Privacy policy

This Privacy Policy describes how Interlake Media GmbH (hereinafter referred to as "Interlake") handles your personal data, including the way in which we contact you, and is an integral part of our Terms of Use.
We attach great importance to data protection. The collection and processing of your personal data is carried out in compliance with the applicable data protection regulations, in particular the EU General Data Protection Regulation (GDPR).
Interlake recognises that as a visitor to our website and apps and as a customer of our products and services (hereinafter "Customer"), you want to know in detail how your personal and company data is collected, used, disclosed, transferred, stored and shared. Interlake makes every possible effort to protect your personal data. This policy will be subject to change to keep it up to date. If you have any questions about this privacy policy or our handling of your data, please send an e-mail to privacy@interlake.net or write to us at the address given in the legal notice.

3.1 Consent to our privacy policy

By visiting our website, purchasing, enquiring about or licensing our services or products, you confirm that you accept our practices and policies in this Privacy Policy and you consent to us collecting, using and sharing your information in the ways described below. If you do not accept the Privacy Policy, you must immediately stop visiting our website and using our products or refrain from enquiring about our products and services.

3.2 What data do we collect and how is it used?

‍3.2.1 Websites and Android/iOS apps without login

‍Our website and apps can generally be visited without registration. Data such as pages accessed or the name of the file accessed, date and time of access are stored on the server for statistical purposes without this data being directly related to your person. Personal data, in particular name, address or e-mail address, are collected on a voluntary basis as far as possible. No data will be passed on to third parties without your consent.
The Nextcreate software and services do not collect or share any user data and do not use advertising IDs. Only the camera function is used to activate and display the augmented reality content. Some of the apps refer to pages of the Interlake website, for which the general information provided on this page applies.
When you visit our website, you are not obliged to disclose any personal data. However, if you contact us via our contact forms, you must disclose some personal data (subject to data minimisation) so that we can process your enquiry.

3.2.2 Android/iOS apps

‍If you use our mobile apps, you have two options for providing participants with content:

1. anonymous use of the apps: No personal data about you will be disclosed.
2. registration of participants: In this case, you must disclose some personal data (subject to data minimisation) so that we can process your request.
In this case, we collect the following data:
- User name (required)
- E-mail address (required)
- Password (required, is only stored encrypted in Azure B2C)
- Company name Country where your company is located (required)
- Preferred language
- User data, including the activities in your account and the content you have created

3.2.3 Authoring tool

‍When using the free trial period or purchasing a licence, you will receive initial access to our author portal. The following data must be entered in order to use the portal:
- User name (required)
- E-mail address (required)
- Telephone number (required)
- Password (required, but we encrypt your password so that it cannot be read by us or others)
- Company name and address Country where your company is located (required)
- Payment information (transactions for paid subscriptions) and billing and subscription information
- Preferred language
- User data, including the activities in your account and the content you have uploaded or created
- Cookie ID

3.2.4 Personal data and special categories of personal data

‍The term "personal data" refers to all information that you provide to us and that can be used to identify you personally. This includes, for example, your name, e-mail address, company, address, telephone number and other information about you and/or your company. This may also include publicly accessible information and data available on the internet, for example via websites such as Facebook, LinkedIn, Twitter and Google.
You agree not to collect, process or store any Special Categories of Personal Data (as defined below) with the Services and Software except as (A) directly authorised by Interlake, (B) intended by the Services and Software, or (C) governed by the Additional Terms, if applicable. You agree not to transfer, disclose or otherwise make available any Special Categories of Personal Data to Interlake or any third party provider of Interlake. "Special Categories of Personal Data" means an individual's financial information, data about an individual's sexual behaviour or orientation, medical or health data protected under health data privacy laws, biometric data (for the purpose of uniquely identifying an individual), and children's personal information protected under laws protecting the data of minors (e.g., via the "U.S. Privacy Shield"). For example, through the U.S. Children's Online Privacy Protection Act ("COPPA"), and any other types of information covered by this or a similar term (such as "confidential personal information" or "sensitive personal information") used in applicable data protection or privacy laws. If you are a business, you also agree to ensure compliance with this section by business users.
It is your responsibility, and you warrant, to comply with applicable data protection laws in relation to personal data created or uploaded to the Service. This includes, without limitation, ensuring that Participants have a legal reason (e.g. valid consent where required) for submitting the Personal Data and ensuring that Participants meet the legal age for submitting their Personal Data.
We use your personal data for the following purposes:
- So that you can create and manage an account (user name/profile name, e-mail address)
- So that you can see your account activity and the content you have created
- To protect your account (password)
- To send you an e-mail confirmation of your order
- To be able to process your order and payments
- To know in which country you are located, for billing purposes, to know your time zone for support purposes and to identify the country code of your phone number (your country or the location of your company)
- In order to be able to offer you our services
- For administrative and tax purposes To be able to send service emails
- To keep you informed by e-mail about our services and/or our company
- To be able to communicate with you and support you
- To improve our services and user-friendliness (surveys)
- To learn more about visitors to the website and to improve the user-friendliness of our website
- To find out more about our customers and how they use our services
- To maintain a business relationship with our customers

3.2.5 Navigation data

‍This is data about your computer or another device you use and your visits to the iOS and Android mobile apps as well as our website, e.g. IP address, date and time of the request, content of the request (specific page), access status/HTTP status code, amount of data transferred in each case, website from which the request comes, user's operating system, language and version of the browser software. This data is only stored temporarily in our system's log files for a short period of time. Storage beyond this is possible, but in this case the IP addresses are partially deleted or anonymised so that it is no longer possible to identify the calling client. Such navigation data may therefore contain personal data.

3.2.6 Manufacturer

‍Our portfolio and our website contain products whose manufacturers we are not ourselves. This means that we have to share the necessary customer data with these manufacturers so that we can process your enquiries. As a result, the terms and conditions of the following third-party providers may also apply to you.

Data protection - Microsoft data protection

Corresponding agreements have been concluded with all manufacturers, which also ensure data protection in accordance with EU law.

3.2.7 Customer references and quotes

‍Only with written consent will we publish customer references on our website, which may also contain personal data.

‍3.2.8 Newsletter

‍If you have consented to receiving the Nextcreate or Interlake newsletter, we will use your e-mail address and, if applicable, your name to send you information and news. In particular, we process your e-mail address and your name for the purpose of sending the newsletter.

Our newsletter contains links and graphics that show us whether the newsletter has been opened in an e-mail programme and whether links have been clicked on. This serves to improve our offer and quality assurance. You can object to this usage analysis by unsubscribing from the newsletter.
You can revoke your consent to receive the newsletter at any time with immediate effect, e.g. by sending us an email to privacy@interlake.net or by using the cancellation option at the end of each newsletter. This will result in the deletion of the user data collected or the corresponding feature in your customer master data.

3.2.9 External websites

‍Our website may contain links to other websites operated by third parties. Interlake has no control over their content and practices and assumes no responsibility for them. This Privacy Policy does not apply to these other websites, which have their own terms and policies.

3.2.10 Use of cookies

‍Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When a user accesses a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.
We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser can be identified even after a page change. The user data collected by technically necessary cookies is not used to create user profiles.
The legal basis for the processing of personal data using cookies results from Art. 6 para. 1 lit. f EU GDPR (legitimate interest). The legitimate interest lies in the purpose of simplifying the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognised even after a page change.

3.3 Disclosure of data to third parties

Interlake customer data is not sold to third parties. No personal data will be passed on without consent, unless:
1. we are legally obliged to do so.
2. to fulfil contractual services for Interlake customers and/or to enforce rights and obligations arising from our GTCs or the contractual relationship between the customer and Interlake.
3. In order to fulfil the services offered, it may be necessary for us to use the services of third parties. In this case, data may be passed on.

3.3.1 Hubspot

‍We use the service provider Hubspot to process your enquiries and to document customer communication. Hubspot's privacy policy can be found here: HubSpot Privacy Policy. In addition, we have concluded an AV with the service provider.

3.3.2 Consent Manager

‍We use Consent Manager (information on data protection: Privacy Policy - consentmanager) to manage our cookies. In addition, we have concluded an AV with the service provider. We use the following cookies:

3.4 Storage and protection of personal data

‍3.4.1 Retention of personal data

‍Unless specifically stated, we only store your personal data for as long as is necessary to fulfil the purposes pursued. We then delete this data in a secure manner.

3.4.2 Security of personal data

‍We use a range of security technologies and procedures to protect your personal data from access, use or disclosure by unauthorised persons. Our servers are located in a secure and controlled environment that is protected from unauthorised access. To this end, Interlake has implemented numerous technical and organisational measures to ensure the maximum possible protection of your personal data.

3.4.3 Transfer of personal data

‍As an international company, we may transfer, receive and access personal data from all over the world, including the European Union and the USA. This Privacy Policy applies even if we transfer personal data to other countries. Interlake conducts its business in accordance with European law and maintains strict privacy and data controls to protect your personal data and ensure its security during international transfers and storage in foreign locations.

3.4.4 Disclosure of personal data

‍If we are required to do so by law or if we believe, on reasonable grounds, that the use or disclosure of your personal information is necessary to protect our rights and to comply with applicable law, court order or legal process, we reserve the right to disclose your personal information. We may also disclose information about you if it is necessary to enforce our terms and conditions.

3.5 Your rights as a data subject

Under the applicable laws, you have various rights regarding your personal data. If you would like to assert these rights, please send your request to the contact details given at the beginning.

3.5.1 Right to confirmation and information

‍You have the right to obtain confirmation from us at any time as to whether personal data concerning you is being processed. If this is the case, you have the right to obtain information from us free of charge about the personal data stored about you together with a copy of this data. You also have the right to the following information:
1. the purposes of processing;
2. the categories of personal data that are processed;
3. the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
4. where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
5. the existence of a right to rectification or erasure of personal data concerning you or to restriction of processing by the controller or a right to object to such processing;
6. the existence of a right of appeal to a supervisory authority;
7. if the personal data is not collected from you, all available information about the origin of the data;
8. the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.

If personal data is transferred to a third country or to an international organisation, you have the right to be informed of the appropriate safeguards pursuant to Article 46 GDPR in connection with the transfer.

3.5.2 Right to rectification

‍You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes, you have the right to request the completion of incomplete personal data - also by means of a supplementary declaration.

3.5.3 Right to erasure ("right to be forgotten")

‍You have the right to obtain from us the erasure of personal data concerning you without undue delay and we have the obligation to erase personal data without undue delay where one of the following grounds applies:
1. the personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
2. you withdraw your consent on which the processing is based according to point (a) of Article 6(1) GDPR, or point (a) of Article 9(2) GDPR, and where there is no other legal ground for the processing.
3. you object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR.
4. the personal data have been processed unlawfully.
5. the deletion of personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which we are subject.
6. the personal data were collected in relation to information society services offered in accordance with Article 8 (1) GDPR.

If we have made the personal data public and we are obliged to delete it in accordance with Art. 17 GDPR, we will take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform data controllers who process the personal data that you have requested them to delete all links to this personal data or copies or replications of this personal data.

3.5.4 Right to restriction of processing

‍You have the right to obtain from us restriction of processing where one of the following applies:
1. the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data,
2. the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
3. we no longer need the personal data for the purposes of the processing, but you require the data for the establishment, exercise or defence of legal claims, or
4. you have objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of our company override yours.

3.5.5 Right to data portability

‍You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you have the right to transmit those data to another controller without hindrance from us, where
1. the processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR, and
2. the processing is carried out by automated means.

In exercising your right to data portability pursuant to paragraph 1, you have the right to have the personal data transmitted directly from us to another controller, where technically feasible.

3.5.6 Right of objection

‍You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. We will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Where personal data are processed by us for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
You have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out for scientific or historical research purposes or for statistical purposes in accordance with Article 89(1) GDPR, unless the processing is necessary for the performance of a task carried out in the public interest.

3.5.7 Automated decisions including profiling

‍You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

3.5.8 Right to withdraw consent under data protection law

‍You have the right to withdraw your consent to the processing of personal data at any time.

3.5.9 Right to lodge a complaint with a supervisory authority

‍You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you is unlawful.

3.6 Integrated services / plug-ins

This website uses social plugins from the networks Facebook (Facebook Inc., 1601 South California Avenue, Palo Alto, CA 94304, USA), Google Plus (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) and X (X Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA), among others. In particular, these allow you to share content from the website with your network contacts. Due to the integration, the network providers receive the information that the corresponding website of our Internet offer was accessed from your IP address. If you are logged in to the networks, the network providers can also assign your visit to our website to your network account.

3.6.1 Google Analytics privacy policy

‍Our website uses Google Analytics, a web analytics service provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. To deactivate Google Analytics, Google provides a browser plug-in at http://tools.google.com/dlpage/gaoptout?hl=de. Google Analytics uses cookies. These are small text files that make it possible to store specific user-related information on the user's end device. These enable Google to analyse the use of our website. The information collected by this cookie about the use of our pages (including your IP address) is usually transferred to a Google server in the USA and stored there. We would like to point out that on this website Google Analytics has been extended by the code "gat._anonymizeIp();" in order to ensure anonymised collection of IP addresses (so-called IP masking). If anonymisation is active, Google shortens IP addresses within member states of the European Union or in other contracting states of the Agreement on the European Economic Area, which is why no conclusions can be drawn about your identity. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. Google complies with the data protection provisions of the "Privacy Shield" agreement and is registered with the "Privacy Shield" programme of the US Department of Commerce and uses the information collected to evaluate the use of our websites, to compile reports for us in this regard and to provide us with other related services. You can find out more at https://policies.google.com/privacy?hl=en-US.

3.6.2 Privacy policy for Facebook

‍Our website uses functions of Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA . When you access our pages with Facebook plug-ins, a connection is established between your browser and the Facebook servers. Data is already transmitted to Facebook. If you have a Facebook account, this data can be linked to it. If you do not wish this data to be linked to your Facebook account, please log out of Facebook before visiting our site. Interactions, in particular the use of a comment function or clicking on a "Like" or "Share" button, are also passed on to Facebook. You can find out more at https://de-de.facebook.com/about/privacy.

3.6.3 Privacy policy for X

‍Our website uses functions of X Inc, 1355 Market St, Suite 900, San Francisco, CA 94103, USA. When you access our pages with X plug-ins, a connection is established between your browser and the X servers. Data is already transmitted to X in the process. If you have an X account, this data can be linked to it. If you do not wish this data to be linked to your X account, please log out of X before visiting our site. Interactions, in particular clicking on a "Re-Tweet" button, are also passed on to X. You can find out more at https://twitter.com/privacy.

3.7 Contact details

Phone: +49 331 - 281 282 0
E-mail: privacy@interlake.net

3.7.1 External data protection officer

‍Andreas Stürzl
Interactive EDP
Haidenholzstr. 33
83071 Stephanskirchen
Phone: +49 (0)8036-9080520
E-mail: dsb@interaktiv-edv.de
Internet: www.interaktiv-edv.de