Privacy Statement

The present Privacy Statement informs you in detail about the handling of your personal data when using the “IYOPRO” websites and applications of the company intellivate.

  1. Name and address of the Responsible Party:

    2. The “responsible party or individual” (hereinafter “Responsible Party”) in the context of the “General Data Protection Regulation” of the E.U., and other national data protection statutes of various Member States, as well as other data protection provisions, is:

    intellivate GmbH
    Süderstraße 282
    20537 Hamburg

    Telephone: +49 40 537 9834 - 0
    Email: info@intellivate.com
    Website: https://www.intellivate.com



    The text of the present document may be downloaded as PDF file at the end of this page.



  2. Name and address of the Authorised Representative for privacy matters:

    3. The Authorised Representative for privacy matters, of the Responsible Party, is:

    Michael Gebhardt
    intellivate GmbH
    Am Schmachtenberg 8b
    58636 Iserlohn

    Telephone: +49 2371 7858-0
    Email: datenschutz@intellivate.com



  3. General information concerning data processing by us of personal data:


    1. Scope of processing by us of personal data:

      2. In principle, we process personal data of our users only to the extent necessary to provide a functioning website and to support the content and services which we provide, such as our online Applications and Services, in particular the “IYOPRO SaaS” (SaaS = Software as a Service) and the “IYOPRO Forum” (these will be referred to collectively below as the “IYOPRO Products”). The processing of personal data of our users takes place essentially only with the consent of the user. An exception applies to cases in which prior consent cannot be obtained for objective reasons of actual practicability and the processing of the data is permitted by statute.


    2. Legal bases for our processing of personal data:

      3. Concerning processing of personal data, if we have obtained the consent of the data subject for such processing, then Art. 6 Sec. 1 Clause (a) of the “General Data Protection Regulation of the E.U.” (GDPR) serves as the legal basis. In the processing of personal data necessary for the performance of a contract to which the subject individual is a party, Art. 6 Sec. 1 Clause (b) of the GDPR serves as the legal basis. This also applies to data processing operations required to conduct pre-contractual activities. If and to the extent that it is necessary to process personal data in order to fulfil a legal obligation to which our company is subject, Art. 6 Sec. 1 Clause (c) of the GDPR serves as the legal basis. In a case where it is necessary to process personal data for the sake of vital interests of the data subject or any other natural person, Art. 6 Sec. 1 Clause (d) of the GDPR serves as the legal basis. If data processing is necessary to safeguard the legitimate interests of our company or a third party, and these interests are not outweighed by the interests, fundamental rights, and/or fundamental freedoms of the data subject, Art. 6 Sec. 1 Clause (f) of the GDPR serves as the legal basis for the processing.


    3. Deletion of data, and duration of storage of data:

      4. The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage is no longer in effect. It is noted that In addition, such storage may be required or permitted by European or national legislatures, via statutes, regulations, or other provisions of law to which the Responsible Party is subject. When a retention period prescribed by the above-mentioned statutes, regulations, or other provisions of law expires, the data will be deleted or blocked, unless there is a need for further storage of the data for purposes of implementing a contract or concluding new contracts.




  4. Operation of the website, and Creation of “log files”:


    1. Nature and scope of the data processing:

      2. Basically, it is possible for you to access our website without providing any personal information.However, each time our website is accessed, our system automatically collects certain data and information from the computer system of the calling computer.

      The following data are collected in this process:

      1. Information about the browser type and version used

      2. The operating system of the user, if this can be determined based on the browser type

      3. The IP address of the user

      4. The date and time of access


      The data are stored in the “log files” of our system. These data are not stored in a manner in which they are correlated with the user’s personal data.


    2. Legal basis for the data processing:

      3. The legal basis for the temporary storage of the data and the “log files” is provided by Art. 6 Sec. 1 Clause (f) of GDPR.


    3. Purpose of the data processing:

      4. The temporary storage of the IP address by the system is necessary to enable the website material to be delivered to the computer of the user. For this purpose, the user’s IP address must be stored for the duration of the session. Storage in “log files” is done to maintain and protect the functionality of the website. In addition, the stored data is used to optimise the website and to ensure the security of our information technology systems. No evaluation of the data for marketing purposes is performed in the context of these functions. The justification for our interests in the described data processing is also supported in accordance with Art. 6 Sec. 1 Clause (f) of GDPR.


    4. Duration of the storage:

      5. The data are deleted as soon as they are no longer needed to achieve the purpose for which they were obtained.


    5. Right of objection:

      6. It is absolutely necessary for us to collect the data in order to operate the Internet site. Nevertheless the user has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data. A further processing of the personal data happens only, when we demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the user or for the establishment, exercise or defence of legal claims.




  5. Use of Cookies:


    1. Description and Scope of the data processing:

      2. Our website uses cookies. Cookies are text files that are stored in the Internet browser or the Internet browser on the user’s computer system. When a user visits a website, a cookie may be stored on the user’s operating system. We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser be identified even after a page break.


    2. Legal basis for the data processing:

      3. The legal basis for the processing of personal data with the use of cookies is provided by Art. 6 Sec. 1 Clause (f) of GDPR.


    3. Purpose of the data processing:

      4. The purpose of the use of the technically necessary cookies is to facilitate the use of websites by users. Some functions of our website cannot be offered without the use of cookies. For these functions, it is necessary for the browser to be recognised even after a change in the page. We use cookies, e.g., for: content management of our websites, the IYOPRO Forum, and the IYOPRO training videos and training documentation. The user data collected through the technically necessary cookies will not be used to prepare user profiles.


    4. Duration of the storage; and Opportunity for the user to formally object:

      5. The cookies are stored on the user’s computer and are transmitted from there to our website. Therefore, as a user, you have full control over the use of the cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Already saved cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may no longer be possible to take full advantage of some of the functions of the website.




  6. YouTube

    7. Our web presence uses social plug-ins (“plug-ins”) from the video platform youtube.com. YouTube is operated by Google, i.e. by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you are using one of our online services equipped with a YouTube plugin, a connection to the YouTube servers is established and information about the online services you are using is communicated to the YouTube server. When you are logged in to your YouTube account, you allow YouTube to associate your browsing activity directly with your personal profile. You can prevent that by logging off from your YouTube account. For further information about YouTube’s usage of user data, please refer to YouTube’s privacy policy at https://www.google.com/intl/en/policies/privacy/



  7. Google Cloud Privacy Policy

    8. We use Google Bard, an online service for chat messages, for individual AI content. The service provider is the American company Google Inc. For Europe, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.
    Google also processes your data in the USA, among other places. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This can pose various risks to the lawfulness and security of data processing.
    As the basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or for data transfer there, Google uses so-called standard contractual clauses (= Article 46, Paragraphs 2 and 3 of the GDPR). Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, Google undertakes to comply with European data protection standards when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the resolution and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en
    Google has a contract for order processing in accordance with Art. 28 GDPR, which serves as the data protection basis for our customer relationship with Google. The content of this refers to the EU standard contractual clauses. You can find the order processing conditions here: https://business.safety.google/intl/en/adsprocessorterms/
    You can find out more about the data processed through the use of Google Cloud in the Privacy Policy at https://policies.google.com/privacy?hl=en.



  8. ChatGPT Privacy Policy

    9. We use ChatGPT, an online service for natural language interaction with people, for individual AI content. The service provider is the American company OpenAI, L.L.C.
    ChatGPT also processes your data in the USA, among other places. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This can pose various risks to the lawfulness and security of data processing.
    As the basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or for data transfer there, ChatGPT uses so-called standard contractual clauses (= Art. 46 Paragraphs 2 and 3 GDPR) . Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data is processed in accordance with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, ChatGPT undertakes to comply with European data protection standards when processing your personal data, even if the data is stored, managed or otherwise processed in the USA. These clauses are based on an implementing decision of the EU Commission (Commission Implementing Decision (EU) 2021/914 of June 4, 2021). You can find the resolution and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en
    You can find out more about data processing by ChatGPT in the data protection declaration at https://openai.com/policies/privacy-policy.



  9. Registration:


    1. Description and scope of the data processing:

      2. On our website, and, through it, for our “IYOPRO Products” offered online, we offer users the opportunity to register for use of various features by providing personal data. The data are entered into an online data entry form (online registration form), and are transmitted to us and stored. No data are transferred to any third parties.

      At the time of registration, the following data are also stored:

      1. Name under which the user is being registered;

      2. E-mail address;

      3. The IP address of the user;

      4. The date and time of the registration.


      In connection with the registration process, the consent of the user to process these data is obtained.


    2. Legal basis for the data processing:

      3. Where the consent of the user is obtained, the legal basis for the processing of the data is provided by Art. 6 Sec. 1 Clause (a) of GDPR. If the registration has as a purpose the performance of a contract to which the user is a party, or the conduct of pre-contractual activities, Art. 6 Sec. 1 Clause (b) of the GDPR further serves as a legal basis.


    3. Purpose of the data processing:

      4. Registration of the user is needed for the performance of a contract to which the user is a party, or the conduct of pre-contractual activities. We use the data provided by you to reply to your inquiries, for performance under the contract (or contracts where applicable), and for technical administration of our offerings.


    4. Duration of the storage:

      5. The data are deleted as soon as they are no longer needed to achieve the purpose for which they were obtained. In the case of data obtained during the registration process, in particular for purposes of the performance of a contract to which the user is a party] or the conduct of pre-contractual activities, the data will be deleted when they are no longer needed for performing under the contract. Also, following conclusion of a contract, there may be contractual or legal obligations which necessitate retention of personal data of the contractual partner.


    5. Opportunity for the user to formally object:

      6. As a user you have the opportunity to cancel your registration at any time. Also, at any time, you can amend data being stored which have been submitted by you. It goes without saying that (in the E.U.) you can formally object to use of your data for purposes of solicitation and the like, and you can revoke your consent. If the data are needed for purposes of the performance of a contract, or the conduct of pre-contractual activities, premature deletion of the data is only possible to the extent not precluded by contractual or legal obligations. In connection with these issues, please contact datenschutz@intellivate.com.




  10. Contact form and e-mail contact:


    1. Description and scope of the data processing:

      2. On our Internet site, a contact form is provided which can be used for electronic contact. If a user elects this option, the data entered in the online data entry form will be transmitted to us and saved. These data are:

      1. Title

      2. Contact person

      3. Street

      4. Company

      5. Telephone

      6. E-mail

      7. ZIP-code/Town


      Your consent to the processing of the data is obtained in connection with the sending process, and you are explicitly referred to the present “Privacy Statement”. Alternatively, you can contact us via the e-mail address which we have supplied. In this case, personal data of the user which are transmitted with the e-mail are stored. In this context, no data are transmitted to third parties. The data are used exclusively for carrying on the correspondence.


    2. Legal basis for the data processing:

      3. Where the consent of the user is obtained, the legal basis for the processing of the data is provided by Art. 6 Sec. 1 Clause (a) of GDPR. The legal basis for processing of data transmitted in the course of sending of an e-mail is provided by Art. 6 Sec. 1 Clause (f) of GDPR. If the e-mail contact is in contemplation of conclusion of a contract, an additional legal basis for the data processing is provided by Art. 6 Sec. 1 Clause (b) of GDPR.


    3. Purpose of the data processing:

      4. The processing of the personal data from the online data input form is employed by us solely for replying to the contact. In the case of contact via e-mail, we also have a justifiable general interest in processing of the data.


    4. Duration of the storage:

      5. The data are deleted as soon as they are no longer needed to achieve the purpose for which they were obtained. For the personal data from the data input form associated with the online “Contact” form, and the personal data provided to us by e-mail, this is the case when the respective correspondence with the user has concluded. The correspondence is concluded when it can be inferred from the circumstances that the facts in question have been finally clarified.


    5. Right of objection:

      6. At any time, the user has the possibility to revoke his/her/its consent to the processing of the personal data. If the user contacts us by e-mail, he/she/it may object to the storage of the relevant personal data at any time. In such an instance, the correspondence cannot be continued. It is possible for the user to revoke the consent which has been granted, and to terminate the storage, via an e-mail sent to datenschutz@intellivate.com, with the subject “Opt-out”. In such an instance, all personal data stored in the course of the contacting will be deleted.




  11. AI assistants


    1. Description and scope of data processing

      2. AI assistants are available in our IYOPRO application, which can be used to improve process content. Depending on the intended use, the following AI tools can be used:

      1. IYOPRO AI

      2. ChatGPT

      3. Google Bard


      If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and stored to optimize the process content. This data is:

      1. Process descriptions

      2. Names of activities

      3. Process participants

      4. Process structures

      5. Data dependent on user input


      As part of the registration process, the user’s consent to process this data is obtained.


    2. Legal basis for data processing

      3. The legal basis for the processing of the data, if the user has given his consent, is Article 6 (1) (a) GDPR. If the registration serves to fulfill a contract to which the user is a party or to carry out pre-contractual measures, the additional legal basis for the processing of the data is Article 6 Paragraph 1 Letter b GDPR.


    3. Purpose of data processing

      4. The processing of possible personal data in processes and data from the input mask serves solely to improve process content.


    4. Duration of storage

      5. The data generally remains stored as long as it is needed for the purpose.


    5. Possibility of objection and removal

      6. The user has the option to revoke his consent to the processing of personal data at any time. If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the use of our AI assistants cannot be continued.




  12. Rights of persons who/which are data subjects:

    13. If your personal data are processed, you are a “Data Subject” as defined in the GDPR, and you enjoy the following rights with respect to the intellivate GmbH (hereinafter called the Responsible Party):

    1. Right to information:

      2. You can formally request that the Responsible Party provide you with a declaration of whether personal data concerning you is being processed by us. If such processing exists, you may formally request information concerning the following information, from the Responsible Party:

      1. The purposes for which the personal data are processed;

      2. The categories of personal data which are processed;

      3. The recipients or categories of recipients to whom the personal data relating to you have been disclosed or are still being disclosed;

      4. The planned duration of the storage of the personal data relating to you, or, if it is not possible to provide specific information, then the criteria for determining the duration of the storage;

      5. The existence of a right of correction and/or deletion of personal data relating to you, and/or a right of limitation of the processing by the Responsible Party, and/or a right to formally object to such processing;

      6. The existence of a right of appeal to a governmental regulatory authority.


    2. Right to correction:

      3. You have the right to require the Responsible Party to correct and/or supplement your personal data which are being processed, if and to the extent that the data are incorrect or incomplete. The Responsible Party must make the correction without delay.


    3. Right to limit the data processing:

      4. Under any of the following circumstances, you can formally request limitation of the processing of personal data relating to you:

      1. You dispute the accuracy of personal data relating to you, and you want the processing of such data to be suspended for a period of time which allows the Responsible Party to verify the accuracy of the personal data relating to you;

      2. The processing is unlawful, but you do not want the personal data relating to you to be deleted; instead, you formally request limitation of the use of the personal data relating to you;

      3. The Responsible Party no longer needs the personal data relating to you for the purposes of processing, but you need it to assert, pursue, or defend legal claims; or

      4. You have formally objected to the processing pursuant to Art. 21 Sec. 1 of GDPR, and it is not yet certain whether the legitimate grounds which favour the Responsible Party outweigh the grounds which favour you.


      If the processing of personal data relating to you is placed under limitation, these data may permissibly be used only with your consent, or for purposes of:

      • asserting, pursuing, or defending legal claims;

      • protecting the rights of another natural or juridical person; or

      • serving an important public interest of the European Union or a Member State.


      If data processing is subjected to limitation under any of the above-stated circumstances, you will be notified by the Responsible Party before the limitation is removed.


    4. Right to deletion of data:


      1. Obligation to delete:

        2. You may formally request the Responsible Party to delete personal data relating to you without delay, and the Responsible Party will be required to delete these data immediately, if one of the following grounds applies:

        1. The personal data relating to you which you want deleted are no longer necessary for the purposes for which they were obtained or for other justifiable purposes for which they have been processed;

        2. You revoke your consent, on which the data processing was based according to Art. 6 Sec. 1 Clause (a) or Art. 9 Sec. 2 Clause (a), of GDPR, and there is no other legal basis for the data processing;

        3. You formally object to the data processing in accordance with Art. 21 Sec. 1 of GDPR, and: there are no overriding justifiable reasons for the processing; or you formally object to the data processing in accordance with Art. 21 Sec. 2 of GDPR;

        4. The personal data relating to you have been processed unlawfully;

        5. The deletion of personal data relating to you is required for compliance with a legal obligation under the law of the European Union, or of Member States, to which the Responsible Party is subject;

        6. The personal data concerning you were collected in relation to services offered by an “Information Society” pursuant to Art. 8 Sec. 1 of GDPR.


      2. Information made available to third parties:

        3. If the Responsible Party has made personal data concerning you public, and, pursuant to Art. 17 Sec. 1 of GDPR, the Responsible Party is obligated to obtain deletion of the data, the Responsible Party shall take appropriate measures, including technical measures — taking into account available technology and implementation costs, to inform parties who/which are responsible for data processing which involves processing of the said personal data that you have been identified as a “Data Subject” (in the context of privacy law), and that you have formally requested deletion of all links to such data and all copies or replications of such data.


      3. Exceptions:

        4. The right of deletion of data does not exist if the data processing is necessary for any of the following purposes:

        1. To exercise rights to freedom of expression and freedom of information;

        2. To fulfil a legal obligation whereby the data processing is required under the law of the European Union, or of Member States, to which the Responsible Party is subject; or to accomplish a task which is in the public interest; or to achieve a governmental purpose in the exercise of governmental authority which has been delegated to the Responsible Party;

        3. To assert, pursue, or defend legal claims.



    5. Rights to obtain information, and to receive appropriate notifications:

      6. If you have asserted, with respect to the Responsible Party, the right to correct data, delete data, or limit the processing of data, the Responsible Party is obligated to notify all recipients to whom personal data relating to you have been disclosed, about the correction or deletion of the data or limitation of the data processing, unless such notification proves to be impossible or entails unreasonably high costs. You have the right, assertable against the Responsible Party, to be informed about these recipients.


    6. Right to data portability:

      7. You have the right to receive the personal data relating to you which you have provided to the Responsible Party, in a structured, machine-readable format of a customarily accessible type. In addition, you have the right to transfer these data to another Responsible Party without hindrance by the current Responsible Party for whom/which the personal data were provided, provided that:

      1. The data processing is based on consent according to Art. 6 Sec. 1 Clause (a), or Art. 9 Sec. 2 Clause (a), of GDPR, or is based on a contract according to Art. 6 Sec. 1 Clause (b) of GDPR; and

      2. The data processing is performed by automated means.


      In exercising this right, you also have the right to have the personal data relating to you be transferred directly from one Responsible Party to another Responsible Party, provided that this is technically feasible. Further, it is impermissible for freedoms or rights of other persons to be infringed in this connection.

      The right to data portability does not apply to processing of personal data which is necessary in order to accomplish a task which is in the public interest, or to achieve a governmental purpose in the exercise of governmental authority which has been delegated to the Responsible Party.


    7. Right of objection:

      8. You have the right, at any time, on grounds that are based on your particular situation, to formally object to the processing of personal data relating to you, which data processing relies on Art. 6 Sec. 1 Clause (e) or Art. 6 Sec. 1 Clause (f), of GDPR; this also applies to profiling relying on these provisions of law. The Responsible Party will no longer process the personal data relating to you, unless said Responsible Party can demonstrate compelling legitimate grounds for the data processing that outweigh your interests, rights and freedoms; or can demonstrate that the data processing is for the purpose of asserting, pursuing, or defending legal claims. If the personal data relating to you are processed for purposes of direct marketing, you have the right, at any time, to formally object to the processing of your personal data for such purposes; this also applies to profiling insofar as it is associated with such direct marketing. If you formally object to data processing for purposes of direct marketing, the personal data relating to you will no longer be processed for these purposes. E.U Directive 2002/58/EC notwithstanding, you have the opportunity, in connection with the use of services of an “Information Society”, to submit your formal objection by automated means, in which technical specifications are employed.


    8. Right to revoke consent granted in relation to data privacy:

      9. You have the right, at any time, to revoke your consent granted in relation to data privacy. A revocation of consent does not affect the legality of data processing carried out prior to the revocation, which data processing was carried out in reliance on the consent.


    9. Automated decision in a particular case, including profiling:

      10. You have the right not to be subjected to a decision based solely on automated data processing — including profiling — which will have legal effects on you or will similarly materially adversely affect you. This does not apply if the decision:

      1. Is required for the conclusion or performance of a contract between you and the Responsible Party;

      2. Is permissible based on one or more statutes or regulations of the European Union, or of Member States, to which the Responsible Party is subject; provided that the said statute(s) or regulations(s) contain(s) appropriate measures to safeguard your rights and freedoms, and your legitimate interests; or

      3. Is arrived at with your express consent.


      However, these decisions constituting an exemption disfavouring the user may not permissibly rely on certain categories of personal data pursuant to Art. 9 Sec. 1 of GDPR, unless Art. 9 Sec. 2 Clause (a), or Art. 9 Sec. 2 Clause (g), of GDPR applies, and unless appropriate measures are taken to safeguard your rights and freedoms, and your legitimate interests.

      Regarding the circumstances referred to in Items (1) and (3), above, the Responsible Party shall take appropriate measures to uphold your rights and freedoms, and your legitimate interests, including at least the right to obtain the intervention of a person who will be engaged by the Responsible Party, which person will render his/her own opinion on behalf of you and in challenging the decision in question.


    10. Right to appeal to a governmental regulatory authority:

      11. Without prejudice to any other administrative or judicial remedy, you also have the right to appeal to a governmental regulatory authority, in particular in the Member State of your residence, your place of work, or the location of the alleged offense, if you believe that the processing of the personal data relating to you is in violation of the GDPR.

      The regulatory authority to which the appeal has been addressed shall inform the appellant concerning the status and results of the appeal, including the possibility of a judicial remedy pursuant to Art. 78 of GDPR.


    11. Exercising your rights

      12. You can exercise your rights by sending an Email to: datenschutz@intellivate.com or in written form to the abovementioned address. Please note that we must ask for further data to confirm your identity.






Download our privacy statement.