PRIVACY POLICY

 

 

Privacy Policy

We hereby inform you in accordance with the legal requirements of data protection laws (in particular the German Federal Data Protection Act, “BDSG,” and the European General Data Protection Regulation, “GDPR”) about the nature, scope, and purpose of the processing of personal data by our company. This privacy policy also applies to our websites and social media profiles. For the definition of terms such as “personal data” or “processing,” please refer to Article 4 of the GDPR.

Name and contact details of the data controller for this privacy policy

Our data controller (hereinafter referred to as the “Controller”) within the meaning of Article 4(7) of the GDPR is:

scalean.de, a part of NVCE GmbH
Große Brunnenstraße 34
22763 Hamburg, Germany
Managing Director: Mr. Arvid John
Commercial register number: HRB 124547
Registry court: Hamburg
Email address: info@nvce.eu

Data Protection Officer

Mr. Arvid John
Große Brunnenstraße 34
22763 Hamburg, Germany
info@nvce.eu

Types of data, purposes of processing, and categories of data subjects

Below, we will inform you about the types, scope, and purpose of the collection, processing, and use of personal data.

  1. Types of data we process

Usage data (access times, visited websites, etc.), inventory data (name, address, etc.), contact details (phone number, email, fax, etc.).

  1. Purposes of processing according to Article 13(1)(c) of the GDPR

Optimizing the website technically and economically, enabling easy access to the website, optimizing and statistically evaluating our services, improving user experience, designing the website user-friendly, preventing spam and abuse, processing contact inquiries, ensuring uninterrupted and secure operation of our website.

  1. Categories of data subjects according to Article 13(1)(e) of the GDPR

Visitors/users of the website, interested parties. The data subjects will be collectively referred to as “Users.”

Legal basis for the processing of personal data

Below, we inform you about the legal basis for the processing of personal data:

  1. If we have obtained your consent for the processing of personal data, Article 6(1)(a) of the GDPR serves as the legal basis.
  2. If the processing is necessary for the performance of a contract or for pre-contractual measures upon your request, Article 6(1)(b) of the GDPR serves as the legal basis.
  3. If the processing is necessary for compliance with a legal obligation to which we are subject (e.g., statutory retention obligations), Article 6(1)(c) of the GDPR serves as the legal basis.
  4. If the processing is necessary to protect the vital interests of the data subject or another natural person, Article 6(1)(d) of the GDPR serves as the legal basis.
  5. If the processing is necessary for the purposes of our legitimate interests or the legitimate interests of a third party, and your interests or fundamental rights and freedoms do not override those interests, Article 6(1)(f) of the GDPR serves as the legal basis.

Disclosure of personal data to third parties and processors

We generally do not disclose data to third parties without your consent. If such disclosure does occur, it is based on the aforementioned legal bases, for example, when data is disclosed to online payment providers for contract fulfillment or due to a court order or legal obligation to disclose data for the purpose of law enforcement, danger prevention, or enforcement of intellectual property rights.

We also use processors (external service providers, such as web hosting providers for our websites and databases) to process your data. If data is disclosed to processors as part of an agreement for order processing, this is done in accordance with Article 28 of the GDPR. We carefully select processors, regularly control them, and have the right to issue instructions regarding the data. Moreover, processors must have implemented suitable technical and organizational measures and comply with the data protection regulations pursuant to the BDSG and GDPR.

Transfer of data to third countries

With the adoption of the European General Data Protection Regulation (GDPR), a uniform basis for data protection in Europe was created. Therefore, your data is primarily processed by companies for which the GDPR applies. If data is processed by services of third parties outside the European Union or the European Economic Area, they must fulfill the specific requirements of Articles 44 et seq. of the GDPR. This means that data processing is carried out based on special guarantees, such as an officially recognized determination of a data protection level corresponding to the EU or compliance with officially recognized specific contractual obligations, the so-called “standard contractual clauses.”

If, due to the invalidity of the so-called “Privacy Shields,” we obtain your explicit consent pursuant to Article 49(1)(a) of the GDPR for the transfer of data to the USA, we inform you about the risk of secret access by US authorities and the use of the data for monitoring purposes, possibly without legal recourse options for EU citizens.

Deletion of data and retention period

Unless expressly stated in this privacy policy, your personal data will be deleted or blocked as soon as the purpose of storage ceases to apply, the consent for processing is revoked, or the data is no longer necessary for the intended purpose, unless its further retention is necessary for evidentiary purposes or due to legal storage obligations. This includes, for example, commercial retention obligations for business letters according to § 257(1) of the German Commercial Code (6 years) and tax retention obligations for receipts according to § 147(1) of the German Fiscal Code (10 years). After the prescribed retention period expires, your data will be automatically blocked or deleted, unless its storage is still necessary for concluding a contract or fulfilling a contract.

Existence of automated decision-making

We do not use automated decision-making or profiling.

Provision of our website and creation of log files

  1. If you only use our website for informational purposes (i.e., no registration or other transmission of information), we only collect the personal data that your browser transmits to our server. When you want to view our website, we collect the following data:
    • IP address;
    • Internet service provider of the user;
    • Date and time of access;
    • Browser type;
    • Language and browser version;
    • Content accessed;
    • Time zone;
    • Access status/HTTP status code;
    • Data volume;
    • Websites from which the request originates;
    • Operating system.
  2. These data serve the purpose of delivering our website to you in a user-friendly, functional, and secure manner, including features and content, as well as optimizing and statistically evaluating it.
  3. The legal basis for this is our legitimate interest in data processing pursuant to Article 6(1)(f) of the GDPR, which is also reflected in the aforementioned purposes.
  4. For security reasons, we store this data in server log files for a period of 30 days. After this period, the data is automatically deleted, unless we need to retain it for evidentiary purposes in the event of attacks on the server infrastructure or other violations of the law.

Cookies

  1. We use cookies when you visit our website. Cookies are small text files that your internet browser stores on your computer. When you revisit our website, these cookies provide information to automatically recognize you. Among the cookies are “user IDs” where user information is stored using pseudonymized profiles. When you visit our website, we inform you about the use of cookies for the purposes mentioned above and how you can object to or prevent their storage (“opt-out”) through a notice in our privacy policy.

The following types of cookies are distinguished:

  • Necessary, essential cookies: Essential cookies are cookies that are absolutely necessary for the operation of the website to store certain functions of the website, such as logins, shopping carts, or user input regarding the language of the website.
  • Session cookies: Session cookies are required to recognize multiple uses of an offering by the same user (e.g., when you log in to determine your login status). When you revisit our site, these cookies provide information to automatically recognize you. The information obtained in this way is used to optimize our offers and provide you with easier access to our site. When you close your browser or log out, the session cookies are deleted.
  • Persistent cookies: These cookies are stored even after closing the browser. They are used for storing login information, measuring reach, and marketing purposes. They are automatically deleted after a predetermined period, which may vary depending on the cookie. You can delete the cookies at any time in your browser’s security settings.
  • Third-party cookies (especially from advertisers): According to your preferences, you can configure your browser settings to reject the acceptance of third-party cookies or all cookies. However, we would like to point out that you may not be able to use all the functions of this website to their full extent. For more information about these cookies, please refer to the respective privacy policies of the third-party providers.
  1. Data Categories: User data, cookies, user ID (including visited pages, device information, access times, and IP addresses).
  2. Purposes of Processing: The information obtained in this way is used to optimize our web offerings technically and economically and to provide you with easier and secure access to our website.
  3. Legal Bases: If we process your personal data using cookies based on your consent (“opt-in”), Art. 6(1)(a) GDPR is the legal basis. Otherwise, we have a legitimate interest in the effective functionality, improvement, and economic operation of the website, so in this case, the legal basis is Art. 6(1)(f) GDPR. The legal basis is also Art. 6(1)(b) GDPR if cookies are set to initiate a contract, e.g., when placing orders.
  4. Storage Duration/Deletion: The data will be deleted as soon as it is no longer necessary for the purpose of its collection. In the case of collecting data to provide the website, this occurs when the respective session is ended. Otherwise, cookies are stored on your computer and transmitted to our site. As a user, you also have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Stored cookies can be deleted at any time, including automatically. If cookies for our website are deactivated, it may not be possible to use all the functions of the website to their full extent. Here you can find information on how to delete cookies in different browsers: Chrome: https://support.google.com/chrome/answer/95647 | Safari: https://support.apple.com/de-at/guide/safari/sfri11471/mac | Firefox: https://support.mozilla.org/de/kb/cookies-und-website-daten-in-firefox-loschen | Internet Explorer: https://support.microsoft.com/de-at/help/17442 | Microsoft Edge: https://support.microsoft.com/de-at/help/4027947/windows-delete-cookies
  5. Opposition and Opt-Out: You can generally prevent the storage of cookies on your hard drive by choosing “do not accept cookies” in your browser settings, regardless of consent or legal permission. However, this may result in a functional limitation of our offerings. You can object to the use of cookies from third-party providers for advertising purposes via an “opt-out” through this American website (https://optout.aboutads.info) or this European website (http://www.youronlinechoices.com/de/praferenzmanagement/).

Cookie Consent Solutions

Borlabs Cookie

  1. We have integrated the Borlabs Cookie Consent plugin for WordPress (service provider: Borlabs – Benjamin A. Bornschein, Georg-Wilhelm-Str. 17, 21107 Hamburg) on our website as a consent management service.2. Categories of Data and Description of Data Processing: Cookies, date and time of visit, device information, browser information, anonymized IP address, opt-in and opt-out data. Through this service, we can obtain your consent for the storage of cookies and document it. In addition, a cookie is stored in your browser to associate the given consent or its revocation with you. Further information can be found in Borlabs’ privacy policy here: https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/.
  2. Purposes of Data Processing: Compliance with legal obligations, consent management.
  3. Legal Basis: The legal basis for processing personal data is our legitimate interest in the purposes mentioned above, in accordance with Art. 6(1)(f) of the General Data Protection Regulation (GDPR), as well as the fulfillment of legal obligations under Art. 6(1)(c) of the GDPR.
  4. Storage Duration: Data is stored until you delete the Borlabs cookie in your browser yourself or the purpose for data storage no longer exists. The evidence of a previously given consent is kept for a period of three years. This storage is based on our accountability obligations under Art. 5(2) of the GDPR and the statutory limitation period.
  5. Data Transfer/Recipient Category: Data is not shared with Borlabs.

Use of Blog Functions/Comments:

  1. You can leave public comments on our blog, which contains posts related to topics on our website. You can use a pseudonym instead of your real name. Your comment will then be published under the pseudonym. Providing your email address is mandatory, while all other information is voluntary.
  2. When you submit a comment, we store your IP address, date, and time, which we delete after 30 days. This storage serves the legitimate interest of defending against claims from third parties in case of the publication of unlawful or false content by you. We store your email address for the purpose of contacting you in case third parties legally challenge your comments.
  3. Legal Basis: The legal basis for processing data is Art. 6(1)(b) and (f) of the GDPR.
  4. We do not review your comments before publication. In the event of complaints from third parties, we reserve the right to delete your comments. We do not disclose the data to third parties unless necessary to pursue our claims or there is a legal obligation (Art. 6(1)(c) of the GDPR).
  5. The data will be deleted as soon as it is no longer necessary for the purpose of collection or the performance of the contract because the contract has been terminated.

Contact via Contact Form / Email / Fax / Post

  1. When contacting us via contact form, fax, post, or email, your information will be processed for the purpose of handling the contact request.
  2. The legal basis for processing the data is your consent, if given (Art. 6(1)(a) of the GDPR). The legal basis for processing the data transmitted in the course of a contact request, email, letter, or fax is our legitimate interest in responding to user inquiries, preserving evidence for liability reasons, and, if necessary, fulfilling our legal obligations for business letters (Art. 6(1)(f) of the GDPR). If the contact aims to conclude a contract, an additional legal basis for the processing is Art. 6(1)(b) of the GDPR.
  3. We may store your information and contact request in our Customer Relationship Management (CRM) system or a comparable system.
  4. The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. For the personal data provided via the contact form and those sent by email, this is the case when the respective conversation with you has ended. The conversation is deemed to have ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified. We store inquiries from users who have an account or contract with us for a period of two years after the termination of the contract. In the case of legal archiving obligations, deletion takes place after the expiry of these obligations: end of commercial (6 years) and tax (10 years) retention periods. You have the option to withdraw your consent for the processing of personal data at any time in accordance with Art. 6(1)(a) of the GDPR. If you contact us by email, you can also object to the storage of your personal data at any time.

Contact via Telephone

  1. When contacting us by telephone, your telephone number will be processed for the purpose of handling the contact request and its processing. It will be temporarily stored in the RAM/cache of the telephone device/display. Storage is done for liability and security reasons, to provide evidence of the call, and for economic purposes to enable a callback. In the case of unauthorized marketing calls, we block the numbers.
  2. The legal basis for processing the telephone number is our legitimate interest (Art. 6(1)(f) of the GDPR). If the contact aims to conclude a contract, an additional legal basis for the processing is Art. 6(1)(b) of the GDPR.
  3. The device cache stores calls for 30 days and gradually overwrites or deletes old data. When disposing of the device, all data is deleted, and the memory may be destroyed if necessary. Blocked telephone numbers are checked annually for the need for blocking.
  4. You can prevent the display of your telephone number by calling with a suppressed number.

Google Analytics

  1. We have integrated the website analytics tool “Google Analytics” (service provider: Google Ireland Limited, Registration No.: 368047, Gordon House, Barrow Street, Dublin 4, Ireland) on our website.
  2. Categories of data and description of data processing: User ID, IP address (anonymized). When you visit our website, Google sets a cookie on your computer to analyze your use of our website. We have enabled IP anonymization (“anonymizeIP”), which means that IP addresses are only processed in shortened form. On this website, your IP address is therefore shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compile reports on website activity, and provide the website operator with other services related to website activity and internet usage. We have also enabled cross-device analysis of website visitors, which is performed using a user ID. The IP address transmitted by your browser within the scope of Google Analytics is not associated with other data from Google. For more information about data usage by Google Analytics, please visit: https://www.google.com/analytics/terms/us.html (Terms of Service for Analytics), https://support.google.com/analytics/answer/6004245?hl=en (Privacy Policy for Analytics), and Google’s Privacy Policy: https://policies.google.com/privacy.
  3. Purpose of processing: The use of Google Analytics is for the purpose of analyzing, optimizing, and improving our website.
  4. Legal bases: If you have given your consent for the processing of your personal data using “Google Analytics” by the third-party provider (“opt-in”), then Art. 6(1)(a) of the GDPR is the legal basis. Furthermore, the legal basis for data processing lies in our legitimate interest (analysis, optimization, and improvement of our website) pursuant to Art. 6(1)(f) of the GDPR. For services provided in connection with a contract, tracking and analysis of user behavior are based on Art. 6(1)(b) of the GDPR to offer optimized services for the fulfillment of the contract purpose.
  5. Storage period: The data sent by us and linked to cookies, user IDs (e.g., User-ID), or advertising IDs are automatically deleted after months. Data that has reached its retention period is automatically deleted once a month.
  6. Data transfer/recipient category: Google, Ireland, and the USA. We have also entered into an agreement with Google for order processing pursuant to Art. 28 of the GDPR.
  7. Options for objection and removal (“opt-out”):

You can generally prevent cookies from being stored on your hard drive by selecting “do not accept cookies” in your browser settings. However, this may result in a limitation of the functions we offer. Furthermore, you can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en. As an alternative to the browser plugin mentioned above, you can click [__insert here the Analytics Opt-Out link of your website] to prevent the collection of data by Google Analytics on this website in the future. By clicking on the link, an “opt-out” cookie is set, which prevents the collection of your data during future visits to this website. This cookie is valid only for our website and your current browser and will only last until you delete your cookies. In this case, you would have to set the cookie again. You can deactivate cross-device user analysis in your Google account under “My Data > Personal Data”.

Google reCAPTCHA

  1. We have integrated the anti-spam function “reCAPTCHA” by “Google” (provider: Google Ireland Limited, registration number: 368047, Gordon House, Barrow Street, Dublin 4, Ireland) on our website.
  2. Data category and description of data processing: Usage data (e.g., accessed web page, IP address). By using “reCAPTCHA” in our forms, we can determine whether the input was made by a machine (robot) or a human. When using the service, your IP address and, if necessary, other data required for this purpose may be transferred to Google servers in the United States.
  3. Purpose of processing: Prevention of spam and abuse, as well as our legitimate interest in optimizing our website.
  4. Legal basis: If you have given your consent (opt-in) for the processing of your personal data by means of “reCAPTCHA” from the third-party provider, the legal basis is Art. 6(1)(a) of the General Data Protection Regulation (GDPR). Furthermore, the legal basis is our legitimate interest in the data processing for the purposes stated above, pursuant to Art. 6(1)(f) of the GDPR.
  5. Data transfer/Recipient category: Third-party provider in the United States.
  6. Storage duration: Until the cookies are deleted by you as the user.
  7. Further information about Google reCAPTCHA can be found at https://www.google.com/recaptcha/ and in Google’s Privacy Policy at https://policies.google.com/privacy.

Presence on Social Media

  • We maintain profiles or fan pages on social media platforms. When you use and visit our profile on the respective network, the privacy policies and terms of use of the respective network apply.
  • Data categories and description of data processing: Usage data, contact data, content data, master data. Furthermore, user data is typically processed within social networks for market research and advertising purposes. Based on user behavior and resulting interests, user profiles can be created. These user profiles can then be used, for example, to display advertisements within and outside the networks that are likely to correspond to the users’ interests. For these purposes, cookies are usually stored on users’ computers, in which their usage behavior and interests are stored. In addition, data can be stored in the user profiles regardless of the devices used by the users (especially if the users are members of the respective platforms and logged in to them). For a detailed description of the respective processing methods and the options for objection (opt-out), we refer to the privacy policies and information provided by the operators of the respective networks. We also want to point out that requests for information and the exercise of data subject rights are most effectively addressed to the providers. Only the providers have access to the users’ data and can take appropriate measures and provide information. If you still need assistance, you can contact us.
  • Purpose of processing: Communication with users connected and registered on social networks; information and advertising for our products, offers, and services; external presentation and image maintenance; evaluation and analysis of users and content of our presence on social media.
  • Legal basis: The legal basis for the processing of personal data is our legitimate interest as stated above, pursuant to Art. 6(1)(f) of the GDPR. If you have given us or the controller of the social network your consent to the processing of your personal data, the legal basis is Art. 6(1)(a) in conjunction with Art. 7 of the GDPR.
  • Data transfer/Recipient category: Social network.
  • The privacy policies, options for information, and options for objection (opt-out) of the respective networks/service providers can be found here:

XING – Service Provider: XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany – Privacy Policy / Opt-Out: https://privacy.xing.com/en/privacy-policy.

LinkedIn – Service Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland – Privacy Policy: https://www.linkedin.com/legal/privacy-policy, Cookie Policy and Opt-Out: https://www.linkedin.com/legal/cookie-policy.

Rights of the Data Subject

  1. Objection or Revocation of Data Processing

If the processing is based on your consent according to Art. 6(1)(a), Art. 7 of the General Data Protection Regulation (GDPR), you have the right to revoke your consent at any time. The lawfulness of the processing carried out based on your consent before its revocation shall remain unaffected. If we base the processing of your personal data on the balancing of interests according to Art. 6(1)(f) GDPR, you can object to the processing. This is the case when the processing is not necessary for the performance of a contract with you, as explained in detail in the following description of the functions. If you exercise your right to object, we request that you provide us with the reasons why we should not process your personal data as we have done. After reviewing your objection, we will either stop or adjust the data processing, or demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms. You can object to the processing of your personal data for advertising and data analysis purposes at any time. You can exercise your right to object free of charge. You can inform us about your objection to advertising using the following contact details:

NVCE GmbH
Große Brunnenstraße 34
22763 Hamburg, Germany
Managing Director: Mr. Arvid John
Commercial Register No.: HRB 124547
Court of Registration: Hamburg
Email Address: info@nvce.eu

  1. Right to Information

You have the right to request confirmation from us as to whether we are processing personal data concerning you. If this is the case, you have the right to obtain information about your personal data stored by us, in accordance with Art. 15 GDPR. This includes information about the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipients to whom the personal data have been or will be disclosed, the envisaged storage period, the origin of the data if it was not collected directly from you, and other relevant information.

  1. Right to Rectification

You have the right to request the correction of inaccurate personal data concerning you or the completion of incomplete personal data, in accordance with Art. 16 GDPR.

  1. Right to Erasure

You have the right to request the erasure of your personal data stored by us, in accordance with Art. 17 GDPR, unless legal or contractual retention periods or other legal obligations or rights for further storage oppose this.

  1. Right to Restriction of Processing

You have the right to request the restriction of the processing of your personal data if one of the conditions set out in Art. 18(1)(a) to (d) GDPR is met:

  • If you contest the accuracy of your personal data for a period enabling the controller to verify the accuracy of the personal data;
  • If the processing is unlawful, and you oppose the erasure of the personal data and request the restriction of their use instead;
  • If the controller no longer needs the personal data for the purposes of the processing but you require them for the establishment, exercise, or defense of legal claims; or
  • If you have objected to processing pursuant to Art. 21(1) GDPR, pending the verification whether the legitimate grounds of the controller override your grounds.
  1. Right to Data Portability

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format or to request the transmission of those data to another controller, in accordance with Art. 20 GDPR.

  1. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority. You can usually contact the supervisory authority in the member state of your habitual residence, place of work, or the place of the alleged infringement.

Data Security

To protect all personal data transmitted to us and to ensure that the data protection regulations are complied with by us and our external service providers, we have implemented appropriate technical and organizational security measures. Among other things, all data transmitted between your browser and our server is encrypted via a secure SSL connection.

 

As of: June 16, 2023