Data protection

Revoke tracking cookie consent

The use of the website is possible without any indication of personal data. However, if a data subject wants to use special contact features of our website, processing of personal data becomes necessary. If the processing of personal data is necessary and if there is no legal basis for such processing, the consent of the data subject will be obtained. 

DATA COLLECTION AND USE
After consent, further data is automatically collected by our IT systems when visiting the website. This is mainly technical data (e.g. internet browser, operating system or time of page view). The collection of this data helps us to operate the site in the best possible way.

The processing of personal data is carried out by the website operator. All contact details can be found in the imprint.

The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall be in line with the requirements of the General Data Protection Regulation and in accordance with the applicable country-specific data protection regulations. This data protection declaration is intended to inform the public about the nature, scope and purpose of the personal data we process. Furthermore, data subjects are informed of their rights by means of this data protection declaration.

Internet-based data transmissions can generally have security gaps, so that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to me by alternative means, for example by telephone or in person on site.

DEFINITION OF TERMS

This data protection declaration is based on the terms used by the European Directive and Ordinance Maker when adopting the General Data Protection Regulation (GDPR). We therefore use these terms in the following in this data protection declaration:

  • Personal Data
    Personal data means any information relating to an identified or identifiable natural person, i.e. the data subject. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • Data Subject
    Data subject is any identified or identifiable natural person whose personal data are processed by the controller.
  • Processing
    Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  • Controller or person responsible for processing
    The controller or person responsible for processing shall be the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.
  • Processor
    A processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.
  • Third Party
    Third party means a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorised to process the personal data under the direct responsibility of the controller or the processor.
  • Consent
    Consent is any freely given indication of the data subject's wishes for the specific case in an informed and unambiguous manner, in the form of a statement or any other unambiguous affirmative act by which the data subject indicates that he or she consents to the processing of personal data relating to him or her.

Name and Address of the responsible person

The person responsible within the meaning of the General Data Protection Regulation is:

Marlon Schrimpf

E-Mail: schrimpf@novelty-compliance.eu

Novelty Compliance

Wolf-Hirth-Str. 3

78713 Schramberg (Germany)

DATA COLLECTION THROUGH SERVER LOG FILES

The provider of the pages automatically collects and stores information in so-called server log files, which the browser of the person concerned automatically transmits to us. These are:

  • Browsertype and Browserversion
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP-Address

These data will not be merged.

The basis for data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.

DATA COLLECTION THROUGH ANALYSIS TOOLS

When you visit our website, your usage behaviour can be statistically evaluated. This is usually done by analysis programmes. The analysis of your usage behaviour is usually anonymous; the usage behaviour cannot be traced back to you and is behaviour cannot be traced back to you and is limited to the activities on this website. You can object to this analysis or prevent it by prevent it by not using certain tools.

If your personal data are processed for advertising purposes, you have the right toobjectany time to the processing of personal data concerning you for the purpose of such advertising You have the right to object to the processing of your personal data at any time.

SSL / TSL ENCRYPTION

For security reasons and to protect the transmission of confidential content, such as enquiries that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

For free information about your data, blocking, deletion or correction of your data, you can contact us at any time via the address given in the imprint.

OBJECTION TO UNSOLICITED ADVERTISING

The use of the published contact data in the imprint for sending unsolicited advertising and information material is prohibited. In the event of infringement, the operators reserve the right to take legal action (e.g. in the case of sending unsolicited advertising or spam).

DATA COLLECTION ON THIS WEBSITECOOKIES

This website uses cookies. Cookies do not damage your computer and do not contain viruses. Cookies are used to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called "session cookies". They are automatically deleted at the end of your visit. Other cookies remain stored on your terminal device until you delete them. These cookies enable us to recognise your browser on your next visit.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or generally and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.

Cookies that are required to carry out the electronic communication process or to provide certain functions you have requested (e.g. shopping cart function) are stored on the basis of Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in storing cookies for the technically error-free and optimised provision of its services. Insofar as other cookies (e.g. cookies to analyse your surfing behaviour) are stored, these are treated separately in this data protection declaration.

ENQUIRIES VIA THE CONTACT FORM, BY E-MAIL, FAX OR TELEPHONE

In the event of a targeted contact with us, personal data will be collected, stored and processed. The data will not be passed on to third parties without your consent.

SOCIAL MEDIA AND SOCIAL NETWORKS

Social-Media-Plugins with Shariff

Plugins from social media are used on our pages (e.g. Facebook, Google+, Instagram, Pinterest, XING, LinkedIn, ).

You can usually recognise the plugins by the respective social media logos. To ensure data protection on our website, we only use these plugins together with the so-called "Shariff" solution. This application prevents the plugins integrated on our website from transmitting data to the respective provider when you first enter the page.

Only when you activate the respective plugin by clicking the associated button, a direct connection to the provider's server is established (consent). As soon as you activate the plugin, the respective provider receives the information that you have visited our site with your IP address. If you are logged into your respective social media account (e.g. Facebook) at the same time, the respective provider can assign the visit to our pages to your user account.

ctivating the plugin constitutes consent within the meaning of Art. 6 para. 1 lit. a DSGVO. You can revoke this consent at any time with effect for the future.

THIRD PARTY PROVIDER

Legal Basis

The data processing is based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time. The legality of the data processing operations already carried out remains unaffected by the revocation.

Storage period

The data you provide us with for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data that has been stored by us for other purposes remains unaffected by this.

After you have unsubscribed from the newsletter distribution list, your email address will be stored by us or the newsletter service provider in a blacklist, if necessary, in order to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.

Conclusion of a contract on commissioned processing

We have concluded an order processing contract with the provider ActiveCampaign and fully implement the strict requirements of the German data protection authorities when using ActiveCampaign.

ANALYSIS TOOLS AND ADVERTISING

Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics uses "cookies". The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there.

The storage of Google Analytics cookies and the use of this analysis tool are based on Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

IP anonymisation

We have activated the IP anonymisation function on this website. This means that your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Browser Plugin

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de. https://tools.google.com/dlpage/gaoptout?hl=de.

Objection to data collection

You can find more information on how Google Analytics handles user data in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de. https://support.google.com/analytics/answer/6004245?hl=de.

Job processing

We have concluded an order processing contract with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Demographic characteristics in Google Analytics

This website uses the "demographic characteristics" function of Google Analytics. This allows reports to be generated that contain statements about the age, gender and interests of site visitors. This data comes from interest-based advertising from Google as well as visitor data from third-party providers. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as shown in the item "Objection to data collection".

Storage period

Data stored by Google at user and event level that are linked to cookies, user identifiers (e.g. user ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) are anonymised or deleted after 14 months. Details can be found under the following link: https://support.google.com/analytics/answer/7667196?hl=de

ROUTINE DELETION AND BLOCKING OF PERSONAL DATA

The controller processes and stores this website personal data of the data subject only for the time necessary to achieve the purpose of storage or where provided for by the European Directive and Regulation or other legislator in laws or regulations to which the controller is subject.

If the purpose of storage no longer applies or if a storage period prescribed by the European Directive and Regulation or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

RIGHTS OF THE DATA SUBJECT

o   Right to obtain confirmation
Any data subject shall have the right, granted by the European Directive and the Regulation, to obtain confirmation from the controller as to whether personal data concerning him or her are being processed. If a data subject wishes to exercise this right of confirmation, he or she may, at any time, contact any employee of the controller.

Any person concerned by the processing of personal data has the right granted by the European Directive and Regulation to obtain at any time from the controller, free of charge, information about the personal data stored concerning him or her, as well as a copy of that information. Furthermore, the European legislator has granted the data subject access to the following information: the purposes of the processing - the categories of personal data processed - the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organisations - if possible, the planned duration for which the personal data will be stored, or,this is not possible, the criteria for determining this duration - the existence of a right to rectify or erase the personal data concerning them or to have the processing restricted by the controller or to object to such processing -the existence of a right of appeal to a supervisory authority - if the personal data are not collected from the data subject: Any available information on the origin of the data Furthermore, the data subject shall have a right of access to whether personal data have been transferred to a third country or to an international organisation. If this is the case, the data subject also has the right to obtain information on the appropriate safeguards in relation to the transfer. If a data subject wishes to exercise this right of access, he or she may contact the staff of the controller at any time.

o   Right of rectification
Any person concerned by the processing of personal data has the right granted by the European Directive and Regulation to obtain the rectification without delay of inaccurate personal data concerning him or her. Furthermore, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration, taking into account the purposes of the processing. If a data subject wishes to exercise this right of rectification, he or she may, at any time, contact any employee of the controller.

o   Right of Deletion
Any person concerned by the processing of personal data has the right, granted by the European Directive and Regulation, to obtain from the controller the erasure without delay of personal data concerning him or her, where one of the following grounds applies and to the extent that processing is no longer necessary:
- The personal data were collected or otherwise processed for such purposes for which they are no longer necessary.
- The data subject withdraws his or her consent on which the processing was based pursuant to Art. 6(1a) GDPR and there is no other legal basis for the processing.
- The personal data have been processed unlawfully.
- The erasure of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.

o   Right to restriction of processing
Any person concerned by the processing of personal data has the right, granted by the European Directive and Regulation, to obtain from the controller the restriction of processing where one of the following conditions is met:
The accuracy of the personal data is contested by the data subject for a period enabling the controller to verify the accuracy of the personal data.
- The processing is unlawful, the data subject objects to the erasure of the personal data and requests instead the restriction of the use of the personal data.
The controller no longer needs the personal data for the purposes of the processing, but the data subject needs it for the assertion, exercise or defence of legal claims.
- The data subject has objected to the processing pursuant to Article 21(1) of the GDPR and it is not yet clear whether the legitimate grounds of the controller override those of the data subject.
If one of the aforementioned conditions is met, and a data subject wishes to request the restriction of personal data stored, he or she may, at any time, contact any employee of the controller. They will arrange the restriction of the processing.

o   Right to data portability
Every person affected by the processing of personal data has the right granted by the European Directive and Regulation to receive the personal data concerning him or her, which have been provided by the data subject to a controller, in a structured, commonly used and machine-readable format. The data subject shall also have the right to transmit such data to another controller without hindrance from the controller to whom the personal data have been provided, provided that the processing is based on consent pursuant to Article 6(1)(a) of the GDPR or on a contract pursuant to Article 6(1)(b) of the GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. Furthermore, when exercising the right to data portability pursuant to Article 20(1) of the GDPR, the data subject shall have the right to obtain the direct transfer of personal data from one controller to another controller where technically feasible and provided that this does not adversely affect the rights and freedoms of other persons. In order to assert the right to data portability, the data subject may at any time contact the employees of the controller.

o   Right to withdraw consent under data protection law
Any person affected by the processing of personal data has the right granted by the European Directive and Regulation to withdraw consent to the processing of personal data at any time If the data subject wishes to exercise the right to withdraw consent, he or she may, at any time, contact the staff of the controller.