In the following policy, we would like to inform you how, when and which personal data we collect and how we handle such data. We collect and process your personal data in accordance with national and European laws, in particular the German Federal Data Protection Act (BDSG) and the EU General Data Protection Regulation (EU-GDPR). If you have any further questions regarding data protection at nexnoa, please feel free to contact us at one of the telephone numbers, fax numbers or e-mail addresses listed below.
Responsible body for data processing
nexnoa GmbH
Aachener Straße 1042 a
50858 Cologne
Germany
Phone +49 172 5499035
contact@nexnoa.com
When you visit our website
In this section you will find information on data collection, data processing, data deletion, data security and the involvement of third-party providers in connection with your visit to our website www.nexnoa.com.
Server log files
Your browser automatically transmits access data (so-called “server log files”) to our servers each time you visit one of our websites. Such server log files contain the following information:
- the time of your visit,
- the page from which you visit us (referrer URL),
- the subpages visited,
- the names of requested files,
- Your IP address,
- data volume,
- the browser you are using and
- the requesting provider.
We require the aforementioned information to ensure system security and to compile usage statistics. Both purposes are in our overriding legitimate interest (Art. 6 I 1 f EU-GDPR). The respective data record will be deleted immediately after the respective purpose ceases to apply, but no later than 90 days after their collection.
Cookies
You will learn on our use of cookies via the cookie banner on the website. You will be able to make your choice as to whether you would like to consent to the use of certain or all cookies and to revoke your consent.
Please note: If you access a third-party website via a link provided on our website, please inform yourself about the data collected by use of cookies on the respective page as other and / or additional cookies may be used there.
Contact Form
Our website features a contact form. By sending a message over the contact form function, you provide us with all the data you have entered in the mandatory and non-mandatory fields and give your consent (Art. 6 I 1 a EU-GDPR) to our collecting and processing of such data. They will be processed exclusively for the purpose of handling your request and deleted no later than one year after completion of the processing.
Please note: By clicking on e-mail addresses provided on our websites, you will enter your e-mail software and transmit your message as a conventional e-mail to the address pre-filled in the recipient line. Please be informed that we have no influence on the data collection and data processing by your e-mail provider.
If you would like to learn how we process the contents of messages submitted via the contact form, please continue reading at “When you contact us” section below.
Data Security
In order to protect your personal data to the greatest extent possible we use SSL encryption (https standard). This also applies to the transmission of data via the contact form. This type of encryption is a risk-appropriate and state-of-the-art technical and organizational security measure.
Google Analytics
Our website we use the web analysis service Google Analytics provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The Google Analytics script is loaded with every page view, however, only in the case of your consent, the cookies from Google Analytics are also set on your end device and usage data is collected and evaluated. The cookies set by Google remain on your end device even after you leave our website (for up to 2 years). You can delete them from your end device.
Google Analytics cookies are only stored, and this analysis tool is only used, if you have consented to this via our cookie banner (Section 25 (2) No. 2 TTDSG, Art. 6 I 1 a, Art. 49 I 1 a EU-GDPR). No adequate level of data protection is currently ensured for the transfer of personal data to the USA. Your data may be subject to access by authorities for control and monitoring purposes against which neither effective legal remedies nor data subject rights can be enforced. Therefore, please only consent to the transfer of your data to the USA if you nevertheless agree to this. Specifically, the Google Analytics script is loaded with every page view, but only after you click “agree” will usage data be collected and transmitted to Google. If you click on “decline”, a cookie will be placed on your terminal device that prevents the analysis by Google Analytics and the setting of cookies used for this purpose by Google Analytics also during future visits to our website (“opt-out cookies”). Even if you have clicked on “agree”, you can revoke your consent at any time.
We have activated the IP anonymization function on this website. This means that your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.
You may also refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
We have concluded a data processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics. For more information on how Google Analytics handles user data, please see Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.
External Service Providers
In providing and operating our websites we work together with external service providers which we have carefully selected, whose activities we monitor and with which we have concluded data processing agreements pursuant to Art. 28 EU-GDPR. These service providers are located in Germany or in the EU.
Linking to external content
Please be informed that, where our websites link to third-party websites, we are not responsible for the content provided by such third party and have no influence on the data collection and data processing their websites. Please refer to the privacy policies provided on the respective websites.
If you communicate with us via social media
If you publish data or content (e.g. comments, videos, images or likes) on our social media presences (YouTube, LinkedIn), these will be used exclusively for the purpose of our public relations work. Processing for the purpose of publicity is in our overriding legitimate interest (Art. 6 I 1 f EU-GDPR). You can delete this data or content in accordance with the respective terms of use of the respective platform. We will not store and / or process personal content outside the respective social media platform.
We use the following services of the following providers to evaluate the use of our company profiles and thereby improve our appearance and the respective offer:
- LinkedIn Analyses
- YouTube Analytics
When you visit our company profiles, we process your data collected by means of the respective service as jointly responsible parties together with the respective provider. This data includes information about your visit or your interaction on or with our fan page, which can be related to you and may therefore qualify as personal data. Such data processing is based on our overriding legitimate interest (Art. 6 I 1 f EU-GDPR) in opening up a platform for exchanging information with you and in evaluating who visits our Fanpage in order to be able to align our content accordingly.
The respective provider undertakes to us to fulfill your rights as a data subject under Chapter 3 of the EU-GDPR. You can obtain further information on the processing of your personal data under said services at:
- https://www.linkedin.com/legal/privacy-policy?_l=de_DE
- https://policies.google.com/privacy [for YouTube]
Providers may also use cookies on our company profiles. Please note that we are not responsible for the processing of data collected by means of cookies and that we have no insight into these types of data processing.
Your job application
We thank you for your interest in our company and your application. We collect and process personal data contained in the documents you submit on the basis of your consent (Art. 6 I 1 a EU-GDPR) and for the purpose of deciding whether or not to establish an employment relationship (Art. 6 I 1 b EU-GDPR). If we contact you following an application, you can find out in section “When you contact us” how we handle the contents of the communication.
Jobs advertised
If you apply for a specific, advertised position, we will only process your application documents for the purpose of deciding whether you are suitable for the position to which the application relates. In the course of the application process, further personal data may also be collected and processed from you personally, from generally accessible sources or from former employers (Art. 6 I 1 b EU-GDPR). In addition, we are required by law to subject your person to a so-called “sanctions list check” or a so-called “anti-terror screening” in the course of which we will assess your personal data against the EU and U.S. sanctions lists. Such checks are carried out in fulfillment of our legal obligations (Art. 6 I 1 c EU-GDPR; REG 2580/2001/EG and REG 881/2002/EG).
Should your application be unsuccessful, your personal data will be deleted six months from the time the position is filled. Should your application be successful, the data collected, including your application documents, will be included in your personnel file (Art. 6 I 1 b EU-GDPR) and remain there for the duration of the employment relationship.
Unsolicited applications
Applications that do not relate to a specific position (unsolicited applications) are processed for the purpose of deciding whether or not your qualifications match any current vacancy (Art. 6 I 1 a, b EU-GDPR). In the course of the application process, further personal data may also be collected and processed from you personally, from generally accessible sources or from former employers (Art. 6 I 1 b EU-GDPR). In addition, we are required by law to subject your person to a so-called “sanctions list check” or a so-called “anti-terror screening” in the course of which we will assess your personal data against the EU and U.S. sanctions lists. Such checks are carried out in fulfillment of our legal obligations (Art. 6 I 1 c EU-GDPR; REG 2580/2001/EG and REG 881/2002/EG).
Your personal data will be deleted one year from the date of your submission unless they are still subject of ongoing application procedures. If no application procedure leads to your employment, your personal data will be deleted six months from the date on which the last position for which we have considered you is filled. If an application procedure leads to your employment, the data collected, including your application documents, will be included in your personnel file (Art. 6 I 1 b EU-GDPR) and remain there for the duration of the employment relationship.
External Career Platforms and Professional Social Networks
Insofar as we place job advertisements on external career platforms and you apply via functions provided on such platform, we receive your documents from the operators of the respecive platform. As soon as we have received your personal data, we process it in the manner described here-above. There is no further cooperation between the platform operatos and us and we have no influence on the data collection and data processing performed by such operators. Please inform yourself about the handling of your personal data on the respective platform.
We may also use platform accounts to look for and get in touch with suitable candidates. In such cases we use the platforms‘ existing features and functions and view the personal data provided by you. In case we export your personal data from a platform (e.g., via a download feature offered on the platform), we will process this data in the manner we have set out here-above with regards to unsolicited applications.
Transfer of submitted data
Personal data you provide to us in the course of an application and / or which we collect from generally accessible sources or from former employers will be processed exclusively by us. Data will only be passed on to affiliated companies within the Pfeifer & Langen group of companies if and insofar as you expressly express this wish in your application (Art. 6 I 1 a EU-GDPR).
We may use, from time to time, external service providers or digital application portals to advertise vacancies or to process applications. Providers of such services and softwares are located in Germany or in the EU, have been carefully selected, we monitor their activities and have concluded data processing agreements pursuant to Art. 28 EU-GDPR wit them.
If you contact us or cooperate with us
We are pleased that you are reaching out to us or working with us as our business partner. In this section you will find information on data collection, data processing, data deletion, data security and involvement of third-party providers in connection with a business contact.
Data collection, data processing and data deletion
In the course of a business contact, we regularly collect and process the following personal data:
- Full name
- Professional contact details (address, phone, e-mail, position, position in the company)
In addition, we may, in individual cases, ask you to provide further information, e.g. private contact data or your date of birth. Such queries are, however, limited to the absolutely necessary minimum. In particular, we make sure that there is a technical or organizational necessity behind any additional data requested.
When you communicate or collaborate with us via portals or software applications, our sytems will automatically collect IP addresses of your devices. Information on the use of cookies in our portals or software applications is provided via cookie banners in the respective application.
We process your personal data in particular to initiate future business relationships or perform our mutual obligations under existing business relationships (Art. 6 I 1 b EU-GDPR) as well as to perform anti-terror and sanctions checks on our customers, suppliers and service providers to the extent required by law (Art. 6 I 1 c EU-GDPR, REG 2580/2001/EC, REG 882/2002/EC, REG 2017/1420/EU). Other purposes may be added depending on the individual case.
Your personal data will be promptly deleted as soon as the processing purpose has ceased to exist. Insofar as data is subject to statutory retention obligations in individual cases, it will remain stored until the respective retention period has expired and will then be deleted.
Data transfer
Aforementioned data is transferred to companies within the Pfeifer & Langen Group only to the extent that we use such companies for the fulfillment of our contractual obligations (Art. 6 I 1 b EU-GDPR) or if such transfer is in our overriding, legitimate interest (Art. 6 I 1 f EU-GDPR).
Your personal data may be disclosed to authorities and courts as well as to lawyers, auditors, tax consultants, management consultants and similar service providers who are bound by legal secrecy.
External Service Providers
Your personal data is stored in our IT systems. To the extent that use external providers for IT infrastructure, IT applications and / or data processing, we select them carefully, monitor their activities and conclude with them data processing agreements in accordance with Art. 28 EU-GDPR.
We generally avoid transferring personal data to countries outside the EU. Should this occur in individual cases, we ensure an appropriate level of data protection in accordance with Art. 44 et seq. EU-GDPR at the recipient.
Your rights vis-a-vis nexnoa
In this section, you will find out which are your rights vis-a-vis us if and to the extent we collect and process your personal data. Please note that we will comply with your legitimate requests as soon as possible and free-of-charge. Please exercise your rights at the following address: contact@nexnoa.com
Pursuant to Art. 15 EU-GDPR, you can request information from us on your personal data stored by us, its origins, recipients or categories of recipients to whom we transfer your personal data, and the purpose of the processing.
Pursuant to Artt. 16 – 18 EU-GDPR, you may have a right to rectification, erasure or restriction of the processing of your personal data in individual cases. In addition, pursuant to Art. 20 EU-GDPR, you may request the transfer of your personal data to another controller. Furthermore, you may have the right to object to the processing of your personal data pursuant to Art. 21 EU-GDPR if and to the extent that this processing takes place exclusively on the grounds of our overriding, legitimate interest (Art. 6 I 1 f EU-GDPR) or to the extent that the processing is carried out for direct marketing purposes.
You can revoke your consent given to data collection and data processing (Art. 6 I 1 a EU-GDPR) at any time. In this case, we will not further process your personal data unless such further processing is permitted or required by law.
The aforementioned objections or revocations only take effect for the future and do not render past data collection and data processing inadmissible.
Finally, you have the right to complain to the competent data protection supervisory authority in accordance with Art. 77 EU-GDPR.
[Version 11 / 2022]