Privacy Policy
Preamble
We attach great importance to safeguarding your privacy and protecting your personal data. For this reason, we are providing you with this privacy policy to inform you about the processing of your personal data so that you can safely visit our website in the knowledge and confidence that we will only process your data in accordance with this privacy policy and the statutory provisions. The declaration sets out transparently for you which types of personal data are affected and in what way, to what extent and for what purpose they are processed by us. The privacy policy is comprehensive and therefore applies to all processing activities carried out by us. You are not obliged to provide us with personal data. However, if you do, we may not be able to assess and process your request in accordance with your interests.
Personal data is all information that relates to an identified or identifiable person.
1. Responsible body
In the following, information on the responsible body or the responsible person according to the applicable data protection laws, as well as your contact option for data protection questions:
NOVIS Software GmbH
Morgensonne 9
07580 Braunichswalde
Germany
represented by: Andy Seiler
Phone: +49 (0)3 66 08 / 200-0
E-mail: info(at)novis-software.de
This privacy policy informs data subjects about the purposes, scope and nature of the processing of personal data by the above-mentioned controller. The controller is the legal entity that decides on the means and purposes of processing personal data alone or together with other persons. The controller is the body to which you can turn if you have any questions or wish to assert your rights and to which you are entitled to a response.
You can contact our data protection officer as follows:
u-create.it UG (haftungsbeschränkt)
Konstantin Stefan Lindner
Zwötzener Straße 91
07551 Gera
E-mail: lindner(at)u-create.it
Phone: +49 (0) 365 51 77 057
The data protection officer is the person who is responsible for safeguarding your legitimate interests in our processing operations and monitors the processing operations.
Legal basis for data processing
According to the GDPR, personal data may only be processed within the EU/EEA with a legal basis in accordance with Art. 6 GDPR. In most cases, this is a legitimate interest on our part (Art. 6 para. 1 sentence 1 lit. f) GDPR) or your consent (Art. 6 para. 1 sentence 1 lit. a) GDPR), as long as you give it. If you have a contractual relationship with us, or if such a relationship is in the offing, this also justifies the processing of personal data (Art. 6 para. 1 sentence 1 lit. b) GDPR). Furthermore, there is the possibility of fulfilling a legal obligation for processing on our part (Art. 6 para. 1 sentence 1 lit. c) GDPR). The legal bases in individual cases are listed below in this privacy policy. Please also note that, depending on your place of residence or domicile, other data protection regulations, in particular national regulations, may apply.
2. Nature and purpose of the use of personal data and its collection and storage
General information
Depending on your use of our website, we process different personal data for different purposes.
Various purposes may include, in particular, the provision of our website, the management of our IT infrastructure, security measures, office procedures, organizational management and marketing. Furthermore, the purpose of the processing may be the fulfilment of contractual obligations, including the provision of a contractually owed service, as well as communication, administration and answering contact and other inquiries.
For these purposes, we process different types of data, primarily inventory, usage, content and/or metadata, but also contact, communication, location, other contractual and/or procedural data. The types of data processed are always limited depending on the relevant purpose.
The following categories of persons may be affected by the processing of personal data by us: Users and interested parties; customers, applicants, business and other contractual or communication partners.
The respective purposes, data types and data subjects are also listed in detail below.
2.1 When visiting “novis-software.de” general data processing and data processing beyond the website
Server log files
When you visit our website, the following data is automatically processed, which is required to establish a smooth connection between your device and our website and to display the website properly:
- IP address
- Name and address of the website and files visited
- Access time
- Notification of successful retrieval
- Operating system and browser used
- Referrer URL
- Internet provider
The processed personal data is also used to optimize and ensure the security of the website and the information technology systems.
The legal basis for the processing of this data is our legitimate interest, which provides for the processing of personal data to safeguard the legitimate interests of the controller. The legitimate interests arise from the above reasons. The data is deleted as soon as it is no longer needed, which is the case when the session ends, unless there are legitimate interests in further storage (e.g. unlawful access).
- Processed data: Communication and process data (e.g. IP addresses), usage data (e.g. access times)
- Data subjects: Users
- Purposes of processing: Provision of an optimal online presence, IT infrastructure; security measures
- Legal bases: legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR) Consent (Art. 6 para. 1 sentence 1 lit. a GDPR)
- Guarantees: Contract data processing agreement and, if data is transferred to third countries, the application of EU standard contractual clauses and, if applicable, additional certification of the host/provider in accordance with the EU-US Data Privacy Framework DPF. 45 GDPR, all EU Member States are a safe data export country for personal data, as are currently (last accessed in June 2023) the following third countries: Andorra, Argentina, Canada, Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, Uruguay, Japan, the United Kingdom and South Korea have been classified by the European Commission as compliant with data protection regulations, meaning that the export of personal data from the EU to these countries is permitted.
With regard to our website, we also refer to the privacy policy of the hosting provider IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany: https://www.ionos.de/terms-gtc/datenschutzerklaerung/
Business Services
If you are a business partner, applicant, customer or other contractual partner in a contractual or quasi-contractual legal relationship with us, we generally process your personal data to fulfil our obligations arising from this relationship – the provision of the service owed or pre-contractual measures. In addition, depending on the individual data, there may be legal obligations for processing, such as tax obligations. In addition, we regularly have a legitimate interest in the processing, in particular for the proper management and protection of business operations. Your data will only be passed on to third parties in accordance with legal requirements.
As a rule, we process this personal data after the end of the contractual relationship for as long as any statutory warranty or comparable obligations exist or for as long as statutory retention periods exist.
We would like to point out that the terms and conditions and data protection notices of third parties may also apply if they become part of the contractual relationship. This may be the case if we use or commission third-party providers to fulfil our services and obligations.
- Processed Data: Communication and process data (e.g. IP addresses), usage data (e.g. access times), contact data (e.g. e-mail address), payment data, inventory data (e.g. name, address)
- Data subjects: Interested parties, applicants, customers, contractual and business partners
- Processing purposes: Guarantee of contractual services/obligations, communication and contact requests, office and organizational procedures; security measures, administration, checking suitability for a position
- Legal bases: Contractual claims (Art. 6 para. 1 sentence 1 lit. b GDPR), Legal obligations (Art. 6 para. 1 sentence 1 lit. c GDPR), Legitimate interests (Art. 6 para. 1 lit. f GDPR)
Performance of tasks in accordance with rules of procedure or articles of association
If you have a contractual or comparable relationship with us, we process personal data in the performance of our tasks and the receipt of benefits or other services. This may also include a legitimate interest on our part, for example in organizational tasks. The exact data processed here depends on the corresponding contractual relationship. As a rule, this involves inventory and contact data (name, address, telephone number, e-mail address), payment data (bank details, invoices) and other contract data (term, subject matter of the contract).
We process this data as long as it is necessary for the corresponding statutory purposes. This also includes any warranty and liability obligations. Once these purposes no longer apply, we destroy the data with the exception of data for which there are statutory retention obligations.
- Processed data: Contract data (e.g. subject matter of the contract), contact data (e.g. e-mail address), payment data, inventory data (e.g. name, address)
- Data subjects: Users, contractual and business partners
- Processing purposes: Guarantee of contractual services/obligations, communication and contact requests, administration
- Legal bases: Contractual claims (Art. 6 para. 1 sentence 1 lit. b GDPR), Legitimate interests (Art. 6 para. 1 lit. f GDPR)
Cookies
We do not use cookies to operate this website.
Updates to the content management system used may result in the use of technically necessary cookies. Cookies are small text files that are stored on your device and, for example, ensure the functionality of the website or enable website usage to be analysed. Personal data is processed in the process. Details on individual cookies, such as the respective legal basis (e.g. consent or legitimate interest), the storage period, or revocation and objection options, are listed in detail in Cookie Management below. With regard to the use of cookies, data subjects generally have a right of objection or the option of deactivating them in the browser settings. However, we would like to point out that this may mean that the full functionality of the website can no longer be guaranteed.
If we use cookies, this is done either on the legal basis of your consent or with a legitimate interest, for example to improve our website functions. Cookies are stored for different lengths of time. Some cookies are only temporary and are deleted at the latest when you close your browser or app. Other cookies are stored permanently on your device. You can delete the cookies permanently stored on your device yourself at any time.
Opt-In and Opt-Out
If cookies are loaded, you can generally consent to the use of cookies when you first access this website, or consent to the use of different cookies or refuse them on a user-defined basis.
If you consent to the use of cookies that require consent, we will save your declaration of consent so that you do not have to obtain it again the next time you visit the website; please refer to our cookie consent management for the storage periods. In addition to the declaration, your IP address, the browser you are using and the model of the end device you are using may also be stored. You can revoke your declaration(s) of consent at any time.
- Processed data: IP address, declaration of consent, browser, end device used
- Data subjects: User
- Purposes of processing: Guarantee of contractual services/obligations, functioning online offer, effective and targeted advertising measures
- Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR), legitimate interests (Art. 6 para. 1 lit. f) GDPR), fulfilment of contractual obligations (Art. 6 para. 1 lit. b) GDPR)
Contacting us by telephone, fax, e-mail and/or post
If you contact us by telephone, fax, e-mail and/or post, the personal data you provide in this context will be processed and stored by us in order to enable us to evaluate the communication. The data collected is limited to
- First and last name
- Telephone number / e-mail address / postal address
- Content of the message or other voluntarily transmitted data
The personal data collected by us in this context will not be passed on to third parties unless this is necessary for the proper processing of the matter due to legitimate interests. Personal data may then be transmitted to the affected customers, freelancers, cooperation partners and authorities. The legal basis for data processing is legitimate interests. In the case of contact aimed at concluding a contract, the legal basis for processing is legitimate interests.
- Processed data: Communication and contact data (e.g. e-mail address)
- Data subjects: Communication partner
- Purposes of processing: Communication and contact requests
- Legal bases: Contractual claims (Art. 6 para. 1 sentence 1 lit. b GDPR), legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR)
- Guarantees: If data is transferred to third countries, EU standard contractual clauses apply and, if applicable, the provider is also certified in accordance with the EU-US Data Privacy Framework DPF.
According to Art. 45 GDPR, all EU Member States are a safe data export country for personal data and currently (last accessed in June 2023) the following third countries: Andorra, Argentina, Canada, Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, Uruguay, Japan, the United Kingdom and South Korea have been classified by the European Commission as compliant with data protection regulations, meaning that the export of personal data from the EU to these countries is permitted.
2.2 Special data processing on “novis-software.de”
Google Maps
This website uses the interactive (land) map service Google Maps from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). In Europe, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland is responsible. The purpose of the use is to display geographical data visually and thus to show you the location and make it easier for you to find us.
When you access the website or the subpage in which the map displayed by Google Maps is integrated, user data such as your IP address, browser information and location data are transmitted to a Google server. Data processing by Google may also take place in the USA; the associated data transfer takes place on the basis of the standard contractual clauses provided by the EU Commission. It is possible to prevent future transmission by completely deactivating the Google Maps web service. To do this, the JavaScript application must be deactivated in the user’s browser. As a result, Google Maps and the map display based on it cannot be used.
Google is committed to complying with the EU-US Data Privacy Framework (DPF), which also ensures GDPR-compliant data processing in the USA. Further information on this can be found at https://www.dataprivacyframework.gov/s/participant-search/participant-detail? id=a2zt000000001L5AAI&status=Active (last accessed on 13.08.2023).
The data is processed in accordance with Art. 6 para. 1 lit. f) GDPR. The required legitimate interest consists in the needs-based design of Google websites and, if applicable, market research. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the legal basis is this consent, which can be revoked at any time, in accordance with Art. 6 para. 1 lit. a) GDPR. Further information on Google’s data protection, terms of use and Google Maps can be found at: https://www.google.de/intl/de/policies/privacy/, https://www.google.de/intl/de/policies/terms/regional.html and https://www.google.com/intl/de_US/help/terms_maps.html.
Further information on standard contractual clauses can be found at: https://commission.europa.eu/publications/standard-contractual-clauses-international-transfers_de.
3. Rights of data subjects – Rights to which you are entitled as a data subject under the GDPR
As a data subject, you have the following rights under the GDPR
Right to information on data processing and data subject rights
You have the right to obtain confirmation from us as to whether we are processing personal data concerning you. If this is the case, you also have the following rights. You have the right to receive information from us about your rights under Art. 13-22, 34 GDPR.
Right to revoke consents granted
You have the right to withdraw your consent to the processing of personal data from the controller at any time with effect for the future (Art. 7 para. 3, Art. 8 GDPR) without any disadvantages for you. The processing of the data originally covered by the consent may then no longer be processed by us. The lawfulness of the processing carried out on the basis of the consent until revocation remains unaffected.
Right to information
In accordance with Art. 15 GDPR, you have the right to request information about the personal data we have stored about you. You are entitled to the following information:
(1) Processing purposes
(2) Categories of personal data being processed
(3) Recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations. In the case of third countries and international organizations, you also have the right to be informed of the appropriate safeguards pursuant to Art. 46 GDPR
(4) if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration
(5) the existence of a right to rectification or erasure of personal data concerning you or to restriction of processing by the controller or a right to object to such processing
(6) the existence of a right to lodge a complaint with a supervisory authority
(7) if the personal data is not collected from you, all available information about the origin of the data
(8) the existence of automated decision-making, including profiling, referred to in Art. 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.
Right to rectification or completion
In accordance with Art. 16 GDPR, you have the right to obtain from us the rectification of inaccurate personal data concerning you and the completion of incomplete personal data. We are obliged to comply with this immediately.
Right to erasure (to be forgotten) or destruction
In accordance with Art. 17 GDPR, you have the right to demand the immediate erasure of the personal data concerned.
We are obliged to erase personal data if one of the reasons listed in Art. 17 (1) applies. This does not apply to personal data that is subject to a statutory retention and security period that we must observe and to the following exceptions regulated in Art. 17 para. 3 GDPR:
(1) for exercising the right of freedom of expression and information
(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
(3) for reasons of public interest in the area of public health in accordance with Article 9(2)(h) and (i) and Article 9(3)
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Article 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing
(5) for the establishment, exercise or defence of legal claims
Right to restriction of processing
You have the right to demand that we restrict processing if one of the requirements of Art. 18 (1) GDPR is met.
Right to notification
You have the right to request information from us as to which recipients have been notified that personal data concerning you has been erased, rectified or restricted.
Right to data disclosure or transfer
In accordance with Art. 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from us.
Right to object
In accordance with Art. 21 GDPR, you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on legitimate interests (Art. 6 para. 1 lit. f GDPR). We may then no longer process the personal data unless we can prove compelling reasons that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
Right to lodge a complaint with a supervisory authority
In accordance with Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority. The competent supervisory authority is the State Commissioner for Data Protection and Freedom of Information of the federal state in which our company is based. You can find a list of data protection authorities at: https://www.bfdi.bund.de/DE/Service/Anschriften/anschriften_table.html
4. Storage period and deletion of personal data
Unless expressly stated in this privacy policy, we will delete your processed personal data when the reason for processing no longer applies. Statutory retention and storage periods remain unaffected in all cases (e.g. in Germany § 14b UStG, § 257 para. 1 no. 2 and 3 HGB, § 147 AO) In these and other cases, the storage period and deletion are carried out in accordance with the legal requirements.
5. Changes to this privacy policy
We reserve the right to adapt and amend this privacy policy so that it always complies with the current legal requirements and our services. The new privacy policy will then apply from your next visit to our website.
6. Principle of data minimisation and SSL encryption
Your personal data will only be processed if this is necessary in order to provide you with a functioning website on which all our content and services are presented in a technically correct manner. Other processing operations are only carried out regularly on the basis of your consent in accordance with Art. 6 para. 1 lit. a) GDPR, unless data processing is permitted by other legal regulations.
For security reasons and to protect the transmission of personal data, we use SSL encryption.
We also take appropriate technical and organisational measures (TOMs) to ensure an appropriate level of protection. The state of the art, implementation costs, type, scope, circumstances and purposes of the processing as well as the different probability of occurrence and severity of the risks associated with the processing for the rights and freedoms of natural persons are taken into account.
7. Data of third parties
If, in addition to your personal data, you have also provided us with the data of other persons, please inform these persons about the processing of their personal data with the help of this data protection declaration.
8. Personal data transfer and third country transfers
We sometimes work together with third parties when processing personal data.
Personal data may be passed on in the process. These third parties are in a contract processing relationship or as joint controllers with us. In each case, we use appropriate agreements to ensure that the protection of your personal data required by law and guaranteed by us is complied with in full. These agreements include, in particular, contracts (order processing contracts, standard contractual clauses, etc.).
Some of our contractual partners may be located in third countries, which means that data may also be transferred abroad.
If we process personal data in third countries outside the EU or the EEA, lawful processing is ensured by one or more of the following methods:
- Transfer to a third country with a recognised level of data protection (Art. 45 GDPR): The EU Commission may determine whether a third country has a data protection concept that is sufficient for the requirements of the GDPR, which means that a transfer to such a third country can take place in compliance with the GDPR. Details can be found at https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en?prefLang=de (last accessed on 12/08/2023). The EU Commission’s current list of suitable countries can be viewed at https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en?prefLang=de (last accessed on 12/08/2023).
- Transfer subject to appropriate safeguards (Art. 46 GDPR): These guarantees include a commitment to the EU-US Data Privacy Framework (DPF), which came into force on 10 July 2023, and the EU Commission’s Standard Contractual Clauses (SCCs). A list of companies that are committed to complying with the DPF can be found at https://www.dataprivacyframework.gov (last accessed on 13/08/2023). The EU Commission’s SCCs can be found at https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en (last accessed on 13/08/2023).
- Existence of a condition (Art. 49 GDPR): For example, the existence of your express consent, the necessity for the fulfilment of a contract or a legal obligation.
- Further bases from Art. 44-49 GDPR: The list given here is for the purposes of traceability and transparency and is not exhaustive. The basis for a lawful transfer to a third country is listed in detail below in this privacy policy.
9. Contact option for data protection questions
If you have any questions or comments about this privacy policy, please contact us by e-mail at info(at)novissoftware.de or by using the contact details of our data protection officer.