIDE EU/EEA
Inoqo will not transfer personal data to countries outside the EU/EEA. If there is a need to do so in the future, the digital service provider based in a non-EU/EEA country will only be selected given the recipient country ensures an adequate level of protection in accordance with applicable laws and regulations.

7. DATA SUBJECT RIGHTS
The description below explains the rights of the data subjects and instructs them on how to exercise them.

THE RIGHT TO REQUEST INFORMATION
The data subject has the right to request and obtain, free of charge, information about the personal data that inoqo processes related to them (a so-called register extract).If a data subject wants to know if inoqo processes any personal data about them, they can send a written request to inoqo as outlined in paragraph 10 below. In the request, the data subject should specify the type of information they are interested in receiving, unless they wish to receive information about all personal data being processed. This helps inoqo provide relevant information to the data subject.

If a data subject repeatedly requests extracts from the register, inoqo may charge a fee or, in some cases, in accordance with statutory law, refuse to comply with the requests.

The extract from the register will be sent to the data subject within 30 days of receiving the request. If the extract is extensive and inoqo needs more time or if inoqo cannot comply with the request for some reason, inoqo will notify the data subject without undue delay.

THE RIGHT TO ERASURE
Personal data will only be retained as long as necessary for the processing objectives, and inoqo will delete personal data in accordance with applicable regulations.

If a data subject requests the deletion of personal data, inoqo will delete or de-identify the data within 30 days of receiving the request, provided the data is not needed to fulfill legal obligations or to exercise legal claims.

A data subject has the right to request that inoqo erases personal data under any of the following conditions:

  • The data is no longer needed for the purposes for which it was collected and processed;
  • The data is not processed in compliance with applicable regulations;
  • Erasing the data is necessary to comply with a legal obligation;
  • The consent, which served a basis for data processing has been withdrawn;
  • inoqo processes the data for direct marketing and the data subject objects to its continued use for this purpose;
  • inoqo processes the data based on a balance of interests and there are no overriding legitimate interests;
  • Any other relevant legal basis for the request.

inoqo has the right to retain personal data if it is needed to fulfill a legal obligation, to make legal claims against a data subject, or to defend against legal claims from a data subject.

When inoqo receives a request for erasure, it will assess whether there are grounds to erase the data. The data subject will be informed of inoqo's assessment. If the data is erased at the request of the data subject, inoqo will also instruct suppliers and third-party partners to whom the data has been transferred to erase it.

THE RIGHT TO RESTRICTATION OF PROCESSING
A data subject has the right to request that inoqo restricts the processing of their personal data under the following circumstances:

  • The data subject disputes the accuracy of the personal data, allowing time for inoqo to verify its correctness;
  • inoqo no longer needs the personal data for its processing purposes, but the data subject requires it to establish, exercise, or defend legal claims;
  • The processing is illegal, and the data subject opposes deletion, requesting instead that its processing be limited;
  • The data subject has objected to processing, while awaiting verification of whether inoqo's interests override those of the data subject.

Restriction of processing means that the personal data will be marked to ensure it is only processed for specific limited purposes in the future.

THE RIGHT TO WITHDRAW CONSENT AND OBJECT TO PROCESSING
A data subject has the right to object to inoqo's processing of personal data, which inoqo processes based on a balance of interests. This right is exercised by the data subject specifying in writing which processing they are objecting to.

In the event of an objection, inoqo may only continue processing the personal data if it can demonstrate compelling and legitimate reasons that outweigh the data subject’s interests.

If personal data is processed for direct marketing, a data subject always has the right to object to the processing at any time.

THE RIGHT TO DATA PORTABILITY
If a data subject has provided their personal data to inoqo, they may, in certain cases, have the right to extract this data to transfer it to another company.

To exercise the right to data portability, the data subject's request must pertain to personal data they have provided to inoqo, and which inoqo processes with their consent or to fulfill an agreement with them.

This right does not apply when inoqo processes the data based on a balance of interests or a legal obligation. Additionally, the right to data portability is not applicable if it is technically difficult to implement.

THE RIGHT TO RECTIFICATION
To ensure accurate and relevant personal data, inoqo systematically works to update its records.

If a data subject finds that their personal data processed by inoqo is incorrect or incomplete, they have the right to have it corrected.

inoqo usually makes simple data corrections without review, but in some cases, a request may require further consideration. Inoqo will not approve requests that are impossible to fulfill or require an unreasonable amount of work.

If personal data is changed at the request of the data subject, inoqo will inform any subcontractors and partners processing the data about the change. Upon written request, inoqo will also inform the data subject about the recipients of the corrections.

THE RIGHT TO COMPLAIN
A data subject has the right to complain about inoqo's processing of personal data.

inoqo kindly requests that any data subject wishing to complain first contacts inoqo directly as described in section 10 below, so that we can address the complaint and provide assistance in the best possible way.

8. SECURITY
Inoqo commits to implementing all necessary technical and organizational security measures, as required by applicable regulations, to ensure a high level of security appropriate to the risks associated with processing personal data. The measures are described in inoqo Information Management Policy, which is a part of inoqo Information Security Management System. These measures protect personal data from accidental or unlawful destruction, loss, alteration, and unauthorized disclosure or access.

Upon written request, inoqo will inform a data subject about the security measures in place for their personal data.

9. COOKIES
Inoqo uses cookies to enhance user experience and protect personal data. In compliance with EU regulations, inoqo notifies users about data collection and processing. The cookies used on the inoqo website are categorized as follows:

  • Essential
  • Marketing
  • Analytics
  • Personalization

10. CONTACT INFORMATION
If a data subject wishes to exercise their rights under this privacy policy, they should send a written request to inoqo via email at legal@inoqo.com.

For any questions about this policy or inoqo's personal data processing, data subjects can contact inoqo by email at legal@inoqo.com.

Our Partners

Product

Industry

Resources

Company

© 2025 inoqo GmbH. All rights reserved.

Get in Touch
COOKIE POLICY
By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts.
PreferencesAccept AllReject All
Close

Get in touch

Thank you! We'll be in touch soon.

Close
Oops! Something went wrong while submitting the form.