Privacy Policy
This data protection declaration informs you about the nature, scope and purpose of the processing of personal data (hereinafter referred to as “data”) in the context of the provision of our services as well as within our online offer and the websites, functions and content associated with it as well as external online presences, such as our social media profiles (hereinafter collectively referred to as “online offer”). With regard to the terms used, such as “processing” or “controller”, we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR). Neovendi GmbH has a data protection officer who can be contacted using the contact details provided in the legal notice.
Responsible
Neovendi GmbH
Industriepark 4
47546 Kalkar
Germany
Management: L.H. Möllmann, G. Holtmann
Types of data processed
– Inventory data (e.g., personal master data, names or addresses).
– Contact data (e.g., email, phone numbers).
– Content data (e.g., text input, photographs, videos).
– Usage data (e.g., web pages visited, interest in content, access times).
– Meta/communication data (e.g., device information, IP addresses).
Categories of data subjects
Visitors and users of the online offer (hereinafter, we also refer to the data subjects collectively as “users”).
Purpose of the processing
– Making available the online offer, its functions and content.
– Responding to contact requests and communicating with users.
– Security measures.
– Reach measurement/marketing
Terminology used
“Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” means any operation or set of operations which is performed upon personal data, whether or not by automatic means. The term is broad and includes virtually any handling of data.
“Controller” means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.
“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller.
Relevant legal bases and your rights
If you have consented to data processing, we process your personal data on the basis of Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, insofar as special categories of data are processed in accordance with Art. 9 para. 1 GDPR. In the event of express consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Art. 49 para. 1 lit. a GDPR. If you have consented to the storage of cookies or access to information in your end device (e.g. via device fingerprinting), the data processing is also carried out on the basis of Section 25 (1) TDDDG. Consent can be revoked at any time. If your data is required for the fulfilment of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b GDPR. Furthermore, we process your data if this is necessary to fulfil a legal obligation on the basis of Art. 6 para. 1 lit. c GDPR. Data processing may also be carried out on the basis of our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR. Information on the relevant legal bases in each individual case is provided in the following paragraphs of this privacy policy.
If you wish to assert any of the following rights, please contact the supervisory authority indicated:
– Right of cancellation pursuant to Art. 7 para. 3 GDPR
– Right to information in accordance with Art. 15 GDPR, if you would like to know what data I have stored about you
– Rectification in accordance with Art. 16 GDPR, if your data has changed
– Erasure in accordance with Art. 17 GDPR
– Restriction of processing in accordance with Art. 18 GDPR
– Data portability in accordance with Art. 20 GDPR
– Objection pursuant to Art. 21 GDPR for processing pursuant to Art. 6 para. 1, lit. e. and f.
– Right to lodge a complaint with the competent supervisory authority pursuant to Art. 77 para. 1 f GDPR
The competent supervisory authority is:
State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia
Kavalleriestraße 2-4
40213 Düsseldorf
Telephone: 0211 38424-0
Fax: 0211 38424-10
E-mail: poststelle@ldi.nrw.de
Security measures
We take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons.
The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access to, entry into, disclosure of, assurance of availability of and segregation of the data. Furthermore, we have established procedures to ensure the exercise of data subjects’ rights, deletion of data, and response to data compromise. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software and processes, in accordance with the principle of data protection through technology design and through data protection-friendly default settings.
Cooperation with processors, joint controllers and third parties
If, in the course of our processing, we disclose data to other persons and companies (order processors, jointly responsible persons or third parties), transmit it to them or otherwise grant them access to the data, this will only be done on the basis of legal permission (e.g. if a transmission of the data to third parties, such as to payment service providers, is necessary for the performance of the contract), users have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).
If we disclose or transfer data to other companies in our group of companies or otherwise grant them access, this is done in particular for administrative purposes as a legitimate interest and beyond that on a basis that complies with the legal requirements.
Transfers to third countries
If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA) or the Swiss Confederation) or do so in the context of using third-party services or disclosing, or transferring data to other persons or companies, this will only be done if it is done to fulfill our (pre)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to explicit consent or contractually required transfer, we only process or allow data to be processed in third countries with a recognized level of data protection, which includes US processors certified under the “Privacy Shield” or on the basis of special guarantees, such as contractual obligation through so-called standard protection clauses of the EU Commission, the existence of certifications or binding internal data protection rules (Art. 44 to 49 DSGVO, information page of the EU Commission).
Rights of the data subjects
You have the right to obtain confirmation as to whether or not data concerning you is being processed and to obtain information about such data, as well as further information and a copy of the data in accordance with the law.
You have the right, in accordance with the law, to request that the data concerning you be completed or that inaccurate data concerning you be corrected.
You have the right, in accordance. with the legal requirements, to demand that data concerning you be deleted without delay, or alternatively, in accordance with the legal requirements, to demand restriction of the processing of the data.
You have the right to demand that the data concerning you that you have provided to us be received in accordance with the legal requirements and to demand that it be transferred to other persons responsible.
You also have the right, in accordance with the law, to lodge a complaint with the competent supervisory authority.
Right of withdrawal
You have the right to revoke given consents with effect for the future.
Right of objection
You may object to the future processing of data relating to you at any time in accordance with the statutory provisions. The objection can be made in particular against processing for direct advertising purposes.
Cookies and right to object in the case of direct advertising
Cookies” are small files that are stored on users’ computers. Various data can be stored within the cookies. The primary purpose of a cookie is to store information about a user (or the device on which the cookie is stored) during or after his or her visit to an online offer. Temporary cookies, or “session cookies” or “transient cookies”, are cookies that are deleted after a user leaves an online offer and closes his browser. Such a cookie may store, for example, the contents of a shopping cart in an online store or a login status. Cookies that remain stored even after the browser is closed are referred to as “permanent” or “persistent”. For example, the login status can be stored if users visit them after several days. Likewise, the interests of users can be stored in such a cookie, which is used for range measurement or marketing purposes. Third-party cookies” are cookies that are offered by providers other than the responsible party that operates the online offer (otherwise, if they are only its cookies, they are referred to as “first-party cookies”).
We may use temporary and permanent cookies and explain this in our privacy policy.
If we ask users to consent to the use of cookies (e.g. in the context of a cookie consent), the legal basis of this processing is Art. 6 para. 1 lit. a. DSGVO. Otherwise, the personal cookies of the users are processed in accordance with the following explanations within the scope of this privacy policy on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. DSGVO) or insofar as the use of cookies is necessary for the provision of our contract-related services, pursuant to Art. 6 para. 1 lit. b. DSGVO, or insofar as the use of cookies is necessary for the performance of a task which is in the public interest or is carried out in the exercise of official authority, pursuant to Art. 6 para. 1 lit. e. DSGVO, processed.
If users do not want cookies to be stored on their computer, they are asked to disable the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.
A general objection to the use of cookies used for online marketing purposes can be declared for a large number of the services, especially in the case of tracking, via the U.S. site http://www.aboutads.info/choices/oder the EU site http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be achieved by disabling them in the browser settings. Please note that then not all functions of this online offer can be used.
Data deletion
The data processed by us will be deleted or restricted in its processing in accordance with the legal requirements. Unless expressly stated within the scope of this data protection declaration, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations.
If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. I.e. the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law.
Changes and updates to the privacy policy
We ask you to regularly inform yourself about the content of our privacy policy. We adapt the data protection declaration as soon as the changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g. consent) or other individual notification.
Agency services
We process the data of our customers within the scope of our contractual services, which include conceptual and strategic consulting, campaign planning, software and design development/consulting or maintenance, implementation of campaigns and processes/handling, server administration, data analysis/consulting services and training services.
In this context, we process inventory data (e.g., customer master data, such as names or addresses), contact data (e.g., e-mail, telephone numbers), content data (e.g., text entries, photographs, videos), contract data (e.g., subject matter of contract, term), payment data (e.g., bank details, payment history), usage data and metadata (e.g., in the context of evaluating and measuring the success of marketing measures). As a matter of principle, we do not process special categories of personal data, unless these are components of commissioned processing. Data subjects include our customers, prospective customers as well as their customers, users, website visitors or employees as well as third parties. The purpose of the processing is the provision of contractual services, billing and our customer service. The legal basis for the processing results from Art. 6 para. 1 lit. b DSGVO (contractual services), Art. 6 para. 1 lit. f DSGVO (analysis, statistics, optimization, security measures). We process data that are necessary for the justification and fulfillment of the contractual services and point out the necessity of their indication. Disclosure to external parties only takes place if it is necessary in the context of an order. When processing the data provided to us as part of an order, we act in accordance with the instructions of the client as well as the legal requirements of a contract processing pursuant to Art. 28 DSGVO and do not process the data for any other purposes than those specified in the order.
We delete the data after the expiry of legal warranty and comparable obligations. The necessity of keeping the data is reviewed every three years; in the case of legal archiving obligations, the deletion takes place after their expiry (6 years, according to § 257 para. 1 HGB, 10 years, according to § 147 para. 1 AO). In the case of data disclosed to us by the client as part of an order, we delete the data in accordance with the specifications of the order, generally after the end of the order.
Administration, financial accounting, office organization, contact management
We process data in the context of administrative tasks as well as organization of our operations, financial accounting and compliance with legal obligations, such as archiving. In this context, we process the same data that we process in the course of providing our contractual services. The processing bases are Art. 6 para. 1 lit. c. DSGVO, Art. 6 para. 1 lit. f. DSGVO. Customers, interested parties, business partners and website visitors are affected by the processing. The purpose and our interest in the processing lies in the administration, financial accounting, office organization, archiving of data, i.e. tasks that serve the maintenance of our business activities, performance of our tasks and provision of our services. The deletion of data with regard to contractual services and contractual communication corresponds to the data mentioned in these processing activities.
In this context, we disclose or transfer data to the tax authorities, consultants, such as tax advisors or auditors, as well as other fee offices and payment service providers.
Furthermore, based on our business interests, we store information about suppliers, event organizers and other business partners, e.g. for the purpose of contacting them at a later date. This data, most of which is company-related, is generally stored permanently.
Business analyses and market research
In order to operate our business economically and to be able to identify market trends, wishes of contractual partners and users, we analyze the data we have on business transactions, contracts, inquiries, etc.. In doing so, we process inventory data, communication data, contract data, payment data, usage data, metadata on the basis of Art. 6 para. 1 lit. f. DSGVO, whereby the data subjects include contractual partners, interested parties, customers, visitors and users of our online offer.
The analyses are carried out for the purpose of business evaluations, marketing and market research. In doing so, we may take into account the profiles of registered users with details, for example, of the services they have used. The analyses serve us to increase the user-friendliness, the optimization of our offer and the business management. The analyses serve us alone and are not disclosed externally, unless they are anonymous analyses with aggregated values.
If these analyses or profiles are personal, they will be deleted or anonymized upon termination of the user, otherwise after two years from the conclusion of the contract. In other respects, the overall business analyses and general trend analyses are prepared anonymously wherever possible.
Google Cloud Service
We use the cloud and cloud software services offered by Google (so-called Software as a Service, e.g. Google Suite) for the following purposes: document storage and management, calendar management, e-mail dispatch, spreadsheets and presentations, exchange of documents, content and information with specific recipients or publication of web pages, forms or other content and information, as well as chats and participation in audio and video conferences.
In this context, the personal data of users are processed to the extent that they become part of the documents and content processed within the described services or are part of communication processes. This may include, for example, master data and contact data of users, data on transactions, contracts, other processes and their content. Google also processes usage data and metadata used by Google for security purposes and service optimization.
In the context of the use of publicly available documents, web pages or other content, Google may store cookies on users’ computers for the purposes of web analytics or to remember users’ settings.
We use Google Cloud services on the basis of our legitimate interests pursuant to Art. 6 (1) lit. f DSGVO in efficient and secure administrative and collaboration processes. Furthermore, the processing takes place on the basis of an order processing agreement with Google (https://cloud.google.com/terms/data-processing-terms).
For further information, please refer to Google’s privacy policy (https://www.google.com/policies/privacy) and the security notes for Google cloud services (https://cloud.google.com/security/privacy/). You can object to the processing of your data in the Google Cloud in accordance with the legal requirements. In addition, the deletion of data within Google’s cloud services is determined by the other processing processes in the context of which the data are processed (e.g., deletion of data no longer required for contractual purposes or storage of data required for taxation purposes).
The Google cloud services are offered by Google Ireland Limited. Insofar as a transfer to the USA takes place, we refer to the certification of Google USA under the Privacy Shield(https://www.privacyshield.gov/participant?id=a2zt0000000000001L5AAI&status=Aktive) and standard protection clauses (https://cloud.google.com/terms/data-processing-terms).
Microsoft Cloud Services
We use the cloud and cloud software services offered by Microsoft (so-called Software as a Service, e.g. Microsoft Office) for the following purposes: document storage and management, calendar management, e-mail dispatch, spreadsheets and presentations, exchange of documents, content and information with specific recipients or publication of web pages, forms or other content and information as well as chats and participation in audio and video conferences.
In this context, the personal data of users are processed to the extent that they become part of the documents and content processed within the described services or are part of communication processes. This may include, for example, master data and contact data of users, data on transactions, contracts, other processes and their content. Microsoft also processes usage data and metadata used by Microsoft for security purposes and service optimization.
In the course of using publicly available documents, web pages or other content, Microsoft may store cookies on users’ computers for purposes of web analytics or to remember users’ preferences.
We use the Microsoft cloud services on the basis of our legitimate interests pursuant to Art. 6 (1) lit. f DSGVO in efficient and secure administration and collaboration processes. Furthermore, the processing is carried out on the basis of an order processing agreement with Microsoft.
For further information, please refer to Microsoft’s privacy policy (https://privacy.microsoft.com/de-de/privacystatement) and the security notes for Microsoft cloud services (https://www.microsoft.com/de-de/trustcenter). You can object to the processing of your data in the Microsoft Cloud in accordance with the legal requirements. In addition, the deletion of data within Microsoft’s cloud services is determined by the other processing processes in the context of which the data are processed (e.g., deletion of data no longer required for contractual purposes or storage of data required for taxation purposes).
The Microsoft Cloud Services are provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA. Insofar as any processing of data takes place in the USA, we refer to Microsoft’s certification under the Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt0000000KzNaAAK&status=Active).
Data protection information in the application process
We process the applicant data only for the purpose and within the scope of the application procedure in accordance with the legal requirements. The applicant data is processed to fulfill our (pre)contractual obligations within the scope of the application procedure in accordance with Art. 6 para. 1 lit. b. DSGVO Art. 6 para. 1 lit. f. DSGVO insofar as the data processing becomes necessary for us, e.g. within the scope of legal procedures (in Germany, § 26 BDSG also applies).
The application procedure requires applicants to provide us with applicant data. The necessary applicant data are marked, if we offer an online form, otherwise result from the job descriptions and basically include the personal details, postal and contact addresses and the documents belonging to the application, such as cover letter, resume and the certificates. In addition, applicants may voluntarily provide us with additional information.
By submitting their application to us, applicants consent to the processing of their data for the purposes of the application process in the manner and to the extent set out in this privacy policy.
Insofar as special categories of personal data within the meaning of Art. 9 (1) DSGVO are voluntarily communicated within the scope of the application procedure, their processing is additionally carried out in accordance with Art. 9 (2) lit. b DSGVO (e.g. health data, such as severely disabled status or ethnic origin). Insofar as special categories of personal data within the meaning of Art. 9 (1) DSGVO are requested from applicants as part of the application process, their processing is additionally carried out in accordance with Art. 9 (2) a DSGVO (e.g. health data, if this is necessary for the exercise of the profession).
If provided, applicants can submit their applications to us using an online form on our website. The data is transmitted to us in encrypted form in accordance with the state of the art.
Applicants can also send us their applications by e-mail. Please note, however, that e-mails are generally not sent in encrypted form and applicants must ensure that they are encrypted themselves. We cannot therefore accept any responsibility for the transmission path of the application between the sender and receipt on our server and therefore recommend rather using an online form or sending by post. This is because instead of applying via the online form and e-mail, applicants still have the option of sending us their application by post.
In the event of a successful application, the data provided by the applicants may be processed by us for the purposes of the employment relationship. Otherwise, if the application for a job offer is not successful, the applicants’ data will be deleted. Applicants’ data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time.
Subject to a justified withdrawal by the applicants, the deletion will take place after the expiry of a period of six months so that we can answer any follow-up questions about the application and meet our obligations to provide evidence under the Equal Treatment Act. Invoices for any reimbursement of travel expenses will be archived in accordance with tax law requirements.
Contact
When contacting us (e.g. by contact form, e-mail, telephone or via social media), the user’s data will be used to process the contact request and its handling according to Art. 6 para. 1 lit. b. (in the context of contractual/pre-contractual relations), Art. 6 para. 1 lit. f. (other requests) DSGVO processed… The user’s details may be stored in a customer relationship management system (“CRM system”) or comparable inquiry organization.
We delete the requests if they are no longer necessary. We review the necessity every two years; Furthermore, the legal archiving obligations apply.
Hosting and emailing
The hosting services used by us serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, e-mail dispatch, security services and technical maintenance services, which we use for the purpose of operating this online offering.
In doing so, we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta data and communication data of customers, interested parties and visitors of this online offer on the basis of our legitimate interests in an efficient and secure provision of this online offer pursuant to Art. 6 (1) lit. f DSGVO in conjunction with Art. 28 DSGVO. Art. 28 DSGVO (conclusion of order processing contract).
Collection of access data and log files
We, or rather our hosting provider, collects on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. DSGVO data about each access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.
Log file information is stored for security reasons (e.g. for the clarification of abuse or fraud) for a maximum of 7 days and then deleted. Data whose further storage is necessary for evidentiary purposes is excluded from deletion until the final clarification of the respective incident.
WP Statistics (WordPress)
This website uses the analysis tool WP Statistics to statistically analyse visitor access. The provider is Veronalabs, Tatari 64, 10134, Tallinn, Estonia (https://veronalabs.com). WP Statistics enables us to analyse the use of our website. Among other things, WP Statistics records log files (IP address, referrer, browser used, origin of the user, search engine used) and actions that website visitors have taken on the page (e.g. clicks and views). The data collected with WP Statistics is stored exclusively on our own server. This analysis tool is used on the basis of Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the anonymised analysis of user behaviour in order to optimise both our website and our advertising. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s end device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.
Integration of third-party services and content
Within our online offer, we use content or service offers of third-party providers on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. DSGVO) to integrate content or services offered by third-party providers, such as videos or fonts (hereinafter uniformly referred to as “content”).
This always requires that the third-party providers of this content are aware of the IP address of the user, since without the IP address they could not send the content to their browser. The IP address is thus necessary for the display of this content. We endeavor to use only such content whose respective providers use the IP address only for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offer, as well as be combined with such information from other sources.
Google Maps
We integrate the maps of the service “Google Maps” of the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The processed data may include, in particular, IP addresses and location data of the users, which, however, are not collected without their consent (usually executed as part of the settings of their mobile devices). The data may be processed in the USA. Privacy policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.
Typekit fonts from Adobe
We use external “Typekit” fonts from the provider Adobe Systems Software Ireland Limited, 6 Riverwalk Citywest Business Campus Dublin 24, Republic of Ireland, on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offering within the meaning of Art. 6 (1) lit. f. DSGVO). DSGVO) external “Typekit” fonts from the provider Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland. Adobe is certified under the Privacy Shield agreement and thereby offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TNo9AAG&status=Active).
Within our online offer, functions and contents of the service LinkedIn, offered by LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland, may be integrated. This may include, for example, content such as images, videos or texts and buttons with which users can share content of this online offer within LinkedIn. If the users are members of the LinkedIn platform, LinkedIn can assign the call of the above-mentioned content and functions to the profiles of the users there. Privacy policy of LinkedIn: https://www.linkedin.com/legal/privacy-policy.. LinkedIn is certified under the Privacy Shield agreement and thereby offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active). Privacy policy: https://www.linkedin.com/legal/privacy-policy, Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out..
Partly created with Datenschutz-Generator.de by RA Dr. Thomas Schwenke
Unsplash
We use photos from https://unsplash.com/ and from https://stock.adobe.com/.