Privacy Policy

1. Controller (Art. 4 No. 7 GDPR)

ISO Innovativ GmbH
Thermal Insulation Technology
Hahnstraße 9, 48369 Saerbeck, Germany
Phone: +49 (0) 2574 983680 · Fax: +49 (0) 2574 983681
E-mail: info@iso-contor.de

2. Purposes, Legal Bases and Retention Periods

2.1 Website Access / Server Logs

When our pages are accessed, the following data is automatically processed: IP address, date/time, requested URL, referrer URL, HTTP status, amount of data transferred, and user agent (browser/OS).

Purpose: Delivery of the pages, stability, IT security.
Legal basis: Art. 6 (1) f GDPR (legitimate interest in secure operation).
Retention period: Server logs are usually stored for a maximum of 7–30 days and then deleted, unless a security-related analysis is required.

2.2 Contact (E-mail / Phone / Form)

We process your information (e.g. name, contact details, content) in order to handle your inquiry.

Legal basis: Art. 6 (1) b GDPR (pre-/contractual communication) or lit. (f) GDPR.
Retention period: Until the request has been processed; statutory retention obligations remain unaffected.

2.3 Cookies / Technically Necessary Technologies

We use only technically necessary cookies or similar technologies (e.g. session IDs) that are required for the operation and delivery of the website.

Legal basis: Art. 6 (1) f GDPR; Sec. 25 (2) TTDSG.
Note: Since no analytics or tracking tools are active, a cookie banner is currently not required.

3. Fonts (Webfonts)

3.1 Local Integration (Default)

Our fonts are provided locally from our own server. When loading the pages, no connection is made to third-party services, and no transfer of personal data to Google takes place.

3.2 CDN Integration (Only if Technically Required)

If, in exceptional cases, Google Fonts are loaded via a CDN, your IP address will be transmitted to Google Ireland Limited (and, where applicable, Google LLC, USA).

Legal basis: Art. 6 (1) f GDPR (uniform and high-performance presentation).
Data transfer to the USA: In cases of transfer, we rely on the adequacy decision for the EU-US Data Privacy Framework (DPF) for certified companies; otherwise, Standard Contractual Clauses and additional safeguards are applied.

4. Recipients / Processors

We use carefully selected service providers (e.g. hosting, maintenance) who process personal data strictly in accordance with our instructions under Art. 28 GDPR. Data processing agreements are in place with all processors.

5. Data Transfers to Third Countries

Data transfers to third countries are carried out only in compliance with Art. 44 et seq. GDPR (e.g. adequacy decision – EU-US DPF; Standard Contractual Clauses; additional safeguards).

6. Your Rights

You have the right to access, rectification, erasure, restriction, data portability, and objection to processing based on Art. 6 (1) e or f GDPR. Where processing is based on your consent, you may withdraw it at any time with future effect. You also have the right to lodge a complaint with a data protection supervisory authority (see Section 7).

7. Supervisory Authority (Competent for NRW)

State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia (LDI NRW)
Kavalleriestraße 2–4, 40213 Düsseldorf · Tel. +49 211 38424-0
www.ldi.nrw.de/kontakt

8. Minors

Our offer is intended for persons aged 18 and over.

9. Security

We take technical and organizational measures (TOMs) to ensure a level of protection appropriate to the risk (Art. 32 GDPR).

10. Currency of this Statement

This Privacy Policy is current and valid as of October 31, 2025. Changes to the offer or legal adjustments may make an update necessary.