In the following policy, we would like to inform you how, when and which personal data we collect and how we handle such data. We collect and process your personal data in accordance with national and European laws, in particular the German Federal Data Protection Act (BDSG) and the EU General Data Protection Regulation (EU-GDPR). If you have any further questions regarding data protection at nexnoa, please feel free to contact us at one of the telephone numbers, fax numbers or e-mail addresses listed below.
Responsible body for data processing
nexnoa GmbH
Durmersheimer Straße 188 A
76189 Karlsruhe
Germany
Phone +49 173 6401358
contact@nexnoa.com
1. When you visit our website
In this section you will find information on data collection, data processing, data deletion, data security and the involvement of third-party providers in connection with your visit to our website www.nexnoa.com.
1.1 Server log files
Your browser automatically transmits access data (so-called “server log files”) to our servers each time you visit one of our websites. Such server log files contain the following information:
- the time of your visit,
- the page from which you visit us (referrer URL),
- the subpages visited,
- the names of requested files,
- Your IP address,
- data volume,
- the browser you are using and
- the requesting provider.
We require the aforementioned information to ensure system security and to compile usage statistics. Both purposes are in our overriding legitimate interest (Art. 6 I 1 f EU-GDPR). The respective data record will be deleted immediately after the respective purpose ceases to apply, but no later than 90 days after their collection.
1.2 Contact Form
Our website features a contact form. By sending a message over the contact form function, you provide us with all the data you have entered in the mandatory and non-mandatory fields and give your consent (Art. 6 I 1 a EU-GDPR) to our collecting and processing of such data. They will be processed exclusively for the purpose of handling your request and deleted if you withdraw your consent or if the enquiry is closed anyway, unless legal retention obligations require longer storage. Please note: By clicking on e-mail addresses provided on our websites, you will enter your e-mail software and transmit your message as a conventional e-mail to the address pre-filled in the recipient line. Please be informed that we have no influence on the data collection and data processing by your e-mail provider. If you would like to learn how we process the contents of messages submitted via the contact form, please continue reading at “When you contact us” section below.
1.3 Data Security
In order to protect your personal data to the greatest extent possible we use SSL encryption (https standard). This also applies to the transmission of data via the contact form. This type of encryption is a risk-appropriate and state-of-the-art technical and organizational security measure.
1.4 Cookies
You will learn on our use of cookies via the cookie banner on the website. You will be able to make your choice as to whether you would like to consent to the use of certain or all cookies and to revoke your consent.
Please note: If you access a third-party website via a link provided on our website, please inform yourself about the data collected by use of cookies on the respective page as other and / or additional cookies may be used there.
When you visit our website, we use a cookie to store language recognition information (“i18n_redirected”) which allows us to make our website available to you with your selected language settings (legal basis: § 25 Abs. 2 Nr. 2 TDDDG / German Telecommunications Telemedia Data Protection Act). The cookie stays in place for 12 months and is automatically deleted after this period.
If you wish to decline the use of cookies at all, you can block the use of cookies in your browser settings. Alternatively, visit the US site http://aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/uk/your-ad-choices/ to change the use of cookies on your device. You will still be able to visit our website but may not be able to use it in the same way.
1.5 Consent Management Tool (“cookie banner”)
In order to manage the use of cookies and other tags by our website, we use the Consent Management Platform of CookiePro. With this tool, we can inform you when you visit our website which tools we use, which of your data is processed and for what purposes. We will ask you there for your consent to use these tools, unless they are absolutely necessary for the operation of our website, and can record and store your selection and any changes that may be made to it on an ongoing basis and, if necessary, transfer it on to our cooperation partners.
We have integrated the CookiePro tool via the Google Tag Manager, a kind of organizational tool provided by Google Ireland Ltd, Dublin, which enables us, as the website operator, to organize the tools on our site and control their use. In particular, this enables us to ensure that certain tools are only activated if, after and as long as you have given your consent (and not revoked it).
Your selection on the banner, i.e. whether and if so to what extent you agree to the use of further tools or that you do not consent to this, is recorded and stored in a database for verification purposes and stored in local storage on the device used by you, in order to ensure this during your session and also thereafter during further visits to our website. For this purpose, we collect and process the following information via CookiePro in addition to your consent decision (yes / no):
- Device Information
- Browser Information
- Anonymized IP address
- Opt-in and opt-out data
- Date and time of the visits
For our verification purposes, this data is processed – in addition to being stored in the local storage of your terminal – in a database with location in the EU.
The use of this Consent Management Platform including the Google Tag Manager is necessary for us to comply with our legal obligations, to inform you about the use of the tools and to ask for your consent for all those tools that are not absolutely necessary, to collect, prove, keep and, if necessary, transfer the data to third parties. This is imperative in view of the legal requirements to be observed by us under data protection and ePrivacy law (§ 25 Abs. 2 Nr. 2 TDDDG). We will retain your decisions for as long as they are valid and for more than three years thereafter, to be able to prove whether you have consented and/or revoked your consent. This is in our legitimate interest (legal basis: Art. 6 (1) f EU-GDPR).
You can change your choice of which tools are used on our website at any time. To do so, click the button below to open the Consent Management Platform again and change your settings, e.g. to give further consent or to revoke consent you have given. These changes will be stored again in local storage on your device and will be recorded by us for verification purposes. Once you have agreed to the setting of cookies, they will not be deleted even if you revoke them. Instead, the execution of the underlying script is prevented, so we start one step ahead with the CookiePro-solution. This prevents the cookies from remaining active. They then no longer record any information and also no longer allow access to information from your device.
Since we cannot operate the site in a legally compliant manner without the use of CookiePro and Tag Manager, it is no longer possible to visit our site in the event of an objection. Both even if you do not give any consent or revoke all consent, as we necessarily rely on these tools to control the use of tools through our website, including the use of the Consent Management Platform. However, you can change your preferences directly with Google at: http://www.google.com/settings… or alternatively, you can disable the use of cookies for interest-based advertising through the Ad Network Initiative by following the instructions at https://thenai.org/opt-out/. However, you may then no longer be able to use our website in the same way.
You can find further information about data processing by CookiePro here: https://www.onetrust.com/privacy/
For more information about the data processing by Google, whose tag manager we use, please see here about the tag manager: https://www.google.com/intl/de… and here about data protection: https://policies.google.com/privacy?hl=en
1.6 Google Analytics (with consent)
This website uses the reach analysis tool of the web analytics service Google Analytics. This service is provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. The Google Analytics script is loaded each time the page is loaded. However, Google Analytics cookies will only be used on your end device and data collected and evaluated with your consent.
Google Analytics uses so-called “cookies” for this reach analysis in the event of your consent. These are text files that are stored on your computer and allow your use of the website to be analysed. Information on your use of this website that is generated by these cookies is generally transferred to a Google server in the USA and stored there.
Google Analytics cookies are only stored and these analysis tools are only used if you agree to this via our cookie banner (§ 25 Abs. 1 TDDDG; Art. 6 (1)(a) EU-GDPR). If data is transferred to the US, der EU-US Data Privacy Framework ensures an adequate level of data protection (adequacy decision of the EU-Commission) as Google is certified under the EU-US Data Privacy Framework. The Google Analytics script is loaded each time the site is loaded. However, data pertaining to your use of the site will only be collected and disclosed to Google once you click “Agree”. If you click on “Decline”, a cookie will be stored on your end device preventing analysis by Google Analytics and the use of cookies by Google Analytics for future visits to our website (“opt-out cookies”). Even if you have clicked “Agree”, you may revoke your consent at any time using the link below.
1.6.1 IP anonymisation
We have activated the IP anonymisation function on this website. This means your IP address will be shortened by Google within EU member states, or other states party to the Agreement on the European Economic Area, before being transferred to the USA. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. Google uses this information on behalf of the operator of this website to evaluate your use of the website, compile web activity reports and deliver other services pertaining to website and Internet use in relation to the website operator. The IP address transmitted from your browser as part of Google Analytics will not be matched with other Google data.
1.6.2 Browser plug-in
You can also prevent the storage of cookies through your browser settings. However, please note that this may result in you not being able to use all functions of this website to their full extent. You can also prevent the recording of data created by cookies and pertaining to your use of the website (incl. your IP address) at Google and the processing of such data by Google by downloading and installing the browser plug-in via the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
1.6.3 Revoking consent
You can prevent the recording of your data by Google Analytics and revoke any consent provided for the use of Google Analytics by clicking on the following link Change settings. This link leads to our Consent Management Platform where you can change your settings for the future.
1.6.4 Contract data processing
We have concluded a contract with Google on contract data processing and implement the strict provisions of the German data privacy authorities for the use of Google Analytics.
1.6.5 Duration of storage
Cookies used by Google remain on your end device even after you leave our website (for up to 2 years). The use of long-term cookies allows us to recognise you on your next visit to our website. This recognition is performed using cookies to optimise the content of our website. User and event-level data stored at Google which is linked to cookies, user recognition (e.g. user ID) or ad IDs (e.g. DoubleClick cookies, Android ad ID) will be anonymised or deleted after 14 months. You can find details on this at the following link: https://support.google.com/analytics/answer/7667196?hl=en
More information about the use of user data by Google Analytics can be found in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=en.
1.7 External Service Providers
In providing and operating our websites we work together with external service providers which we have carefully selected, whose activities we monitor and with which we have concluded data processing agreements pursuant to Art. 28 EU-GDPR. These service providers are located in Germany or in the EU.
1.8 Linking to external content
Please be informed that, where our websites link to third-party websites, we are not responsible for the content provided by such third party and have no influence on the data collection and data processing their websites. Please refer to the privacy policies provided on the respective websites.
2. If you communicate with us via social media
If you publish data or content (e.g. comments, videos, images or likes) on our social media presences (YouTube, LinkedIn), these will be used exclusively for the purpose of our public relations work. Processing for the purpose of publicity is in our overriding legitimate interest (Art. 6 I 1 f EU-GDPR). You can delete this data or content in accordance with the respective terms of use of the respective platform. We will not store and / or process personal content outside the respective social media platform.
We use the following services of the following providers to evaluate the use of our company profiles and thereby improve our appearance and the respective offer:
- LinkedIn Analyses
- YouTube Analytics
When you visit our company profiles, we process your data collected by means of the respective service as jointly responsible parties together with the respective provider. This data includes information about your visit or your interaction on or with our fan page, which can be related to you and may therefore qualify as personal data. Such data processing is based on our overriding legitimate interest (Art. 6 I 1 f EU-GDPR) in opening up a platform for exchanging information with you and in evaluating who visits our Fanpage in order to be able to align our content accordingly.
The respective provider undertakes to us to fulfill your rights as a data subject under Chapter 3 of the EU-GDPR. You can obtain further information on the processing of your personal data under said services at:
- https://www.linkedin.com/legal/privacy-policy?_l=de_DE
- https://policies.google.com/privacy [for YouTube]
Providers may also use cookies on our company profiles. Please note that we are not responsible for the processing of data collected by means of cookies and that we have no insight into these types of data processing.
3. Your job application
We thank you for your interest in our company and your application. We collect and process personal data contained in the documents you submit on the basis of your consent (Art. 6 I 1 a EU-GDPR) and for the purpose of deciding whether or not to establish an employment relationship (Art. 6 I 1 b EU-GDPR). If we contact you following an application, you can find out in section “When you contact us” how we handle the contents of the communication.
3.1 Jobs advertised
If you apply for a specific, advertised position, we will only process your application documents for the purpose of deciding whether you are suitable for the position to which the application relates. In the course of the application process, further personal data may also be collected and processed from you personally, from generally accessible sources or from former employers (Art. 6 I 1 b EU-GDPR). In addition, we are required by law to subject your person to a so-called “sanctions list check” or a so-called “anti-terror screening” in the course of which we will assess your personal data against the EU and U.S. sanctions lists. Such checks are carried out in fulfillment of our legal obligations (Art. 6 I 1 c EU-GDPR; REG 2580/2001/EG and REG 881/2002/EG).
Should your application be unsuccessful, your personal data will be deleted six months from the time the position is filled. Should your application be successful, the data collected, including your application documents, will be included in your personnel file (Art. 6 I 1 b EU-GDPR) and remain there for the duration of the employment relationship.
3.2 Unsolicited applications
Applications that do not relate to a specific position (unsolicited applications) are processed for the purpose of deciding whether or not your qualifications match any current vacancy (Art. 6 I 1 a, b EU-GDPR). In the course of the application process, further personal data may also be collected and processed from you personally, from generally accessible sources or from former employers (Art. 6 I 1 b EU-GDPR). In addition, we are required by law to subject your person to a so-called “sanctions list check” or a so-called “anti-terror screening” in the course of which we will assess your personal data against the EU and U.S. sanctions lists. Such checks are carried out in fulfillment of our legal obligations (Art. 6 I 1 c EU-GDPR; REG 2580/2001/EG and REG 881/2002/EG).
Your personal data will be deleted one year from the date of your submission unless they are still subject of ongoing application procedures. If no application procedure leads to your employment, your personal data will be deleted six months from the date on which the last position for which we have considered you is filled. If an application procedure leads to your employment, the data collected, including your application documents, will be included in your personnel file (Art. 6 I 1 b EU-GDPR) and remain there for the duration of the employment relationship.
3.3 External Career Platforms and Professional Social Networks
Insofar as we place job advertisements on external career platforms and you apply via functions provided on such platform, we receive your documents from the operators of the respecive platform. As soon as we have received your personal data, we process it in the manner described here-above. There is no further cooperation between the platform operatos and us and we have no influence on the data collection and data processing performed by such operators. Please inform yourself about the handling of your personal data on the respective platform.
We may also use platform accounts to look for and get in touch with suitable candidates. In such cases we use the platforms‘ existing features and functions and view the personal data provided by you. In case we export your personal data from a platform (e.g., via a download feature offered on the platform), we will process this data in the manner we have set out here-above with regards to unsolicited applications.
3.4 Transfer of submitted data
Personal data you provide to us in the course of an application and / or which we collect from generally accessible sources or from former employers will be processed exclusively by us. Data will only be passed on to affiliated companies within the Pfeifer & Langen group of companies if and insofar as you expressly express this wish in your application (Art. 6 I 1 a EU-GDPR).
We may use, from time to time, external service providers or digital application portals to advertise vacancies or to process applications. Providers of such services and softwares are located in Germany or in the EU, have been carefully selected, we monitor their activities and have concluded data processing agreements pursuant to Art. 28 EU-GDPR wit them.
4. If you contact us or cooperate with us
We are pleased that you are reaching out to us or working with us as our business partner. In this section you will find information on data collection, data processing, data deletion, data security and involvement of third-party providers in connection with a business contact.
4.1 Data collection, data processing and data deletion
In the course of a business contact, we regularly collect and process the following personal data:
- Full name
- Professional contact details (address, phone, e-mail, position, position in the company)
In addition, we may, in individual cases, ask you to provide further information, e.g. private contact data or your date of birth. Such queries are, however, limited to the absolutely necessary minimum. In particular, we make sure that there is a technical or organizational necessity behind any additional data requested.
When you communicate or collaborate with us via portals or software applications, our sytems will automatically collect IP addresses of your devices. Information on the use of cookies in our portals or software applications is provided via cookie banners in the respective application.
We process your personal data in particular to initiate future business relationships or perform our mutual obligations under existing business relationships (Art. 6 I 1 b EU-GDPR) as well as to perform anti-terror and sanctions checks on our customers, suppliers and service providers to the extent required by law (Art. 6 I 1 c EU-GDPR, REG 2580/2001/EC, REG 882/2002/EC, REG 2017/1420/EU). Other purposes may be added depending on the individual case.
Your personal data will be promptly deleted as soon as the processing purpose has ceased to exist. Insofar as data is subject to statutory retention obligations in individual cases, it will remain stored until the respective retention period has expired and will then be deleted.
4.2 Data processing by third-party providers
We have no control over what personal data is collected by these third-party providers and how they use such data. We are also not aware of how such data is processed. Please note that some of these providers are located outside of the EU and your data is therefore likely to be transmitted to third countries for which a suitable level of data privacy is not necessarily ensured. More information on the use of your data can be obtained from the relevant third-party providers:
Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, privacy policy: https://de-de.facebook.com/about/privacy/, cookie information: https://de-de.facebook.com/policies/cookies
Here also Instagram, as well as: https://help.instagram.com/519522125107875?helpref=page_content
YouTube: Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, privacy policy: https://policies.google.com/privacy?hl=de&gl=de
4.3 Data transfer
Aforementioned data is transferred to companies within the Pfeifer & Langen Group only to the extent that we use such companies for the fulfillment of our contractual obligations (Art. 6 I 1 b EU-GDPR) or if such transfer is in our overriding, legitimate interest (Art. 6 I 1 f EU-GDPR).
Your personal data may be disclosed to authorities and courts as well as to lawyers, auditors, tax consultants, management consultants and similar service providers who are bound by legal secrecy.
4.4 External Service Providers
Your personal data is stored in our IT systems. To the extent that use external providers for IT infrastructure, IT applications and / or data processing, we select them carefully, monitor their activities and conclude with them data processing agreements in accordance with Art. 28 EU-GDPR.
We generally avoid transferring personal data to countries outside the EU. Should this occur in individual cases, we ensure an appropriate level of data protection in accordance with Art. 44 et seq. EU-GDPR at the recipient.
5. Your rights vis-a-vis nexnoa
In this section, you will find out which are your rights vis-a-vis us if and to the extent we collect and process your personal data. Please note that we will comply with your legitimate requests as soon as possible and free-of-charge. Please exercise your rights at the following address: contact@nexnoa.com
Pursuant to Art. 15 EU-GDPR, you can request information from us on your personal data stored by us, its origins, recipients or categories of recipients to whom we transfer your personal data, and the purpose of the processing.
Pursuant to Artt. 16 – 18 EU-GDPR, you may have a right to rectification, erasure or restriction of the processing of your personal data in individual cases. In addition, pursuant to Art. 20 EU-GDPR, you may request the transfer of your personal data to another controller. Furthermore, you may have the right to object to the processing of your personal data pursuant to Art. 21 EU-GDPR if and to the extent that this processing takes place exclusively on the grounds of our overriding, legitimate interest (Art. 6 I 1 f EU-GDPR) or to the extent that the processing is carried out for direct marketing purposes.
You can revoke your consent given to data collection and data processing (Art. 6 I 1 a EU-GDPR) at any time. In this case, we will not further process your personal data unless such further processing is permitted or required by law.
The aforementioned objections or revocations only take effect for the future and do not render past data collection and data processing inadmissible.
Finally, you have the right to complain to the competent data protection supervisory authority in accordance with Art. 77 EU-GDPR.
[Version 04 / 2023]