PRIVACY POLICY of NX Technologies GmbH
Status: 02/22/2022
Responsible for the processing of personal data:
NX Technologies GmbH
Hohenzollernring 89-93
50672 Cologne
External data protection officer:
Attorney Dr. Karsten Kinast, LL.M,
KINAST Rechtsanwaltsgesellschaft mbH,
Hohenzollernring 54, 50672 Cologne
Website: https://www.kinast.eu
1. Preamble
1.1.
This data protection declaration informs you about the type, scope and purpose of the processing of personal data (hereinafter referred to as "data") within the offers provided by NX Technologies (hereinafter referred to as "services"), consisting of online offers/platforms and associated websites , apps, functions, content, as well as external online presences, such as our social media profile.
With regard to the terms used, such as "processing" or "person responsible", we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
We ask you to inform yourself regularly about the content of our data protection declaration. We will adapt the data protection declaration as soon as the changes in the data processing we carry out make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.
2. Relevant Legal Bases
In accordance with Art. 13 GDPR, we will inform you of the legal basis for our data processing. If the legal basis is not mentioned in the data protection declaration, the following applies: The legal basis for obtaining consent is Article 6 (1) sentence 1 lit. a and Article 7 GDPR, the legal basis for processing to fulfill our services and implementation contractual measures and answering inquiries is Article 6 Paragraph 1 Clause 1 Letter b GDPR, the legal basis for processing to fulfill our legal obligations is Article 6 Paragraph 1 Clause 1 Letter c GDPR, and the legal basis for processing to protect our legitimate interests is Art. 6 (1) sentence 1 lit. f GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6 Paragraph 1 Sentence 1 lit. d GDPR serves as the legal basis.
2.1.
Cooperation with processors and third parties:
If, as part of our processing, we disclose data to other people and companies (contract processors or third parties), transmit it to them or otherwise grant them access to the data (cf. 5.7), this is only done on the basis of legal permission (e.g. if a transmission of the data to third parties, such as to payment service providers, pursuant to Art. 6 Para. 1 S. 1 lit. b DSGVO is required for the fulfillment of the contract), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.). If we commission third parties to process data on the basis of a so-called "order processing contract", this is done on the basis of Art. 28 DSGVO.
2.2.
Transfers to third countries:
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or this happens as part of the use of third-party services or disclosure or transmission of data to third parties, this only takes place if it is to fulfill our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we only process or have the data processed in a third country if the special requirements of Art. 44 et seq. GDPR are met. This means that the processing takes place, for example, on the basis of special guarantees, such as the officially recognized determination of a data protection level corresponding to that of the EU (e.g. for Canada, Japan or Switzerland) or compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”). If we transfer your personal data to the USA, this will only be done to recipients who have taken special measures to ensure an appropriate level of protection, even if the transfer is based on standard contractual clauses.
2.3.
Hosting:
The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we use to operate the services. We, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta and communication data from customers, interested parties and visitors to our services on the basis of our legitimate interests in making this online offer available efficiently and securely in accordance with Article 6 Paragraph 1 sentence 1 lit. f GDPR in conjunction with Art. 28 GDPR (conclusion of order processing contract).
2.4.
Processing of access data and log files:
We process or our hosting provider processes data about every access to the server on which this service is located (so-called server log files) on the basis of our legitimate interests within the meaning of Article 6 (1) sentence 1 lit. The access data includes the name of the accessed website, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider . Log file information is stored for a maximum of 7 days for security reasons (e.g. to investigate misuse or fraud) and then deleted. Data whose further storage is required for evidence purposes are excluded from deletion until the respective incident has been finally clarified.
2.5.
Administration, financial accounting, office organization, contact management:
We process data as part of administrative tasks and the organization of our operations, financial accounting and compliance with legal obligations, such as archiving. In doing so, we process the same data that we process within the scope of providing our contractual services. The basis of processing is Article 6 Paragraph 1 Clause 1 Letter c. GDPR, Article 6 Paragraph 1 Clause 1 Letter f GDPR. Customers, interested parties, business partners and website visitors are affected by the processing. The purpose and our interest in processing lies in administration, financial accounting, office organization, archiving of data, i.e. tasks that serve to maintain our business activities, perform our tasks and provide our services. The deletion of the data with regard to contractual services and contractual communication corresponds to the information given for these processing activities. We transmit data to the financial administration, consultants such as tax consultants or auditors as well as other fee offices and payment service providers. Furthermore, on the basis of our business interests, we store information on suppliers, organizers and other business partners, e.g. for the purpose of later contact.
3. Terms used
3.1.
"Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or one or more special features, are an expression of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
3.2.
"Processing" is any process or series of processes carried out with or without the aid of automated processes in connection with personal data. The term is broad and encompasses practically every handling of data.
3.3.
The "responsible person" is the natural or legal person, authority, institution or other body that alone or jointly with others decides on the purposes and means of processing personal data.
4. Processing of personal data when using our website for informational purposes
4.1.
If you only use our website for informational purposes, i.e. if you do not log in or register to use the services of NX Technologies GmbH or otherwise provide us with information, we do not process any personal data, with the exception of the data that your browser (e.g. Mozilla Firefox, Microsoft Internet Explorer or Apple Safari) to enable you to visit our website. These are in particular:
4.1.1.
IP address
4.1.2.
Date and time of the request
4.1.3.
Time zone difference to Greenwich Mean Time (GMT)
4.1.4.
Content of the request (specific page)
4.1.5.
Access Status/HTTP Status Code
4.1.6.
amount of data transferred
4.1.7.
Website from which the request comes
4.1.8.
Origin URL from which the user comes
4.1.9.
Browser type and version
4.1.10.
Operating system and its interface (mobile or desktop)
4.1.11.
Set language and version of your browser.
4.2.
In addition, cookies are already stored on your computer when you use our website for informational purposes as well as other uses of our website and our services. Cookies are small files with text information that are stored on your hard drive and assigned to the browser you are using. We use cookies to make navigating and using our website as user-friendly as possible. We need the cookies to identify you for the entire duration of your visit after you have successfully logged in. We do not use the cookies to establish a connection to the users. You can deactivate the option to save these cookies at any time in the system settings of your browser and delete existing cookies. You can also view our online offer without cookies. However, if you do not accept cookies, this may limit the functionality of the website.
4.3.
Our website uses the following cookies, web beacons and related technologies:
4.3.1.
Transient cookies (short storage period)
4.3.2.
Persistent cookies (long-term storage period)
4.3.3.
Third party cookies (from third parties)
4.4.
Transient cookies are automatically deleted when you close your browser. These include in particular the session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This allows your computer to be recognized when you return to the website. The session cookies are deleted when you log out or close the browser.
4.5.
In addition, we also use persistent cookies, ie cookies that remain on your hard drive for a certain period of time beyond the browser session. On another visit, it will then be automatically recognized which country and which language you selected the last time you visited our website. These persistent cookies are stored on your hard drive and deleted by the browser after the specified time. You can delete persistent cookies at any time in your browser settings. The cookies can also be those of third parties (Intercom Inc. and/or Google Inc.).
4.6.
A general objection to the use of cookies for online marketing purposes can be raised for a large number of services, especially in the case of tracking, via the US site http://www.aboutads.info/choices/ or the EU side http://www.youronlinechoices.com/ be explained. Furthermore, the storage of cookies can be achieved by switching them off in the browser settings. Please note that in this case not all functions of our services can be used.
The data processed by cookies are required for the purposes mentioned to protect our legitimate interests and those of third parties in accordance with Article 6 Paragraph 1 Sentence 1 lit. f GDPR, insofar as they are technically required cookies without which this website cannot be displayed can. Cookies that are processed for marketing, statistical or other purposes are only used with your express consent (Article 6 (1) sentence 1 lit. a GDPR). You can find more information about the cookies used in the cookie settings at www.bezahl.de.
5. Processing of personal data when registering and using our services
5.1.
Users can create an account to use our services. As part of the registration, the required mandatory information is communicated to the users. The data entered during registration will be used for the purpose of using the offer. Users can be informed by email about information relevant to the offer or registration, such as changes to the scope of the offer or technical circumstances. If users block their user account, their data will be deleted with regard to the user account, unless their storage is necessary for commercial or tax reasons in accordance with Article 6 (1) sentence 1 lit. c GDPR. Users are responsible for backing up their data before the end of the contract if they have been blocked. We are entitled to irretrievably delete all of the user's data stored during the contract period.
5.2.
If you register for our service, we do not process more than the following data when opening a user account with our services:
5.2.1.
Name first Name
5.2.2.
company name
5.2.3.
company address
5.2.4.
E-mail address
5.2.5.
Address (street, house number, city, country)
5.2.6.
Mobile phone number
5.2.7.
Bank details (IBAN, BIC)
5.3.
We use the so-called double opt-in procedure for registration, i. H. Your registration is not complete until you have previously confirmed your registration by clicking on the link contained in a confirmation e-mail sent to you for this purpose. If you do not confirm this in a timely manner, you have the option of deleting your registration from our database.
5.4.
As part of the use of our registration and login functions and the use of user accounts, we save the IP address and the time of the respective user action. The storage takes place on the basis of our legitimate interests, as well as the user's protection against misuse and other unauthorized use. In principle, this data will not be passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so in accordance with Article 6 (1) sentence 1 lit. c GDPR.
5.5.
Your personal data will only be passed on to other third parties or otherwise transmitted if this is necessary for the purpose of contract processing, you have given your prior consent, this is necessary to fulfill a legal obligation and this corresponds to a legitimate interest (of the person responsible or a third party). The following transmissions of your personal data to third parties take place on the basis of our legitimate interests in accordance with Article 6 (1) sentence 1 lit. f GDPR:
5.5.1
For the hosting and the operation of our services we work with the Hosting provider Dembach Goo Informatik GmbH & Co. KG, Hohenzollernring 72, 50672 Cologne, Germany together. For this purpose we forward your data to Dembach Goo Informatik GmbH & Co. KG. Dembach Goo Informatik GmbH & Co. KG processes your data exclusively for the purpose of carrying out payment transactions, storing, processing or using them. The use of the services of Dembach Goo Informatik GmbH & Co. KG is based on our legitimate interests in the efficient and secure provision of our services in accordance with Article 6 (1) sentence 1 lit. f GDPR.
5.5.2.
Use of the services of UniCredit Bank AG (Hypovereinsbank), Arabellastr. 12, 81925 Munich, Germany: The payment transactions initiated via the “Automapping” product extension are processed by our partner UniCredit Bank AG. All payments are paid into a payment transaction account (= dedicated virtual IBAN per transaction or sale) at UniCredit Bank AG instead of directly to the house bank. For this purpose we forward transaction data to UniCredit Bank AG. UniCredit Bank AG will process your data exclusively for the purpose of carrying out payment transactions. A transfer to third parties - if it takes place at all - only within the framework of the legal requirements. Transfers of personal data to state institutions and authorities only take place within the framework of mandatory national legal provisions or if the transfer is necessary in the event of misuse or fraud for legal or criminal prosecution. A transfer for other purposes - in particular for the purposes of address trading - is excluded. The processing takes place on the legal basis of Article 6 (1) (b) GDPR.
5.5.3.
Use of the services of the Taunus Sparkasse public law institution, Ludwig-Erhard-Anlage 6+7, 61352 Bad Homburg vor der Höhe, Germany: The payment transactions initiated via the “Automapping” product extension can also be processed via our partner, the Taunus Sparkasse. All payments are paid into a payment account (= dedicated virtual IBAN per transaction or sale) at Taunus Sparkasse instead of directly to the house bank. For this purpose we forward transaction data to Taunus Sparkasse. The Taunussparkasse will process your data exclusively for the purpose of carrying out payment transactions. A transfer to third parties - if it takes place at all - only within the framework of the legal requirements. Transfers of personal data to state institutions and authorities only take place within the framework of mandatory national legal provisions or if the transfer is necessary in the event of misuse or fraud for legal or criminal prosecution. A transfer for other purposes - in particular for the purposes of address trading - is excluded. The processing takes place on the legal basis of Article 6 (1) (b) GDPR.
5.5.4.
Use of the services of FinTecSystems GmbH, Gottfried-Keller-Straße 33, 81245 Munich, Germany: We use the services of FinTecSystems GmbH to carry out transfer orders, with which a connection is established between FinTecSystems and your online banking. To do this, log into your online banking account via our interface. On the basis of this access, payments (= online transfer) can be carried out with additional authorization using a TAN. In this context, data (transaction data and online banking access data) are transferred to FinTecSystems. The data will not be passed on to third parties and will only be used for internal purposes. FinTecSystems GmbH stores data exclusively in German data centers in accordance with ISO 27001. Use is based on our legitimate interests within the meaning of Article 6 Paragraph 1 Sentence 1 lit. f GDPR. For more information, you can read the privacy policy of FinTecSystems GmbH.
5.5.5.
Use of the services of Concardis GmbH, Helfmann-Park 7, 65760 Eschborn, Germany: To carry out payment processing via credit card or PayPal, we use the services of the payment service provider Concardis GmbH. Payments are processed directly via the Concardis GmbH platform. For this purpose, we forward transaction and payment data to Concardis GmbH. Concardis GmbH will process your data exclusively for the purpose of carrying out payment transactions. Concardis may pass on the personal data to affiliated companies and other service providers or subcontractors if this is necessary to fulfill the contractual obligations entered into by Concardis or if the data is to be processed on behalf of Concardis. The processing of the personal data of the users takes place on the basis of our legitimate interests in the provision of several payment options and thus the possibility of carrying out payment transactions by credit card or PayPal in accordance with Article 6 (1) sentence 1 lit. f GDPR.
5.5.6.
Use of the services of Adyen NV, Carmiggeltstraat 5-60, 1011 DJ Amsterdam, The Netherlands: To carry out payment processing via credit card, Girocard or PayPal, we use the services of the payment service provider Adyen NV. The payment processing takes place directly via the Adyen platform. For this purpose we forward transaction and payment data to Adyen NV. Adyen NV will only process your data for the purpose of carrying out payment transactions. Adyen NV may pass on the personal data to affiliated companies and other service providers or subcontractors insofar as this is necessary for the fulfillment of contractual obligations entered into by Adyen NV or the data are to be processed on behalf of Adyen NV. The processing of the personal data of the users takes place on the basis of our legitimate interests in the provision of several payment options and thus the possibility of carrying out payment transactions by credit card, Girocard or PayPal in accordance with Art. 6 paragraph 1 sentence 1 lit. f GDPR.
5.5.7.
Use of the services of Intercom Inc., Battery Street, Suite 402, San Francisco, CA 94111, USA: We use the services of Intercom Inc. to organize customer service tasks, live chat and send information by e-mail. In this context, personal data of users is stored in the systems of Intercom Inc. in USA, San Francisco, CA94111 , Battery Street, Suite 402. This is data that is provided by the user in the context of customer service requests, such as name, e-mail address, mobile phone number, transaction data and usage data. The appropriate level of data protection is guaranteed through the use of standard contractual clauses and, if necessary, further measures (see 2.2.). The processing of users' personal data is based on our legitimate interests in an efficient and fast communication platform for support requests in accordance with Article 6 Paragraph 1 Sentence 1 lit. f GDPR.
5.5.8.
Use of the Pathwire Services of Mailjet GmbH, Alt-Moabit 2, 10557 Berlin, Germany and Mailgun Technologies Inc., 112 E Pecan St #1135, San Antonio, TX 78205, United States: We use Pathwire services to parse data and send system emails. The sending of personal data is limited to the name of the user, the e-mail address and transaction data. Your data will be stored (Mailjet) in secure data centers located exclusively in the European Union (Google Cloud Platform) in Frankfurt and Saint-Ghislain (Belgium). With the integration of Mailgun, servers in the USA could be called up. The appropriate level of data protection is guaranteed through the use of standard contractual clauses and, if necessary, further measures (see 2.2.). Please see the Pathwire Group Privacy Policy for more information https://www.pathwire.com/de/privacypolicy The use of Pathwire for the secure sending of system and communication emails is based on our legitimate interests within the meaning of Article 6 (1) sentence 1 lit. f GDPR.
5.5.9.
Use of the services of Amazon Web Services Inc., 410 Terry Avenue North, Seattle WA 98109, United States: We use the services of Amazon Web Services for audit-proof storage of log and audit data. With the integration of the cloud computing provider AWS, Amazon servers in the USA could be called up. The appropriate level of data protection is guaranteed through the use of standard contractual clauses and, if necessary, further measures (see 2.2.). The use and collection of log or audit data from Amazon Web Services is based on our legitimate interests in the efficient and secure provision of our services in accordance with Article 6 Paragraph 1 Sentence 1 lit. f GDPR.
5.5.10.
Use of the services of HubSpot Inc., HubSpot Headquarters (Cambridge, MA) 25 First St., 2nd floor Cambridge, Massachusetts 02141, USA: We use the services of Hubspot Inc. to maintain and manage commercial contacts and cooperation partners. In this context, personal user data is stored in the Hubspot Inc. systems. This concerns in particular customer master data of commercial users and cooperation partners. With the integration of HubSpot, it cannot be ruled out that server calls will take place in the USA. The appropriate level of data protection is guaranteed through the use of standard contractual clauses and, if necessary, further measures (see 2.2.). The processing of users' personal data is based on our legitimate interests in efficient communication and information provision to users in accordance with Article 6 (1) sentence 1 lit. f GDPR.
5.5.11.
Use of Firebase services, Firebase is a service provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA: We use the services of Firebase to host and operate our website. In this context, usage data and content data entered by users (personal data) are stored in the Firebase systems. In addition, other features of Firebase are also used to enhance NX Technologies' web presence. With the integration of Firebase, it cannot be ruled out that server calls will take place in the USA. The appropriate level of data protection is guaranteed through the use of standard contractual clauses and, if necessary, further measures (see 2.2.). Firebase is used on the basis of our legitimate interests in providing our services efficiently and securely in accordance with Article 6 (1) sentence 1 lit. f GDPR.
5.5.12.
Use of the services of DigitalOcean LLC, 101 Avenue of the Americas, 10th Floor, New York, NY 10013, USA: We use the services of DigitalOcean to notify external systems for status updates of transaction data. In this context, transaction data and personal data such as name, e-mail address and mobile phone number are stored in DigitalOcean's systems. All data is only processed temporarily by a German cloud server. The appropriate level of data protection is guaranteed through the use of standard contractual clauses and, if necessary, further measures (see 2.2.). DigitalOcean is used on the basis of our legitimate interests in the efficient and secure provision of our services in accordance with Article 6 (1) sentence 1 lit. f GDPR.
5.5.13.
Use of Google Cloud Services. Google Cloud is a service provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA: We use the services of Google Inc. for communication (via Google Cloud Messaging) and the storage of images (Google Cloud Storage). In this context, usage data and transaction data are stored in the Google Inc. systems. In this context, Google servers in the USA are called up. A transfer of data by Google to third parties only takes place due to legal regulations or in the context of order data processing. Under no circumstances will Google combine your data with other data collected by Google. Google is "responsible" for the processing. The appropriate level of data protection is guaranteed through the use of standard contractual clauses and, if necessary, further measures (see 2.2.). Google Cloud is used on the basis of our legitimate interests in providing our services efficiently and securely in accordance with Article 6 (1) sentence 1 lit. f GDPR.
5.5.14.
Use of the services of Google Apps (GSuite). Google Apps is a product of Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA: We use the services of Google Inc. for the management, creation and storage of documents, electronic communication and appointment management. In this context, employee master data and personal user and transaction data entered by employees are stored in the Google Inc. systems. In this context, Google servers in the USA are called up. A transfer of data by Google to third parties only takes place due to legal regulations or in the context of order data processing. Under no circumstances will Google combine your data with other data collected by Google. Google is "responsible" for the processing. The appropriate level of data protection is guaranteed through the use of standard contractual clauses and, if necessary, further measures (see 2.2.). The processing of the personal data of the users takes place on the basis of our legitimate interests in a safe and effective processing of customer concerns as well as an appealing presentation of our company to the outside in accordance with Article 6 Paragraph 1 Sentence 1 lit. f GDPR.
5.5.15.
Use of the services of BroadSoft Germany GmbH (Placetel), Lothringer Straße 56, 50677 Cologne, Germany: We use the services of BroadSoft GmbH to operate the NX Technologies telephone hotline. In this context, telephone numbers and call recordings are stored by BroadSoft Germany GmbH. A transfer of personal data to third countries is not planned, but possible via the hosting partner and third-party providers of the service provider. The use of the services of BroadSoft Germany GmbH is based on our legitimate interests within the meaning of Article 6 (1) sentence 1 lit. f GDPR.
5.5.16.
Use of the services of Functional Software, Inc. dba Sentry, 132 Hawthorne Street, San Francisco, CA 94107, USA: We use Functional Software Inc.'s Sentry service to improve the system stability of our services by identifying code errors. This is technical data such as the IP address, information about the device, information about the browser, information about the operating system or the time of errors. The appropriate level of data protection is guaranteed through the use of standard contractual clauses and, if necessary, further measures (see 2.2.). The processing of users' personal data is based on our legitimate interests in the security and optimization of our services in accordance with Article 6 Paragraph 1 Sentence 1 lit. f GDPR.
5.5.17.
Use of the services of Netlify Inc., 2325 3rd Street, Suite 215, San Francisco, California 94107, USA: We use Netlify's services to host and operate our websites and our services. In this context, usage data and content data entered by users (personal data) are stored in Netlify's systems. With the integration of Netlify, servers in the USA could be called up. The appropriate level of data protection is guaranteed through the use of standard contractual clauses and, if necessary, further measures (see 2.2.). The processing of the personal data of the users takes place on the basis of our legitimate interests in an efficient and secure provision of our services in accordance with Article 6 (1) sentence 1 lit. f GDPR.
5.5.18.
Use of the services of Wix.com Inc., Namal 40, 6350671 Tel Aviv, Israel: We use the services of Wix.com to host and operate our websites. By visiting our website, non-personal data and personal data are processed. Non-Personally Identifiable Information consists of usage information such as browsing and click activity, session heat maps and scrolls, non-identifying device, operating system, internet browser, screen resolution, language and keyboard settings, internet service provider, referring/exit pages, and date/time stamps. Personal data is mainly contact data (first name, last name, telephone number and e-mail address) entered by the user via a contact form. Furthermore, browser or usage session data (IP address, geographic location and/or unique identifier of the end device) and any other personal data that is made available to us by visitors through their access and use of our websites. With the integration of WIx.com, it cannot be ruled out that server calls will take place in third countries. The appropriate level of data protection is guaranteed through the use of standard contractual clauses and, if necessary, further measures (see 2.2.). The use of Wix.com is based on our legitimate interests in providing our services efficiently and securely in accordance with Article 6 (1) sentence 1 lit. f GDPR.
5.5.19.
Data transmission for the use of external value-added services: NX Technologies GmbH integrates offers from external partners in the areas of finance, insurance, vehicle maintenance, care and repairs and automobile clubs into its services. The purpose of this is to make it easier for you to use the external service. The transmission expressly does not include your bank details. The integration of these offers is marked with "Advertisement". We will obtain your consent separately for this data transfer.
6. (Personalized) profiling
As part of the use of our services as a registered user, NX Technologies processes profiles on click behavior for the purpose of market research and improvement of the service.
7. Visibility of your personal data for other users
7.1.
In connection with payment transactions, it makes sense for other users of NX Technologies services to be aware of your personal data in order to carry out payment transactions.
7.2.
During the execution of payment transactions, NX Technologies notifies the buyer and the seller of the respective status of the transactions.
8. Use of Social Media
8.1.
We maintain online presences within social networks and platforms in order to be able to communicate with the customers, interested parties and users active there and to be able to inform them about our services there. When calling up the respective networks and platforms, the terms and conditions and data processing guidelines of the respective operator apply. Unless otherwise stated in our data protection declaration, we process user data if they communicate with us within social networks and platforms, e.g. write posts on our online presence or send us messages.
8.2.
We use social media plug-ins from Facebook, Xing, LinkedIn and Twitter on our website. We have integrated these social media plug-ins into our website, taking into account the so-called 2-click solution. In this way, we prevent your personal data from being transmitted to the providers of these social media plug-ins and stored there (in the case of US providers in the USA) without your knowledge when you visit our website. Your personal data will only be transmitted if you click on one of the plug-ins. We have no influence on the processed data and data processing operations, nor are we aware of the full scope of data processing, the purposes and the storage periods. Since the plug-in providers use cookies in particular to process the data, we recommend that you delete all cookies via the security settings of your browser before clicking on the grayed-out box.
8.3.
If you activate a plug-in, the plug-in provider receives the information that you have accessed the corresponding sub-page of our website. In addition, the under 6.5. The data mentioned in this declaration is transmitted, whereby in the case of Facebook, according to the information provided by the respective provider in Germany, only an anonymous IP is collected. This occurs regardless of whether you have an account with this plug-in provider and are logged in there. If you are logged in to the plug-in provider, this data will be assigned directly to your account. If you press the activated button and e.g. B. link the page, the plug-in provider also stores this information in your user account and publicly communicates this to your contacts. If you do not wish to be associated with your profile with the plug-in provider, you must log out before activating the button.
8.4.
The plug-in provider saves this data as a user profile and uses it for advertising, market research and/or needs-based design of its website. Such an evaluation is carried out in particular (also for users who are not logged in) to display needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact the respective plug-in provider to exercise this right.
8.5.
Further information on the purpose and scope of data processing by the plug-in provider can be found in the data protection declarations of these providers communicated below. There you will also receive further information on your rights in this regard and setting options to protect your privacy.
8.6.
Addresses of the respective providers and URL with their data protection notices:
8.6.1.
Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php
8.6.2.
Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy.
8.6.3.
LinkedIn Inc., 1000 W Maude, Sunnyvale, CA 94085, USA; https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy
8.6.4.
Xing: New York SE, D
9. Use of Third-Party Services and Content
9.1.
We use content or service offers from third-party providers within our services on the basis of our legitimate interests (ie interest in the analysis, optimization and economic operation of our services within the meaning of Art. 6 Para. 1 S. 1 lit. f. DSGVO). to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as "content"). This always presupposes that the third-party providers of this content perceive the IP address of the user, since without the IP address they could not send the content to their browser. The IP address is therefore required for the display of this content. We endeavor to only use content whose respective providers only use the IP address to deliver the content. Third-party providers can also use so-called pixel tags (invisible graphics, web beacons) for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the user's device and contain, among other things, technical information about the browser and operating system, referring websites, visiting times and other information on the use of our services, as well as being linked to such information from other sources.
9.2.
We embed the videos from the "YouTube" platform provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Data protection: https://www.google.com/policies/privacy/.
Opt-Out: https://adssettings.google.com/authenticated.
9.3.
We integrate the function for detecting bots, e.g. when making entries in online forms ("ReCaptcha") from the provider Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Data protection: https://www.google.com/policies/privacy/, Opt out: https://adssettings.google.com/authenticated.
9.4.
We integrate the maps of the “Google Maps” service provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. The processed data may include, in particular, IP addresses and location data of the users, which, however, are not processed without their consent (usually as part of the settings on their mobile devices). The data can be processed in the USA. Data protection: https://www.google.com/policies/privacy/.
Opt-Out: https://adssettings.google.com/authenticated.
10. Use of Google Analytics
10.1.
We use Google Analytics, a web analytics service provided by Google LLC (“Google”), to analyse, optimize and ensure the economic operation of our services. Google uses cookies. The information generated by the cookie about the use of our services by users is usually transmitted to a Google server in the USA and stored there. The appropriate level of data protection is guaranteed through the use of standard contractual clauses and, if necessary, further measures (see 2.2.).
The legal basis for the processing of so-called technically necessary cookies is our legitimate interest in the processing of personal data in accordance with Article 6 (1) (f) GDPR. The personal data will be deleted when they are no longer necessary for this purpose, in particular when cookies are deactivated. For technically unnecessary cookies or so-called third-party cookies, we need your consent. If you have given us your consent to the use of cookies on the basis of a notice (“cookie banner”) provided by us on the website, the lawfulness of the use is also based on Article 6 Paragraph 1 Sentence 1 lit . As soon as the data transmitted to us via the cookies is no longer required to achieve the purposes described above, this information will be deleted. Further storage can take place in individual cases if this is required by law.
10.2.
Google will use this information on our behalf to evaluate the use of our services by users, to compile reports on the activities within the services and to provide us with other services related to the use of the services and internet usage. Pseudonymous user profiles can be created from the processed data.
10.3.
We only use Google Analytics with activated IP anonymization. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there.
10.4.
The IP address transmitted by the user's browser is not merged with other Google data. Users can prevent the storage of cookies by setting their browser software accordingly; Users can also prevent the data generated by the cookie and related to their use of the services being collected by Google and the processing of this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de. This sets a so-called opt-out cookie in your browser, which prevents future collection of your data when using our service. This only applies to this browser and the end device on which you execute the link.
10.5.
We use Google Analytics including the features of Universal Analytics. Universal Analytics enables cross-device analysis of your activities when using our service. This is made possible by the pseudonymous assignment of a user ID to a user. Such an assignment takes place with registration for our service.
10.6.
The personal data of the users will be deleted or made anonymous after 14 months.
10.7.
For more information on data usage by Google, setting and objection options, see Google's privacy policy ( https://policies.google.com/technologies/ads) and in the settings for the display of advertisements by Google ( https://adssettings.google.com/authenticated).
11. Use of Google Re/Marketing Services
11.1.
We use the marketing and remarketing services (“Google Marketing Services” for short) of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA, (“Google "). The appropriate level of data protection is guaranteed through the use of standard contractual clauses and, if necessary, further measures (see 2.2.).
The legal basis for the processing of so-called technically necessary cookies is our legitimate interest in the processing of personal data in accordance with Article 6 (1) (f) GDPR. The personal data will be deleted when they are no longer necessary for this purpose, in particular when cookies are deactivated. For technically unnecessary cookies or so-called third-party cookies, we need your consent. If you have given us your consent to the use of cookies on the basis of a notice (“cookie banner”) provided by us on the website, the lawfulness of the use is also based on Article 6 Paragraph 1 Sentence 1 lit . As soon as the data transmitted to us via the cookies is no longer required to achieve the purposes described above, this information will be deleted. Further storage can take place in individual cases if this is required by law.
11.2.
The Google marketing services allow us to display advertisements for and on our website in a more targeted manner in order to only present users with advertisements that potentially match their interests. If, for example, a user is shown ads for products that he was interested in on other websites, this is referred to as "remarketing". For these purposes, when our and other websites on which Google marketing services are active are accessed, Google will immediately execute a code and so-called (re)marketing tags (invisible graphics or code, web beacons) will be inserted integrated into the website. With their help, an individual cookie, ie a small file, is stored on the user's device (comparable technologies can also be used instead of cookies). The cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file notes which websites the user visits, what content he is interested in and which offers he clicked on, as well as technical information on the browser and operating system, referring websites, visiting times and other information on the use of the services. The IP address of the user is also recorded, whereby we inform Google Analytics that the IP address is shortened within member states of the European Union or in other contracting states of the Agreement on the European Economic Area and only in exceptional cases completely to a transferred to the Google server in the USA and shortened there. The IP address is not merged with the user's data within other Google offers. The above information can also be combined by Google with such information from other sources. If the user then visits other websites, the ads tailored to his interests can be displayed to him.
11.3.
User data is processed pseudonymously as part of Google Marketing Services. This means that Google does not, for example, process the name or e-mail address of the user, but processes the relevant data in relation to cookies within pseudonymous user profiles. This means that from Google's point of view, the ads are not managed and displayed for a specifically identified person, but for the cookie owner, regardless of who this cookie owner is. This does not apply if a user has expressly allowed Google to process the data without this pseudonymization. The information collected by Google Marketing Services about users is transmitted to Google and stored on Google's servers in the USA.
11.4.
The Google marketing services we use include the online advertising program "Google AdWords". In the case of Google AdWords, each AdWords customer receives a different "conversion cookie". This means that cookies cannot be tracked via the websites of AdWords customers. The information obtained with the help of the cookie is used to create conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers find out the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information with which users can be personally identified.
11.5.
We can include third-party advertisements based on the Google marketing service "AdSense". AdSense uses cookies to enable Google and its partner websites to serve ads based on users' visits to this website and other websites on the Internet.
11.6.
We can also use the "Google Tag Manager" to integrate and manage the Google analysis and marketing services on our website.
11.7.
For more information on how Google uses data for marketing purposes, see the overview page: https://www.google.com/policies/technologies/ads, Google's privacy policy is below https://www.google.com/policies/privacy available.
11.8.
If you wish to object to interest-based advertising by Google Marketing Services, you can use the setting and opt-out options provided by Google: http://www.google.com/ads/preferences.
12. Business analysis and market research
12.1.
In order to operate our business economically, to be able to recognize market trends, customer and user requests, we analyze the data we have on business transactions, contracts, inquiries, etc. We process inventory data, communication data, contract data, payment data, usage data, metadata on the basis of Art. 6 Paragraph 1 S. 1 lit. f. GDPR, whereby the data subjects include customers, interested parties, business partners, visitors and users of the services.
12.2.
The analyzes are carried out for the purpose of business evaluations, marketing and market research. In doing so, we can take into account the profiles of the registered users with information, for example, on their purchase transactions. The analyzes serve us to increase the user-friendliness, the optimization of our services and the economic efficiency. The analyzes serve us alone and are not disclosed externally, unless they are anonymous analyzes with summarized values.
12.3.
If these analyzes or profiles are personal, they will be deleted or made anonymous upon termination by the user, otherwise after two years from the conclusion of the contract.
13. Data protection information in the application process
13.1.
We process personal data of our applicants only for the purpose and as part of the application process in accordance with the legal requirements. The processing of the applicant data takes place to fulfill our (pre-contractual obligations in the context of the application process within the meaning of Art. 6 Para. 1 S. 1 lit. b. DSGVO Art. 6 Para. 1 S. 1 lit. f. DSGVO if the data processing e.g is required for us as part of legal procedures (in Germany, the processing of applicant data is based on Section 26 (1) BDSG 2018).
13.2.
The application process requires that applicants provide us with the applicant data. The required applicant data can be found in the job description and basically includes personal information, postal and contact addresses and the documents associated with the application such as cover letter, curriculum vitae and certificates. In addition, applicants can voluntarily provide us with additional information.
13.3.
Insofar as special categories of personal data within the meaning of Art. 9 Para. 1 GDPR are processed as part of the application process, they are also processed in accordance with Art. 9 Para. 2 lit. b GDPR (e.g. health data, such as severely disabled status or ethnic origin), for German applicants in accordance with Section 26 (3) BDSG 2018. Insofar as special categories of personal data within the meaning of Article 9 (1) GDPR are requested from applicants as part of the application process, their processing is also carried out in accordance with Article 9 (2) lit DSGVO (e.g. health data if this is necessary for the exercise of the profession), for German applicants according to § 26 paragraph 3 BDSG 2018.
13.4.
If made available, applicants can send us their applications using an online form on our website. The data is transmitted to us in encrypted form using state-of-the-art technology.
13.5.
Applicants can also send us their applications via email. However, we ask you to note that e-mails are generally not sent in encrypted form and that the applicants themselves must ensure that they are encrypted. We can therefore not assume any responsibility for the transmission path of the application between the sender and receipt on our server and therefore recommend using postal delivery. Because instead of applying via an online form and e-mail, applicants still have the option of sending us their application by post.
13.6.
In the event of a successful application, the data provided by the applicants can be processed by us for the purposes of the employment relationship. Otherwise, if the application for a job offer is not successful, the data of the applicants will be deleted. The applicants' data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time.
13.7.
The deletion takes place, subject to a justified revocation by the applicant, after a period of six months, so that we can answer any follow-up questions about the application and meet our obligations to provide evidence under the Equal Treatment Act. Invoices for any reimbursement of travel expenses are archived in accordance with tax regulations.
14. Newsletters
14.1.
With the following information we inform you about the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedures as well as your corresponding rights of objection. You will only receive a newsletter from us if you subscribe to it and give us your express consent to do so.
14.2.
Content of the newsletter: We send newsletters, e-mails and other electronic notifications with advertising information (hereinafter "newsletter") only with the consent of the recipient. If the contents of the newsletter are specifically described when registering for the newsletter, they are decisive for the consent of the user. Our newsletter also contains information about our services and us.
14.3.
Double opt-in and logging: Registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registration you will receive an e-mail in which you will be asked to confirm your registration. This confirmation is necessary so that nobody can register with someone else's e-mail address. The registrations for the newsletter are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes the storage of the registration and confirmation times as well as the IP address. Changes to your data stored by the shipping service provider are also logged.
14.4.
Registration data: In order to register for the newsletter, it is sufficient if you enter your e-mail address. Optionally, we ask you to enter a name so that we can address you personally in the newsletter.
14.5.
Germany: The sending of the newsletter and the measurement of success associated with it are based on the consent of the recipient in accordance with Article 6 Paragraph 1 Clause 1 Letter a, Article 7 GDPR in conjunction with Section 7 Paragraph 2 No. on the basis of the legal permission according to § 7 Abs. 3 UWG.
14.6.
You can cancel the receipt of our newsletter at any time, ie revoke your consent. You will find a link to cancel the newsletter at the end of each newsletter. We can store the unsubscribed e-mail addresses for up to 1.5 years on the basis of our legitimate interests before we delete them in order to be able to prove a previously given consent. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for deletion is possible at any time, provided that the previous existence of consent is confirmed at the same time.
14.7.
The newsletter is sent by external shipping service providers (see Section 4.6). The shipping service provider can use the data of the recipients in pseudonymous form, ie without assignment to a user, to optimize or improve their own services, e.g. for technical optimization of the dispatch and the presentation of the newsletter or for statistical purposes. However, the shipping service provider does not use the data of our newsletter recipients to write to them themselves or to pass the data on to third parties.
14.8.
The newsletters contain a so-called "web beacon", ie a pixel-sized file that is retrieved from our server when the newsletter is opened or, if we use a shipping service provider, from their server. As part of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and the time of retrieval, are first processed. This information is used to technically improve the services based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined using the IP address) or access times. The statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. The evaluations help us to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
15. Deletion of data and retention requirements
15.1.
The data processed by us will be deleted or their processing restricted in accordance with Art. 17 and 18 GDPR. Unless expressly stated in this data protection declaration, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory storage requirements. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. This means that the data is blocked and not processed for other purposes, as we are subject to various storage and documentation obligations, which result from the German Commercial Code (HGB), the Tax Code (AO) and the Money Laundering Act (GwG). The storage and documentation periods specified there are two to ten years.
15.2.
According to legal requirements in Germany, storage takes place in particular for 10 years in accordance with §§ 147 Paragraph 1 AO, 257 Paragraph 1 No. 1 and 4, Paragraph 4 HGB (books, records, management reports, accounting documents, trading books, documents relevant to taxation , etc.) and 6 years in accordance with Section 257 Paragraph 1 Nos. 2 and 3, Paragraph 4 HGB (commercial letters).
16. Your rights (information, changes, corrections and updates)
16.1.
You have the right to request confirmation as to whether the data in question is being processed and to request information about this data as well as further information and a copy of the data in accordance with Art. 15 GDPR.
16.2.
You have accordingly. Art. 16 DSGVO the right to request the completion of the data concerning you or the correction of incorrect data concerning you.
16.3.
In accordance with Art. 17 GDPR, you have the right to demand that the data in question be deleted immediately, or alternatively, in accordance with Art. 18 GDPR, to demand a restriction of the processing of the data.
16.4.
You have the right to request that the data relating to you, which you have provided to us, be received in accordance with Art. 20 GDPR and to request their transmission to other responsible parties.
16.5.
To exercise your rights (including revocation and objection in clauses 17 and 18) and if you have any further questions on the subject of data protection, please send an e-mail to datenschutz@nx-technologies.com .
16.6.
You also have the right, in accordance with Article 77 GDPR, to lodge a complaint with the competent supervisory authority.
17. Right of Withdrawal
You have the right at any time to revoke your consent in accordance with Art. 7 (3) GDPR with effect for the future.
18. Right to Object
In the case of data processing based on our legitimate interests, you can object to the future processing of data relating to you at any time in accordance with Art. 21 GDPR. The objection can also be made in particular against processing for direct advertising purposes.
19. Data Security
We maintain current technical measures to ensure data security, in particular to protect your personal data from risks during data transmission and from third parties gaining knowledge. These are adapted in accordance with the current state of the art.
