Innoxact GmbH (“Innoxact”, “we”, “us”, or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard personal data when you use our website and related contact / waitlist forms.
1) Data Controller
Innoxact GmbH
Address: Josefstr. 98, 3100 St Pölten, Austria
Email: office@innoxact.com
2) Personal Data We Collect
We may collect and process:
- Contact data: name, company, role/position, industry, email address, phone.
- Waitlist & preferences: company size, and which regulations/frameworks you need to comply with (e.g., GDPR, HIPAA, PCI, ISO 27001) and any notes you provide (optional; used to tailor communications/demos).
- Website/usage data: IP address, approximate location (based on IP), device and browser information, pages visited, referrers, and timestamps. This data is collected via our hosting provider’s server logs and infrastructure to deliver and secure the site. We do not use third-party tracking cookies or tools such as Google Analytics at this time.
- Communications: messages and correspondence with us (e.g., emails or form submissions).
3) How We Use Personal Data
We process personal data to:
- Provide and operate the website and related services.
- Manage waitlist registrations and respond to contact requests.
- Communicate Fortivisor updates, features, and availability (if you opted in).
- Understand your compliance needs (frameworks/jurisdictions) to tailor invites, demos, and onboarding; and to create aggregated, anonymized statistics.
- Improve performance, user experience, and security of the site.
- Comply with legal obligations.
4) Legal Bases for Processing (Art. 6 GDPR)
- Consent – e.g., when you join the waitlist, share compliance preferences, or ask us to contact you.
- Performance of a contract – e.g., providing information or services you requested.
- Legitimate interests – e.g., running and securing the site, improving UX, tailoring outreach to your stated frameworks/jurisdictions (you can object at any time).
- Legal obligation – e.g., statutory record-keeping and regulatory requests.
5) Hosting & Infrastructure (Webflow)
Our website is hosted by Webflow, Inc. (398 11th Street, 2nd Floor, San Francisco, CA 94103, USA). Webflow processes certain technical data (e.g., IP, browser, OS, access time) to deliver and secure the site.
Data may be transferred to the United States. We have a Data Processing Agreement (DPA) with Webflow that includes EU Standard Contractual Clauses (SCCs) and we perform transfer impact assessments (TIAs).
6) Forms (Contact & Waitlist)
We use the data you submit only to respond to your inquiry or to manage your waitlist registration and contact preferences. Data is sent over TLS/SSL, stored within Webflow’s infrastructure, and may be routed to our internal email/communication tools. We retain form data only as long as necessary for these purposes.
Opt‑out of the waitlist: Email office@innoxact.com from your signup address with the subject “Opt out of waitlist” (or reply “unsubscribe”). We will remove you without undue delay (typically within 14 days). To request deletion of your waitlist data, include “Delete my waitlist data.” We may keep a minimal suppression record (your email + an opt‑out flag) to honor your choice.
7) Cookies & Google Analytics
We and our hosting provider (Webflow) use cookies and similar technologies that are necessary to operate this website securely and reliably. These may include, for example, cookies for load balancing, security (such as CSRF protection), and remembering basic technical preferences.
We do not currently use any non-essential cookies for advertising or detailed third-party analytics (such as Google Analytics or marketing pixels).
Most browsers allow you to block or delete cookies through their settings. If you disable all cookies, parts of the website may not function properly. If we introduce additional, non-essential cookies or third-party tools in the future, we will update this Policy and, where required, ask for your consent before setting them.
8) Sharing of Data
We do not sell or rent personal data. We share it only with:
- Service providers (hosting, analytics, communications) under contract and subject to confidentiality and data‑protection obligations;
- Public authorities where required by law;
- Corporate transactions (e.g., reorganization/merger) under appropriate safeguards.
9) International Transfers
Where personal data is transferred outside the EEA, we rely on SCCs and, where appropriate, additional safeguards and TIAs.
10) Retention
We keep personal data only as long as necessary for the purposes above or as required by law. As guidance:
- Waitlist & marketing contact data: until you opt out, we close the waitlist, or after 24 months of inactivity—whichever is earliest.
- Form submissions & correspondence: up to 24 months after last interaction, unless legal requirements justify longer retention.
- Server logs and basic usage data: retained by our hosting provider (Webflow) for a limited period necessary to ensure the security and stability of the website, in line with their retention practices.- Analytics data: per your consent choices and our analytics configuration (e.g., GA4 retention settings).
11) Your Rights (GDPR)
You can access, rectify, erase, restrict, object (including to processing based on legitimate interests), and port your data, and withdraw consent at any time (does not affect prior lawful processing). We aim to respond within 30 days.
Contact: office@innoxact.com.
You also have the right to complain to a supervisory authority. Our lead authority:
Österreichische Datenschutzbehörde – Barichgasse 40–42, 1030 Vienna, Austria.
12) Security
We implement appropriate technical and organizational measures (e.g., TLS encryption, access controls, processor due‑diligence, monitoring) to protect personal data. No method is 100% secure; we regularly improve safeguards.
13) Children’s Data
Our website and services are not directed to children under 16, and we do not knowingly collect their personal data.
14) Automated decision‑making
We do not perform automated decision‑making or profiling that produces legal or similarly significant effects.
15) Third‑party links
Our site may link to third‑party sites. Their privacy practices are their own; we encourage you to review their policies.
16) Changes to this Policy
We may update this Policy from time to time. The latest version is always available here and shows the effective date.
17) Contact
Questions about this Policy or our data practices: office@innoxact.com
Innoxact GmbH, Josefstr. 98, 3100 St Pölten, Austria
Last updated: Sov 212ovovep 24, 2025
1) Data Controller
Innoxact GmbH
Address: Josefstr. 98, 3100 St Pölten, Austria
Email: office@innoxact.com
2) Personal Data We Collect
We may collect and process:
- Contact data: name, company, role/position, industry, email address, phone.
- Waitlist & preferences: company size, and which regulations/frameworks you need to comply with (e.g., GDPR, HIPAA, PCI, ISO 27001) and any notes you provide (optional; used to tailor communications/demos).
- Website/usage data: IP address, approximate location (based on IP), device and browser information, pages visited, referrers, and timestamps. This data is collected via our hosting provider’s server logs and infrastructure to deliver and secure the site. We do not use third-party tracking cookies or tools such as Google Analytics at this time.
- Communications: messages and correspondence with us (e.g., emails or form submissions).
3) How We Use Personal Data
We process personal data to:
- Provide and operate the website and related services.
- Manage waitlist registrations and respond to contact requests.
- Communicate Fortivisor updates, features, and availability (if you opted in).
- Understand your compliance needs (frameworks/jurisdictions) to tailor invites, demos, and onboarding; and to create aggregated, anonymized statistics.
- Improve performance, user experience, and security of the site.
- Comply with legal obligations.
4) Legal Bases for Processing (Art. 6 GDPR)
- Consent – e.g., when you join the waitlist, share compliance preferences, or ask us to contact you.
- Performance of a contract – e.g., providing information or services you requested.
- Legitimate interests – e.g., running and securing the site, improving UX, tailoring outreach to your stated frameworks/jurisdictions (you can object at any time).
- Legal obligation – e.g., statutory record-keeping and regulatory requests.
5) Hosting & Infrastructure (Webflow)
Our website is hosted by Webflow, Inc. (398 11th Street, 2nd Floor, San Francisco, CA 94103, USA). Webflow processes certain technical data (e.g., IP, browser, OS, access time) to deliver and secure the site.
Data may be transferred to the United States. We have a Data Processing Agreement (DPA) with Webflow that includes EU Standard Contractual Clauses (SCCs) and we perform transfer impact assessments (TIAs).
6) Forms (Contact & Waitlist)
We use the data you submit only to respond to your inquiry or to manage your waitlist registration and contact preferences. Data is sent over TLS/SSL, stored within Webflow’s infrastructure, and may be routed to our internal email/communication tools. We retain form data only as long as necessary for these purposes.
Opt‑out of the waitlist: Email office@innoxact.com from your signup address with the subject “Opt out of waitlist” (or reply “unsubscribe”). We will remove you without undue delay (typically within 14 days). To request deletion of your waitlist data, include “Delete my waitlist data.” We may keep a minimal suppression record (your email + an opt‑out flag) to honor your choice.
7) Cookies & Google Analytics
We and our hosting provider (Webflow) use cookies and similar technologies that are necessary to operate this website securely and reliably. These may include, for example, cookies for load balancing, security (such as CSRF protection), and remembering basic technical preferences.
We do not currently use any non-essential cookies for advertising or detailed third-party analytics (such as Google Analytics or marketing pixels).
Most browsers allow you to block or delete cookies through their settings. If you disable all cookies, parts of the website may not function properly. If we introduce additional, non-essential cookies or third-party tools in the future, we will update this Policy and, where required, ask for your consent before setting them.
8) Sharing of Data
We do not sell or rent personal data. We share it only with:
- Service providers (hosting, analytics, communications) under contract and subject to confidentiality and data‑protection obligations;
- Public authorities where required by law;
- Corporate transactions (e.g., reorganization/merger) under appropriate safeguards.
9) International Transfers
Where personal data is transferred outside the EEA, we rely on SCCs and, where appropriate, additional safeguards and TIAs.
10) Retention
We keep personal data only as long as necessary for the purposes above or as required by law. As guidance:
- Waitlist & marketing contact data: until you opt out, we close the waitlist, or after 24 months of inactivity—whichever is earliest.
- Form submissions & correspondence: up to 24 months after last interaction, unless legal requirements justify longer retention.
- Server logs and basic usage data: retained by our hosting provider (Webflow) for a limited period necessary to ensure the security and stability of the website, in line with their retention practices.- Analytics data: per your consent choices and our analytics configuration (e.g., GA4 retention settings).
11) Your Rights (GDPR)
You can access, rectify, erase, restrict, object (including to processing based on legitimate interests), and port your data, and withdraw consent at any time (does not affect prior lawful processing). We aim to respond within 30 days.
Contact: office@innoxact.com.
You also have the right to complain to a supervisory authority. Our lead authority:
Österreichische Datenschutzbehörde – Barichgasse 40–42, 1030 Vienna, Austria.
12) Security
We implement appropriate technical and organizational measures (e.g., TLS encryption, access controls, processor due‑diligence, monitoring) to protect personal data. No method is 100% secure; we regularly improve safeguards.
13) Children’s Data
Our website and services are not directed to children under 16, and we do not knowingly collect their personal data.
14) Automated decision‑making
We do not perform automated decision‑making or profiling that produces legal or similarly significant effects.
15) Third‑party links
Our site may link to third‑party sites. Their privacy practices are their own; we encourage you to review their policies.
16) Changes to this Policy
We may update this Policy from time to time. The latest version is always available here and shows the effective date.
17) Contact
Questions about this Policy or our data practices: office@innoxact.com
Innoxact GmbH, Josefstr. 98, 3100 St Pölten, Austria
Last updated: Sov 212ovovep 24, 2025
