1. Who we are
Camel Thorn Capital B.V. ("Camel Thorn", "we", "us"), trading under the name InnoMotus Technologies, operates the website at innomotus.com and the products listed on it ("the Services"). We are a private limited company (besloten vennootschap) incorporated in the Netherlands, registered with the Kamer van Koophandel under KvK number 97690481. Our registered address is Ankerkade 61, 2102 LP Heemstede, the Netherlands.
For all data protection matters, contact us at: privacy@innomotus.eu. We have assessed that the appointment of a Data Protection Officer is not currently required under Art. 37 GDPR, given the nature and scale of our processing activities. We will keep this assessment under review.
2. The personal data we collect
We collect the following categories of personal data:
- When you contact us: name, email, company, role, and the contents of your message.
- When you visit our website: IP address, browser type, device, pages visited, referrer, and time of visit. Where you have given consent, we may also collect anonymous analytics identifiers.
- When you use our products: account credentials, configuration data, usage logs, and any data you upload to the products. Product-specific processing is governed by the relevant product Data Processing Agreement (DPA).
3. Why we use your data and on what legal basis
| Purpose | Legal basis | Retention |
|---|---|---|
| Responding to your enquiry | Legitimate interest (Art. 6(1)(f)) | Up to 24 months from last contact |
| Providing the Services | Contract performance (Art. 6(1)(b)) | Duration of contract + 7 years (Dutch tax law) |
| Website analytics (with consent) | Consent (Art. 6(1)(a)) | 14 months from collection |
| Compliance with legal obligations | Legal obligation (Art. 6(1)(c)) | As required by applicable law |
| Marketing communications | Consent (Art. 6(1)(a)) | Until consent is withdrawn |
4. Who we share your data with
We share personal data only with:
- Sub-processors who help us deliver the Services (see the sub-processor list below).
- Professional advisors (legal, accounting, audit) where strictly necessary.
- Authorities, where legally required.
We do not sell personal data. We do not share personal data with third parties for their own marketing purposes.
Sub-processor list
| Sub-processor | Purpose | Location | Safeguard |
|---|---|---|---|
| Hetzner Online GmbH / server hosting provider | Website and infrastructure hosting | EU (Germany) | EU-based, no transfer |
| Nginx Proxy Manager (self-hosted) | Reverse proxy, SSL termination | EU (same server) | EU-based, no transfer |
| Google LLC (Google Analytics 4) | Anonymous website analytics (with consent only) | US | SCCs; IP anonymisation enabled; no advertising use |
| Email provider (e.g. Postmark, Mailgun) | Transactional email delivery | EU or US | SCCs where applicable |
This list is kept under review. For the most current version or to request details of SCCs in place, email privacy@innomotus.eu.
5. International data transfers
We aim to keep all personal data within the European Economic Area (EEA). Our website and infrastructure are hosted within the EU. Where any sub-processor is located outside the EEA, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, and conduct a Transfer Impact Assessment to ensure equivalent protection. Details of SCCs in place are available on request.
6. Your rights
Under the GDPR you have the right to:
- Access the personal data we hold about you.
- Have inaccurate data rectified.
- Have your data erased ("right to be forgotten"), subject to legal retention obligations.
- Restrict or object to processing.
- Receive your data in a portable format.
- Withdraw consent at any time, where consent is the legal basis.
- Lodge a complaint with the Dutch Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl) or your local supervisory authority.
To exercise any of these rights, contact privacy@innomotus.eu. We will respond within one month.
7. Security and breach notification
We apply appropriate technical and organisational measures to protect personal data, including encryption in transit (TLS), strict HTTP security headers, access controls, and regular security reviews. No system is impenetrable, but we maintain industry-standard practices and review them continuously.
In the event of a personal data breach, we will notify the Dutch Autoriteit Persoonsgegevens within 72 hours of becoming aware, where required under Art. 33 GDPR. Where a breach is likely to result in high risk to the rights and freedoms of individuals, we will also notify the affected data subjects without undue delay, as required by Art. 34 GDPR.
8. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be notified on this page with an updated "last revised" date. Continued use of the website after changes constitutes acceptance.
9. Contact
For privacy-related questions: privacy@innomotus.eu. For all other matters: hello@innomotus.eu.
← Back to innomotus.com