Nexburg - Privacy Protection

Privacy Protection

Notes on data protection:

Thank you for visiting our website and for your interest in our company and our products. In order for you to feel safe and comfortable when visiting our website, we would like to inform you below about the handling of your data. The following privacy policy is intended to inform you about our processing of personal data.

This declaration on data protection only applies to the website of the Nexburg group of companies as further explained under point I. of this privacy policy. Please note that it does not apply to websites of other providers to which we refer through links.

I. Name and Address of Controller

The controller within the meaning of the General Data Protection Regulation (GDPR), other national data protection legislation of the Member States and other data protection provisions is

Nexburg GmbH
Germanusstraße 4
52080 Aachen
Germany

Tel.: +49 241 927 811-0
Fax: +49 241 927 811-29

E-mail: info@Nexburg.com
Website: www.Nexburg.com

in its own name and in the name of the subsidiaries consisting of Nexburg S.r.l. and Nexburg Ltd.

II. Contact details of the data protection officer of the joint controllers

Nexburg GmbH
- Data Protection Officer -
Germanusstraße 4
52080 Aachen
Germany

E-Mail: dataprotection@Nexburg.com

III. General Information on Data Processing

1. What are personal data?

Personal data within the meaning of the GDPR include all information relating to the personal or material circumstances of an identified or identifiable natural person (see Art. 4(1) GDPR). Such information will regularly include not only a person’s name and (e-mail) address, for example, but also the IP address and any other information that could permit identification of that person.

2. Scope of Processing of Personal Data

In principle, we process personal data of our users only to the extent necessary to provide a functional website as well as our content and services. The processing of personal data of our users takes place regularly only if the processing of the data is permitted by legal regulations or with the consent of the user.

3. Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 (1) (a) EU General Data Protection Regulation (GDPR) serves as the legal basis.

For the processing of personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) GDPR constitutes the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures or steps prior to entering into a contract.

Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 (1) (c) GDPR serves as the legal basis.

In the event that the vital interests of the data subject or another natural person require the processing of personal data, the legal basis is Art. 6 (1) (d) GDPR.

If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not override the first-mentioned interest, Art. 6 (1) (f) GDPR serves as the legal basis for the processing.

4. Data deletion and storage period

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Storage may also take place if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

IV. Provision of the website and creation of log files

1. Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the calling computer.

The following data is collected:

Date and time of access
Browser type, Browser version, Browser language
City/Region/Country
IP address of the user
User's system used

The data is stored in the log files of our system. IP addresses are only stored anonymously. This is done by storing the IP addresses in the log files by default by replacing the last three digits, which are selected randomly. The creation of a personal reference is no longer possible.

2. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Article 6 (1) (f) GDPR.

3. Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the IP address of the user must remain stored for the duration of the session.

The storage in log files takes place in order to ensure the functionality of the website and to ensure the technical administration of the network infrastructure. In addition, the data serves us to optimize the website and to ensure the security of our information technology systems and we use the data to create and evaluate internal statistics. An evaluation of the data for marketing purposes does not take place in this context.

These purposes also constitute our legitimate interest in data processing in accordance with Art. 6 (1) (f) GDPR.

4. Duration of storage

The data is collected as soon as the website is accessed and deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

If the data is stored in log files, this is the case after seven days at the latest. Further storage is possible. In this case, the data is anonymized so that an assignment to a specific user is no longer possible. Backups are kept in encrypted form for 14 days.

5. Possibility of objection and removal

The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the use of the website. Consequently, there is no possibility of objection on the part of the user.

V. Contact form and e-mail contact

1. Description and scope of data processing

On our website we provide various contact forms for electronic contact as well as for sales, purchase or partner queries. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored. These data are:

First and last name (required)
E-mail address (required)
Telephone number
Enterprise
Country (required)
User's question (required, depending on the contact form)
Comments
Industry (required, depending on the contact form)
Product interest (required, depending on the contact form)

At the time of sending the message, the following data is also stored:

IP address
Date and time the message was sent
Nexburg home page URL

Alternatively, it is possible to contact us via the e-mail addresses provided. In this case, the user's personal data transmitted with the e-mail will be stored.

We process the user's personal data in order to process his or her contact request. If the user wishes to receive information about our products, the answer to his request can also be taken over by one of our sales partners in certain cases. An overview of the sales partners we use can be found on our Partner Locator on the partner website under https://Nexburg.com/partners. For this purpose, we forward the user's data in such a case to the responsible partner. Both we and our sales partner have a legitimate interest in contacting you regarding product issues in accordance with Art. 6 (1) (f) GDPR.

2. Legal basis for data processing

The legal basis for the processing of data in the context of establishing contact is Art. 6 (1) (f) GDPR. If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 (1) (b) GDPR.

3. Purpose of data processing

The processing of personal data in the context of establishing contact serves us on the one hand to process such contact requests. The personal data processed during the sending process from the input mask also serves to prevent misuse of the contact form and to ensure the security of our information technology systems. On the other hand, we process personal data of the user in the context of our marketing activities. This is our legitimate interest in data processing.

4. Duration of storage

The data is collected as soon as it has been transmitted via contact form or message and will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is terminated when it can be inferred from the circumstances that the facts in question have been conclusively clarified and no communication between us and the user is to be expected. This is the case no later than 18 months after the last contact by us or the user. In addition, we may retain data if you have given us permission to do so or if legal disputes arise and we use evidence under legal statutes of limitations, which can be up to thirty years; the regular statute of limitations is three years.

5. Possibility of objection and removal

The user has the possibility to object to the processing of personal data at any time. In such a case, the conversation cannot be continued. The objection can be declared to us by sending an e-mail to dataprotection@Nexburg.com.

VI. Downloads

1. Description and scope of data processing

In our resources area on our website https://www.nexburg.com/resources "Resources" there is the possibility to download various documents or to receive a download link. This is done by providing a few personal data. If the user provides his or her data, the processing of the data takes place with the consent of the user. The user will be informed of this before submitting any data and his or her consent will be obtained by activating a check box.

If the user enters his or her data in the input mask provided for this purpose, the following data will be collected:

First and last name (required)
E-mail address (required)
Company (required)
Country (required)
Branch of industry (required)
Interest (required)

In addition, the following data is processed:

IP address
Time zone
Date and time of download
Validity of the user's domain

Subject to a positive result of the verification by us, the user will receive an e-mail with the download link and the information on the revocation of his consent.

2. Legal basis for data processing

The legal basis for the processing of the data with the consent of the user is Art. 6 (1) (a) GDPR.

The consent given also refers to the transfer of at least part of the personal data to the United States as a third country in accordance with Art. 49 (1) (a) GDPR. In the opinion of the European Court of Justice, there is currently no level of protection in the United States that is essentially equivalent to the GDPR. In addition, the legal remedies guaranteed to EU citizens by the Charter of Fundamental Rights of the European Union are limited. This applies in particular to legal protection options against the processing of personal data. There is a risk that the user's personal data may be processed by US authorities for control and monitoring purposes without the possibility of a legal remedy.

In addition, we may process personal data of the user in the context of our marketing activities based on our legitimate interest in accordance with Art. 6 (1) (f) GDPR, provided the conditions are met.

The legal basis for the processing of data in compliance with our legal obligations in this context is Article 6 (1) (c) GDPR.

3. Purpose of data processing

By collecting the data, we can constantly optimize and continuously improve the offers on our website. In addition, we can identify which users are interested in our download content and better adapt it to demand.

The personal data processed during the sending process from the input mask also serve to prevent misuse of the download option and to ensure the security of our information technology systems. This is also our legitimate interest in data processing.

The country information is also checked for the purpose of fulfilling our legal obligations.

4. Duration of storage

The data will be collected and deleted upon transmission as soon as they are no longer required to achieve the purpose for which they were collected.

5. Possibility of objection and removal

The user can at any time object to the data processing in an e-mail to dataprotection@Nexburg.com as described under chapter XI. and to revoke a consent given by him or her for the future. In this case, the user's data will be deleted immediately, unless the deletion is contrary to grounds arising from the law (see chapter IX.).

If the data is required to fulfill legal obligations, premature deletion of the data is only possible unless contractual or legal obligations prevent deletion.

VII. Use of cookies

Information about the cookies we use and their functions can be found in our Cookie Policy. There you will also find information on how to change the cookie settings in your browser.

Required
Cookies	Domain	Duration	Vendor
fe_typo_user	www.nexburg.com	Session	TYPO3
fe_typo_user	This cookie is used by the Content Management System(CMS). This is a session cookie used to identify the user session and to store the preferences of the users.
dp_cookieconsent_status	www.nexburg.com	1 Year(s)	TYPO3
dp_cookieconsent_status	This cookie is used to store cookie consent preferences.

VIII. Links to Social Media

On our website you will find links to the social media services like Kununu, Twitter, LinkedIn, Xing and YouTube. You can recognize links to the social media presences by the respective company logo. If you follow these links, you will reach the respective Nexburg social media company presence. When you click on one of the links, a connection to the servers of the social media service is established. This transmits to these servers that you have visited our website. In addition, further data is transmitted to the provider of the corresponding service. These are for example:

Address of the web page on which the activated link is located
Date and time when the website was accessed or the link was activated
Information about the browser and operating system used
IP address

If you are already logged in to the corresponding social media service at the time the link is activated, the provider may be able to determine your user name and possibly even your real name from the transmitted data and assign this information to your personal user account with the social media service. You can exclude this possibility of assignment to your personal user account if you log out of your user account beforehand.

The servers of the social media services are located in the US and other countries outside the European Union. The data may therefore be processed by the provider of the social media service in countries outside the European Union. Please note that companies in these countries are subject to data protection laws that do not generally protect personal data to the same extent as they do in the member states of the European Union.

Please note that we have no influence on the scope, type and purpose of the data processing by the respective provider. For more information on the use of your data by the social media services integrated on our website, please refer to the privacy policy of the respective social media service.

IX. Rights of Data Subjects

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

1. Right to information

You can request confirmation from the controller as to whether personal data concerning you is being processed by us.

If such processing exists, you can request information from the controller about the following:

(1) the purposes for which the personal data are processed;

(2) the categories of personal data processed;

(3) the recipients or categories of recipients to whom your personal data are or have been disclosed;

(4) the planned period of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;

(5) the existence of a right to rectification or erasure of your personal data, a right to restriction of processing by the controller or a right to object to such processing;

(6) the existence of a right to lodge complaints with a supervisory authority;

(7) all available information on the origin of personal data not obtained from the data subject;

(8) the existence of automated decision-making, including profiling, pursuant to Art. 22(1) and (4) GDPR and – at least in these cases – meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.

You have the right to receive information on whether your personal data are transferred to a third country or an international organization. In this context, you can require that we notify you of appropriate safeguards pursuant to Art. 46 GDPR in connection with any such transfer.

2. Right to Rectification

You have the right to require that the controller rectify and/or complete your personal data if the data that are processed are inaccurate or incomplete. The controller must make such changes without undue delay.

3. Right to Restrict Processing

Under the following conditions, you can request the restriction of the processing of your personal data:

(1) if you contest the accuracy of the personal data concerning you for a period of time that enables the controller to verify the accuracy of the personal data;

(2) the processing is unlawful and you oppose the erasure of the personal data and instead request the restriction of the use of the personal data;

(3) the controller no longer needs the personal data for the purposes of the processing, but you need them to assert, exercise or defend legal claims, or

(4) if you have objected to the processing pursuant to Article 21 (1) GDPR and it has not yet been determined whether the legitimate reasons of the controller override your reasons.

If the processing of your personal data has been restricted, this data may only be processed – apart from its storage – with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a EU Member State.

If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

4. Right to Erasure

a) Obligation to erase

You may request from the controller that the personal data concerning you be erased without undue delay and the controller is obliged to erase this data without undue delay if one of the following reasons applies:

(1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.

(2) You revoke your consent on which the processing was based in accordance with Art. 6 (1) (a) or Art. 9 (2) (a) GDPR, and there is no other legal basis for the processing.

(3) You object to the processing in accordance with Article 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing in accordance with Art. 21 (2) GDPR.

(4) The personal data concerning you have been unlawfully processed.

(5) The deletion of personal data concerning you is necessary to fulfil a legal obligation under European Union law or the law of the EU Member States to which the controller is subject.

(6) The personal data concerning you have been collected in relation to information society services offered in accordance with Art. 8 (1) GDPR.

b) Information to Third Parties

Where the controller has made the personal data concerning you public and is obliged pursuant to Art. 17(1) GDPR to erase them, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers processing the personal data that you, as the data subject, have requested the erasure by such controllers of any links to them or copies or replications. of such personal data.

c) Exceptions

The right to erasure does not exist if the processing is necessary

(1) to exercise the right to freedom of expression and information;

(2) to comply with a legal obligation requiring processing under European Union or EU Member State law to which the controller is subject, or to carry out a task carried out in the public interest or in the exercise of official authority vested in the controller;

(3) for reasons of public interest in the field of public health in accordance with Art. 9 (2) (h) and i as well as Art. 9 (3) GDPR;

(4) for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) GDPR, insofar as the right referred to in Section a) is likely to render impossible or seriously impair the achievement of the objectives of this processing, or

(5) to assert, exercise or defend legal claims.

5. Right to information

If you have asserted the right to rectification, erasure or restriction of processing vis-à-vis the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.

You have the right vis-à-vis the controller to be informed about these recipients.

6. Right to data portability

You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used and machine-readable format. In addition, you have the right to transmit this data to another controller without hindrance from the controller to whom the personal data have been provided, provided that

(1) the processing is based on consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR and

(2) processing is carried out by automated means.

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to object

You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you on the basis of Art. 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions.

The controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.

If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is related to such direct advertising.

If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

In connection with the use of information society services, you have the possibility – notwithstanding Directive 2002/58/EC – to exercise your right to object by automated means using technical specifications.

8. Right to revoke the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

9. Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects against you or similarly significantly affects you. This does not apply if the decision

(1) is necessary for the conclusion or performance of a contract between you and the controller,

(2) is permitted by European Union or EU Member State law to which the controller is subject and that legislation contains appropriate measures to safeguard your rights and freedoms and your legitimate interests, or

(3) with your express consent.

However, these decisions may not be based on special categories of personal data pursuant to Article 9 (1) GDPR, unless Article 9 (2) (a) or (g) GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.

With regard to the cases referred to in (1) and (3), the controller shall take appropriate measures to safeguard the rights and freedoms and your legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express his or her point of view and contest the decision.

10. Right to Lodge Complaints with a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work or place of the alleged infringement, if you believe that the processing of your personal data infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.