We appreciate your interest in our website. Protecting your privacy is very important to us. Below, we provide detailed information about how we handle your data.
We reserve the right to update this privacy policy occasionally to ensure it complies with current legal requirements or to implement changes to our services in the privacy policy, e.g., when introducing new services. The new privacy policy will apply to your next visit.
If you have any questions about data protection, please send us an email or contact our data protection officer directly:
General Information
Responsible Entity:
NOVAZOON GmbH
Hirschstraße 2
76133 Karlsruhe
Email: mail@novazoon.de
Represented by: Bastian Deck
Data Protection Officer:
Frank Müns
Immerce Consulting GmbH
Kemptener Straße 9
D-87509 Immenstadt
YOUR RIGHT TO LODGE A COMPLAINT WITH THE COMPETENT SUPERVISORY AUTHORITY
You have the right to lodge a complaint with the data protection supervisory authority (Art. 77 GDPR).
The supervisory authority responsible for us is:
The State Commissioner for Data Protection and Freedom of Information
USE OF OUR WEBSITE
Collection of General Information
When you access our website, information of a general nature is automatically collected. This information (server log files) includes the type of web browser, the operating system used, the domain name of your Internet service provider, and similar data. This information does not allow any conclusions to be drawn about your identity. This information is technically necessary to correctly deliver the content you request from websites and is mandatory when using the Internet. Anonymous information of this kind is statistically evaluated by us to optimize our website and the underlying technology.
Cookies
Like many other websites, we also use so-called “cookies.” Cookies are small text files that are transferred from a website server to your hard drive. This automatically provides us with certain data such as IP address, browser used, operating system, and your computer’s connection to the Internet.
Cookies cannot be used to launch programs or transfer viruses to a computer. Using the information contained in cookies, we can facilitate your navigation and enable the correct display of our web pages.
Under no circumstances will the data we collect be passed on to third parties or linked to personal data without your consent.
Of course, you can generally view our website without cookies. Internet browsers are regularly set to accept cookies. You can deactivate the use of cookies at any time via your browser settings. Please use the help functions of your Internet browser to learn how to change these settings. Please note that some functions of our website may not work if you have deactivated the use of cookies.
SSL Encryption
To protect the security of your data during transmission, we use encryption methods that correspond to the current state of the art (e.g., SSL) via HTTPS.
Comment Function
When users leave comments on the blog, in addition to this information, the time of their creation and the username previously chosen by the website visitor are also stored. This serves our security, as we can be held liable for unlawful content on our website, even if it was created by users.
Contact Form
If you contact us by email or contact form, the information you provide will be stored for the purpose of processing your inquiry and for possible follow-up questions.
Deletion or Blocking of Data
We adhere to the principles of data minimization and data economy. We therefore only store your personal data for as long as is necessary to achieve the purposes stated here or as required by the various retention periods prescribed by law. After the respective purpose ceases to apply or these periods expire, the corresponding data is routinely blocked or deleted in accordance with legal regulations.
Use of Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Inc. (hereinafter: Google). Google Analytics uses so-called “cookies,” text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there.
Please note that this service may transfer data outside the European Union and the European Economic Area to a country that does not provide an adequate level of data protection. If the data is transferred to the USA, there is a risk that your data may be processed by US authorities for control and monitoring purposes without you having any legal remedies available.
Due to the activation of IP anonymization on these websites, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area beforehand. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website usage and Internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
You can prevent the storage of cookies by adjusting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and from processing this data by downloading and installing the browser plugin available at the following link: Browser add-on to disable Google Analytics.
Use of Script Libraries (Google Fonts)
To display our content correctly and attractively across all browsers, we use script libraries and font libraries such as Google Fonts on this website. Google Fonts are transferred to your browser’s cache to avoid multiple loading. If the browser does not support Google Fonts or blocks access, content will be displayed in a standard font.
Calling script libraries or font libraries automatically triggers a connection to the library operator. It is theoretically possible—although currently unclear whether and for what purposes—that operators of such libraries collect data.
You can find Google’s privacy policy here.
Use of Google Maps
This website uses the Google Maps API to visually display geographic information. When using Google Maps, Google also collects, processes, and uses data about the use of map functions by visitors. For more information about data processing by Google, please refer to Google’s privacy policy. There you can also change your personal privacy settings in the Privacy Center.
Use of Google reCAPTCHA
We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on our websites. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. reCAPTCHA is used to check whether data entry on our websites (e.g., in a contact form) is made by a human or by an automated program. To do this, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g., IP address, time spent by the website visitor on the website, or mouse movements made by the user). The data collected during the analysis is forwarded to Google. The reCAPTCHA analyses run completely in the background. Website visitors are not informed that an analysis is taking place. Data processing is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its web offerings from abusive automated spying and SPAM. For more information about Google reCAPTCHA and Google’s privacy policy, please refer to the following links: https://policies.google.com/privacy?hl=en and https://www.google.com/recaptcha/intro/android.html.
Use of Google Tag Manager
Our website uses Google Tag Manager, a tag management system from Google Inc., represented in the European area by Google Ireland Limited (hereinafter: Google).
Google Tag Manager is a service that allows website tags (tracking codes and associated code fragments) to be centrally integrated and managed. This enables simplified and streamlined integration of various services.
Google Tag Manager itself does not set cookies and does not store any data, but passes it on to the corresponding analysis tools of the website.
Use of Gravatar
The website uses the Gravatar plugin from Automattic Inc. (60 29th Street #343 – San Francisco – CA 94110 – USA). Gravatar is automatically activated on WordPress websites. The function allows user images to be displayed with published posts or comments, provided the corresponding email address is registered at www.gravatar.com.
Through this function, data is sent to Gravatar, stored, and processed there.
Gravatar is used on our website so that a user image is displayed alongside the names of the authors of our blog posts. We have refrained from using comment functionalities that would result in the transfer of data from website visitors to Gravatar.
Automattic Inc. deletes the collected data when it is no longer used for its own services and the company is not legally obligated to retain the data. Web server logs such as IP address, browser type, and operating system are deleted after approximately 30 days.
For more details on the privacy policy and what data is collected by Gravatar, please visit https://automattic.com/privacy, general information about Gravatar at https://en.gravatar.com.
Use of Gravatar
The website uses the Gravatar plugin from Automattic Inc. (60 29th Street #343 – San Francisco – CA 94110 – USA). Gravatar is automatically activated on WordPress websites. The function allows user images to be displayed with published posts or comments, provided the corresponding email address is registered at www.gravatar.com.
Through this function, data is sent to Gravatar, stored, and processed there.
Gravatar is used on our website so that a user image is displayed alongside the names of the authors of our blog posts. We have refrained from using comment functionalities that would result in the transfer of data from website visitors to Gravatar.
Automattic Inc. deletes the collected data when it is no longer used for its own services and the company is not legally obligated to retain the data. Web server logs such as IP address, browser type, and operating system are deleted after approximately 30 days.
For more details on the privacy policy and what data is collected by Gravatar, please visit https://automattic.com/privacy, general information about Gravatar at https://en.gravatar.com.
Use of LinkedIn Ads & Analytics
The LinkedIn Insight Tag used on this website is a conversion tracking and retargeting service. A corresponding JavaScript code snippet embedded on the website enables us to optimize advertising campaigns delivered via LinkedIn and re-engage website visitors.
The LinkedIn Insight Tag enables the collection of data about visits to the website, including URL, referrer URL, IP address, device and browser properties, and timestamp. IP addresses are shortened or (if used to reach members across devices) hashed. Direct identifiers of members are removed within seven days to pseudonymize the data. This remaining pseudonymized data is then deleted within 90 days.
LinkedIn does not share personal data with our website, but only provides reports and notifications (in which users are not identified) about the website audience and ad performance. LinkedIn also offers retargeting for website visitors, allowing us to display targeted advertising outside our website using this data without identifying the member. We also use data that does not identify you to improve ad relevance and reach members across devices. LinkedIn members can control the use of their personal data for advertising purposes in their account settings.
Use of SalesViewer
On this website, data is collected and stored for marketing, market research, and optimization purposes using SalesViewer® technology from SalesViewer® GmbH based on the legitimate interests of the website operator (Art. 6 para. 1 lit. f GDPR).
For this purpose, a JavaScript-based code is used to collect company-related data and its corresponding use. The data collected with this technology is encrypted using a non-reversible one-way function (so-called hashing). The data is immediately pseudonymized and not used to personally identify the visitor to this website.
The data stored as part of SalesViewer will be deleted as soon as it is no longer required for its intended purpose and there are no legal retention obligations preventing deletion.
You can object to data collection and storage at any time with effect for the future by clicking this link to prevent future collection by SalesViewer® within this website. An opt-out cookie for this website will be stored on your device. If you delete your cookies in this browser, you must click this link again.
Use of Usercentrics
For managing cookie consents, we use the Usercentrics Consent Management Platform on this website, a consent management service from Usercentrics GmbH (Sendlinger Str. 7, 80331 Munich, Germany).
The following data is collected by or through the use of this service: opt-in and opt-out data, referrer URL, user agent, user settings, consent ID, time of consent, consent type, template version, banner language.
The data is processed in accordance with Art. 6 para. 1 sentence 1 lit. c GDPR. The place of processing is the European Union (consent database is located in Belgium).
The consent data (consent and withdrawal of consent) is stored for three years. The data is then immediately deleted.
More information about the data processor’s privacy policy can be found at: https://usercentrics.com/privacy-policy/
Social Plugins
Social plugins from the providers listed below are used on our websites. You can recognize the plugins by the corresponding logo.
Through these plugins, information, which may include personal data, may be sent to the service provider and possibly used by them. We prevent the unconscious and unwanted collection and transmission of data to the service provider through a 2-click solution. To activate a desired social plugin, it must first be activated by clicking the corresponding button. Only by activating the plugin is the collection of information and its transmission to the service provider triggered. We do not collect any personal data through the social plugins or their use.
We have no influence over what data an activated plugin collects and how it is used by the provider. Currently, it must be assumed that a direct connection to the provider’s services is established and at least the IP address and device-related information is collected and used. There is also the possibility that the service providers attempt to store cookies on the computer used. Please refer to the privacy notices of the respective service provider for specific information about what data is collected and how it is used. Note: If you are logged into Facebook at the same time, Facebook can identify you as a visitor to a specific page.
We have embedded the social media buttons of the following companies on our website:
- YouTube by Google (Google Ireland Limited – Gordon House, Barrow Street – Dublin 4 – Ireland)
- LinkedIn Corporation (2029 Stierlin Court – Mountain View – CA 94043 – USA)
Your Rights to Information, Correction, Blocking, Deletion, and Objection
You have the right to obtain information about your personal data stored by us at any time. You also have the right to correction, blocking, or, apart from the prescribed data storage for business processing, deletion of your personal data. Please contact our data protection officer for this purpose. The contact details can be found at the very bottom.
To ensure that a data block can be taken into account at any time, this data must be kept in a blocking file for control purposes. You can also request the deletion of the data, provided there is no legal archiving obligation. If such an obligation exists, we will block your data upon request.
You can make changes or withdraw consent by notifying us accordingly with effect for the future.
1. Processing Purposes and Legal Basis
Your personal data is processed in accordance with the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG), and other relevant data protection regulations. The processing and use of individual data depends on the agreed or requested service. You can find further details and additions to the processing purposes in our contract documents, forms, consent declarations, and other information provided to you (e.g., on the website or in the terms and conditions).
1.1 Consent (Art. 6 para. 1 lit. a GDPR)
If you have given us consent to process personal data, the respective consent is the legal basis for the processing mentioned therein. You can revoke consent at any time with effect for the future.
1.2 Fulfillment of Contractual Obligations (Art. 6 para. 1 lit. b GDPR)
We process your personal data to fulfill our contracts with you. Furthermore, your personal data is processed to carry out measures and activities within the framework of pre-contractual relationships.
1.3 Fulfillment of Legal Obligations (Art. 6 para. 1 lit. c GDPR)
We process your personal data when this is necessary to fulfill legal obligations (e.g., commercial and tax laws).
Fulfillment of tax control and reporting obligations, as well as archiving of data for data protection and data security purposes and for audits by tax and other authorities, may be required. In addition, disclosure of personal data may be necessary in the context of official/judicial measures for the purposes of evidence gathering, criminal prosecution, or enforcement of civil claims.
1.4 Legitimate Interest of Us or Third Parties (Art. 6 para. 1 lit. f GDPR)
We may also use your personal data based on a balancing of interests to protect the legitimate interest of us
or third parties. This is done for the following purposes:
- for the restricted storage of your data if deletion is not possible or only possible with disproportionate effort due to the special nature of the storage
- for the further development of services and products as well as existing systems and processes
- for enriching our data by using or researching publicly accessible data
- for statistical evaluations or market analysis
- for benchmarking
- for asserting legal claims and defense in legal disputes that are not directly attributable to the contractual relationship
- for obtaining information and exchanging data with credit agencies, if this goes beyond our economic risk
2. Categories of Personal Data We Process
The following data is processed:
- Personal data (name, profession/industry, and comparable data)
- Contact data (address, email address, telephone number, and comparable data)
- Customer history
We also process personal data from public sources (e.g., Internet, media, press, commercial and association registers, registration offices, debtor directories, land registers).
If necessary for the provision of our service, we process personal data that we have lawfully received from third parties (e.g., address publishers, credit agencies).
3. Who Receives Your Data?
We pass on your personal data within our company to the departments that need this data to fulfill contractual and legal obligations or to implement our legitimate interest.
In addition, the following entities may receive your data:
- processors we use (Art. 28 GDPR), service providers for supporting activities, and other controllers within the meaning of the GDPR, particularly in the area
(e.g., IT services, external data centers, support/maintenance of EDP/IT applications, archiving, document processing, call center services, data destruction, purchasing/procurement, risk controlling, billing, telephony, website management, auditing services, credit institutions, printing companies, or companies for data disposal) - public authorities and institutions in the presence of a legal or official obligation according to which we are obliged to provide information, report, or pass on data, or the data transfer is in the public interest
- authorities and institutions based on our legitimate interest or the legitimate interest of the third party (e.g., to authorities, credit agencies, debt collection, lawyers, courts, experts, affiliated companies, and committees and control bodies)
- other entities for which you have given us your consent to data transmission
4. Transfer of Your Data to a Third Country or to an International Organization
Data processing outside the EU or EEA does not take place (this is usually the case).
5. How Long Do We Store Your Data?
Where necessary, we process your personal data for the duration of our business relationship, which also includes the initiation and execution of a contract.
In addition, we are subject to various retention and documentation obligations arising from, among others, the Commercial Code (HGB) and the Tax Code (AO). The retention or documentation periods specified there are up to ten years beyond the end of the business relationship or pre-contractual legal relationship.
Finally, the storage period is also determined by statutory limitation periods, which, for example, according to §§ 195 et seq. of the Civil Code (BGB), are generally three years, but in certain cases can be up to thirty years.
6. To What Extent Is There Automated Decision-Making in Individual Cases (Including Profiling)?
We do not use purely automated decision-making procedures in accordance with Article 22 GDPR. Should we use these procedures in individual cases, we will inform you separately about this, provided this is legally required.
7. Your Data Protection Rights
You have the right to information under Art. 15 GDPR, the right to correction under Art. 16 GDPR, the right to deletion under Art. 17 GDPR, the right to restriction of processing under Art. 18 GDPR, and the right to data portability under Art. 20 GDPR. In addition, there is a right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). In principle, according to Article 21 GDPR, there is a right to object to the processing of personal data by us. However, this right to object only applies in the presence of very special circumstances of your personal situation, whereby our rights may conflict with your right to object. If you wish to exercise one of these rights, please contact our data protection officer (datenschutz@novazoon.de).
8. Scope of Your Obligations to Provide Us with Your Data
You only need to provide the data that is necessary for establishing and conducting a business relationship or for a pre-contractual relationship with us, or that we are legally obliged to collect. Without this data, we will generally not be able to conclude or execute the contract. This may also apply to data required later in the course of the business relationship. If we request data from you beyond this, you will be separately informed of the voluntary nature of the information.
9. Information About Your Right to Object Under Art. 21 GDPR
You have the right at any time to object to the processing of your data based on Art. 6 para. 1 lit. f GDPR (data processing based on a balancing of interests) or Art. 6 para. 1 lit. e GDPR (data processing in the public interest), if there are reasons arising from your particular situation. This also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves the assertion, exercise, or defense of legal claims.
We may also process your personal data for direct marketing purposes. If you do not wish to receive advertising, you have the right to object at any time. This also applies to profiling insofar as it is related to such direct marketing. We will respect this objection for the future.
We will no longer process your data for direct marketing purposes if you object to the processing for these purposes.
The objection can be made informally to the email address datenschutz@novazoon.de.
10. Your Right to Lodge a Complaint with the Competent Supervisory Authority
You have the right to lodge a complaint with the data protection supervisory authority (Art. 77 GDPR). The supervisory authority responsible for us is:
For NOVAZOON GmbH
The State Commissioner for Data Protection and Freedom of Information
https://www.baden-wuerttemberg.datenschutz.de/
1. Processing Purposes and Legal Basis
Your personal data is processed in accordance with the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG), and other relevant data protection regulations. The processing and use of individual data depends on the agreed or requested service. You can find further details and additions to the processing purposes in our contract documents, forms, consent declarations, and other information provided to you (e.g., on the website or in the terms and conditions).
1.1 Consent (Art. 6 para. 1 lit. a GDPR)
If you have given us consent to process personal data, the respective consent is the legal basis for the processing mentioned therein. You can revoke consent at any time with effect for the future.
1.2 Fulfillment of Contractual Obligations (Art. 6 para. 1 lit. b GDPR)
We process your personal data to fulfill our contracts with you, particularly in the context of our order processing and service utilization. Furthermore, your personal data is processed to carry out measures and activities within the framework of pre-contractual relationships.
1.3 Fulfillment of Legal Obligations (Art. 6 para. 1 lit. c GDPR)
We process your personal data when this is necessary to fulfill legal obligations (e.g., commercial and tax laws).
Fulfillment of tax control and reporting obligations, as well as archiving of data for data protection and data security purposes and for audits by tax and other authorities. In addition, disclosure of personal data may be necessary in the context of official/judicial measures for the purposes of evidence gathering, criminal prosecution, or enforcement of civil claims.
1.4 Legitimate Interest of Us or Third Parties (Art. 6 para. 1 lit. f GDPR)
We may also use your personal data based on a balancing of interests to protect the legitimate interest of us or third parties. This is done for the following purposes:
- for advertising or market research, provided you have not objected to the use of your data
- for obtaining information and exchanging data with credit agencies, if this goes beyond our economic risk
- for the restricted storage of your data if deletion is not possible or only possible with disproportionate effort due to the special nature of the storage
- for enriching our data by using or researching publicly accessible data
- for asserting legal claims and defense in legal disputes that are not directly attributable to the contractual relationship
We also process personal data from public sources (e.g., Internet, media, press, commercial and association registers, registration offices, debtor directories, land registers). If necessary for the provision of our service, we process personal data that we have lawfully received from third parties (e.g., address publishers, credit agencies)
2. Categories of Personal Data We Process
The following data is processed:
- Personal data (name, profession/industry, and comparable data)
- Contact data (address, email address, telephone number, and comparable data)
- Supplier history
3. Who Receives Your Data?
We pass on your personal data within our company to the departments that need this data to fulfill contractual and legal obligations or to implement our legitimate interest.
In addition, the following entities may receive your data:
- processors we use (Art. 28 GDPR), service providers for supporting activities, and other controllers within the meaning of the GDPR, particularly in the area
(e.g., IT services, external data centers, support/maintenance of EDP/IT applications, document processing, data destruction, purchasing/procurement, risk controlling, billing, telephony, auditing services, credit institutions, printing companies or companies for data disposal, courier services) - public authorities and institutions in the presence of a legal or official obligation according to which we are obliged to provide information, report, or pass on data, or the data transfer is in the public interest
- authorities and institutions based on our legitimate interest or the legitimate interest of the third party for the purposes mentioned under Section 3.5 (e.g., to authorities, credit agencies, debt collection, lawyers, courts, experts, group companies, and committees and control bodies)
- other entities for which you have given us your consent to data transmission
4. Transfer of Your Data to a Third Country or to an International Organization
Data processing outside the EU or EEA does not take place.
5. How Long Do We Store Your Data?
Where necessary, we process your personal data for the duration of our business relationship, which also includes the initiation and execution of a contract.
In addition, we are subject to various retention and documentation obligations arising from, among others, the Commercial Code (HGB) and the Tax Code (AO). The retention or documentation periods specified there are up to ten years beyond the end of the business relationship or pre-contractual legal relationship.
Finally, the storage period is also determined by statutory limitation periods, which, for example, according to §§ 195 et seq. of the Civil Code (BGB), are generally three years, but in certain cases can be up to thirty years.
6. To What Extent Is There Automated Decision-Making in Individual Cases (Including Profiling)?
We do not use purely automated decision-making procedures in accordance with Article 22 GDPR. Should we use these procedures in individual cases, we will inform you separately about this, provided this is legally required.
7. Your Data Protection Rights
You have the right of access under Art. 15 GDPR, the right to rectification under Art. 16 GDPR, the right to erasure under Art. 17 GDPR, the right to restriction of processing under Art. 18 GDPR, and the right to data portability under Art. 20 GDPR. In addition, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). In principle, under Art. 21 GDPR you have the right to object to our processing of personal data. However, this right to object applies only if there are very specific circumstances relating to your personal situation, and our rights may, where applicable, override your right to object. If you wish to exercise any of these rights, please contact our Data Protection Officer (datenschutz@novazoon.de).
8. Scope of your obligations to provide us with your data
You only need to provide the data that is necessary for establishing and carrying out a business relationship or for a pre-contractual relationship with us, or that we are legally required to collect. Without this data, we will generally not be able to conclude or perform the contract. This may also relate to data required later in the course of the business relationship. If we request additional data from you, you will be specifically informed that providing it is voluntary.
9. Information about your right to object under Art. 21 GDPR
You have the right at any time to object to the processing of your data carried out on the basis of Art. 6(1)(f) GDPR (data processing based on a balancing of interests) or Art. 6(1)(e) GDPR (data processing in the public interest), if there are reasons arising from your particular situation. This also applies to profiling based on this provision within the meaning of Art. 4(4) GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.
You can object informally by sending an email to datenschutz@novazoon.de.
10. Your right to lodge a complaint with the competent supervisory authority
You have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). The supervisory authority responsible for us is:
For NOVAZOON GmbH
The State Commissioner for Data Protection and Freedom of Information
https://www.baden-wuerttemberg.datenschutz.de/
1. Purposes of processing and legal basis
Your personal data is processed in accordance with the provisions of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and other relevant data protection regulations. You can find further details and additions regarding the purposes of processing in our contract documents, forms, consent declarations and other information made available to you (e.g. on the website or in the terms and conditions).
1.1 Consent (Art. 6(1)(a) GDPR)
If you have given us consent to process personal data, the respective consent is the legal basis for the processing specified therein. You can withdraw your consent at any time with effect for the future. To withdraw consent, please send a withdrawal statement to datenschutz@novazoon.de.
1.2 Performance of contractual obligations (Art. 6(1)(b) GDPR)
We process your personal data for the purpose of handling the application process. Processing may also take place electronically. This is particularly the case if you submit your application documents to us electronically, for example by email or via a web form on our website.
1.3 Compliance with legal obligations (Art. 6(1)(c) GDPR)
We process your personal data if this is necessary to comply with legal obligations.
1.4 Legitimate interest of us or third parties (Art. 6(1)(f) GDPR)
We may also use your personal data on the basis of a balancing of interests to safeguard our legitimate interests or those of third parties. This is done for the following purposes:
- for the restricted storage of your data if deletion is not possible, or only possible with disproportionate effort, due to the special nature of the storage
2. Categories of personal data processed by us
The following data is processed:
- Last name, first name
- Contact details (e.g. email address, postal address, phone number)
- Complete application documents (e.g. CV, certificates, references)
3. Who receives your data?
We share your personal data within our company with the departments that require this data to fulfil contractual and legal obligations or to implement our legitimate interests. All employees involved in data processing are obliged to maintain the confidentiality of your data. We only share your personal data with affiliated companies and not with third parties unless you have consented to the transfer of data or we are obliged to transfer data due to legal provisions and/or official or court orders.
4. Transfer of your data to a third country or an international organisation
No data processing takes place outside the EU or the EEA.
5. How long do we store your data?
If the controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of handling the employment relationship in compliance with legal requirements. If the controller does not conclude an employment contract with the applicant, the application documents will be automatically deleted three months after notification of the rejection decision, provided that no other legitimate interests of the controller prevent deletion. Other legitimate interests in this sense include, for example, an obligation to provide evidence in proceedings under the General Equal Treatment Act (AGG).
6. To what extent is there automated decision-making in individual cases (including profiling)?
We do not use purely automated decision-making procedures in accordance with Art. 22 GDPR. If we use such procedures in individual cases, we will inform you separately, provided this is required by law.
7. Your data protection rights
You have the right of access under Art. 15 GDPR, the right to rectification under Art. 16 GDPR, the right to erasure under Art. 17 GDPR, the right to restriction of processing under Art. 18 GDPR, and the right to data portability under Art. 20 GDPR.
In addition, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). In principle, under Art. 21 GDPR you have the right to object to our processing of personal data. However, this right to object applies only if there are very specific circumstances relating to your personal situation, and our rights may, where applicable, override your right to object. If you wish to exercise any of these rights, please contact our Data Protection Officer (datenschutz@novazoon.de).
8. Scope of your obligations to provide us with your data
You only need to provide the data required for the application process. Without this data, we will generally not be able to conclude an employment contract with you. If we request additional data from you, you will be specifically informed that providing it is voluntary.
9. Your right to lodge a complaint with the competent supervisory authority
You have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). The supervisory authority responsible for us is:
For NOVAZOON GmbH
The State Commissioner for Data Protection and Freedom of Information
https://www.baden-wuerttemberg.datenschutz.de/
1. Purposes of processing and legal basis
Your personal data is processed in accordance with the provisions of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and other relevant data protection regulations. You can find further details and additions regarding the purposes of processing in our contract documents, forms, consent declarations and other information made available to you (e.g. on the website or in the terms and conditions).
1.1 Consent (Art. 6(1)(a) GDPR)
If you have given us consent to process personal data, the respective consent is the legal basis for the processing specified therein. You can withdraw your consent at any time with effect for the future.
1.2 Performance of contractual obligations (Art. 6(1)(b) GDPR)
We process your personal data on the basis of our employment contracts with you. We need the data to maintain the employment relationship.
1.3 Compliance with legal obligations (Art. 6(1)(c) GDPR)
We process your personal data when this is necessary to comply with legal obligations. We may also process your data for identity checks, screening against European and international anti-terror lists, compliance with tax control and reporting obligations, and archiving data for the purposes of data protection and data security as well as audits by tax and other authorities. In addition, disclosure of personal data in the context of official/court measures may be required for the purposes of evidence gathering, criminal prosecution or enforcement of civil law claims.
2. Categories of personal data processed by us
The following data is processed:
- Last name, first name
- Contact details (e.g. email address, postal address, phone number)
- Complete application documents (e.g. CV, certificates, references)
- Social security data (e.g. date of birth, place of birth, birth name, social security number, health insurance provider, DEÜV data, marital status)
- Payroll data (e.g. salary/wages, working hours, sick leave, holiday entitlement, bank details)
We also process personal data from public sources (e.g. internet, media, press).
3. Who receives your data?
We share your personal data within our company with the departments that require this data to fulfil contractual and legal obligations or to implement our legitimate interests.
In addition, the following entities may receive your data:
- processors engaged by us (Art. 28 GDPR), service providers for supporting activities and other controllers within the meaning of the GDPR, in particular in the area of
(e.g. IT services, external data centres, support/maintenance of IT applications, call centre services, billing, telephony, auditing services, credit institutions, printers or companies for data disposal, courier services) - public authorities and institutions where there is a legal or official obligation requiring us to provide information, report or transfer data, or where the transfer of data is in the public interest
- entities and institutions based on our legitimate interest or the legitimate interest of a third party (e.g. authorities, lawyers, courts, experts, affiliated companies and supervisory bodies)
- other entities for which you have given us your consent to transfer data
4. Transfer of your data to a third country or an international organisation
We only transfer data to safe third countries for which the EU Commission has decided that an adequate level of protection exists in that third country (e.g. Switzerland) (Art. 45 GDPR).
If the Commission has not made such a decision, personal data may only be transferred if appropriate safeguards are provided (standard contractual clauses) and enforceable rights and effective legal remedies are available (Art. 46 GDPR).
5. How long do we store your data?
Where necessary, we process your personal data for the duration of our employment relationship.
In addition, we are subject to various retention and documentation obligations arising, among other things, from the legal framework. The retention/documentation periods specified there are up to ten years beyond the end of the employment relationship.
Ultimately, the storage period is also determined by statutory limitation periods which, for example under Sections 195 et seq. of the German Civil Code (BGB), are generally three years, but in certain cases can be up to thirty years.
6. To what extent is there automated decision-making in individual cases (including profiling)?
We do not use purely automated decision-making procedures in accordance with Art. 22 GDPR. If we use such procedures in individual cases, we will inform you separately, provided this is required by law.
7. Your data protection rights
You have the right of access under Art. 15 GDPR, the right to rectification under Art. 16 GDPR, the right to erasure under Art. 17 GDPR, the right to restriction of processing under Art. 18 GDPR, and the right to data portability under Art. 20 GDPR. In addition, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). In principle, under Art. 21 GDPR you have the right to object to our processing of personal data. However, this right to object applies only if there are very specific circumstances relating to your personal situation, and our rights may, where applicable, override your right to object. If you wish to exercise any of these rights, please contact our Data Protection Officer (datenschutz@novazoon.de).
8. Scope of your obligations to provide us with your data
You only need to provide the data that is necessary for establishing and carrying out an employment relationship with us, or that we are legally required to collect. Without this data, we will generally not be able to conclude an employment contract with you. If we request additional data from you, you will be specifically informed that providing it is voluntary.
9. Your right to lodge a complaint with the competent supervisory authority
You have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). The supervisory authority responsible for us is:
For NOVAZOON GmbH
The State Commissioner for Data Protection and Freedom of Information
https://www.baden-wuerttemberg.datenschutz.de/