Novexx Solutions GmbH

GENERAL TERMS AND CONDITIONS OF NOVEXX SOLUTIONS GMBH (‘Novexx Solutions’)

Version 1.0 1, 27th May 2022

Privacy policy

  1. Contact options

This privacy policy applies to data processing by:

Novexx Solutions GmbH
Ohmstrasse 386343
Eching

Phone: + 49 8165 925-0
Fax: + 49 8165 925-327
E-mail: solutions@novexx.com
Webseite: www.novexx.com

If you have any questions about data protection, you can contact us at the following email address: datenschutz@novexx.com

  1. Legal basis for data processing

The processing of personal data can be based on various legal bases. If we need your data to fulfill a contract with you or to respond to inquiries from you regarding a contract, the legal basis for this data processing is Art. 6 para. 1 p. 1 lit. b GDPR.

If we obtain your consent for certain data processing, the legal basis is Art. 6 para. 1. p. 1 lit. a GDPR.

We carry out some data processing on the basis of our legitimate interest, whereby a balancing of your interests worthy of protection and our legitimate interests is always carried out. The legal basis for this is Art. 6 para. p. 1 lit. f GDPR.

Insofar as the processing is necessary for the fulfillment of a legal obligation to which we are subject, the legal basis is Art. 6 para. 1 p. 1 lit. c GDPR.

Below we explain how we process personal data via our website.

  1. a) Data processing when accessing the website

When you visit our website, the browser used on your terminal device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automated deletion:

  • IP address
  • Date and time of the request
  • Time zone difference from Greenwich Mean Time (GMT)
  • Content of the request (concrete page)
  • Access status/HTTP status code
  • Data volume transferred in each case
  • Website from which the request comes
  • Browser type together with version
  • Operating system and its interface
  • Language and version of the browser software
  • Name of the accessed web page
  • Message about successful retrieval

The data will be processed by us for the following purposes:

  • Ensuring a smooth connection of the website,
  • Ensuring a comfortable use of our website,
  • Evaluation of system security and stability, and
  • for other administrative purposes.

The legal basis for data processing is Art. 6 para. 1 p. 1 lit. f GDPR. Our legitimate interest follows from the purposes listed above. In no case do we use the collected data for the purpose of drawing conclusions about your person.

  1. b) Contact via e-mail or contact form

When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, name and telephone number, if applicable) will be stored by us in order to answer your questions and process your requests. The legal basis in this respect is Art. 6 para. 1 p. 1 lit. f GDPR.

Insofar as we request information via our contact form that is not required for contacting us, we have always marked this as optional. This information is used to specify your request and to improve the processing of your request.

The disclosure of information is made on a voluntary basis and with your consent, Art. 6 para.1 p. 1 lit. a GDPR. Insofar as this involves information on communication channels (for example, e-mail address, telephone number), you also consent to us contacting you in this way to answer your request. You can revoke this consent at any time for the future.

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. Which means your request has been fully processed and no further communication with you is necessary or desired by you.

  1. Applications

You can apply to our company electronically. Please note that unencrypted e-mails will not be transmitted with access protection.

Your information will be used for processing your application and deciding on the establishment of an employment relationship. The legal basis is Section 26 (1) in conjunction with Abs. 8 S.2 BDSG. Furthermore, your personal data may be processed insofar as this should be necessary for the defense of asserted legal claims against us arising from the application process. The legal basis for this is Art. 6 para. 1 p.1 lit. f GDPR. The stated purposes also constitute the legitimate interest in the processing.

Insofar as an employment relationship arises between you and us, we may, in accordance with Section 26 (1) of the German Federal Data Protection Act (BDSG), further process the personal data already received from you for the purposes of the employment relationship if this is necessary for the performance or termination of the employment relationship or for the exercise or fulfillment of the rights and obligations of the employee representative body resulting from a law or a collective agreement, a works agreement or a service agreement (collective agreement).

Your application data will not be processed beyond the described use.

Your personal data will be deleted after completion of the application process at the latest after 6 months , provided that no other legitimate interests on our part oppose deletion or no consent for longer storage was given. Other legitimate interest in this sense is, for example, a duty to provide evidence in proceedings under the German General Equal Treatment Act (AGG).

  1. Use of cookies

Cookies are stored on your computer by a website you visit. They allow your browser to be reassigned. Cookies transmit information to the entity that sets the cookie. Cookies can store various information, such as your language preference, the duration of your visit to our website or the entries you have made there. However, Cookies cannot execute programs or transfer viruses to your computer. They serve to make the internet offer as a whole more user-friendly and effective.

  1. a) Transient cookies

These cookies are automatically deleted when you close the browser. These include in particular the session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.

  1. b) Persistent cookies

These cookies are automatically deleted after a specified duration, which may differ depending on the cookie. You can delete the cookies at any time in the security settings of your browser.

  1. Google fonts (online version)

For the uniform display of fonts on our website, we use web fonts from Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. The responsible entity for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

When you call up our website, the necessary data is loaded into your browser cache in order to display texts and fonts correctly. This requires a connection to Google’s servers and may result in the transmission of personal data, in particular the IP address, to the servers of Google LLC. in the USA. Google web fonts are transferred to the cache of your browser to avoid multiple loading. If your browser does not support web fonts or prevents access, a standard font will be used by your computer.

Insofar as data is processed outside the EEA, where there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish a secure level of data protection.

For more information on Google Web Fonts, please visit: https://developers.google.com/fonts/faq and Google’s privacy policy: https://www.google.com/policies/privacy/

The data collection and storage only takes place after explicit consent according to Art. 6 para. 1 p. 1 lit. a) GDPR. This can be revoked at any time with effect for the future.

  1. Google Tag Manager

We use the Google Tag Manager by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA on our website. The responsible entity for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

Google Tag Manager makes it easy for us to integrate and manage our tags. Tags are small pieces of code that are used, among other things, to measure traffic and visitor behavior, track the impact of online advertising and social channels, set up remarketing and targeting, and test and optimize websites. Through the tags, the Tag Manager collects relevant information for the services that we have built into our website through Google Tag Manager. The services may be necessary website elements or third-party analytics and marketing tools.

A processing of the collected end device information and personal data does not take place by the Google Tag Manager itself, in fact the data is forwarded to the respective third party provider. The forwarding initiated by the Google Tag Manager represents a processing activity within the meaning of Art. 4 No. 2 GDPR.

Insofar as not only technically necessary website elements from third-party providers are integrated via Google Tag Manager, but also an integration of marketing and analysis tools takes place, the Google Tag Manager can also be classified as a marketing service.

We use the Tag Manager for Google Analytics , Google DoubleClick and Albacross.  The data processing by Google Tag Manager is thus based on your consent pursuant to Art. 6 para. 1 p. 1 lit. a GDPR.

For more information on Google Tag Manager, see: https://www.google.com/intl/de/tagmanager/use-policy.html

  1. DoubleClick by Google

We have integrated the online marketing tool DoubleClick by Google LLC (1600 Amphitheatre Parkway Mountain View, CA 94043, USA) on our website. The responsible entity for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. DoubleClick uses cookies to display ads which are relevant to users, to improve campaign performance reports, or to prevent users from seeing the same ads more than once. Google records which ads are displayed in which browser via a cookie ID. This prevents the same ad from being displayed more than once. In addition, DoubleClick can use cookie IDs to record so-called conversions with reference to ads. This is the case, for example, when a user sees a DoubleClick ad and later uses the same browser to visit the advertiser’s website and make a purchase.

When you visit a website that uses DoubleClick and for which the DoubleClick script is permitted, your browser automatically establishes a direct connection with the Google server. We as the website operator have no influence on the scope and further use of the data collected by Google through the use of this tool. We inform you according to our state of knowledge: Through the integration of DoubleClick, Google receives the information that you visited our website or clicked on our advertisement. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is the possibility that the provider learns your IP address and stores it.

Insofar as data is processed outside the EEA, where there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish a secure level of data protection.

For more information about DoubleClick by Google, please visit https://www.google.de/doubleclick and about Google privacy in general: https://www.google.de/intl/de/policies/privacy . Alternatively, you can visit the Network Advertising Initiative (NAI) website at https://www.networkadvertising.org.

The data collection and storage only takes place after explicit consent according to Art. 6 para. 1 p. 1 lit. a) GDPR. This can be revoked at any time with effect for the future.

  1. Google Analytics

Insofar as you have given your consent, Google Analytics, a web analytics service provided by Google LLC, is used on this website. The responsible entity for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).

Google Analytics uses cookies that enable an analysis of your use of our website. The information collected by means of the cookies about your use of this website is usually transferred to a Google server in the USA and stored there.

[OPTIONAL] We use the User ID feature. User ID allows us to assign a unique, persistent ID to one or more sessions (and the activities within those sessions) and analyze user behavior across devices.

In the event that IP anonymization is activated on this website, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.

We use Google Analytics to analyze and regularly improve the use of our website. The statistics obtained allow us to improve our offer and make it more interesting for you as a user. In addition, we receive information about the functionality of our site (for example, to detect navigation problems).

Receiver

Recipients of the data are/could be

  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor according to Art. 28 GDPR)
  • Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
  • Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

Third country transfer

Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies against access by authorities.

Storage duration

The information sent by us and linked to cookies is automatically deleted after 2 OR 14  months. The deletion of data whose retention period has been reached occurs automatically once a month.

 

Legal basis

The legal basis for this data processing is your consent pursuant to Art.6 para.1 p.1 lit.a GDPR.

For more information about Google Analytics’ terms of use and Google’s privacy policy, please visit https://marketingplatform.google.com/about/analytics/terms/de/ and https://policies.google.com/?hl=de.

  1. Albacross

We use Albacross from the provider Albacross Nordic AB (Kungsgatan 26, 111 35, Stockholm, Sweden) on our website.

Albacross can use cookies to analyze the use of our website and your surfing behavior. In this context, we also collect data on which website a user came to our website from (so-called referrer), which subpages of the website were accessed or how often and for how long a subpage was viewed. This helps us to design our offers in a user-friendly way, to find errors and to improve our offers.

The legal basis for this data processing is your consent pursuant to Art. 6 para.1 lit.a GDPR.

For more information, please visit: www.albacross.com/privacy-policy/

  1. Linkedin

On our website, we have included screenshots of the content on our LinkedIn company page. Below the image is a link which refers to LinkedIn. When you click on “View post on LinkedIn >>” you will be redirected to our LinkedIn company page.

When you visit our LinkedIn company page, LinkedIn collects personal data, even if you are not logged in or registered with LinkedIn. We have no influence on the scope of the data collected by LinkedIn.

Further information on data protection at LinkedIn, in particular on the scope, nature, purpose of data processing and your rights can be found at https://www.linkedin.com/legal/privacy-policy and https://www.linkedin.com/legal/privacy-policy-summary.

  1. YouTube (enhanced privacy mode)

We use services from YouTube, LLC, 901 Cherry Ave, 94066 San Bruno, CA, USA, a subsidiary of Google Inc, Amphitheatre Parkway, Mountain View, CA 94043, USA, on our website. For users who are habitually resident in the European Economic Area or Switzerland, Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland is the controller of your data.

Here, we use the option of extended data protection provided by YouTube to protect your personal data. When you visit a Website in which a YouTube video is embedded, a connection is established to the YouTube servers and the content is displayed on the website by informing your browser. According to YouTube’s information, however, data is only transmitted to the YouTube server in “extended data protection mode” when you actively start the video. If you are logged in to YouTube at this time, the information about the videos you have viewed will be assigned to your Youtube account. You can prevent this by logging out of your account before visiting our website. Insofar as data is processed outside the European Economic Area / the EU, where there is no level of data protection that corresponds to the European standard, Google states that it uses standard contractual clauses.

Further information on YouTube privacy is provided by Google at the following link: https://www.google.de/intl/de/policies/privacy/

  1. Data transmission

A transfer of your data to third parties will not take place except in the cases mentioned, unless we are legally obliged to do so, or the data transfer is necessary for the implementation of the contractual relationship or you have previously expressly consented to the transfer of your data.

External service providers and partner companies, such as online payment providers or the shipping company commissioned with the delivery, only receive your data to the extent that this is necessary to process your order. In these cases, however, the scope of the transmitted data is limited to the necessary minimum. As far as our service providers come into contact with your personal data, we ensure within the framework of order processing pursuant to Art. 28 GDPR that they comply with the provisions of data protection laws in the same manner. Please also note the respective data protection notices of the providers. The respective service provider is responsible for the content of third-party services, whereby we check the services for compliance with the legal requirements within the scope of reasonableness.

We value processing your data within the EU / EEA. However, we may use service providers that process data outside the EU / EEA in some cases. If this happens, we ensure that an adequate level of data protection comparable to the standards within the EU is established at the recipient prior to the transfer of your personal data.

  1. Data security

We have taken extensive technical and operational precautions to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security procedures are regularly reviewed and adapted to technological progress.

  1. Your rights

You have the following rights with respect to personal data concerning you. To exercise your above rights, please contact us by e-mail at datenschutz@novexx.com.

  1. a) General rights

We will gladly provide you with information as to whether personal data relating to you is being processed. If this is the case, you have a right to get access to the information listed in detail in Art. 15 GDPR. In addition, you have the right to rectification (Art. 16 GDPR), the right to restriction of processing (Art. 18 GDPR), the right to erasure (Art. 17 GDPR) and the right to data portability (Art. 20 GDPR) under the respective legal conditions.

  1. b) Rights in the processing of data according to the legitimate interest

Pursuant to Article 21 (1) GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data which is carried out on the basis of Article 6 (1) sentence 1 lit. e GDPR (data processing in the public interest) or on the basis of Article 6 (1) sentence 1 lit. f GDPR (data processing for the protection of a legitimate interest). In the event of your objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.