Privacy Policy

Datenschutzerklärung

Welcome to the Internet site www.novatec-gmbh.de of Novatec Consulting GmbH. The protection of your personal data is really important to us. For this reason, we comply strictly with the relevant legislation when collecting and processing your personal data. Below, we provide details on the scope and purpose of data collection on our website.

information obligations

icon bulb
information obligations

Information on the Collection and Processing of your personal data

Care and transparency is the basis for a trusting cooperation with our customers. We therefore inform you about how we process your data and how you can exercise your rights under the General Data Protection Regulation (GDPR). Which personal data we process for what purpose depends on the respective contractual relationship.

1. Who is responsible for the processing?

The controller is:

Novatec Holding GmbH
Bertha-Benz-Platz 1
D-70771 Leinfelden-Echterdingen

And subsidiaries:

  • Novatec Consulting GmbH
  • Novatec Solutions GmbH
  • Novatec Software Engineering Espana S.L.

2. How can I contact the data protection officer?

You can reach our data protection officer (DPO) as follows:

Lisa Rehkugler
Novatec Holding GmbH
Bertha-Benz-Platz 1
D-70771 Leinfelden-Echterdingen

E-Mail: datenschutz@novatec-gmbh.de

3. Which personal data do we use?

If you have an enquiry, have us prepare an offer or conclude a contract with us, we will process your personal data. In addition, we process your personal data, among other things, to fulfil legal obligations, to protect a legitimate interest or on the basis of a consent given by you.

Depending on the legal basis, the categories of personal data are as follows:

  • Name, Surname
  • Address
  • Communication Data (telephone, e-mail-address)
  • Date of birth
  • Nationality
  • Contract master data, especially contract number, duration, period of notice, type of contract
  • Data on creditworthiness
  • Invoice data / turnover data
  • Payment data / account data
  • Account information, in particular registration and logins
  • Video and image recordings
  • For registrations for training courses with meals
    • eating habits and intolerances

Further categories of personal data are specified in the individual order processing contract depending on the customer’s order. In the course of contract initiation, we also use data provided to us by third parties. Depending on the type of contract, the following categories of personal data are involved:

  • Information on creditworthiness (via a credit agency)

4. From which sources does the data come?

We process personal data that we receive from our customers, service providers and our suppliers.

We also obtain your data from the following sources:

  • Credit agency
  • Publicly accessible sources: commercial or association registers, debtor registers, land registers
  • Other Group companies

5. For what purposes do we process your data and on what legal basis?

We process your personal data in particular in compliance with the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) as well as all other relevant laws.

5.1 Data processing on the basis of a consent given by you (Art. 6 para. 1 lit. a GDPR)

If you have given us your voluntary consent to the collection, processing or transfer of certain personal data, then this consent forms the legal basis for the processing of this data.

In the following cases we process your personal data on the basis of your consent:

  • Sending an e-mail newsletter
  • Personalized newsletter tracking
  • Market research (e.g. customer satisfaction surveys)
  • Marketing and advertising of customer profiles
  • Publication of a customer reference (name and picture)
  • Image and sound recordings of events

5.2 For the performance of a contract (Art. 6 para. 1 lit. b GDPR)

Components are individually defined between the parties in a separate contracts.

5.3 To fulfil legal obligations (Art. 6 para. 1 lit. c GDPR)

As a company we are subject to various legal obligations. The processing of personal data may be necessary to fulfil these obligations.

  • Control and reporting obligations
  • Creditworthiness, age and identity checks
  • Prevention of criminal acts

5.4 On the basis of a legitimate interest of the controller (Art. 6 para. 1 lit. f GDPR)

In certain cases we process your data to protect our legitimate interests or that of third parties:

  • Direct advertising and opinion research
  • Central customer data management within the Group
  • Measures for building and plant safety
  • Video surveillance for the protection of domiciliary rights
  • Consultation and data exchange with credit agencies to determine creditworthiness and default risks
  • Ensuring IT security and IT operation

6. To whom will your data be passed on?

In order to fulfil our contractual and legal obligations, we will pass on your data to different public and internal places, as well as external service providers.

Companies within the Group:

  • Novatec Consulting GmbH
  • Novatec Solutions GmbH
  • Novatec Software Engineering Espana S.L.

External Service Providers:

  • IT service providers (e.g. maintenance service providers, hosting service providers)
  • Service provider for file and data destruction
  • Printing services
  • Telecommunications
  • Payment service providers
  • Consulting
  • Service Provider for Marketing or Sales
  • Credit agencies
  • Authorized dealers
  • Service provider for telephone support (Call-Center)
  • Web hosting service provider
  • Letter shops
  • Auditors and accountants

Public bodies and authorities:

Furthermore, we may also be obliged to transfer you data to other recipients, such as public authorities zu fulfil legal notification obligations.

  • Tax authority
  • Customs
  • Social insurance agency
  • law enforcement agencies

7. Will your data be transferred to countries outside the European Union (so-called third countries)?

Countries outside the European Union (and the European Economic Area “EEA”) handle the protection of personal data differently from countries within the European Union. We also use service providers located in third countries outside the European Union to process your data. There is currently no decision by the EU Commission that these third countries generally offer an adequate level of protection.

We have therefore taken special measures to ensure that your data are processed in third countries as securely as within the European Union. We conclude the standard data protection clauses provided by the Commission of the European Union with service providers in third countries. These clauses provide appropriate guarantees for the protection of your data with service providers in third countries.

8. For how long do we store your data?

We store your personal data for as long as necessary to fulfil legal and contractual obligations.

If the storage of you data is no longer necessary to fulfil the legal or contractual obligations, we will delete your data unless the transfer is necessary for one of the following purposes:

  • Fulfilment of commercial and tax storage obligations.
  • Preservation of evidence within the framework of the statutory limitation provisions. According to the statute of limitations of the German Civil Code (BGB), these statutes of limitations can in some cases be up to 30 years, the regular statute of limitations is three years.

9. What rights do you have in connection with the processing of your data?

Every data subject has the right of access under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR, the right to object under Article 21 GDPR and the right to data portability under Article 20 GDPR. The restrictions according to §§ 34 and 35 BDSG apply to the right of access and the right of erasure.

9.1 Right to object

You can object to the use of your data for advertising using electronic mail at any time without incurring any costs other than the transmission costs according to the basic rates.

What right do you have in the event of data processing for legitimate or public interest?

Pursuant to Art. 21 para. 1 GDPR, you have the right to object at any time to the processing of personal data concerning you on the basis of Art. 6 para.1 lit. e GDPR (data processing in the public interest) or Article 6 para.1 lit. f GDPR (data processing to protect a legitimate interest), this also applies to profiling based on this provision.

In the event of your objection, we will no longer process your personal data unless we can prove compelling grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

What right do you have in the event of data processing for direct marketing?

If we process your personal data for direct marketing purposes, you have the right pursuant to Art. 21 para. 2 GDPR to object at any time to the processing of personal data concerning you for the purpose of such advertising, this also applies to profiling insofar as it is associated with such direct marketing.

In the event of your objection to processing for direct marketing purposes, we will no longer process your personal data for these purposes.

9.2 Revocation of consent

You can revoke your consent to the processing of your personal data at any time. Please note that the revocation is only valid for the future.

9.3 Right to information

You may request information as to whether we have stored personal data about you. If you wish, we will inform you of the data concerned, the purposes for which the data is processed, to whom this data is disclosed, how long the data is stored and what further rights you are entitled to with regard to this data.

9.4 Further rights

In addition, you have the right to have your data corrected or deleted. If there is no reason for further storage, we will delete your data, otherwise we will restrict processing. You may also request that we provide all personal information that you have provided to us in a structured, current and machine-readable format either to you or to a person or company of your choice.

In addition, there is a right to lodge a complaint to the responsible data protection supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG).

9.5 Assertion of your rights

To exercise your rights, you can contact the controller or the data protection officer using the contact details provided or IT-Compliance at datenschutz@novatec-gmbh.de.We will process your enquiries immediately and in accordance with legal requirements and inform you of the measures we have taken.

10. Is there an obligation to provide your personal data?

In order to enter into a business relationship, you must provide us with the personal data that is necessary for the execution of the contractual relationship or that we are required to collect by law. If you do not provide us with this data, it is not possible for us to carry out and process the contractual relationship.

11. Changes to this information

If the purpose or manner of processing your personal data changes significantly, we will update this information in time and inform you about the changes.

icon bulb
information obligations for applicants

Information on the processing of your personal data
within the application process

We are pleased that you have applied to Novatec Holding GmbH. Transparency and a trustful handling of your personal data is an important basis for a good cooperation. We therefore inform you about how we process your data and how you can exercise your rights under the General Data Protection Regulation. The following information will give you an overview of the collection and processing of your personal data in connection with the application procedure.

1. Who is responsible for the processing?

The controller is:

Novatec Holding GmbH
Bertha-Benz-Platz 1
D-70771 Leinfelden-Echterdingen

And subsidiaries:

  • Novatec Consulting GmbH
  • Novatec Solutions GmbH
  • Novatec Software Engineering Espana S.L.

2. How can I contact the data protection officer?

You can reach our data protection officer (DPO) as follows:

Lisa Rehkugler
Novatec Holding GmbH
Bertha-Benz-Platz 1
D-70771 Leinfelden-Echterdingen

E-Mail: datenschutz@novatec-gmbh.de

3. Which personal data do we use?

We process your personal data, as far as they are necessary for the execution of the application procedure. This includes the following data categories:

Standard information:

  • Applicant master data (first name, last name, address, job position)
  • Qualification data (cover letter, CV, previous activities, professional qualification)
  • Work certificates and certificates (performance data, assessment data etc.)
  • Login data (e-mail, password)

Special information required due to the position to be filled

  • Police certificate of good conduct
  • Schufa creditworthiness information
  • Results of the aptitude test
  • Result of the medical aptitude test (suitable, not suitable, conditionally/restrictedly suitable)

Other information

  • Publicly accessible, job-related data, such as e.g. a profile in professional social media networks
  • Voluntary information, such as e.g. an application photo, information on severely disabled persons or other information that you voluntarily provide to us in your application.

4. From which sources does the data come?

We process personal data that we receive from you within the application process and at fairs.

or/and

We receive personal data from the following sources:

  • Other Group companies (please list)
  • Recruitment service providers

and

We process personal data that originates from public sources, e.g. professional social networks.

5. For what purposes do we process your data and on what legal basis?

We process your personal data in particular in compliance with the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) as well as all other relevant laws.

5.1 Data processing for the purpose of the application (Section 26 para. 1 BDSG)

Personal data of applicants may be processed for the purposes of the application procedure if this is necessary for the decision to establish an employment relationship with us.

The necessity and scope of the data collection are judged, among other things, by the position to be filled. If your desired position involves the performance of particularly confidential tasks, increased personnel and/or financial responsibility, or is linked to certain physical and health conditions, more extensive data collection may be necessary. In order to protect data protection, such data processing takes place only after the selection of applicants has been completed and immediately before you are hired.

5.2 Data processing on the basis of a consent given by you (Art. 6 para. 1 lit. a GDPR, Section 26 para. 2 BDSG)

If you have given us your voluntary consent to the collection, processing or transfer of certain personal data, then this consent forms the legal basis for the processing of this data.

In the following cases we process your personal data on the basis of your consent:

  • Admission to the applicant pool, this means we store the application documents beyond the current application procedure for consideration in later application procedures.
  • Share the application with Group companies

5.3 On the basis of a legitimate interest of the controller (Art. 6 para.1 lit. f GDPR)

In certain cases we process your data to protect our legitimate interests or that of third parties:

  • To defend legal claims in proceedings under the German General Equal Treatment Act (AGG). In the event of a dispute, we have a legitimate interest in processing the data for evidence purposes.
  • Data comparison with EU anti-terrorist lists in accordance with Regulations (EC) No. 2580/2001 and 881/2002: As a company, EU law obliges us to play our part in the fight against terrorism. No funds may be made available to persons and organisations on the terrorist lists (provision prohibition). We are also obliged to carry out this comparison for the AEO certificate as an “authorised economic operator”.

6. To whom will your data be passed on to?

Your data will be processed mainly by our human resources department and the department manager of the position to be filled. In some cases, however, other internal and external bodies are also involved in the processing of your data.
Internal departments:

  • Human resources department
  • Department manager

Companies in the Group:

Novatec Holding GmbH and subsidiaries as defined under point 1.

External Services Providers:

  • IT service providers (e.g. maintenance service providers, hosting service providers)
  • Service Provider for data and file destruction

In case you have further questions regarding our individual recipients, please contact us under datenschutz@novatec-gmbh.de.

7. Will your data be transferred to countries outside the European Union (so-called third countries)?

A transfer to a third country is not intended.

8. For how long do we store your data?

We store your personal data for as long as this is necessary for the decision on your application. If an employment relationship between you and us is not concluded, we may also further store data, insofar as this is necessary to defend against possible legal claims. Your data will be regularly deleted within 6 months after the end of the application process.

If an employment relationship is not established, but you have given us your consent for the further storage of your data, we will store your data until your consent is revoked, but for a maximum of further three years. On specific occasions, we may also store your data for a longer period of time for the purpose of defending us against possible legal claims.

9. What rights do you have in connection with the processing of your data?

Every data subject has the right of access under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR, the right to object under Article 21 GDPR and the right to data portability under Article 20 GDPR. The restrictions according to §§ 34 and 35 BDSG apply to the right of access and the right of erasure.

9.1 Right to object

What right do you have in the event of data processing for legitimate or public interest?

Pursuant to Art. 21 para. 1 GDPR, you have the right to object at any time for reasons arising from your particular situation to the processing of your personal data on the basis of Art. 6 para.1 lit. e GDPR (data processing in the public interest) or Article 6 para. 1 lit. f GDPR (data processing to protect a legitimate interest), this also applies to profiling based on this provision.

In the event of your objection, we will no longer process your personal data unless we can prove compelling grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

9.2 Revocation of consent

You can revoke your consent to the processing of your personal data at any time. Please note that the revocation is only valid for the future.

9.3 Right to information

You may request information as to whether we have stored personal data about you. If you wish, we will inform you of the data concerned, the purposes for which the data is processed, to whom this data is disclosed, how long the data is stored and what further rights you are entitled to with regard to this data.

9.4 Further rights

In addition, you have the right to have your data corrected or deleted. If there is no reason for further storage, we will delete your data, otherwise we will restrict processing. You may also request that we provide all personal information that you have provided to us in a structured, current and machine-readable format either to you or to a person or company of your choice.

In addition, there is a right to lodge a complaint to the responsible data protection supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG).

9.5 Assertion of your rights

To exercise your rights, you can contact the controller or the data protection officer using the contact details provided. We will process your enquiries immediately and in accordance with legal requirements and inform you of the measures we have taken.

10. Is there an obligation to provide your personal data?

There is no legal or contractual obligation to provide your personal data. However, providing your personal data is required to carry out the application process. This means, that if you do not provide this data, we will not be able to carry out the application process.

11. Changes to this information

If the purpose or manner of processing your personal data changes significantly, we will update this information in time and inform you about the changes.

Controller’s contact details

Novatec Consulting GmbH

Bertha-Benz-Platz 1

D-70771 Leinfelden-Echterdingen

Geschäftsführung: Rita Ehses, Dominik Meyer and Michael Schuchart

Data protection officer’s contact details

If you have any questions regarding the processing of your personal data, you can contact our external data protection officer directly. This also applies if you wish to request information, make claims, or lodge complaints:

Personal/confidential
FAO: Data Protection Officer
c/o Novatec Consulting GmbH
Bertha-Benz-Platz 1
D-70771 Leinfelden-Echterdingen

E-Mail: datenschutz@novatec-gmbh.de

Legal bases for data processing

The processing of personal data can be based on different legal bases. If we need your data to perform a contract with you or to respond to inquiries from you regarding a contract, the legal basis for this data processing is Art. 6 (1) sentence 1 lit. b GDPR. If we obtain your consent for a specific data processing, the legal basis is Art. 6 (1) sentence 1 lit. a GDPR. We carry out some data processing based on our legitimate interests, always considering and balancing them against your protected interests. The legal basis for this is Art. 6 (1) sentence 1 lit. f GDPR. Insofar as processing is necessary to fulfill a legal obligation to which we are subject, the legal basis is Art. 6 (1) sentence 1 lit. c GDPR.

The following notes provide a overview of what happens to your personal data when you visit this website.

Use of the website for information purposes

When the website is used purely for information purposes and no registration or transmission of information occurs (such as through a contact form), we collect the following technical information (log file data):

– operating system of the end device with which you visit our website

– browser (type, version & language settings)

– the amount of data retrieved

– the current IP address of the end device with which you visit our website

– date and time of access

– the URL of the previously visited website (referrer)

– the URL of the (sub-)page that you retrieve on the website

– the internet service provider of the accessing system

The collection of this data is technically necessary for displaying our website and ensuring its stability and security. Neither we nor our service provider are regularly aware of the identity behind an IP address. We do not combine the data listed above with other data.

The legal basis of the data processing is Art. 6 (1) sentence 1 lit. f GDPR. Since the collection of data for the provision of the website and the storage in log files are necessary for the operation of the website and protection against misuse, our legitimate interests in data processing override in this regard.

Contact

When you contact us by e-mail, telephone or via a contact form, the data you provide (your e-mail address, name and telephone number, if applicable) will be stored by us in order to answer your questions and process your requests. This data is stored and processed in a customer relationship management system (CRM), for which we use Microsoft Dynamics. The legal basis for this data processing is Art. 6 (1) sentence 1 lit. f GDPR. If we ask for any information through our contact form that is not necessary for contacting us, we have always marked this as optional. This additional information helps us understand and address your specific request and improve our handling of your given concern. This data processing is based on your consent, Art. 6 (1) sentence 1 lit. a GDPR. Insofar as this involves information on communication channels (for example, e-mail address, telephone number), you also consent to us contacting you via this communication channel, if necessary, in order to respond to your request. Of course, you can revoke this consent at any time for the future.

Your data, which we have received in the course of contacting you, will be deleted as soon as it is no longer required to achieve the purpose for which it was collected, your request has been fully processed and no further communication with you is necessary or desired by you.

As the data controller, our company has implemented numerous technical and organizational measures to ensure the highest level of protection for the personal data processed through this website. Nevertheless, internet-based data transmissions can generally have security vulnerabilities. Absolute protection cannot be guaranteed; in any case, sending unencrypted e-mails is not secure. We therefore ask you not to send sensitive data by unencrypted e-mail, but to use either encrypted communication channels (e.g. our contact form) or the postal route for this purpose.

Training

You can register for seminars or workshops via our website. For this, we need your title, name, business address, phone number, and e-mail address. Mandatory fields have been marked as such.

We use the above-mentioned data solely for the purpose of conducting the webinar. The legal basis for free webinars Art. 6 (1) sentence 1 lit. f) GDPR, and for paid webinars additionally Art. 6 (1) sentence 1 lit. b) GDPR. An encrypted connection is established between you and the online tool provider to ensure secure transmission of data. During and after the webinar, we collect statistical data. In addition to your registration data we receive information about the duration of participation, questions asked or answers given. This data is collected for the purpose of providing further customer support.

After the webinar, we will send you a one-time e-mail that includes a reference to our services and the most important information covered in the webinar.

You have the right to object to the processing of your personal data under the legal conditions (Art. 21 GDPR).

In the event of your objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms, or for the establishment, exercise or defence of legal claims. We point out that in the case of an objection, participation in a webinar may not be possible.

By clicking on ‘Participate,’ you confirm that you will not create any recordings or screenshots of this session.

Newsletter

You have the option to subscribe to various newsletters on some of our websites. Through these newsletters, we provide information about our company’s activities, current updates on our services, special offers, promotions, events, and prize competitions. A brief description of the content of each newsletter is provided during the subscription process. The legal basis for sending the respective newsletter is your consent under Art. 6 (1) sentence 1 lit. a GDPR in conjunction with § 7 (2) no. 3 UWG or the legal permission under § 7 (3) UWG.

For the registration of our newsletters, we use the so-called double opt-in procedure. This means that after you register, we will send an email to the email address you provided, asking you to confirm your subscription to the newsletter. If you do not confirm your registration, your information will be automatically deleted after 3 days.

The only mandatory information required for sending the newsletter is your email address. Providing additional data is voluntary and is used to personalize the newsletter content. Once you confirm your subscription, we will store your email address for the purpose of sending the newsletter until you decide to unsubscribe. We also retain your IP address current at the time of registration, and the time of registration as well as confirmation, for up to three years after registration (statute of limitations). This procedure serves the purpose of being able to provide evidence of your registration in case of any uncertainty and to investigate any potential misuse of your personal data. The legal basis for logging the registration is our legitimate interest under Art. 6 (1) sentence 1 lit. f GDPR, which allows us to prove a previously given consent as specified in Article 7(1) of the GDPR.

You have the right to revoke your consent to receive the newsletter and unsubscribe at any time. You can do so by clicking on the unsubscribe link provided in each newsletter email or by sending an email to marketing@novatec-gmbh.de.

This website uses the “MailChimp” service of the provider Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA, for sending newsletters. MailChimp is a service that allows for the organization and analysis of newsletter campaigns. Data necessary for newsletter subscription, such as your email address, are stored on MailChimp’s servers in the USA. MailChimp enables us to analyze our newsletter campaigns. For example, when you open an email sent through MailChimp, a web beacon (a file included in the email) connects to MailChimp’s servers in the USA to determine if a newsletter message has been opened and which links, if any, have been clicked. Additionally, device-specific information such as the time of access, IP address, browser type, and operating system are recorded. This information cannot be attributed to individual newsletter recipients and is used solely for statistical analysis of newsletter campaigns. The results of these analyses can be used to tailor future newsletters to better suit the recipients’ interests. For more details, please refer to MailChimp’s privacy policy at: https://mailchimp.com/legal/terms/.

Data transfers by MailChimp to the USA are based on EU standard contractual clauses to ensure compliance with European data protection standards in the USA.

The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of MailChimp after you unsubscribe from the newsletter. Data that has been stored by us for other purposes (e.g. email addresses for the member area) remains unaffected by this.

If you do not want any analysis by MailChimp, you should unsubscribe from the newsletter. In each newsletter, we provide a link for this purpose. You have the right to revoke your consent and unsubscribe from the newsletter at any time. Please note that the legality of any data processing activities that have already been carried out will not be affected by your revocation.

Cookies

Cookies are data that are stored on your computer by a website you visit and enable your browser to be reassigned. Cookies transmit information to the entity that sets the cookie. Cookies can store various information, such as your language setting, the duration of your visit to our website, or your entries made there. This avoids having to re-enter necessary form data each time you use it. The information stored in cookies can also be used to recognize preferences and customize our services based on your preferred areas of interest.

There are different types of cookies: Session cookies are sets of data that are only temporarily held in memory and deleted when you close your browser. Permanent or persistent cookies are automatically deleted after a specified duration, which can vary depending on the cookie. The information can also be stored in text files on your computer with this type of cookies. However, you can also delete these cookies at any time through the settings of your browser.

First-party cookies are set by the website you are currently visiting. Only that website is allowed to read information from these cookies. Third-party cookies are set by organizations that are not the operator of the website you are visiting. These cookies are used, for example, by marketing companies.

The legal bases for possible processing of personal data through cookies and their storage duration can vary. Insofar as you have given us your consent, the legal basis is Art.6 (1) sentence 1 lit. a GDPR. If data processing is based on our overriding legitimate interests, the legal basis is Art. 6 (1) sentence 1 lit. f GDPR. The stated purpose then corresponds to our legitimate interests.

We use cookies to ensure the proper operation of the website, provide essential functionalities, measure reach, and, with your consent, to customize our services based on your preferred areas of interest.

The cookies used on this website are:

[Name]: [Persistent/Session] [First-party/Third-party] [Purpose] [Storage duration]

Example: _ga: Persistent third-party cookie for the purpose of distinguishing users as part of tracking by Google Analytics. The storage duration is X months.

OR

Table: Name  Provider  Purpose  It should be deleted after X

You can delete cookies already stored on your end device at any time. If you want to prevent the storage of cookies, you can do this through the settings in your internet browser. Instructions for common browsers can be found here: Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Google Chrome mobile, Microsoft Edge Browser, Safari, Safari mobile. Alternatively, you can also install so-called ad-blockers. Please note that individual features of our website may not function if you have disabled the use of cookies.

When accessing our website, all users of our website are also informed by an information banner about our use of cookies and referred to this data protection policy. As a user, you will also be asked for your consent to the use of certain cookies, in particular for the personalization of services and for marketing measures. Once you have given your consent, you can revoke it at any time with future effect by…[Description of the revocation option; example: by calling up the cookie administration via the following link and unchecking the box next to the processing to which you had consented].

Advertising

We use cookies for marketing purposes to target our users with interest-based advertising. In addition, we use the cookies to limit the likelihood of an ad being played and to measure the effectiveness of our advertising efforts. This information may also be shared with third parties, such as ad networks. The legal basis for this is Art. 6 sentence 1 lit. and lit. f of the GDPR. There is a legitimate interest in conducting direct marketing for the purposes pursued through the data processing. You have the right to object to the processing of your data for the purpose of such advertising at any time. For this, we provide you with opt-out options of the respective services below. Alternatively, you can prevent the setting of cookies in your browser settings.

Google Ads (formerly Google AdWords), Remarketing, and Conversion Tracking

We use the Google Ads service. Google Ads is an online advertising program from Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. The controller for users in the EU/EWR and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

This means that we place Google Ads and also use Google Remarketing and Conversion Tracking as part of this. The ads are displayed after search queries on websites of the Google advertising network. In addition, we use Ads Remarketing Lists for search ads. This allows us to customize search ad campaigns for users who have visited our website before. Through these services, we have the possibility to combine our ads with certain search terms or to display ads for previous visitors in which, for example, services are advertised that the visitors have viewed on our website. This enables us to deliver interest-based advertising to users of our website on other websites within the Google advertising network (such as a ‘Google ad’ within Google Search or on other websites).

An analysis of online user behavior is necessary for interest-based offers. Google uses cookies to perform this analysis. When clicking on an ad or visiting our website, a cookie is set on the user’s computer by Google. These cookies have a term of 90 days. The information collected by means of the respective cookie is used to target the visitor in a subsequent search query. Further information on the cookie technology used can also be found in Google’s notes on website statistics and in the privacy policy. With the help of this technology, Google and we as a customer receive information about the fact that a user has clicked on an advertisement and has been redirected to our web pages. The information obtained in this way is used exclusively for statistical evaluation for ad optimization. We do not receive any information with which visitors can be personally identified. Your IP address is transmitted to Google, but since we use Google Analytics IP masking on this website, your IP address is anonymized. The statistics provided to us by Google include the total number of users who clicked on one of our ads and, if applicable, whether they were redirected to a page on our website that is tagged with a conversion tag. Based on these statistics, we can track which search terms were clicked on our ad particularly often and which ads lead to the user contacting us via the contact form.

Insofar as data is processed outside the EEA, where there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish a secure level of data protection.

You can find more information on data protection in the context of Google Ads at: https://policies.google.com/technologies/ads?hl=de

The data collection and storage only takes place after explicit consent according to Art. 6 (1) sentence 1 lit. a) GDPR. This consent can be revoked at any time with effect for the future.

If you do not want your visit to be included in the user statistics, you can prevent this by preventing the storage of the cookies required for these technologies, for example, via the settings of your browser.

You also have the option to select the types of Google ads or disable interest-based ads on Google via the ads setting. Alternatively, you can disable the use of cookies by third parties by accessing the Network Advertising Initiative’s deactivation guide.

However, both we and Google still receive statistical information about how many users have visited this page and when. If you also do not want to be included in these statistics, you can prevent this with the help of additional browser programs (for example, the Ghostery add-on)

Google Analytics

As far as you have given your consent, Google Analytics, a web analysis service from Google LLC, is used on this website. The controller for users in the EU/EWR and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).

Scope of Processing

Google Analytics uses cookies that are stored on your computer and that enable the analysis of your website usage. The information collected by the cookie on your usage of this Website is generally transmitted to a Google server in the USA and is stored there.

In Google Analytics 4, the anonymization of IP addresses is activated by default. Due to IP anonymization, your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. The IP address transmitted by your browser within the context of Google Analytics will not be merged with other Google data.

During your website visit, your user behavior is recorded in the form of “events”. Events can be:

  • Page views
  • First visit to the website
  • Start of session
  • Your “click path”, interaction with the website
  • Scrolls (whenever a user scrolls to the bottom of the page (90%))
  • Clicks on external links
  • Internal search queries
  • Interaction with videos
  • Viewed/clicked ads

In addition, the following is recorded:

  • Your approximate location (region)
  • Your IP address (in shortened form)
  • Technical information about your browser and the devices you use (e.g., language setting, screen resolution)
  • Your Internet provider
  • The referrer URL (via which website/advertising medium you came to this website)

Purposes of Processing

On behalf of the operator of this Website, Google uses this information to evaluate your (pseudonymous [NOT WHEN USING USER-ID]) usage of the Website, compile reports on Website activities. The reports provided by Google Analytics serve to analyze the performance of our website [OPTIONAL] and the success of our marketing campaigns.

Recipients

The recipients of the data are/may be

  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as data processor under Art. 28 GDPR)
  • Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
  • Alphabet Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

It cannot be guaranteed that U.S. authorities will not access the data stored by Google.

Transfer to Third Countries

Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies against access by authorities.

Duration of Storage

The data that we send and link to cookies are automatically deleted after 2 or 14 months. Data whose retention period has been reached is deleted automatically once a month.

Legal Basis

The legal basis for this data processing is your consent according to Art. 6 (1) sentence 1 lit. a GDPR.

Revocation of Consent

You can revoke your consent at any time with effect for the future by accessing the cookie settings HERE and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until the revocation remains unaffected.

Alternatively, you can prevent cookies from being stored in the first place by setting your browser software accordingly. However, if you set your browser to refuse all cookies, you may experience limitations in functionality on this and other websites. In addition, you can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google, by

a. not giving your consent to the setting of the cookie or

b. downloading and installing the browser add-on to deactivate Google Analytics HERE.

For more information on Google Analytics’ terms of use and Google’s privacy policy, please visit https://marketingplatform.google.com/about/analytics/terms/de/ and https://policies.google.com/?hl=de.

Google Tag Manager

For the sake of transparency, we would like to point out that we use the Google Tag Manager of the provider Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. The controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

The Google Tag Manager itself does not collect any personal data. Google Tag Manager makes it easier for us to integrate and manage our tags. Tags are small code elements used for various purposes, including measuring traffic and visitor behavior, assessing the impact of online advertising and social channels, establishing remarketing and targeting, and testing and optimizing websites. We use the Tag Manager for the Google Analytics service. If you have chosen to deactivate it, Google Tag Manager will respect this deactivation. For more information about the Google Tag Manager, please visit: https://www.google.com/intl/de/tagmanager/use-policy.html.

Facebook Conversion Tracking Pixel

We use the Custom Audiences service of Meta Platforms, Inc., 1601 S. California Avenue, Palo Alto, CA 94304, USA (hereinafter referred to as “Facebook”) as part of our usage-based online advertising. For this purpose, we define target groups of users in the Facebook Ads Manager based on certain characteristics, who are subsequently shown ads within the Facebook network. Users are selected by Facebook based on the profile information they provide, and other data provided through their use of Facebook. If a user clicks on an advertisement and subsequently arrives on our website, Facebook receives the information that the user has clicked on the advertising banner via the Facebook pixel embedded on our website.

In general, a non-reversible and non-personal checksum (hash value) is generated from your usage data, which is transmitted to Facebook for analysis and marketing purposes. A Facebook cookie is set in the process. This collects information about your activities on our website (e.g., surfing behavior, subpages visited, etc.). Your IP address is also stored and used for the geographic targeting of advertising.

We do not use Facebook Custom Audiences via customer lists, nor do we use the ‘Advanced Match’ feature.

For more information about the purpose and scope of data collection and the further processing and use of data by Facebook, as well as your settings options for protecting your privacy, please refer to Facebook’s privacy policy. You can make settings regarding which advertisements are displayed to you on Facebook under this link and in the Facebook account settings.

You can prevent data collection by the Facebook pixel by clicking on the following link: [Disable Tracking]

An opt-out cookie (persistent HTML5 storage object) is set to prevent the future collection of your data when visiting this website.

You can also prevent the storage of cookies altogether by selecting the appropriate settings on your browser software. However, we would like to point out that in this case you may not be able to use all functions of our website to their full extent. You can find further options for deactivating cookies by third-party providers at www.networkadvertising.org/managing/opt_out.asp or on the Digital Advertising Alliance Opt-Out Platform at http://optout.aboutads.info/?c=2&lang=en.

Microsoft Dynamics

We use the Microsoft Dynamics 365 Cloud for Marketing tool provided by Microsoft (Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland) to carry out marketing activities, for analysis purposes as well as for targeting customers and potential customers. Microsoft Dynamics uses the following cookies:

Long-term behavioral-analysis cookie: The cookie enables Marketing to score leads based on their level of interaction with a given website. The cookie contains no personal information but does uniquely identify a specific browser on a specific machine, and Marketing can use it to correlate this ID with an actual contact in the Marketing database. The cookie remains active for two years.

Short-term, single-visit cookie: Dynamics 365 Marketing uses this cookie to all page loads by a given visitor that are recorded by the same behavioral-analysis script and that occur within the configured time frame. The cookie will consider all of these as part of a single “visit” to the website.

The legal basis is your consent in accordance with Article 6 para. 1 lit. a) GDPR. You can find more information on data protection in Microsoft’s privacy policy at https://privacy.microsoft.com/de-de/privacystatement.

Users can find more information on the use of cookies in connection with the system at https://docs.microsoft.com/de-de/dynamics365/customer-engagement/marketing/cookies.

Podigee

We use the podcast hosting service Podigee of the provider Podigee GmbH, Schlesische Straße 20, 10997 Berlin, Germany on our website to display podcasts and make them available. The podcasts are thereby loaded by Podigee or transmitted via Podigee.

In this context, Podigee processes IP addresses and device information to facilitate podcast downloads/playbacks and to generate statistical data, such as retrieval figures. This data is anonymized or pseudonymized before being stored in Podigee’s database unless it is required for podcast provision.

The legal basis for this processing is your consent, in accordance with Art. 6 (1) sentence 1 lit. a of the GDPR.

The processed data will be deleted in accordance with legal requirements as soon as the purpose for storage has expired or you have withdrawn your consent. For further information and options to object, please refer to the privacy policy of Podigee: https://www.podigee.com/de/about/privacy/.

Snapaddy

We use the software “snapADDY” provided by snapADDY GmbH, Haugerkirchgasse 7, 97070 Würzburg, for more efficient lead generation.

With the assistance of the software, potential contacts from potentially interested companies are identified. This is done automatically; profiles on the business networks Xing and LinkedIn are scanned and transferred to our CRM system. Publicly available data that you have published in your Xing and/or LinkedIn profile is processed. These data may be supplemented by company data from the Impressum of your company’s website or other public sources.

The legal basis for the processing is your consent in accordance with Art. 6 (1) sentence 1 lit. a GDPR and § 25 (1) TTDSG. You can revoke your consent at any time with effect for the future.

The processing of personal data takes place exclusively within the EEA. The collected data is not shared with other companies or used to build a contact database. We have concluded a data processing agreement with snapADDY and fully implement the strict requirements of the German data protection authorities when using snapADDY.

The data will be stored for a period of (xx).

You can find more information about data protection at snapADDY at https://www.snapaddy.com/de/legal/datenschutz.html.

Transmission of data to third parties

Your personal data will not be transferred to third parties unless we are legally obligated to do so, or the data transfer is necessary to fulfill our contractual relationship with you, or you have previously expressly consented to the transfer of your data.

External service providers and partner companies, such as online payment providers or a shipping company commissioned with delivery, only receive your data to the extent to which this is required in order to handle your inquiry. In such cases, the scope of transmitted data is kept to the minimum required. Insofar as our service providers process your personal data on our behalf, we ensure in the context of order processing according to Art. 28 GDPR that they comply with the provisions of the data protection laws in the same way. Please also note the data privacy policy of the respective providers. The respective service provider is responsible for the content of third-party services, whereby we check the services for compliance with the legal requirements within the scope of reasonableness.

We strive to process your data within the EU/EEA. However, there may be cases where we use service providers that process data outside the EU/EEA. In such cases, we ensure that an adequate level of data protection, comparable to the standards within the EU, is established with the recipient before transferring your personal data. This can be achieved through means such as EU standard contractual clauses, Binding Corporate Rules, or special agreements to which the company may be subject.

Data Security

We have taken technical and organizational security measures to protect your data managed by us from accidental or deliberate manipulation, loss, destruction, or access by unauthorized persons. Our security measures are improved constantly in accordance with Internet technological development.

Your Rights

You have the right to obtain from us confirmation as to whether we are processing personal data concerning you. If we have processed data about you, you are entitled to further rights of access as specified in Article 15 GDPR. Additionally, you have the right to rectification (Article 16 GDPR), the right to restriction of processing (Article 18 GDPR), the right to erasure (Article 17 GDPR), and the right to data portability (Article 20 GDPR) under the respective legal conditions.

Under the legal requirements, you have the right to object to the processing (Art. 21 GDPR).

To exercise your above rights, please contact us by email at datenschutz@novatec-gmbh.de or by mail at the company address. The exercise of your above rights is free of charge for you.

Without prejudice to another administrative or judicial remedy, you have the right at any time to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of your personal data infringes upon the General Data Protection Regulation (Art. 77 GDPR).

The supervisory authority responsible for us is the Baden-Wuerttemberg State Commissioner for Data Protection and Freedom of Information. You can reach them at the following contact details:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg

Lautenschlagerstraße 20
70173 Stuttgart

poststelle@lfdi.bwl.de

Telefon:           0711/61 55 41 – 0; Telefax:    0711/61 55 41 – 15

August 2023

General inquiries

We look forward to tackling your challenges together and discussing suitable solutions. Contact us - and get tailored solutions for your business. We look forward to your contact request!

Contact Us