PRIVACY STATEMENT

Thank you for your interest in our company’s website. Since your visit results in personal data, we will inform you below in accordance with the requirements of the European data protection directive, EU GDPR. An explanation of the terms used can be found under VI. Definitions.

I. Name and contact details of the person responsible and the data protection officer

The person responsible for processing personal data in accordance with Art. 4 No. 7 GDPR is:

Nicolay GmbH
Graf-Zeppelin-Str. 21
72202 Nagold (Wolfsberg)
Deutschland

Telefon: +49 (0) 74 52 / 8 23 – 0
Telefax: +49 (0) 74 52 / 8 23 – 150
info@nicolay.de

Local Court:
Stuttgart HRB 341093

VAT-ID No.:
DE 24 60 58 471

Managing directors authorized to represent:
Steven Anderson
Oliver Muz

We have appointed a data protection officer. You can reach Mr. Thomas Häcker as follows: By post under the above Address with the note “data protection officer”.
By email at Datenschutz@nicolay.de.

1. Data collection, legal basis for processing, duration of storage

Use of our website

When you visit our website, the browser used on your device automatically sends information to the server on our website. This information is temporarily stored in a so-called log file.

The following information is recorded without any action on your part and stored until it is automatically deleted:

  • IP address of the requesting computer
  • Language set in the browser
  • Browser type used and the operating system of your computer in the respective version
  • whether Java script and cookies are allowed
  • Screen resolution and density as well as screen size of the output device
  • Date and time of access
  • your time zone
  • the name of your access provider
  • Name and URL of the file accessed
  • Website from which access is made (referrer URL)

The data mentioned are processed by us for the following purposes:

  • Ensuring a smooth connection to the website,
  • ensuring comfortable use of our website,
  • Evaluation of system security and stability as well as
  • for further system administration purposes, such as the correction of errors.

The legal basis for data processing is Art. 6 Para. 1 Letter f GDPR. Our legitimate interest follows from the purposes of data collection listed above. In no case do we use the collected data for the purpose of drawing conclusions about you personally.

The IP address will be deleted from all systems that are used in connection with the operation of this website after 7 days at the latest. We can then no longer establish a personal reference from the remaining data.

Cookies  

We use cookies on our website. These are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our site.

Information is stored in the cookie that results in connection with the specific device used. However, this does not mean that we are immediately aware of your identity.

The use of cookies serves on the one hand to make the use of our offer more pleasant for you. We use so-called session cookies to recognize that you have already visited individual pages on our website.

In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your end device for a specified period of time. If you visit our site again to use our services, it is automatically recognized that you have already been with us and which entries and settings you have made so that you do not have to enter them again.

On the other hand, we use cookies to statistically record the use of our website and to evaluate it for you in order to optimize our offer. These cookies enable us to automatically recognize when you visit our site again that you have already visited us. These cookies are automatically deleted after a defined period of time.

The data processed by cookies are required for the purposes mentioned to safeguard our legitimate interests and those of third parties in accordance with Art. 6 Paragraph 1 Letter f GDPR.

If you do not want this, you can deactivate the storage of cookies in the browser you are using or receive a notification as soon as cookies are sent.

The cookies we set are automatically deleted when you leave our website.

III. Recipients and categories of recipients

Receiver 1: ANALYSIS SERVICES

Your personal data will be transferred to third parties if you have given your express consent in accordance with Art. 6 Para. 1 Letter a GDPR. This consent can be revoked at any time.

Pardot

We use the Pardot Marketing Automation System (“Pardot MAS”) from Pardot LLC, 950 E. Paces Ferry Rd. Suite 3300 Atlanta, GA 30326, USA (“Pardot”). Pardot is a salesforce software module for recording and evaluating the use of a website by website visitors. As far as Pardot LLC processes personal data, the processing takes place exclusively on our behalf and according to our instructions. We have ensured compliance with the EU data protection guidelines through a separate agreement with salesforce.com, inc.

When you visit our website, the Pardot MAS records your click path and uses it to create an individual usage profile using a pseudonym. For this purpose, cookies are used that enable your browser to be recognized. The use of Pardot takes place on the basis of your express consent in accordance with Art. 6 Para. 1 Letter a GDPR.

By consenting to the use of Pardot, you also consent to the use of Pardot cookies.

You can revoke your consent at any time with effect for the future. To do this, contact the data protection officer using the contact details given at the end of the imprint. In addition, you can deactivate the creation of pseudonymised usage profiles at any time by configuring your Internet browser so that cookies from the “pardot.com” domain are not accepted. However, this can lead to certain restrictions in the functions and user-friendliness of our offer.

You can change the cookie settings decision you made earlier by clicking on “Change cookie settings” at the bottom of this page.

Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyse the behaviour of website visitors. In doing so, the website operator receives various usage data, such as page views, length of stay, operating systems used and the origin of the user.

This data may be summarised by Google in a profile that is assigned to the respective user or their end device.

Google Analytics uses technologies that enable the recognition of the user for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

IP anonymisation

We have activated the IP anonymisation function on this website. This means that your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Browser plugin

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
You can find more information on how Google Analytics handles user data in Google’s privacy policy:https://support.google.com/analytics/answer/6004245?hl=de.

Order processing

We have concluded an order processing contract with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Demographic characteristics on Google Analytics

This website uses the “demographic characteristics” function of Google Analytics in order to be able to display suitable advertisements to website visitors within the Google advertising network. This allows reports to be generated that include statements about the age, gender and interests of site visitors. This data comes from interest-based advertising from Google as well as visitor data from third-party providers. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as shown in the item “Objection to data collection”.

Storage duration

Data stored by Google at user and event level that is linked to cookies, user identifiers (e.g. User ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) is anonymised or deleted after 14 months. Details can be found under the following link:
https://support.google.com/analytics/answer/7667196?hl=de

Rights of Data Subjects

As we process your personal data, you have the following rights:

Right to information

In accordance with Art. 15 GDPR, you can request information about your personal data processed by us. In particular, you can obtain information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing or objection, the existence of a The right to lodge a complaint, the origin of your data, if we have not collected it, as well as the existence of automated decision-making including profiling and, if necessary, meaningful information on their details;

Correction

In accordance with Art. 16 GDPR, you can immediately request the correction of incorrect or incomplete personal data stored by us.

Deletion

In accordance with Art. 17 GDPR, you can request the deletion of your personal data stored by us, unless processing to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend Legal claims is required.

Limitation

In accordance with Art. 18 GDPR, you can request the restriction of the processing of your personal data if you dispute the accuracy of the data, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need it to assert it, The exercise or defense of legal claims or you have objected to the processing in accordance with Art. 21 GDPR.

Data portability

In accordance with Art. 20 GDPR, you can receive your personal data that you have provided to us in a structured, common and machine-readable format or request that it be transmitted to another person responsible.

Right of withdrawal

In accordance with Art. 7 Para. 3 GDPR, you can revoke your consent to us at any time. As a result, we are no longer allowed to continue the data processing based on this consent in the future.

Right to complain

You can complain to a supervisory authority in accordance with Art. 77 GDPR if you are of the opinion that the processing of your personal data violates data protection regulations.

You can do this e.g. at the supervisory authority responsible for us:

Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein (ULD)
Holstenstrasse 98
24103 Kiel

Right to Object

If your personal data are processed on the basis of legitimate interests in accordance with Art. 6 Paragraph 1 Letter f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided there are reasons for this that arise from your special situation arise or the objection is directed against direct mail. In the latter case, you have a general right of objection, which we will implement without specifying a particular situation.

If you would like to make use of your right of revocation or objection, an email to us is sufficient.

Existence of automated decision-making

As a responsible company, we do not use automatic decision-making or profiling.

Data security

We use the popular SSL (Secure Socket Layer) method for encryption when you visit our website. You can tell whether an individual page of our website is transmitted in encrypted form from the closed display of the key or lock symbol in the lower status bar of your browser.

We also use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

Definitions

This data protection declaration is based on the terminology of the European General Data Protection Regulation (GDPR). You will find an explanation of the key terms here:

Personal data

Personal data is all information that relates to an identified or identifiable natural person (hereinafter “data subject”). A natural person is regarded as identifiable who is directly or indirectly, in particular by means of assignment to an identifier such as a name, to a Identification number, location data, an online identifier or one or more special features that express the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.

Affected person

The person concerned is any identified or identifiable natural person whose personal data is processed by the person responsible for processing.

Processing

Processing is any process carried out with or without the help of automated processes or any such series of processes in connection with personal data such as the collection, recording, organization, ordering, storage, adaptation or modification, reading, querying, use, disclosure by transmission, distribution or any other form of provision, comparison or linking, restriction, deletion or destruction.

Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of restricting their future processing.

Profiling

Profiling is any type of automated processing of personal data that consists of using this personal data to evaluate certain personal aspects that relate to a natural person, in particular aspects relating to work performance, economic situation, health, personal To analyze or predict the preferences, interests, reliability, behavior, whereabouts or relocation of this natural person.

Pseudonymization

Pseudonymization is the processing of personal data in a way in which the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is stored separately and is subject to technical and organizational measures that ensure that the personal data cannot be assigned to an identified or identifiable natural person.

 

Responsible person or person responsible for processing

The person responsible or the person responsible for the processing is the natural or legal person, public authority, agency or other body that alone or jointly with others decides on the purposes and means of processing personal data. If the purposes and means of this processing are specified by Union law or the law of the member states, the person responsible or the specific criteria for his appointment can be provided for in accordance with Union law or the law of the member states.

Processor

Processor is a natural or legal person, authority, institution or other body that processes personal data on behalf of the person responsible.

Recipient

The recipient is a natural or legal person, authority, institution or other body to which personal data is disclosed, regardless of whether it is a third party or not. Authorities that may receive personal data as part of a specific investigation under Union law or the law of the member states are not considered recipients.

Third party

A third party is a natural or legal person, public authority, agency or body other than the data subject, the person responsible, the processor and the persons who are authorized to process the personal data under the direct responsibility of the person responsible or the processor.

Consent

Consent is any voluntary, informed and unequivocal declaration of intent given by the person concerned for the specific case in the form of a declaration or other unequivocal affirmative act with which the person concerned indicates that they consent to the processing of their personal data is.

Changes to this data protection declaration

This data protection declaration is as of May 2020. Due to the further development of our website and offers or changes in legal or official requirements, it may be necessary to change this data protection declaration. You can call up and print out the current data protection declaration at any time on our website.