1. Introduction
We, Inovat GmbH, take the protection of your personal data seriously. This Privacy Policy describes what personal data we process when you visit our website (including the PowerKonnekt site at https://powerkonnekt.com), the purposes and legal bases of processing, and your rights under the General Data Protection Regulation (GDPR).
Controller (Article 4(7) GDPR):
Inovat GmbH
Johannstr. 47
D-40476 Düsseldorf
Germany
Email: info@inovat.com.tr
Website: https://inovat.com.tr
For data protection requests specifically, please contact: privacy@inovat.co
2. Data we collect
a) When visiting our website (server logs)
When you access our website, your browser automatically sends information to our server. This information is temporarily stored in a log file. The following data may be processed automatically:
- IP address of the requesting device
- Date and time of access
- Name and URL of the accessed resource
- Website from which the access is made (referrer URL), if transmitted
- Browser type and version, operating system, and device type, if transmitted
This processing serves technical delivery of the site, stability, security (for example abuse prevention), and troubleshooting.
Legal basis: Article 6(1)(f) GDPR (legitimate interests in secure and reliable operation of our website). Where applicable, Article 6(1)(c) GDPR (legal obligations, for example in connection with security incidents).
b) Contact form or email
If you contact us by email or a contact form, we process the personal data you provide (for example name, email address, message content) to handle your request.
Legal basis: Article 6(1)(b) GDPR (steps prior to entering into or performing a contract), where the request relates to contractual matters, and Article 6(1)(f) GDPR (legitimate interests in responding to inquiries). If you voluntarily provide special categories of data, additional rules may apply; we ask that you only send such information if necessary.
c) Content management (Payload CMS)
Our website is operated using Payload CMS as a self-hosted content management system on infrastructure we control. Personal data is not sent to Payload as a cloud service provider for ordinary page delivery; processing occurs on systems we use for hosting and operation as described in this policy.
d) Cookies, similar technologies, and consent
We use cookies and similar storage where permitted by law.
Strictly necessary cookies are used where required to provide basic functionality you explicitly requested (for example security, load distribution, or storing your language or consent choices where technically needed). These may be set without consent under the ePrivacy rules where they are strictly necessary.
Analytics (statistics) and marketing (advertising) technologies are only used if you give consent via our cookie banner or if another legal basis applies in a specific case. You can accept all optional categories, reject non-essential processing, or choose categories individually. You can open the detailed settings at any time via Cookie settings in the footer of the website and change or withdraw your consent with effect for the future. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal.
We store your choices in a consent cookie (by default under the name cc_cookie, duration as configured in our consent tool). That storage serves evidence of your preferences and consistent application of tags on subsequent visits.
Legal basis for optional analytics and marketing: Article 6(1)(a) GDPR (consent). Legal basis for strictly necessary cookies where applicable: Section 25(2) of the German Telecommunications Telemedia Data Protection Act (TTDSG) in conjunction with Article 6(1)(f) GDPR, or Article 6(1)(c) GDPR where a legal obligation exists.
e) Google Tag Manager and tags loaded through it
We use Google Tag Manager (GTM), a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter “Google”), to manage website tags. GTM itself does not necessarily read identifying personal data from your device beyond what is typical for delivering a script; it triggers other tags that you have allowed through your cookie choices.
Further Google tags (for example Google Analytics, Google Ads, or conversion tags) are only activated in line with your consent and with Google Consent Mode: non-essential storage and processing for advertising and analytics is defaulted to denied until you consent to the relevant category. The exact tags active in our container may change over time; only tags that match your choices should run.
When data is processed by Google, Google may process data on servers outside the European Economic Area. Where Google relies on transfers to countries without an adequacy decision, Google typically uses appropriate safeguards such as standard contractual clauses approved by the European Commission. Further information is available in Google’s privacy documentation at https://policies.google.com/privacy and, where applicable, in your Google account settings.
Legal basis for optional measurement and advertising tags loaded via GTM: Article 6(1)(a) GDPR (consent). Processing strictly required to deliver GTM as part of the site’s technical setup may be based on Article 6(1)(f) GDPR where applicable and consistent with applicable ePrivacy rules.
3. Hosting
Our website and CMS are operated on infrastructure under our control. Depending on configuration, subprocessors (for example hosting providers) may have access to server logs or backup data only to the extent necessary to provide the service. We conclude data processing agreements where required by Article 28 GDPR.
If you use services that involve Google (see section 2(e)), additional processing locations and subprocessors described in Google’s policies apply to that part of the processing.
4. Recipients and disclosure of data
We only disclose personal data to third parties if:
- you have given consent (Article 6(1)(a) GDPR),
- disclosure is necessary for the performance of a contract or pre-contractual steps (Article 6(1)(b) GDPR),
- we are legally obliged to disclose data (Article 6(1)(c) GDPR), or
- disclosure is necessary for the purposes of legitimate interests we pursue and your interests do not override those interests (Article 6(1)(f) GDPR), for example with IT service providers bound by processing agreements.
Google may receive personal data in connection with GTM and tags you have consented to, under Google’s role as a separate controller or as a processor depending on the product and setup. Categories of data may include online identifiers (such as cookie IDs or advertising IDs), device information, and event data relating to your use of the website.
5. Storage duration
We store personal data only as long as necessary for the purposes described, unless longer retention is required or permitted by law (for example statutory retention periods). Server logs are kept only for a limited period required for security and operations unless longer storage is justified in individual cases (for example to clarify abuse).
Consent records and associated cookies are kept for the duration needed to respect your choices and to demonstrate consent where legally relevant; you can delete locally stored cookies through your browser settings, which may reset your on-site preferences.
6. Your rights
Under the GDPR, you have the right to:
- Access (Article 15 GDPR)
- Rectification (Article 16 GDPR)
- Erasure (Article 17 GDPR)
- Restriction of processing (Article 18 GDPR)
- Data portability (Article 20 GDPR), where applicable
- Object to processing based on legitimate interests (Article 21 GDPR)
- Withdraw consent at any time where processing is based on consent (Article 7(3) GDPR), without affecting the lawfulness of processing before withdrawal
To exercise your rights, contact: privacy@inovat.co
You also have the right to lodge a complaint with a supervisory authority. The authority competent for us may include the Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (North Rhine-Westphalia). You may also contact another supervisory authority in the European Union, in particular in your habitual residence or place of work.
7. Data security
We implement appropriate technical and organizational measures to protect your data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures are reviewed and updated as appropriate.
8. Changes to this Privacy Policy
We may update this Privacy Policy when required by law or when our processing activities change. The current version is always available on this page.
Last updated: 20 April 2026
Inovat GmbH