Privacy Policy of noventum consulting GmbH
1. GENERAL
We appreciate your interest in our company and our services and would like you to feel safe when visiting our web pages, even with respect to the protection of your personal data. noventum is taking the protection of your personal data very seriously. Compliance with the provisions of the General Data Protection Regulation, the German Federal Data Protection Act (Bundesdatenschutzgesetz), as well as of any other applicable data protection regulations is a matter of course for noventum consulting.
2. YOUR POINT OF CONTACT IN CASE OF COLLECTION OF YOUR DATA
2.1 Controller within the meaning of the General Data Protection Regulation
In accordance with Art. 4 Par. 7 GDPR, the Controller is:
noventum consulting GmbH
Münsterstraße 111
48155 MünsterGermany
info@noventum.de
Available to you as editorially responsible party and point of contact in case of the collection of your data is:
noventum consulting GmbH
Dr. Matthias Rensing
Münsterstraße 111
48155 Münster
Germany
Tel.: +49 163 49302-13
E-mail: matthias.rensing@noventum.de
2.2 Data Protection Officer of noventum
If you have any additional questions regarding our notes regarding data protection and the processing of your personal data, please contact the Data Protection Officer of noventum consulting GmbH, Dr. Frank Gutberlet, directly. He will also be available to you as point of contact with respect to your rights as data subject, as well as for suggestions or complaints.
noventum consulting GmbH
Dr. Frank Gutberlet
Münsterstraße 111
48155 Münster
Germany
Tel.: +49 163 49302-21
E-mail: frank.gutberlet@noventum.de
3. Personal data
At noventum, appropriate technical and organisational measures have been deployed to protect your personal data. We process your personal data based on the principles of Art. 5 Par. 1 GDPR: Lawfulness, transparency, fairness, purpose limitation, data minimisation, accuracy, storage limitation, and confidentiality. All employees and all third parties involved in the data processing are sworn to the General Data Protection Regulation and to the German Federal Data Protection Act and to the confidential handling of personal data.
Personal data is any and all information relating to an identified or identifiable natural person. In general, noventum is using the personal data you have made available to respond to your inquiries or to provide you with access to certain information or offers. noventum is processing your personal data collected within the context of the website exclusively for the intended purpose.
To maintain customer relations, it may also be necessary for noventum consulting or a contracted service provider to use this personal data to inform you about product offers that are beneficial to your business activities or to perform online surveys to better serve the tasks and requirements of our customers. Of course, it will be respected if you do not want to grant your personal data for the support of customer relations (in particular for direct marketing or market research purposes). Therefore, noventum consulting will neither sell nor otherwise market your personal data to third parties.
The collection of personal data as well as its transfer to government institutions and offices entitled to said information will only take place within the framework of the applicable laws and/or if noventum consulting is required to do so due to a court order.
noventum will store the data only as long as is necessary, in general, for responding to your inquiry, unless statutory retention periods apply.
Listed below are the individual processing activities.
3.1 Data collection in case of informational utilisation of the website
In case of a merely informational utilisation of the website, i.e., if you do not actively communicate information to us, we only collect the personal data that your browser transmits to our server. If you want to use our website, we collect the following data that is technically required to display our website to your and that ensures stability and security (the legal basis is Art. 6 Par. 1 S. 1 lit. f GDPR):
• IP address• Date and time of the request
• Time zone difference to Greenwich Mean Time (GMT)
• Content of the request (specific page)
• Access status / HTTP status code
Respective volume of data transmitted
• Website from which the request comes
• Browser
• Operating system and its user interface
• Language and version of the browser software
3.2 Data collection in case of utilisation of forms
On our website, various utilisation options are available to you in which a data collection occurs. You are neither legally nor contractually obligated to disclose your personal data. The data you have communicated will be deleted once its storage is no longer necessary, or the processing will be restricted if statutory storage obligations exist.
3.2.1 Data collection in case of utilisation of the contact form
You have the option to send an e-mail to us via our contact form. We treat the personal data entered as confidential and process it exclusively to respond to your contact inquiry. Once the e-mail has arrived on our server, it is exclusively read by the respective responsible employees of our company. Recipients of your personal data, in accordance with Art. 13 GDPR, are those employees who are responsible based on their area of responsibilities. A passing on to third parties outside our company is excluded. The transmission of your data is protected from access by third parties via SSL encryption. The legal basis for this processing is Art. 6 Par. 1 S. 1 lit. f GDPR. We have a legitimate business interest in the establishing of contact by (potential) customer via the contact form or, where applicable, by job applicants. Our contact form is a service we are providing, intended to facilitate a quick and uncomplicated establishing of contact for you as (potential) customer or job applicant. We want to provide you with good customer service this way. Often, the inquiries lead to the initiation of a contractual relationship. We can only respond to your contact inquiry if you fill out the specified mandatory fields.
3.2.2 Data collection in case of utilisation of the Business Culture Check-up
You have to option to participate in the Business Culture Check-up on our website. We will treat the personal data entered as confidential and process it exclusively for the analysis of the online survey. Recipients of your personal data, in accordance with Art. 13 GDPR, are those employees who are responsible based on their area of responsibilities. The transmission of your data is protected from access by third parties via SSL encryption. The legal basis for this processing is Art. 6 Par. 1 S. 1 lit. f GDPR. We have a legitimate business interest in the analysis of customer surveys conducted via contact form. The data entered into the questionnaires will be utilised only consolidated in anonymized form and for statistical purposes. If you wish to additionally be contacted by noventum, your consent in accordance with Art. 6 Par. 1 lit. a GDPR is required. A consent is a declaration of agreement in the form of a declaration with which you indicate to noventum that you agree to the processing of personal data concerning you.
A declaration of agreement for purposes other than to establish contact is not granted with it and therefore does not take place. The option to provide your declaration of agreement is available to you as a check box below your data entries.
A declaration of consent may, in accordance with Art. 7 GDPR be withdrawn at any time by notifying the Controller specified under 2.1. The withdrawal will not affect the legality of the processing up until the withdrawal. However, any further processing it then excluded.
3.3 Data collection via COOKIES
In order to design our Internet presence as attractively and comfortable as possible, we are utilising so-called “cookies” on some pages. Cookies are small text files that your browser is storing on your computer that allow for an analysis of your utilisation of this website. The utilisation of these cookies is carried out maintaining the legitimate interests of noventum on the legal basis of Art. 6 Par.1 lit. f GDPR.
Many cookies are being deleted when your browser session ends. The permanent cookies serve for recognising you again upon your next visit to our website, and make your visit easier and more effective. We are not able to directly associate your person therewith. Furthermore, cookies can neither execute programmes nor transmit viruses. They exclusively serve for making the Internet presence more user-friendly and effective, overall. You can turn off the storing of third party cookies or all cookies via the corresponding settings of your browser (no matter whether it is on a smart phone, tablet, or PC). This can, however, lead to functional restrictions when visiting our website.
3.3.1 Necessary Cookies
Necessary Cookies are a technical servicing function to use the website faultless. In this way collected data become through technical arrangements pseudonymize, whereby a classification of personal data are not possible anymore. A cookie banner informed users by visiting the website about using cookies and refered to this privacy statement.
3.3.2 Analytical Cookies
Analytical Cookies allows a analysis about user behaviour as a result of measure performance and determine in ordert to improve the website. In connection cookies are being used for days-of-inventory analysis. By means of cookies are getting produced statistical evaluation which are created in groups and not in single person. This groups are used for analysis of visitors and click behaviour. In this way collected data become through technical arrangements pseudonymize, whereby a classification of personal data are not possible anymore. A cookie banner informed users by visiting the website about using cookies and refered to this privacy statement. By clicking of the Google Analytics box user gives an agreement that noventum shall be entitled to perform the analysis. You can revoke the agreement via the cookie banner button below on the left side. With a click in the analytical cookies you can remove the hook and concurrent the agreement.
3.3.3 Cookie Listing
There are only used cookies from the provider Google.
|
Cookie Name |
Description |
Expiration Time |
|
_ga |
Used to distingiush users. |
23 months |
|
_gat |
Used to throttle request rate. |
1 minute |
|
_gid |
Used to distingiush users. |
24 hours |
For more informations:
https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
3.4. Data collection by CleverReach
In order to be able to determine the reach of our newsletter with respect to the recipient and to continuously improve our mailing presence, noventum is using – on the legal basis of and in accordance with Art. 6 Par. 1 lit. f GDPR – the services of CleverReach, an e-mail marketing software by CleverReach GmbH & Co. KG (hereinafter referred to as “CleverReach”). In this case, CleverReach is the processor of noventum consulting GmbH in accordance with Art. 28 GDPR. The parties have entered into a processing agreement.
Upon receipt of the newsletter, your processing behaviour will be statistically analysed. This is primarily done with cookies (see Section 3.3 of this Privacy Policy) and with so-called analysis programmes. The tracking measures analyse and capture what you open/click on in the personalised newsletter. With the help of the so-called conversion tracking, it can, furthermore, be analysed whether a predefined action (e.g. registration for an event) took place after clicking on the link. For additional information regarding the data analysis via CleverReach newsletters, see:
https://www.cleverreach.com/de/funktionen/reporting-und-tracking/
In accordance with Art. 21 GDPR, you may object to receiving newsletters by unsubscribing from the respective newsletter. To do so, we are making a corresponding link available in each newsletter message. The lawfulness of the data processing processes already carried out shall remain unaffected by the objection. Once an objection is raised, no newsletter will be sent to you anymore. We ask for your understanding that subsequent to your objection no sending of newsletters, even regarding other topics, is possible anymore since we are using CleverReach for all newsletters.
The storage of your data is carried out on the servers of CleverReach GmbH & Co. KG only for as long as this is necessary for the purposes for which they are being processed (in accordance with Art. 5 Par. 1 Lit. e GDPR). Personal master data that are stored with us for other purposes (e.g. e-mail addresses, first and last names) shall remain unaffected by this.
You may, at any time, take advantage of the rights as a data subject specified in Section 4 of this Privacy Policy.
Information of the third-party provider:
CleverReach GmbH & Co.KG, Mühlenstraße 43, 26180 Rastede, Germany,
E-mail: info@cleverreach.com
Privacy policy:
https://www.cleverreach.com/de/datenschutz/.
Terms & conditions of use:
https://www.cleverreach.com/de/agb/
Overview on data security in e-mail marketing: https://www.cleverreach.com/de/datensicherheit/
3.5 Data collection by GOOGLE ANALYTICS
To gain better insights into the utilisation of our website and to continuously improve our online presence, noventum is, on the legal basis of Art. 6 Par.1 lit. f GDPR, using Google Analytics, a web analysis service of Google Inc. (hereinafter referred to as “Google”). In this case, Google is the Processor of noventum consulting GmbH in accordance with Art. 28 GDPR.
Google Analytics uses “cookies” (see above). The information that the cookie generates about your use of this website (including your IP-address) is transferred to and stored on a server operated by Google in the USA. On our website, we have supplemented Google Analytics with the function of a anonymisation programme (“gat. anonymizeIp()”). The collection of your IP address is being anonymized thusly and a correlation with individual persons can be excluded. Google will use this information to evaluate your use of the website, compiling reports on website activity for the website operators and providing other services relating to website activity and internet usage. For exceptional cases in which personal data is transmitted to the USA, Google has subjected itself to the EU-US Privacy Shield Framework. Specifically, this means that a data transmission to the USA is permissible since Google is subject to the “Privacy Shield Framework” and therefore enforceable laws and effective judicial remedies are available to the data subjects. Additional information regarding this certification is available under the following link (see Data Privacy and Security): https://support.google.com/analytics#topic=1008008
Google may also transmit the collected data to third parties, if it is legally mandated to do this or to the extent where third parties are processing this data on behalf of Google. Under no circumstances will Google correlate your IP address with other Google data.
You can prevent the installation of the cookies through a corresponding setting in your browser software (see above). By downloading and installing a browser plug-in, you can, furthermore, prevent the collection of the data generated by the cookie and related to your utilisation of the website (including your IP address) by Google as well as the processing of this data by Google. The plug-in is available at: https://tools.google.com/dlpage/gaoptout?hl=en.In addition, you can deactivate (i.e., opt-out from) Google Analytics at any time. An opt-out cookie then prevents Google Analytics from collecting data upon your next visit to this website. To do so, click on: deactivate Google Analytics.
For additional information from the Privacy Center of Google Analytics, see:
https://support.google.com/analytics/answer/6004245?hl=en
Information of the third party provider:
Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland,Fax: +353 (1) 436 1001.
Terms & conditions of use:
https://www.google.com/analytics/terms/gb.html
Privacy overview:
https://support.google.com/analytics/answer/6004245?hl=en
Privacy policy:
https://policies.google.com/terms?hl=en&gl=de
3.6 Data collection by Google Maps
noventum is using the offer of Google Maps on the legal basis of Art. 6 Abs 1 S. 1 lit. f GDPR to display interactive maps to you on the website, and to enable you to comfortably use the map function. By visiting the website, Google receives information that you have called up the respective sub-page of our website. In addition, the data specified under “Collection of personal data in case of informational utilisation of the website” of this policy is being transmitted. This takes place independent of whether or not Google is providing a user account through which you are logged in or whether no user account exists. If you are logged in at Google, this data is linked directly to your account. If you do not wish for the linking with your profile to occur at Google, you must log out prior to activating the button. Google stores your data as a user profile and utilises it for purposes of advertising, market research and/or demand-oriented design of its website. Such an analysis is carried out, in particular (even for users who are not logged in), for the provision of demand-oriented advertising and in order to inform other users of the social network of your activities on our website.
You have a right to object against the creation of these user profiles wherein you have to contact Google to exercise said right. For additional information regarding the purpose and scope of the data collection and its processing by the plug-in provider, see the privacy policies of said provider. There, you also receive additional information regarding your respective rights and setup options for the protection of your privacy: http://www.google.de/intl/de/policies/privacy. Google is also processing your data in the USA and has subjected itself to the EU-US Privacy Shield Framework, https://www.privacyshield.gov/EU-US-Framework.
3.7 External links
To design our Internet presence as attractively and comfortable as possible, noventum is utilising external links (e.g. Xing, Twitter, Facebook, Google Plus). If you are using external links that are offered in the context of our web pages, this data protection policy and therewith the collection of your personal data by the owners of the respective we pages shall not apply to those links. We do not constantly check external links.
4. Rights of data subjects
Your rights in accordance with the General Data Protection Regulation
Right of Access, Art. 15 GDPR
You have the right to demand a confirmation from the responsible person under 2.1 whether personal data concerning you is being processed. If this is the case, you have the right to information about this personal data and to the information specified under Art. 15 of the General Data Protection Regulation.You will be provided with a copy of the personal data that is the subject of processing. For any other copies you would like to request, noventum reserves the right to demand reasonable remuneration based on the administrative costs.
Right to rectification, Art.16 GDPR
It may happen that personal data is incomplete or incorrect. Taking into consideration the processing of your personal data for the purpose of fulfilling the services inquired about and to maintain your own legitimate business interests, you can effect a completion or correction of your personal data by means of a supplemental declaration. noventum will immediately change your data in accordance with your declaration. Please bring this to our attention and submit a supplemental declaration; you are also welcome to communicate this to us by phone. For the completion or correction of your data, please contact the responsible person specified under 2.1.
Right to erasure, Art. 17 GDPR
Your personal data will be processed by noventum only for a period of time reasonable and required for the processing activity and will be subsequently erased. Furthermore, you can contact the responsible person listed under 2.1 at any time to have your data erased subject to the reasons stated under Art. 17 of the General Data Protection Regulation.
Right to restriction of processing, Art. 18 GDPR
You have the right to demand, from the responsible person under 2.1, the restriction of processing if one of the prerequisites stated in Art. 18 of the General Data Protection Regulation exists.
Right to data portability, Art. 20 GDPR
You have the right to demand, from the controller specified under 2.1, to receive the personal data concerning you in a structured, commonly used and machine-readable format. You have to right to transmit those data to another controller or to have them transmitted directly from one controller to another.
Right to object, Art. 21 GDPR
You have the right to object, at any time, to the processing of personal data concerning you if such a processing is carried out on the legal of accordance with Art. 6 Par. 1 S.1 lit. f GDPRVO to maintain the legitimate interests of noventum.
Upon assertion of the objection, personal data will no longer be processed unless noventum can prove compelling legitimate grounds for the processing that prevail or if the processing serves the assertion, exercising, or defending of legal claims.
The objection can be directed to the person listed under 2.1.
Right to lodge a complaint with a supervisory authority, Art. 77 GDPR
You shall have the right to lodge a complaint with a supervisory authority if the processing of your personal data is in violation of the General Data Protection Regulation.
5. Versioning of the privacy policy
noventum consulting reserves the right to change the security and data protection measures if this becomes necessary due to legislative changes or technical developments. In these cases, the notes regarding data protection will be adjusted accordingly. Please do therefore pay attention to the respective current version of the data protection policy.