We know that the careful handling of your personal information is important to you. Therefore, we appreciate your trust that Naus Funkenerosion GmbH deals with this information conscientiously. With this declaration, you give us your consent to the fact that Naus Funkenerosion GmbH may collect, process and use your personal data listed below for the purposes stated here. This consent can be withdrawn at any time with effect for the future.
Naus Funkenerosion GmbH has implemented numerous technical and organisational measures for the controllers in order to ensure the most complete possible protection of the personal data processed via this website. Nevertheless, internet-based data transmissions can generally have security gaps, so that absolute protection can not be guaranteed. For this reason, every person concerned is free to submit personal data to us by alternative means, for example by telephone.
a) Personal data
Personal data means any information relating to an identified or identifiable natural person (hereinafter the “data subject”). A natural person is considered to be identifiable, can be identified directly or indirectly, in particular by association with an identifier such as a name, with an identification number, with location data, with an online identifier or with one or more special characteristics expressing the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person.
b) Data subject
A data subject is any identified or identifiable natural person whose personal data is processed by the controller.
Processing means any, with or without the help of automated procedures, performed process or any series of processes related to personal data such as collection, recording, organising, ordering, storing, adapting or modifying, reading, querying, using, disclosing through submission, distributing or any other form of provision, comparison or correlation, restriction, deletion or destruction.
d) Restriction of processing
Restriction of the processing is the marking of stored personal data with the aim to limit their future processing.
Profiling is any type of automated processing of personal data, which involves using that personal information to evaluate certain personal aspects pertaining to a natural person, in particular, to analyse or predict aspects relating to work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location of that natural person.
Pseudonymisation is the processing of personal data in a way in which the personal data can no longer be assigned to a specific data subject without the need for additional information; provided that such additional information is kept separate and is subject to technical and organisational measures to ensure that the personal data are not assigned to an identified or identifiable natural person.
g) Person responsible or controller
The person responsible or controller is the natural or legal person, public authority, agency or any other body that, alone or together with others, decides on the purposes and means of processing personal data. Where the purposes and means of such processing are determined by Union law or the law of the Member States, the controller or the specific criteria for his designation may be provided for under Union law or national law of the Member States.
A processor is a natural or legal person, public authority, agency or any other body that processes personal data on behalf of the controller.
The recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not it is a third party. However, public authorities which may receive personal data under Union or national law in connection with a particular mission are not considered to be recipients.
j) Third parties
A third party, is a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorised under the direct responsibility of the controller or processor to process the personal data.
Consent is any expression of will voluntarily and unequivocally given by the data subject in form of a statement or any other unambiguous confirmatory act, with which the data subject expresses his/her consent to the processing of the personal data concerning him/her.
The authority responsible within the meaning of the General Data Protection Regulation, other data protection laws in the Member States of the European Union and other provisions with a data protection character is:
Every person concerned can contact us by postal mail at any time with any questions or suggestions regarding data protection.
We do not share your personal data including your home address and e-mail address without your explicit and revocable consent, with third parties. This does not apply to our service partners who require the transmission of data for order processing (e.g. the shipping company responsible for the delivery and the bank responsible for processing the payment). In these cases, however, the amount of data transmitted is limited to the minimum required.
The data subject can prevent the setting of cookies through our website at any time by means of a corresponding setting of the Internet browser used and thus permanently contradict the setting of cookies. Furthermore, already set cookies can be deleted at any time via an internet browser or other software programs. This is possible in all common internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be fully usable.
With each visit to the website by a data subject or an automated system, the website of Naus Funkenerosion GmbH collects a series of general data and information. These general data and information are stored in the log files of the server. The following can be recorded (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system comes to our website (so-called referrer), (4) the subpages, which are accessed via an accessing system on our website, (5) the date and time of access to the website, (6) an internet protocol address (IP address), (7) the internet service provider of the accessing system and (8) other similar data and information used in the case of attacks on our information technology systems.
When using these general data and information, Naus Funkenerosion GmbH does not draw any conclusions about the data subject. Rather, this information is needed to (1) to deliver the contents of our website correctly, (2) to optimise the content of our website as well as the advertising for it, (3) to ensure the permanent functioning of our information technology systems and the technology of our website, as well as (4) to provide law enforcement authorities with the information necessary for law enforcement in case of a cyberattack. This anonymously collected data and information is evaluated by Naus Funkenerosion GmbH on the one hand statistically and further with the aim to increase the privacy and data security in our company, to ultimately ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.
Due to legal regulations, the website of Naus Funkenerosion GmbH contains information that enables quick electronic contact to our company as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If a data subject contacts the controller by e-mail, the personal data provided by the data subject will be automatically saved. Such personal data, provided on a voluntary basis by a data subject to the controller, is stored for the purposes of processing or contacting the data subject. There is no disclosure of this personal data to third parties.
The controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of the storage or, if so intended by the European Directive and Regulatory Authority and other legislators in laws or regulations which the controller is subject to.
If the storage purpose is omitted or if a storage period prescribed by the European Directive and Regulatory Authority or any other relevant legislature expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.
a) Right to confirmation
Each data subject has the right, as granted by the European Directive and Regulatory Authority, to ask the controller for confirmation of the processing of personal data concerning him or her. If an affected person wishes to exercise this right of confirmation, they can contact an employee of the controller at any time.
b) Right to information
Any data subject affected by the processing of personal data shall have the right granted by the European Directive and Regulatory Authority to obtain from the controller at any time the information free of charge concerning the personal data stored about him/her and to receive a copy of that information. In addition, the European Directive and Regulatory Authority has given the data subject the right to obtain the following information:
Furthermore, the data subject has a right of information as to whether personal data has been transmitted to a third country or to an international organisation. If this is the case, then the data subject has the right to obtain information about the appropriate guarantees in connection with the transfer. If an affected person wishes to exercise this right of information, they can contact an employee of the controller at any time.
c) Right of rectification
Any person affected by the processing of personal data has the right granted by the European Directive and Regulatory Authority to demand the immediate correction of incorrect personal data concerning them. Furthermore, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration, taking into account the purposes of the processing.
If an affected person wishes to exercise this right of rectification, they can contact an employee of the controller at any time.
d) Right to cancellation (right to be forgotten)
Any person affected by the processing of personal data shall have the right granted by the European Directive and Regulatory Authority to request from the controller to immediately delete the personal data concerning him/her, provided that one of the following reasons is satisfied and the processing is not required:
If one of the above reasons applies and a data subject wishes to arrange for the deletion of personal data stored by Naus Funkenerosion GmbH, they may contact an employee of the controller at any time. The employee of Naus Funkenerosion GmbH will arrange that the deletion request will be fulfilled immediately.
If the personal data have been made public by Naus Funkenerosion GmbH and if our company as the controller is obliged to delete personal data pursuant to Art. 17 para. 1 GDPR, Naus Funkenerosion GmbH will take appropriate measures, taking into account the available technology and the implementation costs also of a technical nature, to inform other data controllers processing the personal data published, that the data subject has requested from these other data controllers to delete all links of such personal data as well as the copies or replications thereof, unless the processing is necessary. The employee of Naus Funkenerosion GmbH will arrange the necessary procedure in individual cases.
e) Right to restriction of processing
Any data subject affected by the processing of personal data has the right granted by the European Directive and Regulatory Authority to request from the controller to restrict the processing if one of the following conditions applies:
If one of the above-mentioned conditions is met and a data subject wishes to request the restriction of personal data stored by Naus GmbH, they may contact an employee of the controller at any time. The employee of Naus GmbH will initiate the restriction of processing.
f) Right for data portability
Any data subject affected by the processing of personal data shall have the right granted by the European Directive and Regulatory Authority to receive the personal data concerning him/her provided to a controller by the data subject in a structured, common and machine-readable format. He/she also has the right to transfer this data to another person without hindrance by the person responsible for providing the personal data, provided that the processing is based on the consent pursuant to Article 6 (1) (a) of the GDPR or Article 9 (2) (a) of the GDPR or of a contract pursuant to Article 6 (1) (b) GDPR and that the processing is carried out by automated means, provided that the processing is not necessary for the performance of a task of public interest or in the exercise of official authority, delegated to the controller.
Furthermore, in exercising their right to data portability under Article 20 (1) of the GDPR, the data subject has the right to obtain the personal data to be transferred directly from one controller to another, provided that this is technically feasible and does not affect the rights and freedoms of others.
To assert the right of data portability, the data subject may at any time contact an employee of Naus GmbH.
g) Right to object
Any data subject affected by the processing of personal data shall have the right granted by the European Directive and Regulatory Authority to object at any time, for reasons that arise from his/her particular situation, to the processing of personal data relating to it pursuant to Article 6 (1) (e) or (f) of the GDPR. This also applies to profiling based on these provisions.
Naus Funkenerosion GmbH will no longer process personal data in the event of an objection, unless we can demonstrate compelling legitimate grounds for processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves the assertion, exercise or defence of legal claims.
If Naus Funkenerosion GmbH processes personal data in order to conduct direct advertising, the data subject has the right to object at any time to the processing of personal data for the purpose of such advertising. This also applies to the profiling, as far as it is associated with such direct advertising. If the data subject objects to processing to Naus GmbH for the purposes of direct advertising, Naus Funkenerosion GmbH will no longer process the personal data for these purposes.
In addition, the data subject has the right, for reasons arising from his/her particular situation, to object to the processing of personal data relating to him/her at Naus Funkenerosion GmbH for scientific or historical research purposes or statistical purposes pursuant to Art. 89 (1) GDPR, unless such processing is necessary to fulfil a task of public interest.
In order to exercise the right to object, the data subject may directly contact any Naus GmbH employee or another employee. The data subject is also free, in the context of the use of information society services, notwithstanding Directive 2002/58/EC, to exercise his/her right of opposition by means of automated procedures using technical specifications.
h) Automated decisions in individual cases including profiling
Any data subject affected by the processing of personal data shall have the right, as granted by the European Directive and Regulatory Authority, not to be subject to a decision based solely on automated processing, including profiling, which has a legal effect on him/her or significantly affects him/her in a similar manner; provided the decision (1) is not necessary for the conclusion or performance of a contract between the data subject and the controller, or (2) is admissible on the basis of Union or Member State legislation to which the controller is subject, and that legislation contains appropriate measures to safeguard the rights and freedoms and legitimate interests of the data subject, or (3) is made with the express consent of the data subject.
If the decision (1) is necessary for the conclusion or performance of a contract between the data subject and the person responsible, or (2) is made with the express consent of the data subject, Naus Funkenerosion GmbH shall take appropriate measures to safeguard the rights and freedoms as well as the legitimate interests of the data subject, including at least the right to obtain the intervention of a controller, the right to a statement of their own point of view and the right to contest the decision.
If the data subject wishes to assert on automated decision-making rights, they may, at any time, contact an employee of the controller.
i) Right to revoke a data protection consent
Any data subject affected by the processing of personal data has the right, granted by the European Directive and Regulatory Authority, to revoke consent to the processing of personal data at any time.
If the data subject wishes to assert their right to withdraw consent, they may, at any time, contact an employee of the controller.
The controller collects and processes the personal data of applicants for the purpose of processing the application process. The processing can also be done electronically. This is particularly the case if an applicant submits respective application documents to the controller by electronic means, for example by e-mail or via a web form available on the website. If the controller concludes a contract of employment with an applicant, the data transmitted will be stored for the purposes of the employment relationship in accordance with the law. If no employment contract is concluded with the applicant by the controller, the application documents will be automatically deleted two months after the announcement of the rejection decision, provided that the deletion is not in conflict with any other legitimate interests of the controller. Other legitimate interest in this sense, for example, a burden of proof in a procedure under the General Equal Treatment Act (GETA).
The controller has integrated the component Google Analytics (with anonymisation function) on this website. Google Analytics is a web analytics service. Web analysis is the collection, analysis and evaluation of data about the behaviour of visitors to websites. Among other things, a web analysis service collects data from which website an affected person has come to a website (so-called referrers), which subpages of the website were accessed or how often and for which length of stay a subpage was viewed. A web analysis is mainly used to optimise a website and for a cost-benefit analysis of Internet advertising.
The operating company of the Google Analytics component is Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.
The controller uses the addition “_gat._anonymizeIp" for web analytics via Google Analytics. By means of this addition, the IP address of the Internet connection of the person concerned is shortened and anonymised by Google, if the access to our website is from a Member State of the European Union or from another state party to the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyse visitor flows on our website. Among other things, Google uses the data and information obtained to evaluate the use of our website, to compile for us online reports showing the activities on our website, and to provide other services related to the use of our website.
Google Analytics uses a cookie on the information technology system of the person concerned. What cookies are, has already been explained above. By using the cookie, Google will be able to analyse the use of our website. Each time one of the pages of this website, operated by the controller and with an integrated Google Analytics component, is accessed, the internet browser on the information technology system of the data subject is automatically initiated by the respective Google Analytics component, to submit data to Google for the purposes of online analysis. As part of this technical process, Google receives information about personal data, such as the IP address of the data subject, which Google uses, among other things, to track the origin of visitors and clicks, and subsequently make commission settlements possible.
The cookie stores personally identifiable information, such as access time, the location from which access was made and the frequency of site visits by the data subject. Each time our website is visited, the personal information, including the IP address of the Internet connection used by the data subject, is transferred to Google in the United States of America. This personal information is stored by Google in the United States of America. Google may transmit this personal data collected by means of this technical process to third parties.
The data subject can prevent the setting of cookies through our website, as shown above, at any time by means of a corresponding setting of the Internet browser used and thus permanently contradict the setting of cookies. Such a setting of the Internet browser used would also prevent Google from using a cookie on the information technology system of the person concerned. In addition, a cookie already set by Google Analytics can be deleted at any time via the Internet browser or other software programs.
The controller has integrated Xing components on this website. Xing is an internet-based social network that allows users to connect to existing business contacts and make new business contacts. The individual users can create a personal profile at Xing. Companies can, for example, create company profiles or publish job offers on Xing.
The operating company of Xing is XING SE, Dammtorstraße 30, 20354 Hamburg, Germany.
Each time one of the individual pages on this website, operated by the controller, is called up and on which a Xing component (Xing plug-in) has been integrated, the internet browser on the information technology system of the data subject is automatically activated by the respective Xing Component to download a representation of the corresponding Xing component of Xing. More information about the Xing plug-ins can be found at https://dev.xing.com/plugins. As part of this technical process, Xing receives information about which specific subpage of our website is visited by the data subject.
If the data subject is simultaneously logged in to Xing, Xing recognises with each visit by the data subject to our website and during the entire duration of each stay on our website, which specific subpage of our website the data subject visits. This information is collected by the Xing component and assigned by Xing to the affected Xing account of the data subject. If the data subject activates one of the Xing buttons integrated on our website, for example the “Share” button, Xing assigns this information to the personal Xing user account of the data subject and saves this personal data.
If the data subject is simultaneously logged in to Xing at the time of access to our website, Xing will always receive information from the Xing component that the data subject has visited our website; this happens regardless of whether or not the data subject clicks on the Xing component. If a transmission of such information to Xing is not wanted by the data subject, he/she can prevent the transmission by logging out of their Xing account before calling up our website.
Art. 6 I lit. A GDPR serves our company as the legal basis for processing operations for which we obtain consent for a particular processing purpose. If the processing of personal data is necessary to fulfil a contract of which the data subject is a party, as is the case, for example, in processing operations necessary for the supply of goods or the provision of any other service or return service, the processing shall be based on Art. 6 I lit. b GDPR. The same applies to processing operations that are necessary to carry out pre-contractual measures, for example in the case of inquiries about our products or services. If our company is subject to a legal obligation which requires the processing of personal data, such as the fulfilment of tax obligations, the processing is based on Art. 6 I lit. c GDPR. In rare cases, the processing of personal data may be required to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our premises were injured and his or her name, age, health insurance or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6 I lit. d GDPR. Ultimately, processing operations could be based on Art. 6 I lit. f GDPR. Processing operations that are not covered by any of the above legal bases, are based on this legal basis if processing is necessary to safeguard the legitimate interests of our company or a third party, unless the interests, fundamental rights and fundamental freedoms of the data subject prevail. Such processing operations are particularly permitted because they have been specifically mentioned by the European legislator. In that regard, it considered that a legitimate interest could be assumed if the data subject is a customer of the controller (recital 47, sentence 2, GDPR).
If the processing of personal data is based on Article 6 I lit. f GDPR our legitimate interest in conducting our business is for the benefit of all of our employees and our shareholders.
The criterion for the duration of the storage of personal data is the respective statutory retention period. After the period, the corresponding data will be routinely deleted, if they are no longer required to fulfil the contract or to initiate a contract.
We clarify that the provision of personal information is in part required by law (such as tax regulations) or may result from contractual arrangements (such as details of the contractor). Sometimes it may be necessary for a contract to be concluded that a data subject provides us with personal data that subsequently must be processed by us. For example, the data subject is required to provide us with personal information when our company concludes a contract with him/her. The failure to provide the personal data would mean that the contract with the data subject could not be concluded. Prior to any personal data being provided by the data subject, the data subject must contact one of our employees. Our employee will inform the data subject on a case-by-case basis whether the provision of the personal data is required by law or contract or required for the conclusion of the contract, whether there is an obligation to provide the personal data, and what would result from the failure to provide the personal data.
As a responsible company, we refrain from automatic decision-making or profiling.
We use Google Fonts from Google Inc. (1600 Amphitheater Parkway Mountain View, CA 94043, USA) on our website. Google Fonts are used without authentication and no cookies are sent to the Google Fonts API. If you have an account with Google, none of your Google Account information will be transmitted to Google while using Google Fonts. Google only records the use of CSS and the fonts used and stores this data securely. More about these and other questions can be found on https://developers.google.com/fonts/faq?tid=231547796377.
What data is collected by Google and what this data is used for, you can read onhttps://www.google.com/intl/de/policies/privacy/.
In our website, we use Google Maps for the visualization of our location as well as for the creation of directions. This is a service of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043 USA, hereafter referred to as “Google”.
By being certified under the EU-US Privacy Shield,
Google guarantees that EU data protection standards will be met, including when processing data in the United States.
In order to enable the visualisation of certain fonts for our web presence, a connection to the Google server in the USA is established when opening our website.
Insofar as you access the Google Maps component integrated in our website, Google will store a cookie on your device via your Internet browser. To view our location and provide directions, your user settings and user data are processed. We can not rule out that Google uses servers in the United States to do this.
Legal basis is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in optimising the functionality of our website.
Using this connection to Google allows Google to determine from which website your request has been sent and to which IP address the directions are to be transmitted.
If you do not agree with this processing, you have the option to prevent the installation of cookies by the respective settings in your Internet browser. You will find details on this under the heading “Cookies”.
In addition, the use of Google Maps as well as the information obtained through Google Maps takes place according to the Google Terms of Service https://policies.google.com/terms?gl=DE&hl=de and the Terms and Conditions for Google Mapshttps://www.google.com/intl/de_de/help/terms_maps.html.
In addition, Google offers further information under