privacy

We appreciate your interest in our website. Protecting your privacy is very important to us. Below we inform you in detail about the handling of your data.

We reserve the right to occasionally adapt this data protection declaration so that it always corresponds to the current legal requirements or to implement changes to our services in the data protection declaration, e.g. B. when introducing new services. The new data protection declaration will then apply to your next visit.

If you have any questions about data protection, please send us an email or contact our data protection officer directly:

datenschutz@novazoon.de

General Information

Responsible body:

NOVAZOON GmbH
Hirschstrasse 2
76133 Karlsruhe

Telephone: +49 711 7585800
Fax: +49 711 75858080
Email: mail@novazoon.de

Represented by: Bastian Deck, Kosmas Kalpakidis

Data Protection Officer
dr Stefan Kloos
datenschutz@novazoon.de

YOUR RIGHT TO APPEAL TO THE RELEVANT REGULATORY AUTHORITY

You have the right to lodge a complaint with the data protection supervisory authority (Art. 77 GDPR).

The supervisory authority responsible for us is:

The State Commissioner for Data Protection and Freedom of Information

https://www.baden-wuerttemberg.datenschutz.de/

 

USE OF OUR WEBSITE

Gathering of General Information

When you access our website, information of a general nature is automatically recorded. This information (server log files) includes the type of web browser, the operating system used, the domain name of your internet service provider and similar. This is exclusively information that does not allow any conclusions to be drawn about your person. This information is technically necessary in order to correctly deliver the content you have requested from websites and is mandatory when using the Internet. Anonymous information of this type is statistically evaluated by us in order to optimize our website and the technology behind it.

cookies

Like many other websites, we also use so-called “cookies”. Cookies are small text files that are transferred to your hard drive by a website server. As a result, we automatically receive certain data, e.g. B. IP address, browser used, operating system about your computer and your connection to the Internet.

Cookies cannot be used to start programs or deliver viruses to a computer. Based on the information contained in cookies, we can make navigation easier for you and enable our websites to be displayed correctly.

Under no circumstances will the data we collect be passed on to third parties or be linked to personal data without your consent.

Of course, you can also view our website without cookies. Internet browsers are regularly set to accept cookies. You can deactivate the use of cookies at any time via your browser settings. Please use the help functions of your internet browser to find out how you can change these settings. Please note that individual functions of our website may not work if you have deactivated the use of cookies.

SSL encryption

In order to protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g. SSL) via HTTPS.

comment function

If users leave comments in the blog, the time at which they were created and the user name previously selected by the website visitor are saved in addition to this information. This is for our security, as we can be prosecuted for illegal content on our website, even if it was created by users.

contact form

If you contact us by e-mail or contact form, the information you provide will be stored for the purpose of processing the request and for possible follow-up questions.

Deletion or blocking of the data

We adhere to the principles of data avoidance and data economy. We therefore only store your personal data for as long as is necessary to achieve the purposes stated here or as provided for by the various storage periods provided for by the legislature. After the respective purpose has ceased to exist or these periods have expired, the corresponding data will be blocked or deleted as a matter of routine and in accordance with the statutory provisions.

Use of Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc. (hereinafter: Google). Google Analytics uses so-called “cookies”, i.e. text files which are stored on your computer and which enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.

Please note that this service may transfer data outside of the European Union and the European Economic Area and to a country that does not offer an adequate level of data protection. If the data is transferred to the USA, there is a risk that your data may be processed by US authorities for control and monitoring purposes without you possibly being entitled to any legal remedies.

Due to the activation of IP anonymization on this website, however, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

You can prevent the storage of cookies by setting your browser software accordingly; we would like to point out to you however that in this case you will if applicable not be able to use all functions of this website in full. You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and from processing this data by Google by downloading the browser plug-in available under the following link and install: Browser add-on to disable Google Analytics .

Use of script libraries (Google Fonts)

In order to display our content correctly and graphically appealing across browsers, we use script libraries and font libraries such as B.Google Fonts . Google Fonts are transferred to your browser’s cache to avoid multiple loading. If the browser does not support Google Fonts or prevents access, content will be displayed in a standard font.

Calling up script libraries or font libraries automatically triggers a connection to the operator of the library. It is theoretically possible – although it is currently unclear whether and, if so, for what purposes – that operators of such libraries collect data.

The privacy policy of the library operator Google can be found here .

Use of Google Maps

This website uses Google Maps API to visually display geographic information. When using Google Maps, Google also collects, processes and uses data about the use of the map functions by visitors. You can find more information about data processing by Google the Google privacy policy remove. There you can also change your personal data protection settings in the data protection center.

Using Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on our websites. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. With reCAPTCHA it should be checked whether the data entry on our website (e.g. in a contact form) is done by a human or by an automated program. To do this, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For analysis, reCAPTCHA evaluates various information (e.g. IP address, length of stay of the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google. The reCAPTCHA analyzes run completely in the background. Website visitors are not informed that an analysis is taking place. The data processing takes place on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its web offerings from abusive automated spying and from SPAM. For more information about Google reCAPTCHA and Google’s privacy policy, see the following links: https://policies.google.com/privacy?hl=de and https://www.google.com/recaptcha/intro/android.html .

Use of Google Tag Manager

Our website uses the Google Tag Manager, a tag management system from Google Inc., represented in Europe by the company Google Ireland Limited (hereinafter: Google).

The Google Tag Manager is a service that can be used to centrally integrate and manage website tags (measurement codes and associated code fragments). This enables a simplified and clear integration of various services.

The Google Tag Manager itself does not set any cookies and does not save any data, but forwards it to the website’s corresponding analysis tools.

Using Gravatar

The website uses the Gravatar plug-in from Automattic Inc. (60 29th Street #343 – San Francisco – CA 94110 – USA). Gravatar is automatically enabled on WordPress websites. The function enables user images to be displayed in published articles or comments, provided the corresponding e-mail address is registered at www.gravatar.com.
This function sends data to Gravatar, saves it and processes it there.

Gravatar is used on our website to display a user image next to the names of the authors of our blog posts. We have dispensed with comment functionalities that would result in the transmission of data from website visitors to Gravatar.

Automattic Inc. deletes the collected data when they are no longer used for its own services and the company is not legally obliged to keep the data. Web server logs such as the IP address, browser type and operating system are deleted after around 30 days.

More details on the privacy policy and what data is collected by Gravatar can be found at https://automattic.com/privacy , general information about Gravatar at https://de.gravatar.com .

Using Gravatar

The website uses the Gravatar plug-in from Automattic Inc. (60 29th Street #343 – San Francisco – CA 94110 – USA). Gravatar is automatically enabled on WordPress websites. The function enables user images to be displayed in published articles or comments, provided the corresponding e-mail address is registered at www.gravatar.com.
This function sends data to Gravatar, saves it and processes it there.

Gravatar is used on our website to display a user image next to the names of the authors of our blog posts. We have dispensed with comment functionalities that would result in the transmission of data from website visitors to Gravatar.

Automattic Inc. deletes the collected data when they are no longer used for its own services and the company is not legally obliged to keep the data. Web server logs such as the IP address, browser type and operating system are deleted after around 30 days.

More details on the privacy policy and what data is collected by Gravatar can be found at https://automattic.com/privacy , general information about Gravatar at https://de.gravatar.com .

Use of LinkedIn Ads & Analytics

The LinkedIn Insight Tag used on this website is a conversion tracking and retargeting service. A corresponding JavaScript code snippet embedded on the website enables us to optimize advertisements and campaigns played via LinkedIn and to address website visitors again.

The LinkedIn Insight Tag enables the collection of data about visits to the website, including the URL, referrer URL, IP address, device and browser properties, and timestamp. IP addresses are truncated or hashed (if used to reach members across devices). Members’ direct identifiers are removed within seven days to pseudonymise the data. This remaining pseudonymised data will then be deleted within 90 days.

LinkedIn does not share any personally identifiable information with our website, but only provides reports and communications (which do not identify users) about website audience and ad performance. LinkedIn also offers retargeting for website visitors so that we can use this data to display targeted advertising outside of our website without identifying the member. We also use data that does not identify you to improve ad relevance and reach members across devices. LinkedIn members can control the use of their personal information for advertising purposes in their account settings.

Using SalesViewer

On this website, data for marketing, market research and optimization purposes is collected and stored using SalesViewer® technology from SalesViewer® GmbH on the basis of the legitimate interests of the website operator (Art. 6 Para.1 lit.f GDPR).
A javascript-based code is used for this purpose, which is used to collect company-related data and use it accordingly. The data collected with this technology is encrypted using a non-recalculated one-way function (so-called hashing). The data is immediately pseudonymised and not used to personally identify the visitor to this website.
The data stored in Salesviewer will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory storage requirements.
You can object to the collection and storage of data at any time with effect for the future by clicking this link Click to prevent future acquisition by SalesViewer® within this website. An opt-out cookie for this website will be stored on your device. If you delete your cookies in this browser, you must click this link again.

Using User Centrics

To manage cookie consents, we use the Usercentrics Consent Management Platform on this website, a consent management service provided by Usercentrics GmbH (Sendlinger Str. 7, 80331 Munich, Germany).

The following data is collected from or through the use of this service: opt-in and opt-out data, referrer URL, user agent, user settings, consent ID, time of consent, consent type, template version, banner language.

The data is processed in accordance with Art. 6 para. 1 p. 1 lit. c DSGVO processed. Place of processing is the European Union (consent database is located in Belgium).

The consent data (consent and withdrawal of consent) are stored for three years. The data will then be deleted immediately.

You can find more information about the privacy policy of the data processor at: https://usercentrics.com/privacy-policy/

Social Plugins

Social plugins from the providers listed below are used on our websites. You can recognize the plugins by the fact that they are marked with the corresponding logo.

Information, which may also include personal data, may be sent to the service provider via these plugins and may be used by them. We prevent the unconscious and unwanted collection and transmission of data to the service provider with a 2-click solution. In order to activate a desired social plugin, it must first be activated by clicking on the corresponding button. The collection of information and its transmission to the service provider is only triggered by this activation of the plugin. We do not collect any personal data ourselves using the social plugins or their use.

We have no influence on which data an activated plugin collects and how this is used by the provider. It must currently be assumed that a direct connection to the provider’s services will be established and at least the IP address and device-related information will be recorded and used. There is also the possibility that the service provider will try to save cookies on the computer used. Which specific data is collected and how it is used can be found in the data protection notices of the respective service provider. Note: If you are logged into Facebook at the same time, Facebook can identify you as a visitor to a specific page.

We have integrated the social media buttons of the following companies on our website:

  • YouTube by Google (Google Ireland Limited – Gordon House, Barrow Street – Dublin 4 – Ireland)
  • LinkedIn Corporation (2029 Stierlin Court – Mountain View – CA 94043 – USA)
Your rights to information, correction, blocking, deletion and objection

You have the right to receive information about your personal data stored by us at any time. You also have the right to correction, blocking or, apart from the prescribed data storage for business transactions, deletion of your personal data. Please contact our data protection officer. The contact details can be found below.

So that a blocking of data can be taken into account at any time, this data must be kept in a blocking file for control purposes. You can also request the deletion of the data, provided there is no legal archiving obligation. If there is such an obligation, we will block your data on request.

You can make changes or revoke your consent by notifying us with effect for the future.

1. Processing purposes and legal basis

Your personal data will be processed in accordance with the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act BDSG and other relevant data protection regulations. The processing and use of the individual data depends on the agreed or requested service. In our contract documents, forms, declarations of consent and the other information made available to you (e.g. on the website or in the terms and conditions) you can find further details and supplements on the processing purposes.

1.1 Consent (Article 6 (1) (a) GDPR)

If you have given us your consent to the processing of personal data, the respective consent is the legal basis for the processing mentioned there. You can revoke your consent at any time with effect for the future.

1.2 Fulfillment of contractual obligations (Article 6 (1) (b) GDPR)

We process your personal data to carry out our contracts with you. Furthermore, your personal data will be processed to carry out measures and activities within the framework of pre-contractual relationships.

1.3 Fulfillment of legal obligations (Art. 6 Para. 1 c GDPR)

We process your personal data if this is necessary to fulfill legal obligations (e.g. commercial, tax laws).

The fulfillment of tax control and reporting obligations as well as the archiving of data for the purposes of data protection and data security as well as examination by tax and other authorities may become necessary. In addition, the disclosure of personal data may become necessary as part of official/judicial measures for the purposes of gathering evidence, criminal prosecution or enforcing civil claims.

1.4 Legitimate interest of us or third parties (Art. 6 Para. 1 f GDPR)

We can also process your personal data on the basis of a balance of interests to protect our legitimate interests

or use by third parties. This is done for the following purposes:

  • for the limited storage of your data if deletion is not possible or only possible with disproportionate effort due to the special type of storage
  • for the further development of services and products as well as existing systems and processes
  • for enriching our data by using or researching publicly available data
  • for statistical evaluations or for market analysis
  • for benchmarking
  • for the assertion of legal claims and defense in legal disputes that are not directly attributable to the contractual relationship
  • for obtaining information and exchanging data with credit agencies if this goes beyond our economic risk

2. Categories of personal data processed by us

The following data is processed:

  • Personal data (name, profession/industry and comparable data)
  • Contact details (address, email address, telephone number and comparable data)
  • customer history

We continue to process personal data from public sources (e.g. Internet, media, press, commercial and association registers, population registers, debtor directories, land registers).
If it is necessary for the provision of our service, we process personal data that we have lawfully received from third parties (e.g. address publishers, credit agencies).

3. Who receives your data?

We pass on your personal data within our company to those areas that need this data to fulfill contractual and legal obligations or to implement our legitimate interest.

In addition, the following bodies may receive your data:

  • Processors used by us (Art. 28 DS-GVO), service providers for supporting activities and other persons responsible within the meaning of the DS-GVO, especially in the area
    (e.g. IT services, external data centers, support/maintenance of EDP/IT applications, archiving, document processing, call center services, data destruction, purchasing/procurement, risk controlling, billing, telephony, website management, auditing services, banks, printers or data disposal company)
  • Public bodies and institutions in the event of a legal or official obligation, according to which we are obliged to provide information, report or pass on data or the data transfer is in the public interest
  • Bodies and institutions based on our legitimate interest or the legitimate interest of the third party (e.g. to authorities, credit agencies, debt collection, lawyers, courts, experts, affiliated companies and committees and supervisory bodies)
  • other bodies for which you have given us your consent to data transfer

4. Transfer of your data to a third country or to an international organization

Data processing outside the EU or the EEA does not take place (this is usually the case).

5. How long do we store your data?

If necessary, we process your personal data for the duration of our business relationship, this also includes the initiation and execution of a contract.
In addition, we are subject to various storage and documentation obligations, which result from the German Commercial Code (HGB) and the Fiscal Code (AO), among other things. The deadlines for storage and documentation specified there are up to ten years after the end of the business relationship or the pre-contractual legal relationship.
Ultimately, the storage period is also assessed according to the statutory limitation periods, which, for example, according to §§ 195 et seq. of the German Civil Code (Bürgerliches Gesetzbuch – BGB), can usually be three years, but can also be up to thirty years in certain cases.

6. To what extent is there automated decision-making in individual cases (including profiling)?

We do not use any purely automated decision-making processes in accordance with Article 22 GDPR. If we use these procedures in individual cases, we will inform you separately if this is required by law.

7. Your data protection rights

You have the right to information under Art. 15 GDPR, the right to rectification under Art. 16 GDPR, the right to deletion under Art. 17 GDPR, the right to restriction of processing under Art. 18 GDPR and the right to data portability under Art 20 GDPR. In addition, there is a right of appeal to a data protection supervisory authority (Art. 77 GDPR). According to Article 21 GDPR, you have the right to object to the processing of personal data by us. However, this right of objection only applies if there are very special circumstances in your personal situation, whereby the rights of our company may conflict with your right of objection. If you wish to assert one of these rights, please contact our data protection officer ( datenschutz@novazoon.de ).

8. Extent of your obligations to provide us with your data

You only need to provide the data that is required for establishing and conducting a business relationship or for a pre-contractual relationship with us or that we are legally obliged to collect. Without this data, we will generally not be able to conclude or execute the contract. This can also refer to data required later in the context of the business relationship. If we request additional data from you, you will be informed separately that the information is voluntary.

9. Information about your right of objection Art. 21 GDPR

You have the right at any time to object to the processing of your data, which is based on Art. 6 para. 1 f GDPR (data processing on the basis of a balance of interests) or Art. 6 para. 1 e GDPR (data processing in the public interest) to file an objection if there are reasons for this that arise from your particular situation. This also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

We may also process your personal data to conduct direct advertising. If you do not wish to receive any advertising, you have the right to object to this at any time. This also applies to profiling insofar as it is associated with such direct advertising. We will take this contradiction into account for the future.

We will no longer process your data for direct marketing purposes if you object to the processing for these purposes.
The objection can be sent informally to the email address datenschutz@novazoon.de take place.

10. Your right to lodge a complaint with the competent supervisory authority

You have the right to lodge a complaint with the data protection supervisory authority (Art. 77 GDPR). The supervisory authority responsible for us is:

For NOVAZOON GmbH
The State Commissioner for Data Protection and Freedom of Information
https://www.baden-wuerttemberg.datenschutz.de/

1. Processing purposes and legal basis

Your personal data will be processed in accordance with the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act BDSG and other relevant data protection regulations. The processing and use of the individual data depends on the agreed or requested service. In our contract documents, forms, declarations of consent and the other information made available to you (e.g. on the website or in the terms and conditions) you can find further details and supplements on the processing purposes.

1.1 Consent (Art. 6 Para. 1 Letter a GDPR)
If you have given us your consent to the processing of personal data, the respective consent is the legal basis for the processing mentioned there. You can revoke your consent at any time with effect for the future.

1.2 Fulfillment of contractual obligations (Article 6 (1) (b) GDPR)

We process your personal data to carry out our contracts with you, in particular as part of our order processing and use of services. Furthermore, your personal data will be processed to carry out measures and activities within the framework of pre-contractual relationships.

1.3 Fulfillment of legal obligations (Art. 6 Para. 1 c GDPR)

We process your personal data if this is necessary to fulfill legal obligations (e.g. commercial, tax laws).

The fulfillment of tax control and reporting obligations as well as the archiving of data for the purposes of data protection and data security as well as examination by tax and other authorities. In addition, the disclosure of personal data may become necessary as part of official/judicial measures for the purposes of gathering evidence, criminal prosecution or enforcing civil claims.

1.4 Legitimate interest of us or third parties (Art. 6 Para. 1 f GDPR)

We may also use your personal information based on a balance of interests to protect our legitimate interests or those of third parties. This is done for the following purposes:

  • for advertising or market research if you have not objected to the use of your data
  • for obtaining information and exchanging data with credit agencies if this goes beyond our economic risk
  • for the limited storage of your data if deletion is not possible or only possible with disproportionate effort due to the special type of storage
  • for enriching our data by using or researching publicly accessible data
  • for the assertion of legal claims and defense in legal disputes that are not directly attributable to the contractual relationship

We continue to process personal data from public sources (e.g. Internet, media, press, commercial and association registers, population registers, debtor directories, land registers). If it is necessary for the provision of our service, we process personal data that we have lawfully received from third parties (e.g. address publishers, credit bureaus)

2. Categories of personal data processed by us

The following data is processed:

  • Personal data (name, profession/industry and comparable data)
  • Contact details (address, email address, telephone number and comparable data)
  • supplier history

3. Who receives your data?

We pass on your personal data within our company to those areas that need this data to fulfill contractual and legal obligations or to implement our legitimate interest.

In addition, the following bodies may receive your data:

  • Processors used by us (Art. 28 GDPR), service providers for supporting activities and other persons responsible within the meaning of the GDPR, especially in the area
    (e.g. IT services, external data centers, support/maintenance of EDP/IT applications, document processing, data destruction, purchasing/procurement, risk controlling, billing, telephony, auditing services, banks, printers or data disposal companies, courier service)
  • Public bodies and institutions in the event of a legal or official obligation, according to which we are obliged to provide information, report or pass on data or the data transfer is in the public interest
  • Bodies and institutions based on our legitimate interest or the legitimate interest of the third party for the purposes specified under Section 3.5 (e.g. to authorities, credit agencies, debt collection, lawyers, courts, experts, group companies and committees and supervisory bodies)
  • other bodies for which you have given us your consent to data transfer

4. Transfer of your data to a third country or to an international organization

Data processing outside the EU or the EEA does not take place.

5. How long do we store your data?

If necessary, we process your personal data for the duration of our business relationship, this also includes the initiation and execution of a contract.
In addition, we are subject to various storage and documentation obligations, which result from the German Commercial Code (HGB) and the Fiscal Code (AO), among other things. The storage and documentation periods specified there are up to ten years after the end of the business relationship or the pre-contractual legal relationship.
Ultimately, the storage period is also assessed according to the statutory limitation periods, which, for example, according to §§ 195 et seq. of the German Civil Code (Bürgerliches Gesetzbuch – BGB), can usually be three years, but can also be up to thirty years in certain cases.

6. To what extent is there automated decision-making in individual cases (including profiling)?

We do not use any purely automated decision-making processes in accordance with Article 22 GDPR. If we use these procedures in individual cases, we will inform you separately if this is required by law.

7. Your data protection rights

You have the right to information under Art. 15 GDPR, the right to rectification under Art. 16 GDPR, the right to deletion under Art. 17 GDPR, the right to restriction of processing under Art. 18 GDPR and the right to data portability under Art 20 GDPR. In addition, there is a right of appeal to a data protection supervisory authority (Art. 77 GDPR). According to Article 21 GDPR, you have the right to object to the processing of personal data by us. However, this right of objection only applies if there are very special circumstances in your personal situation, whereby the rights of our company may conflict with your right of objection. If you wish to assert one of these rights, please contact our data protection officer ( datenschutz@novazoon.de ).

8. Extent of your obligations to provide us with your data

You only need to provide the data that is necessary for establishing and conducting a business relationship or for a pre-contractual relationship with us or that we are legally obliged to collect. Without this data, we will generally not be able to conclude or execute the contract. This can also refer to data required later in the context of the business relationship. If we request additional data from you, you will be informed separately that the information is voluntary.

9. Information about your right of objection Art. 21 GDPR

You have the right at any time to object to the processing of your data, which is based on Art. 6 para. 1 f GDPR (data processing on the basis of a balance of interests) or Art. 6 para. 1 e GDPR (data processing in the public interest) to file an objection if there are reasons for this that arise from your particular situation. This also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

The objection can be sent informally to the e-mail address datenschutz@novazoon.de take place.

10. Your right to lodge a complaint with the competent supervisory authority

You have the right to lodge a complaint with the data protection supervisory authority (Art. 77 GDPR). The supervisory authority responsible for us is:

For NOVAZOON GmbH
The State Commissioner for Data Protection and Freedom of Information
https://www.baden-wuerttemberg.datenschutz.de/

1. Processing purposes and legal basis

Your personal data will be processed in accordance with the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act BDSG and other relevant data protection regulations. In our contract documents, forms, declarations of consent and the other information made available to you (e.g. on the website or in the terms and conditions) you can find further details and supplements on the processing purposes.

1.1 Consent (Article 6 (1) (a) GDPR)

If you have given us your consent to the processing of personal data, the respective consent is the legal basis for the processing mentioned there. You can revoke your consent at any time with effect for the future. To revoke your consent, please send a declaration of revocation to datenschutz@novazoon.de .

1.2 Fulfillment of contractual obligations (Article 6 (1) (b) GDPR)

We process your personal data for the purpose of handling the application process. The processing can also take place electronically. This is particularly the case if you send us your application documents electronically, for example by e-mail or via a web form on the website.

1.3 Fulfillment of legal obligations (Art. 6 Para. 1 c GDPR)

We process your personal data if this is necessary to fulfill legal obligations.

1.4 Legitimate interest of us or third parties (Art. 6 Para. 1 f GDPR)

We may also use your personal information based on a balance of interests to protect our legitimate interests or those of third parties. This is done for the following purposes:

  • for the limited storage of your data if deletion is not possible or only possible with disproportionate effort due to the special type of storage

2. Categories of personal data processed by us

The following data is processed:

  • Name first Name
  • Contact details (e.g. email address, address, telephone number)
  • Complete application documents (e.g. CV, certificates, references)

3. Who receives your data?

We pass on your personal data within our company to those areas that need this data to fulfill contractual and legal obligations or to implement our legitimate interest. All employees entrusted with data processing are obliged to maintain the confidentiality of your data. We only pass on your personal data to affiliated companies and not to third parties, unless you have consented to the data being passed on or we are obliged to pass on data on the basis of legal provisions and/or official or court orders.

4. Transfer of your data to a third country or to an international organization

Data processing outside the EU or the EEA does not take place.

5. How long do we store your data?

If the person responsible for processing concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the person responsible for processing does not conclude an employment contract with the applicant, the application documents will be automatically deleted three months after notification of the rejection decision, provided that deletion does not conflict with any other legitimate interests of the person responsible for processing. Another legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).

6. To what extent is there automated decision-making in individual cases (including profiling)?

We do not use any purely automated decision-making processes in accordance with Article 22 GDPR. If we use these procedures in individual cases, we will inform you separately if this is required by law.

7. Your data protection rights

You have the right to information under Art. 15 GDPR, the right to rectification under Art. 16 GDPR, the right to deletion under Art. 17 GDPR, the right to restriction of processing under Art. 18 GDPR and the right to data portability under Art 20 GDPR.

In addition, there is a right of appeal to a data protection supervisory authority (Art. 77 GDPR). According to Article 21 GDPR, you have the right to object to the processing of personal data by us. However, this right of objection only applies if there are very special circumstances in your personal situation, whereby the rights of our company may conflict with your right of objection. If you wish to assert one of these rights, please contact our data protection officer ( datenschutz@novazoon.de ).

8. Extent of your obligations to provide us with your data

You only need to provide the data that is required for the application process. Without this data, we will generally not be able to conclude an employment contract with you. If we request additional data from you, you will be informed separately that the information is voluntary.

9. Your right to lodge a complaint with the competent supervisory authority

You have the right to lodge a complaint with the data protection supervisory authority (Art. 77 GDPR). The supervisory authority responsible for us is:

For NOVAZOON GmbH
The State Commissioner for Data Protection and Freedom of Information
https://www.baden-wuerttemberg.datenschutz.de/

1. Processing purposes and legal basis

Your personal data will be processed in accordance with the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act BDSG and other relevant data protection regulations. In our contract documents, forms, declarations of consent and the other information made available to you (e.g. on the website or in the terms and conditions) you can find further details and supplements on the processing purposes.

1.1 Consent (Art. 6 Para. 1 Letter a GDPR)

If you have given us your consent to the processing of personal data, the respective consent is the legal basis for the processing mentioned there. You can revoke your consent at any time with effect for the future.

1.2 Fulfillment of contractual obligations (Article 6 (1) (b) GDPR)

We process your personal data on the basis of our employment contracts with you. We need the data to maintain the employment relationship.

1.3 Fulfillment of legal obligations (Art. 6 Para. 1 c GDPR)

We process your personal data if this is necessary to fulfill legal obligations. Furthermore, we may process your data for identity checks, comparisons with European and international anti-terrorist lists, the fulfillment of tax control and reporting obligations and the archiving of data for the purposes of data protection and data security as well as examination by tax and other authorities. In addition, the disclosure of personal data may become necessary as part of official/judicial measures for the purposes of gathering evidence, criminal prosecution or enforcing civil claims.

2. Categories of personal data processed by us

The following data is processed:

  • Name first Name
  • Contact details (e.g. email address, address, telephone number)
  • Complete application documents (e.g. CV, certificates, references)
  • Social security data (e.g. date of birth, place of birth, name at birth, SV number, health insurance company, DEUEV data, marital status)
  • Accounting data (e.g. salary, wages, working hours, sick leave, holiday entitlement, bank details)

We continue to process personal data from public sources (e.g. internet, media, press).

3. Who receives your data?

We pass on your personal data within our company to those areas that need this data to fulfill contractual and legal obligations or to implement our legitimate interest.

In addition, the following bodies may receive your data:

  • Processors used by us (Art. 28 DS-GVO), service providers for supporting activities and other persons responsible within the meaning of the DS-GVO, especially in the area
    (e.g. IT services, external data centers, support/maintenance of EDP/IT applications, call center services, billing, telephony, auditing services, credit institutions, printers or data disposal companies, courier services)
  • Public bodies and institutions in the event of a legal or official obligation, according to which we are obliged to provide information, report or pass on data or the data transfer is in the public interest
  • Bodies and institutions based on our legitimate interest or the legitimate interest of third parties (e.g. to authorities, lawyers, courts, experts, affiliated companies and supervisory bodies)
  • other bodies for which you have given us your consent to data transfer

4. Transfer of your data to a third country or to an international organization

We only transmit data to secure third countries for which the EU Commission has decided that there is an appropriate level of protection (e.g. Switzerland) in a third country (Article 45 GDPR).

If the Commission has not taken such a decision, personal data may only be transferred if appropriate safeguards are in place (standard safeguard clauses) and enforceable rights and effective legal remedies are available (Art. 46 GDPR).

5. How long do we store your data?

If necessary, we process your personal data for the duration of our employment relationship.

In addition, we are subject to various storage and documentation obligations, which result from the legal framework, among other things. The deadlines specified there for storage and documentation are up to ten years after the end of the employment relationship.

Ultimately, the storage period is also assessed according to the statutory limitation periods, which, for example, according to §§ 195 et seq. of the German Civil Code (Bürgerliches Gesetzbuch – BGB), can usually be three years, but can also be up to thirty years in certain cases.

6. To what extent is there automated decision-making in individual cases (including profiling)?

We do not use any purely automated decision-making processes in accordance with Article 22 GDPR. If we use these procedures in individual cases, we will inform you separately if this is required by law.

7. Your data protection rights

You have the right to information under Art. 15 GDPR, the right to rectification under Art. 16 GDPR, the right to deletion under Art. 17 GDPR, the right to restriction of processing under Art. 18 GDPR and the right to data portability under Art 20 GDPR. In addition, there is a right of appeal to a data protection supervisory authority (Art. 77 GDPR). According to Article 21 GDPR, you have the right to object to the processing of personal data by us. However, this right of objection only applies if there are very special circumstances in your personal situation, whereby the rights of our company may conflict with your right of objection. If you wish to assert one of these rights, please contact our data protection officer ( datenschutz@novazoon.de ).

8. Extent of your obligations to provide us with your data

You only need to provide the data that is necessary for the establishment and execution of an employment relationship with us or that we are legally obliged to collect. Without this data, we will generally not be able to conclude an employment contract with you. If we request additional data from you, you will be informed separately that the information is voluntary.

9. Your right to lodge a complaint with the competent supervisory authority

You have the right to lodge a complaint with the data protection supervisory authority (Art. 77 GDPR). The supervisory authority responsible for us is:

For NOVAZOON GmbH
The State Commissioner for Data Protection and Freedom of Information
https://www.baden-wuerttemberg.datenschutz.de/