Privacy policy.

We take the protection of your personal data very seriously. This Privacy Policy explains what personal data we collect when you use our website, how we use it, and what rights you have under the General Data Protection Regulation (GDPR).

1. Controller

ITOI UG (limited liability), Lärchenweg 3, 83242 Reit im Winkl, Germany, Email: info@itoi.co

Represented by: Manuel Mählenhoff, Sarah Korneffel, Jiannis Niemann

2. Collection and Processing of Personal Data

We process your personal data only where necessary and in compliance with the applicable data protection regulations.

a) Contact Form and Email Contact

When you contact us via the contact form or by email, we collect the data you provide (e.g. name, email address, phone number, message content).
Purpose: Responding to your inquiry.
Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures) or Art. 6(1)(f) GDPR (legitimate interests in handling inquiries).

b) Newsletter

If you subscribe to our newsletter, we process your email address for sending you news and updates.
Legal basis: Your consent pursuant to Art. 6(1)(a) GDPR.
You can withdraw your consent at any time with effect for the future by unsubscribing via the link in each newsletter or by contacting us.

c) Server Log Files

When you visit our website, technical data could be automatically collected by the hosting provider, including: IP address, Browser type and version, Operating system, Referrer URL, Date and time of access.

Purpose: Ensuring the security and stability of the website.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest).

d) Cookies and Analytics

If cookies or analytics tools are used (e.g., Google Analytics, Matomo), we provide details in a separate cookie notice. Processing is based on your consent (Art. 6(1)(a) GDPR).

3. Data Retention

We store personal data only as long as necessary to fulfill the stated purposes or as required by legal retention obligations.

  • Contact requests: deleted after processing is completed, unless further storage is required.

  • Newsletter: stored until you unsubscribe.

  • Server logs: usually deleted within 14 days unless needed for security or legal reasons.

4. Data Sharing

We do not share your personal data with third parties unless: you have given explicit consent, it is necessary to fulfill our contractual obligations, we are legally obliged to do so, or it is required to enforce our rights.

We may use service providers (e.g., hosting companies, email service providers) who process data on our behalf and are contractually bound to comply with GDPR.

5. Your Rights

You have the following rights under the GDPR:

  • Right of access (Art. 15 GDPR)

  • Right to rectification (Art. 16 GDPR)

  • Right to erasure (“right to be forgotten”, Art. 17 GDPR)

  • Right to restriction of processing (Art. 18 GDPR)

  • Right to data portability (Art. 20 GDPR)

  • Right to object to processing (Art. 21 GDPR)

  • Right to withdraw consent at any time (Art. 7(3) GDPR)

You also have the right to lodge a complaint with a supervisory authority, in particular with the Bavarian Data Protection Authority (BayLDA) or the authority at your place of residence.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, misuse, or alteration.

7. Changes to This Privacy Policy

We reserve the right to amend this Privacy Policy at any time to comply with legal requirements or to reflect changes in our services. The most recent version will always be available on this website.