Privacy Policy of Noscendo GmbH
Information about the collection and processing of your personal data
Care and transparency is the basis for a trusting cooperation with our customers. For this reason, we inform you about how we process your data and how you can exercise the rights you are entitled to under the General Data Protection Regulation. Exactly what personal data we process and for what purpose depends on the respective contractual relationship.
- Who is responsible for the data processing?
The controller for the purposes of Article 4(7) GDPR and other national data protection laws of the Member States of the European Union, as well as other provisions related to data protection, is
Noscendo GmbH
Königstraße 34
47198 Duisburg, Germany
Tel.: +49(0)20665068780
Email: info(at)noscendo.com
- How can you contact the data protection officer?
For questions, suggestions or comments on the subject of data protection and the enforcement of your rights, please contact our data protection officer:
Alexander Spanier
AS Datenschutz Consulting
Gottlieber Str. 30
78462 Konstanz
Germany
Email: dpo[at]noscendo[dot]com
- Definition of terms
In our data protection declaration, we use terms that are used and defined in the GDPR. To ensure you know what these terms mean, we would like to explain the most important terms.
3.1 Personal Data
Personal data means any information relating to an identified or identifiable natural person (hereinafter “Data Subject”). An identifiable natural person is someone who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. IP address or cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
3.2 Processing
Processing is any operation or set of operations which is performed on personal data, with or without the aid of automated procedures. This essentially includes any handling of personal data such as collection, storage, alteration, use, transmission, dissemination, erasure or destruction etc.
3.3 Controller
Controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. The controller must ensure the permissibility of the data processing through the use of technical and organisational measures, which must be reviewed regularly.
3.4 Pseudonymisation
Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific Data Subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
3.5 Processor
Processor means a natural person or legal entity, public authority, agency or other body which processes personal data on behalf of the controller.
3.6 Recipient
Recipient means a natural or legal person, public authority, agency or other body to whom personal data is disclosed, irrespective of whether or not this is a third party. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
3.7 Third Party
Third party is a natural or legal person, public authority, agency or body other than the Data Subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorised to process the data.
3.8 Consent
Consent is an expression of self-determination under data protection law. It is the freely given, specific, informed and unambiguous indication of the Data Subject’s wishes by which he or she, by a statement or another clear affirmative action, signifies agreement to the processing of personal data relating to him or her. This granted consent can be revoked at any time.
- General information on data processing
4.1 To what extent do we process personal data?
As a matter of principle, we only process your personal data to the extent necessary to provide our online offers, content and services. The collection and use of your personal data generally only takes place after consent has been given or if the processing of the data is permitted under statutory regulations.
4.2 What is the legal basis for the processing?
We process your personal data in compliance with the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) in particular, as well as all other relevant laws.
If we obtain your consent for the processing of personal data, Article 6(1)(a) GDPR serves as the legal basis for this.
In the case of processing operations that are necessary for the performance of a contract concluded between you and us or for the implementation of pre-contractual measures, Article 6(1)(b) GDPR serves as the legal basis for this.
If the processing of personal data is necessary for the fulfilment of a legal obligation to which we are subject, such as statutory storage and retention obligations, Article 6(1)(c) GDPR serves as the legal basis for this.
In the event that processing is necessary in order to protect the vital interests of the Data Subject or of another natural person, Article 6(1)(d) GDPR serves as the legal basis for this.
If the processing is necessary to protect legitimate interests of us or a third party and your interests, fundamental rights and freedoms do not outweigh the aforementioned interests, the processing of personal data is justified on the basis of Article 6(1)(f) GDPR.
If cookies or cookie-like technologies are used in the context of data processing, the storage of information in the end user’s device or access to information already stored in the end user’s device is carried out on the basis of Section 25(1) TTDSG (German Telecommunications and Telemedia Data Protection Act) in conjunction with Article 6(1)(a) GDPR, and the further data processing on the basis of Article 6(1) GDPR.
If the use of cookies is deemed absolutely necessary, this is done on the basis of Section 25(2) TTDSG and the further data processing on the basis of Article 6(1) GDPR.
4.3 Is data passed on to third parties and processors?
In principle, we do not pass on any personal data to third parties without your express consent. If, in the course of processing your data, we disclose it to third parties, transfer it to them or otherwise grant third parties access to the data, this will be done exclusively on the basis of the aforementioned legal grounds. We transmit data to payment service providers, for example, if this is necessary for the fulfilment of the contract. If we are obliged to do so legally or by judicial decision, we transfer your data to bodies entitled to this information.
We also use external service providers for the processing of your data. If data is passed on to service providers within the scope of what is known as contract data processing, this is done on the basis of Article 28 GDPR. If we process your data jointly with another controller, this is done exclusively on the basis of Article 26 GDPR.
4.4. Is data transferred to third countries?
In exceptional cases, we may allow data to be processed outside the European Union or the European Economic Area within the framework of using the third-party services.
For such cases, we have taken special measures to ensure that your data is processed in the third countries as securely as within the European Union. A transfer will be carried out primarily following your consent or on the basis of the sufficient level of security in the third country as determined by the Commission of the European Union or on the basis of the standard data protection clauses provided. These clauses provide appropriate guarantees for the protection of your data with service providers in the third country.
If these guarantees are not deemed sufficient, we examine in each individual case how the level of protection is achieved through additional technical and organisational measures.
4.5 How long do we store your data for?
We store your personal data for as long as it is necessary for the fulfilment of our legal and contractual obligations.
If the storage of data is no longer necessary to fulfil the employment relationship or to fulfil statutory duties, your data will be deleted unless the further processing of this is necessary for the following purposes:
- Retention obligations based on ISO17025;
- Fulfilment of retention obligations under commercial and tax law. These include retention periods stipulated in the German Commercial Code (HGB) or the German Fiscal Code (AO).
- Preservation of evidence within the framework of the statutory limitation provisions. According to the statutes of limitation of the German Civil Code (BGB), these limitation periods can be up to 30 years in some cases; the regular limitation period is three years.
- What rights do I have in connection with the processing of my data?
Every Data Subject has the right of access under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR, the right to object under Article 21 GDPR and the right to data portability under Article 20 GDPR. With regard to the right of access and the right to erasure, the restrictions according to Sections 34 and 35 BDSG apply.
5.1. Right to object
You can object to the use of your data for advertising purposes at any time without incurring any costs other than the transmission costs according to the basic rates.
- What right do you have in the event of data processing based on your legitimate or public interest?
You have the right under Article 21(1) GDPR, for reasons arising from your own particular situation, to object at any time to the processing of personal data relating to you that is performed on the basis of Article 6(1)(e) (data processing in the public interest) or on the basis of Article 6(1)(f) (data processing to safeguard a legitimate interest); this also applies to any profiling based on this provision.
If you do object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing is intended for the assertion, exercise or defence of legal claims.
- What right do you have in the event of data processing for direct marketing purposes?
Where we process your personal data for direct marketing purposes, you have the right under Article 21(2) GDPR to object at any time to the processing of personal data relating to you for the purposes of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.
If you object to the processing for direct advertising purposes, we will no longer process your personal data for these purposes.
5.2. Withdrawal of consent
You can withdraw your consent to the processing of personal data at any time. Please note that the withdrawal only works with future effect.
5.3. Right of access
You can request information about whether we have stored personal data about you. If you wish, we will tell you what the data is, the purposes the data is processed for, who the data is disclosed to, how long the data is stored and what other rights you have in relation to this data.
5.4. Further rights
In addition, you have the right to correct incorrect data or to have your data deleted. If there is no reason for further storage, we will delete your data, otherwise we will restrict processing. You may also request that we provide either to you or to a person or company of your choice any personal data you have given to us, namely in a structured, commonly used and machine-readable format.
5.5 Right to lodge a complaint
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement.
5.6. Exercising your rights
To exercise your rights, you can contact the controller or the data protection officer using the contact details provided. We will process your requests promptly and in accordance with the legal requirements and inform you of the measures we have taken.
- Use of the noscendo.com website
In principle, you can use our online presence at noscendo.com without disclosing your identity.
In this section, we explain when and in what context we collect data when you visit our website, when we have implemented third-party offers, how these offers work and what happens to your data.
6.1 What data is stored when you visit the website?
The provider automatically collects and stores information in server log files, which your browser sends to us automatically. This information includes:
- type of web browser/browser version;
- operating system used;
- name of your access provider;
- referrer URL;
- access status/HTTP status code;
- the amount of data transferred;
- name and URL of the retrieved file;
- host name / IP address of the accessing computer;
- date and time of the server request.
The above data is processed by us for the following purposes:
- ensuring a smooth connection to the website;
- ensuring the convenient use of the website;
- evaluating system security and stability;
- for further administrative purposes.
This data is temporarily stored in the log files of our system for a maximum of 7 days. Storage beyond this is possible, but in this case the IP addresses are shortened so that it is no longer possible to assign the requesting client and the data is anonymised.
The storage of information in the end user’s terminal equipment or the access to information takes place in accordance with Section 25(2) TTDSG. The data processing is carried out on the basis of our legal obligation to ensure IT security in accordance with Article 6(1)(c) in conjunction with Article 32 GDPR.
6.2 What data is processed within the framework of your customer account?
You can optionally create a customer account in order to be able to use Noscendo products. The personal data that is transmitted to us and stored in the process results from the respective input mask and the information provided during registration. The data entered during registration is used for the purpose of using our services. You have the option to cancel your user account at any time. In this case, your data will be deleted unless we are obliged to retain it for reasons pertaining to commercial or tax law.
Insofar as the registration serves to fulfil a contract or implement pre-contractual measures, the legal basis for the processing of the data is Article 6(1)(b) GDPR.
Within the framework of the use of our registration and login functions as well as the use of the user account, we may store the IP address and the time of the respective user action. The storage is based on our legitimate interests and serves to protect against misuse and other unauthorised use. As a matter of principle, this data is not passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so. The legal basis for this collection and storage of data is Article 6(1)(c) GDPR. The IP addresses are anonymised or deleted after [NUMBER] days at the latest.
6.3 What data is collected via our contact bar?
For questions of any kind, we offer contact via the email addresses and telephone numbers provided. In this case your personal data transmitted by email or telephone will be stored.
The data processing for the purpose of contact with us is performed in accordance with Article 6(1)(1)(a) GDPR based on your voluntarily granted consent. The data collected will be deleted after the request you have made has been dealt with, unless otherwise stated in section 4.5.
6.4 Do we send newsletters?
If you purchase goods or services from our online presence and provide your email address, we reserve the right to use this for sending newsletters with direct advertising for our own similar goods or services. This serves to safeguard our legitimate interests in addressing our users with advertising, interests which in the context of a balancing of interests are overriding.
You can object to this use of your data at any time by sending a message to the above-mentioned contact options or via the unsubscribe link in the advertising e-mail, without incurring any costs other than the transmission costs at the basic rates. If the newsletter is sent on the basis of the sale of goods or services, this is done on the basis of Section 7(3) UWG (Unfair Competition Act).
- Which cookies are set by our website?
The use of our website involves the storage of cookies on your end device. Cookies are small text files that are sent from a website to the user’s browser and stored by this. Cookies store different information which can be read by the body that sets the cookie. They usually contain a characteristic character string (ID) which allows the browser to be clearly identified when the website is visited again or when the user changes pages.
If cookies are used, the data processing is generally based on your consent according to Section 25(1) TTDSG in conjunction with Article 6(1)(a) GDPR. If we consider the use of cookies to be absolutely necessary, this is done on the basis of Section 25(2) No. 2 TTDSG. Further processing is carried out in each case in accordance with Article 6(1) GDPR.
A functional cookie is set when you visit the website:
_language
Essential cookie for language selection: This cookie stores which language the user has selected in order to immediately display the correct language on the next visit. Storage duration 365 days
ccm_consent
Used to store the Cookie Consent Agreement, which states which cookies may be set. Storage duration 365 days.
Another functional cookie is set when you access the login portal:
PHPSESSID
Technical and strictly necessary cookie that contains the session identifier. It is deleted when the browser is closed.
- What online services do we use on social media platforms?
We offer online services on various social media platforms in order to provide information and to be able to contact you. We have integrated the following social media platforms as a link on our website via the respective logo of the provider. By clicking the Logo, you will leave our website.
We have no influence on the processing of personal data by the respective platform operator. As a rule, when you visit our social media sites, the platform operator stores cookies in your browser, which store your usage behaviour or interests for market research and advertising purposes. The platform operators use the usage profiles obtained in this way – usually across multiple devices – to show you personalised advertising. The data processing may also affect persons who are not registered as users with the respective social media platform. In some circumstances, your data may be processed outside the European Union, which may make it more difficult to enforce your rights. However, when selecting such social media platforms, we make sure that the operators commit to comply with EU data protection standards.
The processing of your personal data when visiting one of our social media offers is based on our legitimate interests in a diverse external presentation of our company and the use of an effective information option as well as communication with you. The legal basis for this is the consent you have given to your platform operator in accordance with Article 6(1)(a) GDPR.
Detailed information on data processing in connection with the use of our social media services, opt-out options and the assertion of information rights can be found in the privacy policy of the relevant platform operator.
9.1 Facebook
Provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
The data processing is carried out on the basis of an agreement on the joint processing of personal data according to Article 26 GDPR. Privacy policy: https://www.facebook.com/about/privacy/
Opt-out: https://www.facebook.com/settings?tab=ads
9.2 Google+/ YouTube
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Privacy policy: https://policies.google.com/privacy
Opt-out: https://adssettings.google.com/authenticated
9.3 Twitter
Provider: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA
Privacy policy: https://twitter.com/en/privacy
Opt-out: https://twitter.com/personalization
9.4 LinkedIn
Provider: LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland
Privacy policy: https://www.linkedin.com/legal/privacy-policy
Opt-out:https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
9.5 Xing
Provider: XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany
Privacy policy: https://privacy.xing.com/de/datenschutzerklaerung
Opt-Out: https://privacy.xing.com/de/datenschutzerklaerung
- Who are our services aimed at?
Our services are aimed at adults, principally at members of the professional community. Persons under the age of 16 should not transmit any personal data to us without the consent of their parents or legal guardians.
- Amendments to the data protection declaration
This data protection declaration is currently valid and was updated in March 2022. With the continued development of our website and the offers we provide on it or as a result of changed legal or official requirements, it may become necessary to change this data protection declaration. The current data protection declaration can be accessed at any time on the website at noscendo.com/private-policy.