Data protection declaration for this online offering and further information about the duty to provide information according to Art. 13 GDPR on the collection of personal data from the data subject
This data protection declaration (Version: DSGVO 1.0 from 16.06.2020) was produced by:
NIC GmbH is responsible for this online offering and, as the providers of a teleservice, we must inform you at the beginning of your visit to our website, about the type, scope and purpose of the collection and use of personal data in a precise, transparent, understandable and easily accessible way, in clear and simple language. The contents of the information must be retrievable for you at all times.
We place great value on the security of your data and compliance with the data protection regulations. The processing of personal data is subject to the regulations of the European and national laws currently in force.
We would like to show you, in the following data protection notice, how we handle your personal data and how you can contact us:
An der Stiftsbleiche 11
Commercial register number: HRB 13638
Managing director: Pete Jendras, Markus Lechner
Telephone: +49 831 5123433-0
If you have questions about data protection or other matters relating to data protection law, please send an email to the following email address: firstname.lastname@example.org
For the sake of easier reading, no gender-specific distinction is made in our data protection declaration. The terms used apply, in the context of equal treatment, to all genders.
The meaning of the terminology used, for example ‘personal data’ or its ‘processing’ can be taken from Article 4 GDPR.
The personal data processed in the context of this internet offering includes
- Inventory data (e.g. customers’ names and addresses)
- Contract data (e.g. services used, name of person responsible, payment information)
- Usage data (e.g. which pages of our online offering were visited, interest in our products) and
- Content data (e.g. input into the contact form)
Basis of Data Processing
We only process your personal data in compliance with the relevant data protection regulations. The legal grounds are:
You give your consent electronically (e.g. Newsletter registration or consent to longer storage in the online application process) implementation of our legitimate interests (i.e. interest in the analysis, optimization, and economic operation and security of our online offering, in particular range measurement, production of profiles for advertising and marketing purposes, as well as the collection of access data and the use of services from third party providers).
We would like to show you where the main legal grounds are regulated:
- Consent: Art. 6 para. 1 lit. a) and Art. 7 GDPR
- Processing to safeguard our legitimate interests: Art. 6 para. 1 lit. f) GDPR
Data transfer to third parties
No data is transferred to third parties.
Data transfers to third countries or an international organization
Third countries are countries in which the GDPR is not a directly applicable law. This basically includes all countries outside the EU, respectively, the European Economic Area.
No transfer of data to a third country or an international organization takes place without a legal basis.
Length of storage of your personal data
We adhere to the principles of data economy and data avoidance. This means that we only store your data for as long as it is needed to fulfil the previously named purposes, or as laid down by the manifold storage periods provided for by the legislator. If the relevant purpose no longer exists, respectively after expiry of the appropriate period, your data is routinely blocked, respectively erased, in accordance with the statutory provisions.
We have developed a company-internal concept to guarantee this procedure.
If you contact us by email, you consent to electronic communication. The information that you provide will be stored exclusively for the purposes of processing your inquiry and for possible follow-up questions.
You also have the option of contacting us by telephone. In this case, your data will also be processed for further communication.
We would like to advise you of the legal grounds:
- Processing to fulfil our performance and carry out contractual measures: Art. 6 para. 1 lit. b) GDPR
- Processing to safeguard our legitimate interests: Art. 6 para. 1 lit. f) GDPR
We use software to maintain our customer data (CRM system) or comparable software on the basis of our legitimate interests (quick and efficient processing of users’ enquiries).
For this, we have concluded an order processing contract with the provider, in which the provider is obliged to process user data only in accordance with our instructions and in compliance with the EU level of data protection.
We would like to advise you that emails can be read or changed, unnoticed and without authorization, during transmission.
We would also like to bring to your attention that we use software to filter unwanted emails (spam filter). Emails can be rejected by the spam filter if they are wrongly identified as spam due to the presence of certain characteristics.
What rights do you have?
You have the right to obtain information about your stored data free of charge. Upon request, we will tell you in writing, what personal data about you we have stored. This also includes the origin and recipient of your data, as well as the purpose of the data processing.
b) Right to rectification
If your data that we have stored in incorrect, you have the right to have it corrected. You can demand a limitation to the processing of your personal data, e.g. if the accuracy of your personal data is contested.
c) Right to blocking
Furthermore, you can have your data blocked. So that a blocking of your data can be taken into consideration at any time, the data must be held in a lock file for control purposes.
d) Right to erasure
You can demand the erasure of your personal data, so long as no legal storage obligation exists. If such an obligation exists, we will block your data on request. If appropriate statutory requirements are present, we will also erase your personal data without a request from yourself.
e) Right to data transferability
You are entitled to demand that the personal data transferred to us is made available in a format which enables it to be transferred to another location.
f) Right to complain to a supervisory authority
You have the option of approaching a data protection supervisory authority with a complaint.
Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 27, 91522 Ansbach, Germany
Telephone: +49 981 53-1300
Fax: +49 981 53-981300
You can access the complaint form through the following link: https://www.lda.bayern.de/de/beschwerde.html
g) Right to object
You can withdraw your consent to the processing of your data at any time, with future effect. Sending an appropriate email to email@example.com is sufficient.
However, such an objection does not affect the legality of processing procedures which we have already carried out. This does not affect data processing in respect of other legal bases, for example, such as contract initiation (See “Legal basis for data processing”)
Protection of your personal data
We take state of the art contractual, organizational and technical security measures to ensure compliance with the provisions of the data protection laws and therefore, to protect the processed data against accidental or deliberate manipulation, loss, destruction or against access by unauthorized persons.
In particular, our security measures include the encrypted transfer of data between your browser and our server. 256-bit-SSL (AES 256) encryption technology is used for this.
Therefore, your personal data is protected in the context of the following points (extract):
a) Ensuring the confidentiality of your personal data
To ensure the confidentiality of the personal data which we store, we have taken various measures to control access.
b) Ensure the integrity of your personal data
To ensure the integrity of the personal data which we store, we have taken various measures to control transfer and input.
c) Ensure availability of your personal data
To ensure the availability of the personal data which we store, we have taken various measures to control orders and availability.
The security measures employed are continually improved in accordance with technical development. Despite these precautions, because of the insecure nature of the internet, we are unable to guarantee the security of your data transfers to our online offering. For this reason, all data transfers from you to our online offering are made at your own risk.
Protection of minors
Persons who are under 16, can only provide us with their personal information with the express consent of the persons having parental responsibility or when they have reached the age of 16 or are older. These data will be processed in accordance with our data protection declaration.
Server Log Files
The provider of the pages automatically collects and stores information in so-called server log files, which are automatically transmitted to us by your browser. These are:
- Browser type and browser version
- Operating system used
- Referrer URL
- time of the server request
These data are not combined with other data sources.
The basis of the data processing is Art. 6 para, 1 lit. b. GDPR, which permits data processing for the fulfillment of a contract or precontractual measures.
Cookies are small text files which are stored locally in your internet browser’s cache. Cookies make possible, for example, internet browser recognition. The files are used to help the browser navigate through the internet offering and use all functions to their full extent.
We use browser cookies.
Control of cookies by the user
All browsers can be set so that cookies are only accepted upon request. Also, per settings, cookies can only be accepted for sites which are currently being visited. All browsers offer functions which make the selective deletion of cookies possible. The acceptance of cookies can also be deactivated generally, however this can result in limitations of the online offering’s user friendliness.
Lifespan of the cookies employed
Cookies are managed by our internet offering’s website. The internet offering uses:
Session cookies (single use)
Life spam: Until the online offering is closed
Deactivate or remove cookies (Opt-Out)
Every browser offers the option of limiting and deleting cookies. Further information about this can be obtained from the following websites:
- Internet Explorer:http://windows.microsoft.com/en-GB/windows7/How-to-manage-cookies-in-Internet-Explorer-9
- Google Chrome:https://support.google.com/chrome/answer/95647?hl=en
Web analysis service Google (Universal) Analytics
We use Google Analytics, a web analytics service provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). Google Analytics uses "cookies", text files which are stored on your computer and which enable an analysis of the use of the online offer. The information generated by the cookie about the use of this website (including the shortened IP address) is usually transferred to a Google server and stored there. This may also result in a transfer to the servers of Google LLC. in the USA.
We point out that this online offer uses Google Analytics with the extension "_anonymizeIp()" and therefore IP addresses are only processed in abbreviated form in order to exclude the possibility of direct personal references. As a result of the extension, your IP address will be previously shortened by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases your full IP address will be transferred to a Google LLC.in the USA and shortened there. In these exceptional cases, this processing is carried out in accordance with Art. 6 Para. 1 letter f DSGVO on the basis of our legitimate interest.
The IP address transmitted by your browser as part of Google Analytics is not merged with other data from Google.
On our behalf, Google will use this information on the basis of our legitimate interest in the statistical analysis of user behavior for optimization and marketing purposes. This means:
- to compile reports about the activities of our online offer.
- to provide further services to us in connection with the use of the online offer and Internet use.
- to perform a cross-device analysis of visitor flows by using a User-ID.
When a page is called up for the first time, the user is assigned a unique, permanent and anonymous ID that is set across all devices. This makes it possible to assign interaction data from different devices and from different sessions to a single user. The user ID does not contain any personal data and does not transmit such data to Google.
The collection and storage of data via the User-ID can be objected to at any time with effect for the future. To do so, you must deactivate Google Analytics on all systems that you use, e.g. in another browser or on your mobile device.
In the case of data transmission of personal data to Google LLC. based in the USA, Google LLC. has certified itself for the us-European data protection convention "Privacy Shield". This guarantees compliance with the level of data protection applicable in the EU. The current certificate can be viewed under the following link: https://www.privacyshield.gov/list
You can prevent the storage of cookies by making the appropriate setting in your browser software. However, we point out that in this case not all functions of this online offer can be used to their full extent.
You can also prevent the collection of data generated by the cookie and related to the use of the online offer (including your IP address) to Google and the processing of this data by Google by downloading and installing a browser plug-in via the following link: https://tools.google.com/dlpage/gaoptout?hl=en
As an alternative to the browser plug-in or within browsers on mobile devices, the following link applies in order to set an opt-out cookie that will prevent Google Analytics from collecting data within this online offer in the future (this opt-out cookie only works in this browser and only for this domain, delete the cookies in this browser, click the link again):
Insofar as legally required, we have obtained your consent for the processing of your data as described above in accordance with Art. 6 para. 1 lit. a) DSGVO. You can revoke your consent at any time with effect for the future. To revoke your given consent, we refer you to the aforementioned revocation options.
In addition to this online offering, we also maintain presences in various social media, which you can reach by using the appropriate icon on our website. When you visit such a presence, personal data may be transmitted to the provider of the social network. It is possible that as well as storing the concrete data which you have input into the social medium, other information will also be processed by the social network provider.
Furthermore, the social network provider may also process the most important data about the computer system from which you visit it – for example, your IP address, the type of processor used and the browser version, including plug-ins.
If you are logged into your personal user account at the respective network at the time of your visit to such a presence, the network can match the visit to the account.
For the purpose and scope of the data collection by the respective medium, as well as the further processing of your data there, please see the respective provisions of those responsible, e.g.:
- Facebook: https://de-de.facebook.com/about/privacy/
- Xing: https://privacy.xing.com/de/datenschutzerklaerung
- LinkedIn: https://www.linkedin.com/legal/privacy-policy?_l=de_DE
We would also like to point out that our website contains further links to external, third-party websites, whereby we have no influence on data processing by these third-party websites.
Use of web applications
In addition to this online offer, the presence in various social media networks, we also maintain a web application, which you can access as a registered user via the login button on our website. When using our web application, in addition to the standard storage of personal data, information required for the effective use of this application is also stored (language, session-ID, user-ID).
Google Analytics is also used for our web application in accordance with the general conditions already described. In addition, we use Google Analytics User ID reports for our web application. For these analyses, however, only the anonymized user IDs are used as a basis.
We reserve the right to adapt our data protection information at short notice so that it always complies with current legal requirements or to implement changes to our services. This may, for example, concern the introduction of new services. The new data protection information will then apply to your next visit.
Each firm or trademark named here is the property of the respective firm. The naming of brands and names is purely for informative purposes.
C. Specific provisions for Russia
The following applies to users who are residents of the Russian Federation:
The services of our online offering listed above, are not intended for citizens of the Russian Federation who are resident in Russia.
If you are a Russian citizen resident in Russia, you are expressly advised that all personal data that you make available to us over our internet offering, is exclusively at your own risk and on your own responsibility. You further agree that you will not hold us responsible for a possible breach of Russian Federation law.