+ Information Obligations
Information on the Collection and Processing of your personal dataCare and transparency is the basis for a trusting cooperation with our customers. We therefore inform you about how we process your data and how you can exercise your rights under the General Data Protection Regulation (GDPR). Which personal data we process for what purpose depends on the respective contractual relationship.
1. Who is responsible for the processing?The controller is:Novatec Holding GmbH
D-70771 Leinfelden-EchterdingenAnd subsidiaries:
- Novatec Consulting GmbH
- Novatec Solutions GmbH
- Novatec Software Engineering Espana S.L.
2. How can I contact the data protection officer?You can reach our data protection officer (DPO) as follows:Lisa Rehkugler
Novatec Holding GmbH
D-70771 Leinfelden-EchterdingenE-Mail: email@example.com
3. Which personal data do we use?If you have an enquiry, have us prepare an offer or conclude a contract with us, we will process your personal data. In addition, we process your personal data, among other things, to fulfil legal obligations, to protect a legitimate interest or on the basis of a consent given by you. Depending on the legal basis, the categories of personal data are as follows:
Further categories of personal data are specified in the individual order processing contract depending on the customer's order. In the course of contract initiation, we also use data provided to us by third parties. Depending on the type of contract, the following categories of personal data are involved:
- Name, Surname
- Communication Data (telephone, e-mail-address)
- Date of birth
- Contract master data, especially contract number, duration, period of notice, type of contract
- Data on creditworthiness
- Invoice data / turnover data
- Payment data / account data
- Account information, in particular registration and logins
- Video and image recordings
- For registrations for training courses with meals
- o eating habits and intolerances
- Information on creditworthiness (via a credit agency)
4. From which sources does the data come?We process personal data that we receive from our customers, service providers and our suppliers.We also obtain your data from the following sources:
- Credit agency
- Publicly accessible sources: commercial or association registers, debtor registers, land registers
- Other Group companies
5. For what purposes do we process your data and on what legal basis?We process your personal data in particular in compliance with the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) as well as all other relevant laws.
5.1 Data processing on the basis of a consent given by you (Art. 6 para. 1 lit. a GDPR)If you have given us your voluntary consent to the collection, processing or transfer of certain personal data, then this consent forms the legal basis for the processing of this data.In the following cases we process your personal data on the basis of your consent:
- Sending an e-mail newsletter
- Personalized newsletter tracking
- Market research (e.g. customer satisfaction surveys)
- Marketing and advertising of customer profiles
- Publication of a customer reference (name and picture)
- Image and sound recordings of events
5.2 For the performance of a contract (Art. 6 para. 1 lit. b GDPR)Components are individually defined between the parties in a separate contracts.
5.3 To fulfil legal obligations (Art. 6 para. 1 lit. c GDPR) As a company we are subject to various legal obligations. The processing of personal data may be necessary to fulfil these obligations.
- Control and reporting obligations
- Creditworthiness, age and identity checks
- Prevention of criminal acts
5.4 On the basis of a legitimate interest of the controller (Art. 6 para. 1 lit. f GDPR)In certain cases we process your data to protect our legitimate interests or that of third parties:
- Direct advertising and opinion research
- Central customer data management within the Group
- Measures for building and plant safety
- Video surveillance for the protection of domiciliary rights
- Consultation and data exchange with credit agencies to determine creditworthiness and default risks
- Ensuring IT security and IT operation
6. To whom will your data be passed on?In order to fulfil our contractual and legal obligations, we will pass on your data to different public and internal places, as well as external service providers. Companies within the Group:
External Service Providers:
- Novatec Consulting GmbH
- Novatec Solutions GmbH
- Novatec Software Engineering Espana S.L.
Public bodies and authorities:Furthermore, we may also be obliged to transfer you data to other recipients, such as public authorities zu fulfil legal notification obligations.
- IT service providers (e.g. maintenance service providers, hosting service providers)
- Service provider for file and data destruction
- Printing services
- Payment service providers
- Service Provider for Marketing or Sales
- Credit agencies
- Authorized dealers
- Service provider for telephone support (Call-Center)
- Web hosting service provider
- Letter shops
- Auditors and accountants
- Tax authority
- Social insurance agency
- law enforcement agencies
7. Will your data be transferred to countries outside the European Union (so-called third countries)?Countries outside the European Union (and the European Economic Area "EEA") handle the protection of personal data differently from countries within the European Union. We also use service providers located in third countries outside the European Union to process your data. There is currently no decision by the EU Commission that these third countries generally offer an adequate level of protection. We have therefore taken special measures to ensure that your data are processed in third countries as securely as within the European Union. We conclude the standard data protection clauses provided by the Commission of the European Union with service providers in third countries. These clauses provide appropriate guarantees for the protection of your data with service providers in third countries.
8. For how long do we store your data?We store your personal data for as long as necessary to fulfil legal and contractual obligations. If the storage of you data is no longer necessary to fulfil the legal or contractual obligations, we will delete your data unless the transfer is necessary for one of the following purposes:
- Fulfilment of commercial and tax storage obligations.
- Preservation of evidence within the framework of the statutory limitation provisions. According to the statute of limitations of the German Civil Code (BGB), these statutes of limitations can in some cases be up to 30 years, the regular statute of limitations is three years.
9. What rights do you have in connection with the processing of your data? Every data subject has the right of access under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR, the right to object under Article 21 GDPR and the right to data portability under Article 20 GDPR. The restrictions according to §§ 34 and 35 BDSG apply to the right of access and the right of erasure.
9.1 Right to object You can object to the use of your data for advertising using electronic mail at any time without incurring any costs other than the transmission costs according to the basic rates.What right do you have in the event of data processing for legitimate or public interest?Pursuant to Art. 21 para. 1 GDPR, you have the right to object at any time to the processing of personal data concerning you on the basis of Art. 6 para.1 lit. e GDPR (data processing in the public interest) or Article 6 para.1 lit. f GDPR (data processing to protect a legitimate interest), this also applies to profiling based on this provision.In the event of your objection, we will no longer process your personal data unless we can prove compelling grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.What right do you have in the event of data processing for direct marketing?If we process your personal data for direct marketing purposes, you have the right pursuant to Art. 21 para. 2 GDPR to object at any time to the processing of personal data concerning you for the purpose of such advertising, this also applies to profiling insofar as it is associated with such direct marketing.In the event of your objection to processing for direct marketing purposes, we will no longer process your personal data for these purposes.
9.2 Revocation of consentYou can revoke your consent to the processing of your personal data at any time. Please note that the revocation is only valid for the future.
9.3 Right to informationYou may request information as to whether we have stored personal data about you. If you wish, we will inform you of the data concerned, the purposes for which the data is processed, to whom this data is disclosed, how long the data is stored and what further rights you are entitled to with regard to this data.
9.4 Further rightsIn addition, you have the right to have your data corrected or deleted. If there is no reason for further storage, we will delete your data, otherwise we will restrict processing. You may also request that we provide all personal information that you have provided to us in a structured, current and machine-readable format either to you or to a person or company of your choice.In addition, there is a right to lodge a complaint to the responsible data protection supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG).
9.5 Assertion of your rightsTo exercise your rights, you can contact the controller or the data protection officer using the contact details provided or IT-Compliance at firstname.lastname@example.org. We will process your enquiries immediately and in accordance with legal requirements and inform you of the measures we have taken.
10. Is there an obligation to provide your personal data?In order to enter into a business relationship, you must provide us with the personal data that is necessary for the execution of the contractual relationship or that we are required to collect by law. If you do not provide us with this data, it is not possible for us to carry out and process the contractual relationship.
11. Changes to this informationIf the purpose or manner of processing your personal data changes significantly, we will update this information in time and inform you about the changes.
Data protection declarationWelcome to the website inspectit.rocks of Novatec Holding GmbH. The protection of your personal data is of particular concern to us. Therefore, we strictly adhere to the legal requirements when collecting and processing your personal data. In the following we would like to inform you in detail about the scope and purpose of data collection on our website.
1. principle of anonymous data useThe use of our site is basically possible without providing personal data. Deviating regulations may arise for the use of individual services of our site, which in this case are explained separately below. The legal basis of data protection can be found in the Federal Data Protection Act (BDSG) and the Telemedia Act (TMG).When you visit our website, some information is transmitted, such as IP address. They also provide information about the terminal device used (computer, smartphone, tablet, etc.), the browser used (Internet Explorer, Safari, Fire-Fox, etc.), the time of access to the website, the so-called referrer and transferred data volumes.This data cannot be used by us to identify the individual user. The information serves us to determine the attractiveness of our website and to improve its performance or content if necessary and to make it even more interesting for you.However, we would like to point out that with a static IP address a personal reference may be possible in individual cases via a RIPE query, which we do not, however, do. Nevertheless, this website is accessible both statically and dynamically assigned IP addresses
2. personal dataIn the basic EU data protection regulation (DSGVO), personal data are defined as follows:All information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified directly or indirectly, in particular by assignment to an identifier such as a name, an identification number, location data, an online identifier or to one or more special features that express the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
3. legal basis for the collection, processing and use of personal dataInsofar as we obtain your consent for the processing of personal data, Art. 6 para. 1 lit. a DSGVO serves as the legal basis for the processing of your personal data.When processing your personal data to fulfil a contract between you and Novatec Consulting GmbH, Art. 6 Para. 1 lit. b DSGVO serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c DSGVO serves as the legal basis.If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f DSGVO serves as the legal basis for processing.
4. data erasure and storage time:The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage ceases to apply. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.
5. collection and processing of personal dataWe only collect personal data if you provide it to us of your own accord, for example, if you register with us for a training course or contact us.We use the personal data provided by you exclusively to the extent that your data is necessary to fulfil and process your booking or our services.Any further use of your data, for example for further services or advertising purposes, will only take place if you have given your express prior consent. You can revoke your consent at any time for the future.After complete contract processing, your data will be blocked for further use, unless you have given your separate consent for further use. After expiry of the tax and commercial law periods, this data will be deleted unless you have expressly consented to further use.The following regulations inform you in this respect about the type, scope and purpose of the collection, use and processing of personal data.
6. contact possibilitiesYou have the possibility to contact us with questions, wishes and suggestions. You can do this, for example, by e-mail or telephone. In this case, the information you provide will be stored for the purpose of processing your contact. In addition, the data collected in this way is compared with data that may otherwise be collected by us if you have given us your prior consent, which you can revoke at any time with effect for the future. To exercise your right of revocation, please contact the office named at the end of this declaration.
7. newsletterYou have the possibility to subscribe to our free newsletter. With this newsletter you will receive all current news and information about our offers at regular intervals. To receive the newsletter you need a valid e-mail address. We will check the e-mail address you have entered to make sure that you are actually the owner of the e-mail address provided or that the owner is authorized to receive the newsletter. We will do this by sending you an e-mail to the e-mail address you provide, and you will confirm receipt of this e-mail. After confirming the e-mail you are then subscribed to our newsletter.When you register for the newsletter, we will save your IP address, the date and time of your registration. This is purely for security reasons in the event that a third party misuses your e-mail address and subscribes to our newsletter without your knowledge. We do not collect any further data for this purpose and these are used exclusively to subscribe to the newsletter.You can unsubscribe from our newsletter at any time. Details on how to unsubscribe from our newsletter can be found in the confirmation e-mail and in each individual newsletter. After the cancellation your data collected to subscribe to the newsletter will be deleted immediately.
8. data transmission to other Novatec companiesYour data will not be passed on to third parties outside the Novatec Group, unless we are legally obliged to do so, or the passing on of data is necessary for the performance of the contractual relationship, or you have expressly consented to the passing on of your data beforehand. External service providers and partner companies only receive your data if this is necessary to process their request. In these cases, however, the scope of the transmitted data is limited to the required minimum.
9. data transmission to external service providersYour data will be passed on to service partners if they work on our behalf and support Novatec Consulting GmbH in the provision of their services.Processing of your personal data by contracted service providers takes place within the scope of order processing in accordance with Art. 28 DSGVO.The aforementioned service providers only have access to such personal information as is necessary for the performance of their respective activities. These service providers are prohibited from disclosing your personal information or using it for other purposes, in particular for their own advertising purposes.Where external service providers come into contact with your personal data, we have taken legal, technical and organisational measures and carried out regular checks to ensure that they also comply with the applicable data protection regulations.Your personal data will not be passed on commercially to other companies.
10. website optimization toolsWhen collecting personal data using website optimisation tools, we refer to our legitimate interest pursuant to Article 6 (1) (f) DSGVO in conjunction with Recital No. 47, according to which direct mail generally constitutes a legitimate interest. Your interests, fundamental rights and freedoms do not outweigh our interest in advertising, as we provide you with comprehensive information about data collection within the framework of our data protection declaration and you have the option of opting out (via link or browser settings) at any time. In addition, we only use pseudonymous tracking.
c. social bookmarksSo-called social bookmarks (e.g. from Facebook, Twitter, YouTube, LinkedIn and Xing) are integrated on our website and our blog. Social Bookmarks are Internet bookmarks that allow users of such services to collect links and news messages. These are only included on our website as a link to the corresponding services. After clicking on the integrated graphic you will be forwarded to the page of the respective provider, i.e. only then will user information be transferred to the respective provider. For information on the handling of your personal data when using these websites, please refer to the respective data protection regulations of the providers.
11. collateralWe use technical and organizational security measures to protect your data managed by us against manipulation, loss, destruction and against access by third parties. Our security measures are continuously improved in line with technological developments on the Internet. Your data is encrypted using the most common and secure transmission methods on the Internet. We also have a firewall (security software) to protect internal information from the Internet.
12. rights of the parties concernedIf personal data are processed by you, you are affected within the meaning of the DSGVO and you have the following rights vis-à-vis the person responsible:
Right to information under Article 15 DSGVOYou can ask us to confirm whether personal data concerning you will be processed by us. Once we have processed your data, you have further rights to information as set out in Article 15 of the DSGVO.
Right to correctionIf the information we have collected from you is incorrect or incomplete, you may immediately request us to correct it in accordance with Article 16 of the DSGVO.
Right to limitation of processingUnder the conditions of Article 18 of the DSGVO, you may also request that the processing of personal data concerning you be restricted. After the restriction, your data may only be processed with your consent or for the purpose of asserting, exercising or defending rights, or for the protection of the rights of another natural or legal person, or on grounds of an important public interest of the Union or a Member State. We will inform you before the restriction is lifted.
Right to cancellationIf one of the reasons in Article 17 para. 1 DSGVO applies, you can request us to delete your personal data immediately, unless there is an exception to the deletion obligation in accordance with Article 17 para. 3 DSGVO.
Right to informationIf you have exercised your right to correct, delete or restrict processing against us, we are obliged under Article 19 DSGVO to inform all recipients of your personal data of this, unless the notification is impossible or involves disproportionate effort. They also have the right to be informed of the recipients. The person responsible shall have the right to be informed of such recipients.
Right to data transferabilityIn addition, according to Article 20 DSGVO, you have the right to receive personal data concerning you from us in machine-readable format and to transmit the data to another person responsible without obstruction, provided that the requirements of Article 20 Para. 1 lit.a DSGVO are met, or to obtain that your personal data are transmitted directly by us to another person responsible, provided that this is technically feasible and no freedoms and rights of other persons are impaired thereby. This right shall not apply to the processing of personal data necessary for the performance of a task in the public interest or for the exercise of official authority.
Right of objectionYou have the right to object to Novatec Consulting GmbH at any time to the processing of personal data concerning you in accordance with Art. 6 para. 1 lit. f DSGVO. We no longer process your personal data, unless reasons worthy of protection outweigh your interests, rights and freedoms, or the Processing serves to assert, exercise or defend legal claims.
Right to revoke the data protection declaration of consentYou have the right to revoke your data protection declaration of consent with declaration to Novatec Consulting GmbH at any time. The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent until revocation.
Right of appeal to the supervisory authorityThey shall at all times, without prejudice to any other administrative or judicial remedy, have the right of appeal to a supervisory authority, in particular in the Member State of their place of residence, of work or of the place of suspected infringement, if you consider that the processing of personal data concerning them is contrary to this Regulation.
13. data protection officerIf you have any questions regarding the processing of your personal data, you can directly contact our external data protection officer, who is also available in the event of requests for information, applications or complaints:Personal / Confidential
z. Ed. data protection officer
c/o Novatec Holding GmbH
14. responsible bodyNovatec Holding GmbH
Geschäftsführer: Hans-Dieter Brenner, Michael Schuchart