en
- EN
- DE

Privacy Policy

How we handle your personal data is explained in this privacy policy. It is based on the General Data Protection Regulation (GDPR). Except the third party providers that we name in this document, we do not pass any data to third parties. If you have any questions, please contact us.

Controller

The controller for processing of data is

Nodion GmbH
Königstraße 27
70173 Stuttgart

General Information

Provision of data

As a rule, it is neither legally nor contractually required to provide personal data in order to use our website. Insofar as the provision of data is necessary for the conclusion of a contract or the user is obliged to provide personal data, we shall inform the user of this circumstance and the consequences of not providing the data in this privacy policy.

Data transfer to third countries

We may use service providers and third parties located in countries outside the European Union and the European Economic Area. The transfer of personal data to such third countries takes place on the basis of an adequacy decision by the European Commission (Art. 45 GDPR) or we have provided appropriate safeguards to ensure data protection (Art. 46 GDPR). Insofar as there is an adequacy decision by the European Commission for the transfer of data to a third country, we refer to this in this privacy policy. Furthermore, users can obtain a copy of the appropriate safeguards from us, insofar as these are not already contained in the privacy policies of the service providers or third-party providers.

Automated decision-making

In the event that we use automated decision-making, including profiling, this privacy policy will inform you of this fact, the logic involved and the scope and intended effects of such processing. Otherwise, there shall be no automated decision-making process.

Processing for other purposes

Data is generally only processed for the purposes for which it was collected. If, in exceptional cases, data is intended to be further processed for other purposes, we will inform you of these other purposes prior to such further processing and provide all other relevant information (Art. 13 (3) GDPR).

Website hosting

Every time our website is called up, the user's browser transmits various data. For the duration of the visit on the website, the following data is processed and stored in log files even after the connection has ended:

Browser type and version used
Operating system
Pages and files accessed
Amount of data transmitted
Date and time of retrieval
User's provider
IP address in anonymous form
Referrer URL

The processing of this data is necessary in order to deliver the website to the user and to optimise it for the user’s end device. Storage in log files serves to improve the security of our website (e.g. protection against DDOS attacks). IP addresses are rendered anonymous before being stored in log files.

The legal basis for the processing is Art. 6 (1) f) GDPR. Our legitimate interest is to provide the website and to improve website security. Log files are automatically deleted after 30 days.

Establishing contact

In the event contact is established, we process the user's details, date and time for the purpose of processing the enquiry, including any queries.

Fo customer relations management, we use the CRM system Pipedrive. Provider: Pipedrive OU, Mustamäe tee 3a, Tallinn, Harjumaa 10615, Estonia.

The legal basis for the data processing is Art. 6 (1) f) GDPR. Our legitimate interest is to answer our user’s enquiries. Additional legal basis is provided by Art. 6(1) b) GDPR, if processing is necessary for the performance of a contract or for the implementation of pre-contractual measures.

The data will be deleted as soon as the enquiry, including any queries, has been answered. We will check at regular intervals, but at least every two years, whether any data accumulated in connection with contacts must be deleted.

To improve our content, we measure how successful our newsletters are, for example how often they are opened by users and which links are clicked on. For this purpose, e-mails contain a pixel tag. We do not track the activities of individual users.

Advertising to existing customers

If the user has provided an e-mail address while purchasing goods or services, we reserve the right to use this e-mail address for direct advertising in connection with similar goods or services in accordance with Section 7 para. 3 UWG [German Act against Unfair Competition]. This does not apply if the user has objected to the use.

The legal basis for the processing is Art. 6 (1) f) GDPR. A justified interest on our part is the promotion of our sales. The user can object to the use of the specified e-mail address for the purpose of advertising to existing customers at any time with future effect, without incurring any costs other than the transmission costs according to the basic rates.

Registration for a user account

Users can register for our offer on our website. In this context, we will process the data entered during registration. We have the specified e-mail address confirmed by sending a link (double opt-in) to prevent misuse of the registration function. For this purpose, we also process the date and time and the IP address of the user. For verification purposes, we also process the date, time and IP address of the user when the confirmation link is clicked.

The data will be deleted when the user account is deleted after three years at the end of the year, unless a longer legal obligation to retain the data is opposed.

The legal basis for the processing is Art. 6 (1) a) GDPR insofar as we obtain user consent. If the processing is necessary for the performance of a contract or for the implementation of pre-contractual measures, it is based on Art. 6 (1) b) GDPR. Otherwise, the legal basis is Art. 6 (1) f) GDPR. Our legitimate interest is to provide users with access to our offer requiring registration, to protect us from misuse of the registration function and to be able to prove proper registration. After the deletion of the user account, our legitimate interest also consists in the defence of possible claims.

Job applications

When users apply for a job, we process personal data for the purpose of the application process. In addition to the data transmitted by the user, we also process other data that is collected during the application process (e.g. during a job interview). Should we include data in an applicant pool, this will only be done on the basis of the user's prior consent. In this case, the data will be processed beyond the conclusion of the application procedure so that contact can be established in the event of suitable job offers.

Applicant data will be deleted three months after completion of the application procedure. In the event of inclusion in an applicant pool, the data will be retained for a maximum of two years, unless the consent given is revoked beforehand.

The legal basis for the processing is Art. 6 (1) b) GDPR. If consent is given for inclusion in an applicant pool, the processing is based on Art. 6 (1) a) GDPR. At the end of the application procedure, processing takes place on the basis of Art. 6 (1) f) GDPR. Our legitimate interest consists in the defence of possible claims under Allgemeines Gleichbehandlungsgesetz [German General Equal Treatment Act].

We are present in one or more social networks. In detail, these are: Facebook, Twitter, Xing or LinkedIn. When contacting us, we process personal data as described above under “Establishing contact”.

Social network providers process data according to their data protection regulations, which can be accessed here:

If a user is logged in with an account, the activities on our profile in the respective social network may be attached to said user. This can take place across devices and without login as the case may be, for example when using cookies or mobile identifiers. Social network providers use the data collected to create pseudonymised user profiles, which they can use in particular to display personalised advertising.

Rights of the data subject

Where personal data relating to a user is being processed, the user has the following rights:

Right of access: The user has the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and a copy of the personal data undergoing processing.

Right to rectification: The user has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her.

Right to erasure: The user has the right in accordance with the law to obtain from the controller the erasure of personal data concerning him or her without undue delay.

Right to restriction of processing: The user has the right in accordance with the law to obtain from the controller restriction of processing.

Right to data portability: The user has the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and has the right in accordance with the law to transmit those data to another controller.

Right to object: The user has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6 (1) GDPR, including profiling based on those provisions. Where personal data are processed for direct marketing purposes, the user has the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Right to withdrawal: The user has the right to withdraw his or her consent at any time.

Right to lodge a complaint: The user has the right to lodge a complaint with a supervisory authority.

Last Updated: 17/02/2022