Do you need help?

Information on Data Protection

novomind

Information in accordance with Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR) and other data protection legislation

1./ Who is responsible for data processing (the controller) and whom can I contact?

Our controller is:
Name: novomind AG, Mr. Mark Moeken
Address: Bramfelder Chaussee 45, 22177 Hamburg, Germany
Telephone: +49 (0) 40 808071-0
E-mail: info@No-spamnovomind.com

Our Data Protection Officer is:
Name: Markus Blunk
TÜV Rheinland i-sec GmbH
Am Grauen Stein
51105 Cologne, Germany
E-mail: datenschutzbeauftragter@novomind.com

2./ For what purpose do we process your data and what is the legal basis for that? / Can I refuse consent to my data being collected?

Whenever it is called by you or an automated system, our website records a number of items of general data and information. This general data and information is stored in our server’s log files. The following may be recorded: The types of browser used and their versions, the operating system used by the system accessing our website, the website from which a system accesses our website, the subpages accessed by a system on our website, the date and time our website was accessed, an Internet Protocol address (IP address), the Internet service provider of the system accessing our website, and other similar data and information that helps repel threats in the event that our IT systems are attacked.

We do not use this general data and information to identify the data subject. This information is required instead to deliver our website’s content correctly, to optimise our website’s content and advertising for it, to ensure that our IT systems and our website’s technology keep running properly, and to provide the law-enforcement authorities with the information required to prosecute any cyberattacks that occur. This data and information, which is collected anonymously, is therefore analysed by us statistically, as well as with the objective of increasing data protection and data security at our company and so ultimately ensuring an ideal level of protection for the personal data we process. The anonymous data in the server log files is stored separately from all personal data provided by a data subject.

2.1. To perform contractual obligations

We use personal data (e.g. your name and address) you provide us with voluntarily in connection with conclusion of a contract or steps prior to entering into a contract (e.g. by means of our contact form) on the basis of the related consent to that (Article 6 (1) point (a) GDPR). We then process this data in accordance with statutory requirements (such as under the German Federal Data Protection Act (BDSG), the German Telemedia Act (TMG) and the General Data Protection Regulation (GDPR)). The personal data sent to the controller is defined in the input screen used for registration.

We process the data required to perform a contract or steps prior to entering into a contract (such as replying to your questions) (Article 6 (1) point (b) GDPR).

If you do not provide the personal data, we cannot fulfil our contractual obligations (such as replying to your questions), nor can we reply to any of your inquiries.

2.2. To comply with legal obligations

If processing of personal data is necessary for compliance with a legal obligation on the part of our company, the legal basis for processing the data is Article 6 (1) point (c) GDPR.

2.3. On the basis of a weighing of interests (Article 6 (1) point (f) GDPR)

Where necessary, we process your data, above and beyond what is required to merely perform the contract, in order to safeguard the legitimate interests pursued by us or a third party, such as:
 
•    Consultation of and exchange of data with credit reporting agencies (e.g. SCHUFA) to ascertain information on creditworthiness or risks of default and the needs relating to the account that is exempt from attachment or basic account;
•    Examination and optimisation of processes for analysing needs and direct addressing of customers;
•    Advertising or market and opinion research, if you have not objected to use of your data;
•    Establishing legal claims and defending ourselves in legal disputes;
•    Ensuring IT security and IT operation at our company;
•    Preventing and investigating criminal acts;
•    Video surveillance enables evidence to be gathered in the event of criminal acts. It therefore helps us protect customers and employees, keep out trespassers and enforce the house rules;
•    Measures related to business controlling and further development of products and services.

Processing of the above data is necessary to safeguard our legitimate interests (in accordance with Article 6 (1) point (f) GDPR) and is justified on account of our overriding interests. We cannot send you any direct marketing without using this data. We use your data for direct marketing of our services only if you have first consented to that (or have not objected) and have not withdrawn your consent. We also select the communications channels used for marketing (such as post, e-mail) so as to ensure that they cause you the least possible inconvenience.

3./ Who uses the data?

The personal data is used solely by the persons and departments involved in handling the contract. The processors we engage (Article 28 GDPR) may also obtain data for said purposes (e.g. through hosting companies). They are companies in the categories IT services, logistics, printing services, telecommunications, debt collection, advice and consulting, and sales and marketing. We predominantly store the data we receive on our firm’s own servers, but in some cases also on servers of specialised service providers in Germany. They are:

Name, address

DTS Systeme Münster GmbH

Soester Str. 13

48155 Münster, Germany

Plusserver GmbH

Hohenzollernring 72

50672 Cologne, Germany

Data is not transferred to third parties who are not involved in performing the contract. In particular, personal data is not transferred to a third country or an international organisation.

4./ For how long is your data stored?

Where necessary, we process and store your personal data only for the period of time which is required to achieve the purpose for which it is stored or which is authorised by European Directives or Regulations or other laws or provisions of another legislator to which the controller is subject.

If the purpose for which the data is stored no longer applies or a storage period prescribed by European Directives or Regulations or another competent legislator expires, the personal data is routinely blocked or erased in accordance with the statutory provisions, if it is no longer required to perform a contract or steps prior to entering into a contract.

Moreover, we are subject to various statutory retention and documentation obligations, among other things pursuant to the General Commercial Code (HGB)*, the German Fiscal Code (AO)*, the German Banking Act (KWG)*, and the German Money Laundering Act (GwG)*.

If you have consented to processing of your personal data (Article 6 (1) point (a) GDPR), we erase your personal data at the latest as soon as you withdraw your consent and there is no other legal ground for processing the data.

5./ Data protection as part of applications and in the application process

We collect and process personal data from job applicants so as to handle the application process. The data may also be processed electronically. That is the case in particular when applicants send their application documents to the controller electronically, such as by e-mail or using a form on the website. If you conclude an employment contract with us, the data provided is stored for use as part of the employment relationship in compliance with statutory provisions. If an employment contract is not concluded with an applicant, the application documents are automatically erased two (2) months after a decision to reject the applicant is communicated, unless the controller has other legitimate interests for not erasing it. Another legitimate interest here is, for example, the requirement to furnish proof in the event of legal action under the German General Act on Equal Treatment (AGG).

We do not take any decision within the meaning of Article 22 GDPR which is based solely on automated processing, including profiling, and/or which produces legal effects concerning you or similarly significantly affects you.

6./ Is automated processing used?

We process your personal data in our firm’s own IT facilities, automatically and in accordance with the above comments.

7./ What data protection rights do you have?

You have the right to access personal data and obtain information on it (Article 15 GDPR), the right to rectification of data (Article 16 GDPR), the right to erasure of data (Article 17 GDPR), the right to restriction of processing (Article 18 GDPR), the right to data portability (Article 20 GDPR) and the right to object to processing of your data (Article 21 GDPR).

You also have a right to lodge a complaint with a data protection supervisory authority (Article 77 GDPR); please refer to Section 7./.

Please send your withdrawal of consent or your request to:

Name: Mark Moeken
Address: Bramfelder Chaussee 45, 22177 Hamburg, Germany
Telephone: +49 40 808071-0
E-mail: info@novomind.com

Alternatively, you can contact our Data Protection Officer directly:

Name: Markus Blunk
TÜV Rheinland i-sec GmbH
Am Grauen Stein
51105 Cologne, Germany
E-mail: datenschutzbeauftragter@novomind.com

8./ Right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority, in particular in the country in which you are currently residing or where your place of work is located or at the place of the alleged infringement if you consider that the processing of personal data concerning you infringes the GDPR.

The supervisory authority responsible for Hamburg is:

Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
(Hamburg Commissioner for Data Protection and Freedom of Information)

Klosterwall 6 (Block C), 20095 Hamburg, Germany
Phone: (040) 4 28 54 - 40 40
Fax: (040) 4 279 – 11811
E-mail: mailbox@datenschutz.hamburg.de

9./ Use of cookies

We use cookies in order to make your visit to our website appealing and enable you to use certain features. Cookies are small text files that are stored on your computer. Most of the cookies used are deleted again from the hard drive when the browser session ends (“session cookies”). Other cookies remain on your computer and enable us to recognise your computer again the next time you visit the website (“persistent cookies”). These cookies are used to welcome you with your user name and, when you place orders again, mean that you do not have to enter your password again or complete forms again with your data. Third parties outside our company are not permitted to use cookies to collect, process or use personal data from our website. You can make a setting in your browser so that you are notified when cookies are placed. You can then decide whether to accept cookies on a case-by-case basis or refuse acceptance of cookies in general. If you do not accept cookies, the features of our online offering may be restricted.

10./ Use of Google Analytics

Our website uses Google Analytics, a web analytics service operated by Google Inc. (“Google”). Google uses cookies. The information on use of this website generated using the cookies is usually transferred to and stored on a server operated by Google in the USA. However, if IP anonymisation is activated on this website, your IP address will be truncated by Google beforehand within the member states of the EU or in other countries that are party to the Agreement on the European Economic Area. Your complete IP address is sent to a Google server in the USA and truncated there only in exceptional cases. Google will use this information on our behalf to evaluate your use of our website, to compile reports on website activities and to provide other services for us relating to website and Internet use. The IP address sent from your browser as part of Google Analytics is not combined by Google with other data. You can prevent Google Analytics from collecting your data by clicking on the following link. An opt-out cookie will be set to prevent the collection of your information on future visits to this website: Deactivate Google Analytics. You can find more information on Google Analytics at: www.google.com/intl/de/analytics/privacyoverview.html.

In light of the current discussion about the use of analysis tools with full IP addresses, we would like to point out that this website uses Google Analytics with the “_anonymizeIp()” extension. This truncates IP addresses to prevent any direct association with specific persons.

11./ Facebook

This website also uses social plugins (“Facebook plugins”) of the social network facebook.com, which is operated by Facebook Inc. (“Facebook”). The Facebook plugins can be identified from the Facebook logo or are indicated by the addendum “Facebook Social Plugin”. When you call a page on our website that contains such a Facebook plugin, your browser establishes a direct connection to Facebook’s servers. The Facebook plugin’s content is transmitted by Facebook directly to your browser and integrated by the latter in the website. We therefore have no influence on the scope of data Facebook gathers using the Facebook plugin and so can only provide you with the information we currently have on this subject. By integrating the plugins, Facebook is informed that you have visited the relevant page of our Internet presence. If you are logged on to Facebook, Facebook can assign your visit to your Facebook account. When you interact with the Facebook plugins, such as by pressing the “Like” button or leaving a comment, the information is likewise sent by your browser directly to Facebook and stored there. If you are not a member of Facebook, it is still possible for Facebook to learn your IP address and store it. Please refer to Facebook’s Data Policy for details of the purpose and scope of data collection, how the data is processed and used further by Facebook, your related rights and settings you can make to protect your privacy.

If you are a member of Facebook and do not want Facebook to collect data on you through our Internet presence and link it to member data stored on Facebook, you must log out of Facebook before you visit our Internet presence.

12./ XING

Our Internet presence uses social plugins (“XING plugins”) of the social network xing.com (“XING”), which is operated by XING AG, Hamburg, Germany. The XING plugins can be identified from the XING logo or are indicated by the addendum “XING”. When you call a website on our web presence that contains such a XING plugin, your browser establishes a direct connection to XING’s servers. The plugin’s content is transmitted by XING directly to your browser and integrated by the latter in the website. By integrating the XING plugins, XING is informed that you have visited the relevant page of our Internet presence. If you are logged on to XING, XING can assign your visit to your XING account. For details of the purpose and scope of data collection, how the data is processed and used further by XING, your related rights and settings you can make to protect your privacy, please refer to: https://www.xing.com/privacy.

If you are a member of XING and do not want XING to collect data on you through our Internet presence and link it to your member data stored on XING, you must log out of XING before you visit our Internet presence.

13./ Google AdWords

We use the online advertising program “Google AdWords” and, as part of Google AdWords, conversion tracking. Google conversion tracking is an analytics service from Google. If you click on an advertisement placed by Google, a cookie for conversion tracking is set on your computer. These cookies lose their validity after 30 days, do not contain any personal data and so are not used to identify users personally. If you visit specific pages of our website and if the cookie has not yet expired, we and Google will be able to tell that you have clicked on the ad and so were forwarded to that page.

Every Google AdWords customer receives a different cookie. That means it is not possible for cookies to be tracked via the websites of AdWords customers. The information collected by the conversion cookie is used to create conversion statistics for AdWords customers who have opted-in for conversion tracking. Customers are informed about the total number of users who clicked on their ad and were forwarded to a page with a conversion tracking tag. However, they do not obtain any information enabling them to identify users personally. If you do not wish to participate in tracking, you can object to its use by preventing installation of the cookies by means of a setting in your browser software (deactivation option). You are then not included in the conversion tracking statistics. You can find more information and Google’s Privacy Policy at: www.google.de/policies/privacy/.

14./ Instagram

We also use the social plugin from the social network of Instagram (“Instagram plugins”), which is operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”).

When you call a page on our web presence that contains such an Instagram plugin, your browser establishes a direct connection to Instagram’s servers. The Instagram plugin’s content is transmitted by Instagram directly to your browser and integrated in the page. Integration of it means Instagram is informed that your browser has called the page on our web presence, even if you do not have an Instagram profile or are not currently logged on to Instagram. This information (including your IP address) is transmitted by your browser directly to an Instagram server in the USA and stored there. If you are logged on to Instagram, Instagram can directly assign your visit to our website to your Instagram account. When you interact with the Instagram plugins, such as by pressing the “Instagram” button, this information is likewise sent directly to an Instagram server and stored there. The information is also published on your Instagram account and shown there to your contacts. For details of the purpose and scope of data collection, how the data is processed and used further by Instagram, your related rights and settings you can make to protect your privacy, please refer to Instagram’s Data Policy: https://help.instagram.com/155833707900388/.

If you do not want Instagram to assign the data collected through our web presence directly to your Instagram account, you must log out of Instagram before you visit our website.

15./ YouTube

Our website uses the social plugin from YouTube (“YouTube plugin”), which is likewise operated by Google Inc. When you call a page on our web presence that contains such a YouTube plugin, your browser establishes a direct connection to YouTube’s servers. The YouTube plugin’s content is transmitted by YouTube directly to your browser and integrated in the page. As part of that, YouTube is informed which specific page on our website you have visited, even if you do not have a YouTube profile or are not currently logged on to YouTube. This information (including your IP address) is transmitted by your browser directly to a YouTube server in the USA and stored there. If you are logged on to YouTube, YouTube can directly assign your visit to our website to your account. If you are also logged on to your YouTube account, you enable YouTube to assign your browsing behaviour directly to your personal profile. You can find more information on collection and use of your data by YouTube in the Privacy Policy at: https://policies.google.com/privacy?hl=en&gl=de.

If you are a member of YouTube and do not want YouTube to collect data on you through our Internet presence and link it to your member data stored on YouTube, you must log out of YouTube before you visit our Internet presence.

16./ LinkedIn

Our Internet presence uses social plugins (“LinkedIn plugins”) of the social network linkedin.com (“LinkedIn”), which is operated by LinkedIn Ireland Unlimited Company, Ireland. The LinkedIn plugins can be identified from the LinkedIn logo or are indicated by the addendum “LinkedIn”. When you call a website on our web presence that contains such a LinkedIn plugin, your browser establishes a direct connection to LinkedIn’s servers. The plugin’s content is transmitted by LinkedIn directly to your browser and integrated by the latter in the website. By integrating the LinkedIn plugins, LinkedIn is informed that you have visited the relevant page of our Internet presence. If you are logged on to LinkedIn, LinkedIn can assign your visit to your LinkedIn account. For details of the purpose and scope of data collection, how the data is processed and used further by LinkedIn, your related rights and settings you can make to protect your privacy, please refer to: https://www.linkedin.com/legal/privacy-policy.

If you are a member of LinkedIn and do not want LinkedIn to collect data on you through our Internet presence and link it to your member data stored on LinkedIn, you must log out of LinkedIn before you visit our Internet presence.

17./ Twitter

This website also uses social plugins of the social network Twitter. Twitter is operated by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA. When you call our pages that have Twitter plugins, a connection is established between your browser and the Twitter servers and data is already transmitted to Twitter. If you have a Twitter account, this data can be linked to it. If you do not want the data to be assigned to your Twitter account, please log off from Twitter before you visit our site. Interactions, in particular when you click on a “Retweet” button, are likewise transmitted to Twitter. For details of the purpose and scope of data collection, how the data is processed and used further by Twitter, your related rights and settings you can make to protect your privacy, please refer to: https://twitter.com/privacy.

18./ Newsletter

You can subscribe to our newsletter. This newsletter helps us keep you up-to-date about what we offer. You need a valid e-mail address to receive our newsletter. We check the e-mail address you enter to ensure that you are actually the owner of the specified e-mail address or its owner is authorised to receive the newsletter. After you have entered your e-mail address and confirmed that you have taken note of our Privacy Policy, you therefore receive a separate mail asking you to click on the link in it and confirm your subscription (double opt-in). When you subscribe to our newsletter, we will store your IP address and the date and time you subscribed. That helps us ensure that a third party does not misuse your e-mail address and does not subscribe to our newsletter without your knowledge. No further data is collected by us. The data collected in this way is used solely for delivering our newsletter. It is not passed on to any third party. The data collected in this way is likewise not compared to data. You can cancel your subscription to the newsletter at any time, either by sending notification to that effect to the contact address specified in Section 6./ or using the link that is provided separately for that purpose in the newsletter.

19./ Declaration that you have taken note of the Privacy Policy

I/we have taken note of the “Information on Data Protection”. I am/we are aware that my/our data required for processing, administration and handling is processed in compliance with the GDPR and that the data collected as part of performance of a contract is passed on to the above persons/departments.

*Acronyms

DSGVO    -    General Data Protection Regulation
BDSG    -    German Federal Data Protection Act
TMG    -    German Telemedia Act
GwG    -    German Money Laundering Act
HGB    -    German Commercial Code
KWG    -    German Banking Act
AO    -    German Fiscal Code

Our website uses the geolocation service visitor.js
We have no influence over the scope of the data collected by the geolocation service. For details of the data that is collected and how it is processed and used, please refer to the provider’s Privacy Statement:
http://www.visitorjs.com/privacy-statement