Welcome to the Internet site www.novatec-gmbh.de of Novatec Consulting GmbH. The protection of your personal data is really important to us. For this reason, we comply strictly with the relevant legislation when collecting and processing your personal data. Below, we provide details on the scope and purpose of data collection on our Website.

Open cookie settings

Information on the Collection and Processing of your personal data

Care and transparency is the basis for a trusting cooperation with our customers. We therefore inform you about how we process your data and how you can exercise your rights under the General Data Protection Regulation (GDPR). Which personal data we process for what purpose depends on the respective contractual relationship.

1. Who is responsible for the processing?

The controller is:

Novatec Holding GmbH
Dieselstraße 18/1
D-70771 Leinfelden-Echterdingen

And subsidiaries:

  • Novatec Consulting GmbH
  • Novatec Solutions GmbH
  • Novatec Software Engineering Espana S.L.

2. How can I contact the data protection officer?

You can reach our data protection officer (DPO) as follows:

Lisa Rehkugler
Novatec Holding GmbH
Dieselstraße 18/1
D-70771 Leinfelden-Echterdingen

E-Mail: datenschutz@novatec-gmbh.de

3. Which personal data do we use?

If you have an enquiry, have us prepare an offer or conclude a contract with us, we will process your personal data. In addition, we process your personal data, among other things, to fulfil legal obligations, to protect a legitimate interest or on the basis of a consent given by you.

Depending on the legal basis, the categories of personal data are as follows:

  • Name, Surname
  • Address
  • Communication Data (telephone, e-mail-address)
  • Date of birth
  • Nationality
  • Contract master data, especially contract number, duration, period of notice, type of contract
  • Data on creditworthiness
  • Invoice data / turnover data
  • Payment data / account data
  • Account information, in particular registration and logins
  • Video and image recordings
  • For registrations for training courses with meals
    • eating habits and intolerances

Further categories of personal data are specified in the individual order processing contract depending on the customer’s order. In the course of contract initiation, we also use data provided to us by third parties. Depending on the type of contract, the following categories of personal data are involved:

  • Information on creditworthiness (via a credit agency)

4. From which sources does the data come?

We process personal data that we receive from our customers, service providers and our suppliers.

We also obtain your data from the following sources:

  • Credit agency
  • Publicly accessible sources: commercial or association registers, debtor registers, land registers
  • Other Group companies

5. For what purposes do we process your data and on what legal basis?

We process your personal data in particular in compliance with the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) as well as all other relevant laws.

5.1 Data processing on the basis of a consent given by you (Art. 6 para. 1 lit. a GDPR)

If you have given us your voluntary consent to the collection, processing or transfer of certain personal data, then this consent forms the legal basis for the processing of this data.

In the following cases we process your personal data on the basis of your consent:

  • Sending an e-mail newsletter
  • Personalized newsletter tracking
  • Market research (e.g. customer satisfaction surveys)
  • Marketing and advertising of customer profiles
  • Publication of a customer reference (name and picture)
  • Image and sound recordings of events

5.2 For the performance of a contract (Art. 6 para. 1 lit. b GDPR)

Components are individually defined between the parties in a separate contracts.

5.3 To fulfil legal obligations (Art. 6 para. 1 lit. c GDPR)

As a company we are subject to various legal obligations. The processing of personal data may be necessary to fulfil these obligations.

  • Control and reporting obligations
  • Creditworthiness, age and identity checks
  • Prevention of criminal acts

5.4 On the basis of a legitimate interest of the controller (Art. 6 para. 1 lit. f GDPR)

In certain cases we process your data to protect our legitimate interests or that of third parties:

  • Direct advertising and opinion research
  • Central customer data management within the Group
  • Measures for building and plant safety
  • Video surveillance for the protection of domiciliary rights
  • Consultation and data exchange with credit agencies to determine creditworthiness and default risks
  • Ensuring IT security and IT operation

6. To whom will your data be passed on?

In order to fulfil our contractual and legal obligations, we will pass on your data to different public and internal places, as well as external service providers.

Companies within the Group:

  • Novatec Consulting GmbH
  • Novatec Solutions GmbH
  • Novatec Software Engineering Espana S.L.

External Service Providers:

  • IT service providers (e.g. maintenance service providers, hosting service providers)
  • Service provider for file and data destruction
  • Printing services
  • Telecommunications
  • Payment service providers
  • Consulting
  • Service Provider for Marketing or Sales
  • Credit agencies
  • Authorized dealers
  • Service provider for telephone support (Call-Center)
  • Web hosting service provider
  • Letter shops
  • Auditors and accountants

Public bodies and authorities:

Furthermore, we may also be obliged to transfer you data to other recipients, such as public authorities zu fulfil legal notification obligations.

  • Tax authority
  • Customs
  • Social insurance agency
  • law enforcement agencies

7. Will your data be transferred to countries outside the European Union (so-called third countries)?

Countries outside the European Union (and the European Economic Area “EEA”) handle the protection of personal data differently from countries within the European Union. We also use service providers located in third countries outside the European Union to process your data. There is currently no decision by the EU Commission that these third countries generally offer an adequate level of protection.

We have therefore taken special measures to ensure that your data are processed in third countries as securely as within the European Union. We conclude the standard data protection clauses provided by the Commission of the European Union with service providers in third countries. These clauses provide appropriate guarantees for the protection of your data with service providers in third countries.

8. For how long do we store your data?

We store your personal data for as long as necessary to fulfil legal and contractual obligations.

If the storage of you data is no longer necessary to fulfil the legal or contractual obligations, we will delete your data unless the transfer is necessary for one of the following purposes:

  • Fulfilment of commercial and tax storage obligations.
  • Preservation of evidence within the framework of the statutory limitation provisions. According to the statute of limitations of the German Civil Code (BGB), these statutes of limitations can in some cases be up to 30 years, the regular statute of limitations is three years.

9. What rights do you have in connection with the processing of your data?

Every data subject has the right of access under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR, the right to object under Article 21 GDPR and the right to data portability under Article 20 GDPR. The restrictions according to §§ 34 and 35 BDSG apply to the right of access and the right of erasure.

9.1 Right to object

You can object to the use of your data for advertising using electronic mail at any time without incurring any costs other than the transmission costs according to the basic rates.

What right do you have in the event of data processing for legitimate or public interest?

Pursuant to Art. 21 para. 1 GDPR, you have the right to object at any time to the processing of personal data concerning you on the basis of Art. 6 para.1 lit. e GDPR (data processing in the public interest) or Article 6 para.1 lit. f GDPR (data processing to protect a legitimate interest), this also applies to profiling based on this provision.

In the event of your objection, we will no longer process your personal data unless we can prove compelling grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

What right do you have in the event of data processing for direct marketing?

If we process your personal data for direct marketing purposes, you have the right pursuant to Art. 21 para. 2 GDPR to object at any time to the processing of personal data concerning you for the purpose of such advertising, this also applies to profiling insofar as it is associated with such direct marketing.

In the event of your objection to processing for direct marketing purposes, we will no longer process your personal data for these purposes.

9.2 Revocation of consent

You can revoke your consent to the processing of your personal data at any time. Please note that the revocation is only valid for the future.

9.3 Right to information

You may request information as to whether we have stored personal data about you. If you wish, we will inform you of the data concerned, the purposes for which the data is processed, to whom this data is disclosed, how long the data is stored and what further rights you are entitled to with regard to this data.

9.4 Further rights

In addition, you have the right to have your data corrected or deleted. If there is no reason for further storage, we will delete your data, otherwise we will restrict processing. You may also request that we provide all personal information that you have provided to us in a structured, current and machine-readable format either to you or to a person or company of your choice.

In addition, there is a right to lodge a complaint to the responsible data protection supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG).

9.5 Assertion of your rights

To exercise your rights, you can contact the controller or the data protection officer using the contact details provided or IT-Compliance at datenschutz@novatec-gmbh.de.We will process your enquiries immediately and in accordance with legal requirements and inform you of the measures we have taken.

10. Is there an obligation to provide your personal data?

In order to enter into a business relationship, you must provide us with the personal data that is necessary for the execution of the contractual relationship or that we are required to collect by law. If you do not provide us with this data, it is not possible for us to carry out and process the contractual relationship.

11. Changes to this information

If the purpose or manner of processing your personal data changes significantly, we will update this information in time and inform you about the changes.

Information on the processing of your personal data
within the application process

We are pleased that you have applied to Novatec Holding GmbH. Transparency and a trustful handling of your personal data is an important basis for a good cooperation. We therefore inform you about how we process your data and how you can exercise your rights under the General Data Protection Regulation. The following information will give you an overview of the collection and processing of your personal data in connection with the application procedure.

1. Who is responsible for the processing?

The controller is:

Novatec Holding GmbH
Dieselstraße 18/1
D-70771 Leinfelden-Echterdingen

And subsidiaries:

  • Novatec Consulting GmbH
  • Novatec Solutions GmbH
  • Novatec Software Engineering Espana S.L.

2. How can I contact the data protection officer?

You can reach our data protection officer (DPO) as follows:

Lisa Rehkugler
Novatec Holding GmbH
Dieselstraße 18/1
D-70771 Leinfelden-Echterdingen

E-Mail: datenschutz@novatec-gmbh.de

3. Which personal data do we use?

We process your personal data, as far as they are necessary for the execution of the application procedure. This includes the following data categories:

Standard information:

  • Applicant master data (first name, last name, address, job position)
  • Qualification data (cover letter, CV, previous activities, professional qualification)
  • Work certificates and certificates (performance data, assessment data etc.)
  • Login data (e-mail, password)

Special information required due to the position to be filled

  • Police certificate of good conduct
  • Schufa creditworthiness information
  • Results of the aptitude test
  • Result of the medical aptitude test (suitable, not suitable, conditionally/restrictedly suitable)

Other information

  • Publicly accessible, job-related data, such as e.g. a profile in professional social media networks
  • Voluntary information, such as e.g. an application photo, information on severely disabled persons or other information that you voluntarily provide to us in your application.

4. From which sources does the data come?

We process personal data that we receive from you during the application process.

or/and

We receive personal data from the following sources:

  • Other Group companies (please list)
  • Recruitment service providers

and

We process personal data that originates from public sources, e.g. professional social networks.

5. For what purposes do we process your data and on what legal basis?

We process your personal data in particular in compliance with the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) as well as all other relevant laws.

5.1 Data processing for the purpose of the application (Section 26 para. 1 BDSG)

Personal data of applicants may be processed for the purposes of the application procedure if this is necessary for the decision to establish an employment relationship with us.

The necessity and scope of the data collection are judged, among other things, by the position to be filled. If your desired position involves the performance of particularly confidential tasks, increased personnel and/or financial responsibility, or is linked to certain physical and health conditions, more extensive data collection may be necessary. In order to protect data protection, such data processing takes place only after the selection of applicants has been completed and immediately before you are hired.

5.2 Data processing on the basis of a consent given by you (Art. 6 para. 1 lit. a GDPR, Section 26 para. 2 BDSG)

If you have given us your voluntary consent to the collection, processing or transfer of certain personal data, then this consent forms the legal basis for the processing of this data.

In the following cases we process your personal data on the basis of your consent:

  • Admission to the applicant pool, this means we store the application documents beyond the current application procedure for consideration in later application procedures.
  • Share the application with Group companies

5.3 On the basis of a legitimate interest of the controller (Art. 6 para.1 lit. f GDPR)

In certain cases we process your data to protect our legitimate interests or that of third parties:

  • To defend legal claims in proceedings under the German General Equal Treatment Act (AGG). In the event of a dispute, we have a legitimate interest in processing the data for evidence purposes.
  • Data comparison with EU anti-terrorist lists in accordance with Regulations (EC) No. 2580/2001 and 881/2002: As a company, EU law obliges us to play our part in the fight against terrorism. No funds may be made available to persons and organisations on the terrorist lists (provision prohibition). We are also obliged to carry out this comparison for the AEO certificate as an “authorised economic operator”.

6. To whom will your data be passed on to?

Your data will be processed mainly by our human resources department and the department manager of the position to be filled. In some cases, however, other internal and external bodies are also involved in the processing of your data.
Internal departments:

  • Human resources department
  • Department manager

Companies in the Group:

Novatec Holding GmbH and subsidiaries as defined under point 1.

External Services Providers:

  • IT service providers (e.g. maintenance service providers, hosting service providers)
  • Service Provider for data and file destruction

In case you have further questions regarding our individual recipients, please contact us under datenschutz@novatec-gmbh.de.

7. Will your data be transferred to countries outside the European Union (so-called third countries)?

A transfer to a third country is not intended.

8. For how long do we store your data?

We store your personal data for as long as this is necessary for the decision on your application. If an employment relationship between you and us is not concluded, we may also further store data, insofar as this is necessary to defend against possible legal claims. Your data will be regularly deleted within 6 months after the end of the application process.

If an employment relationship is not established, but you have given us your consent for the further storage of your data, we will store your data until your consent is revoked, but for a maximum of further three years. On specific occasions, we may also store your data for a longer period of time for the purpose of defending us against possible legal claims.

9. What rights do you have in connection with the processing of your data?

Every data subject has the right of access under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR, the right to object under Article 21 GDPR and the right to data portability under Article 20 GDPR. The restrictions according to §§ 34 and 35 BDSG apply to the right of access and the right of erasure.

9.1 Right to object

What right do you have in the event of data processing for legitimate or public interest?

Pursuant to Art. 21 para. 1 GDPR, you have the right to object at any time for reasons arising from your particular situation to the processing of your personal data on the basis of Art. 6 para.1 lit. e GDPR (data processing in the public interest) or Article 6 para. 1 lit. f GDPR (data processing to protect a legitimate interest), this also applies to profiling based on this provision.

In the event of your objection, we will no longer process your personal data unless we can prove compelling grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

9.2 Revocation of consent

You can revoke your consent to the processing of your personal data at any time. Please note that the revocation is only valid for the future.

9.3 Right to information

You may request information as to whether we have stored personal data about you. If you wish, we will inform you of the data concerned, the purposes for which the data is processed, to whom this data is disclosed, how long the data is stored and what further rights you are entitled to with regard to this data.

9.4 Further rights

In addition, you have the right to have your data corrected or deleted. If there is no reason for further storage, we will delete your data, otherwise we will restrict processing. You may also request that we provide all personal information that you have provided to us in a structured, current and machine-readable format either to you or to a person or company of your choice.

In addition, there is a right to lodge a complaint to the responsible data protection supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG).

9.5 Assertion of your rights

To exercise your rights, you can contact the controller or the data protection officer using the contact details provided. We will process your enquiries immediately and in accordance with legal requirements and inform you of the measures we have taken.

10. Is there an obligation to provide your personal data?

There is no legal or contractual obligation to provide your personal data. However, providing your personal data is required to carry out the application process. This means, that if you do not provide this data, we will not be able to carry out the application process.

11. Changes to this information

If the purpose or manner of processing your personal data changes significantly, we will update this information in time and inform you about the changes.

1. Principle of anonymous data usage

The use of our site is basically possible without providing any personal data. There might be different provisions for the use of individual services on our Website. Where this applies, these provisions are explained separately below. For legal provisions relating to data protection, see the Federal Data Protection Act (BDSG) and the Telemedia Act (TMG).

When you visit our Website, certain information such as your IP address is transmitted. This data also includes information on the used end device (computer, smartphone, tablet etc.), the used browser (Internet Explorer, Safari, Firefox etc.), the time of the access to the Website, the “referrer”, and the transmitted volume of data.

This data cannot be used by us to identify individual users. The information is used to determine the appeal of our Website and to improve its performance/content while making it even more interesting to our users.

Please note that it can be possible to identify a person from a static IP address in individual cases by means of a RIPE request, but this is not something that we do. However, this Website can be accessed by both static and dynamic IP addresses.

2. Personal data

Personal data is defined as follows by the EU General Data Protection Regulation (GDPR):

…”personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

3. Legal bases for the collection, processing, and use of personal data

Where we obtain your consent to the processing of personal data, Art. 6 Para. 1(a) of the GDPR shall form the legal basis for the processing of your personal data.

If we process your personal data in order to fulfill a contract between you and Novatec Consulting GmbH, Art. 6 Para. 1(b) of the GDPR shall form the legal basis for this. This applies also to processes required in order to implement pre-contractual measures.

If the processing of your personal data is required in order to meet a legal obligation of our company, Art. 6 Para. 1(c) of the GDPR shall apply as the legal basis.

If processing takes place in order to protect the legitimate interests of our company or a third party and if the interests, fundamental rights, and basic freedoms of the data subject do not override these legitimate interests, Art. 6 Para. 1(f) shall apply as the legal basis for processing.

4. Data deletion and duration of storage:

The personal data of the data subject shall be deleted or blocked as soon as the purpose of storing the data expires. Data might be stored for a longer period of time if this is required by EU or national legislators due to the provisions of Union law, legislation, or other regulations to which the data controller is subject. Data shall also be blocked or deleted once the retention period prescribed by the relevant regulations expires unless this data needs to be stored for a further period of time for the purpose of concluding or fulfilling a contract.

5. Collection and processing of personal data

Personal data is recorded by us only if you inform us of this data, e.g. when you register for a training course or contact us.

We use the personal data you give us only to the extent required to fulfill and handle your booking or our services.

Any other usage of your data e.g. for further services or for advertising purposes takes place only if you have given your express consent. You can revoke your consent at any time effective for the future.

Once the contract between us has been fully rendered, your data will be blocked from further use unless you have consented separately to further use. Once the tax and commerce retention periods have expired, this data will be deleted unless you have expressly consented to its further use.

The following provisions provide information on the type, scope, and purpose of the collection of personal data as well as on the use and processing of this data.

6. Contact options

You can contact us with your questions, requirements, and suggestions. You can do so by e-mail or telephone. If you contact us, the information you give us is stored so that we can handle your case. In addition, we synchronize data collected in this way with data we might have collected elsewhere as long as you have given your consent in advance. You can revoke your consent for the future at any time. If you wish to revoke your consent, please use the contact data provided at the end of this explanation.

7. Job applications

You can apply for a job at our company electronically. Naturally, we use your data only to process your application, and do not pass it on to third parties. Please note that e-mails transmitted without encryption are not protected against access by third parties.

8. Comments function

You can leave comments under each article in our blog. To do so, we require your name, a pseudonym, and your e-mail address. If you wish, you can specify your Website. We ask for this information in order to promote more transparent and personalized communication between authors and commentators.

The disclosure of data provided by you in this context takes place on a fully voluntary basis and with your consent. We use personal data transmitted in this way only for the purpose for which you provide it. Naturally, you can revoke your declaration of consent for the future at any time. To do so, please contact our data protection officers, whose contact data is provided below.

We reserve the right to delete comments with abusive or offensive content.

9. Transmission of data to third parties

a. Transmission of data to other group entities

The transmission of your data to third parties outside the Novatec Group does not take place unless we are legally required to do so or if the passing on of your data is required in order to fulfill our contractual relationship with you or if you have expressly consented to the passing on of your data in advance. External service providers and partner companies only receive your data to the extent to which this is required in order to handle your inquiry. In such cases, the scope of transmitted data is kept to the minimum required.

b. Transmission of data to external service providers

Your data is passed on to service partners if they are active on our behalf and are helping Novatec Consulting GmbH to render our services.

The processing of your personal data by commissioned service providers takes place in the context of order processing as per Art. 28 of the GDPR.

The aforementioned service providers obtain access only to the personal information they require in order to fulfill their tasks. These service providers are prohibited from passing on your personal information or from using it for any other purpose, particularly for advertising purposes.

Where external service providers come into contact with your personal data, we have taken legal, technical, and organizational measures and carry out regular checks to ensure that these service providers observe the applicable data protection regulations, too.

We do not pass on your personal data to other companies for commercial reasons.

10. Website optimization tools

In the context of the collection of personal data using Website optimization tools, we invoke our legitimate interest as per Art. 6 Para. 1(f) of the GDPR in conjunction with Recital 47. According to this, direct advertising constitutes legitimate interest. Your interests, fundamental rights, and basic freedoms do not override our advertising interests here because we inform you comprehensively about data collection in this data protection declaration and because you have the option of opting out (via a link or your browser settings) at any time. In addition, we only use pseudonym tracking.

a. Cookies

To improve our Web presence and make it as easy as possible for you to use, we use cookies. Cookies are small text files that are stored on your computer when you call up our Website and that enable the recognition of your browser. Cookies save information such as your language setting, duration of your visit to our Website, and entries you make there. This avoids the need for you to enter all required data again each time you visit. In addition, cookies allow us to recognize your preferences and to design our Website in line with your interests.

b. Google Analytics

This Website uses Google Analytics by Google Inc (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). In accordance with the agreement between Google and the Hamburg Representative for Data Protection and Freedom of Information, the data-protection-compliant, objection-free use of Google Analytics is possible in certain circumstances.

Please note the following information about the use of Google Analytics:

Google Analytics uses cookies that are stored on your computer and that enable the analysis of your Website usage. The information generated by the cookie on your usage of this Website is generally transmitted to a Google server in the USA and is stored there. Due to the activation of IP anonymization on this Website, however, your IP address will be truncated beforehand by Google if you are within one of the Member States of the European Union or another state party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this Website, Google uses this information to evaluate your usage of the Website, compile reports on Website activities, and perform other services relating to Website and Internet usage for the operator of this Website.

The IP address transmitted by your browser for Google Analytics is not associated with other Google data. You can suppress the saving of cookies by making a setting in your browser software. However, note that if you do this, you might not be able to use full scope of the functions of our Website.

You can also prevent the recording of the data generated by the cookie in relation to your use of the Website (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plug-in available at this link (http://tools.google.com/dlpage/gaoptout?hl=de).

Alternatively, you can prevent data recording by Google Analytics by clicking the following link. It sets an opt-out cookie that prevents the future recording of your data when you visit this Website: Deactivate Google Analytics This opt-out cookie is valid only for this browser and only for this domain. If you delete your cookies in this browser, you must click this link again.

For more information, see https://www.google.de/intl/de/policies/ and the Google data protection declaration at http://www.google.de/policies/privacy/.

c. Social bookmarks

Social bookmarks (for example, from Facebook, Twitter, YouTube, LinkedIn, and Xing) are integrated into our Website and blog. Social bookmarks are Internet markers that users of a service of this kind can use to collect links and news items. They are integrated into our Website only as links to the services in question. Once you have clicked the associated graphic, you are forwarded to the site of the provider, and only then is user information transmitted to that provider. For information about the handling of your personal data when you use these Websites, please see the data protection conditions of the relevant provider.

11. Security

We use technical and organizational security measures to protect data managed by us from manipulation, loss, destruction, and access by third parties. Our security measures are improved constantly in accordance with Internet technological development. Your data is encrypted using the most common and safest transmission processes in the Internet. We also have a firewall (security software) to protect internal information from the Internet.

12. Rights of the data subject

If your personal data is processed, you are the data subject in accordance with the GDPR. You are therefore entitled to the following from the data controller:

Right of access as per Article 15 GDPR
You have the right to obtain from us confirmation as to whether we are processing personal data concerning you. If we have processed data about you, you are entitled to further rights of access as specified in Article 15 GDPR.

Right to rectification
If your data as recorded by us is incorrect or incomplete, you can ask that it be rectified immediately in accordance with Article 16 GDPR.

Right to restriction of processing
In accordance with the prerequisites of Article 18 GDPR, in some circumstances you can demand that the processing of your personal data be restricted.

Where processing has been restricted, your data shall only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. We will inform you before the restriction is lifted.

Right to erasure
If one of the grounds from Art. 17 Para. 1 GDPR applies, you have the right to demand the immediate erasion of all of your personal data unless an exception from this duty to erase applies in accordance with Art. 17 Para. 3 GDPR.

Right to notification
If you have asserted your right to access, erasure, or the restriction of processing against us, we are obliged as per Art. 19 GDPR to communicate this to all recipients of your personal data unless this proves impossible or involves disproportionate effort. You also have the right to be informed about these recipients. You have the right to demand that the controller provide you with information about these recipients.

Right to data portability
In accordance with Art. 20 GDPR, you also have the right to receive your personal data from us in a machine-readable format and to transmit that data to another controller without hindrance as long as the prerequisites of Art. 20 Para. 1(a) are met or to have your personal data transmitted by us directly to another data controller where this is technically feasible and as long as doing so does not adversely affect the rights and freedoms of others. This right does not apply to processing required for the performance of a task carried out in the public interest or in the exercise of official authority.

Right to object
You have the right to object to Novatec Consulting GmbH at any time about the processing of your personal data in accordance with Art. 6 Para. 1(f) GDPR.

We shall then no longer process your personal data unless there are compelling grounds for the processing of this data that override your interests, rights, and freedoms or if the processing is necessary for the establishment, exercise, or defense of legal claims.

Right to revoke declaration of consent as per data protection law
You have the right to revoke your declaration of consent in accordance with data protection law by notifying Novatec Consulting GmbH at any time. Revoking consent does not affect the legality of the processing of data on the basis of the consent before consent is revoked.

Right to lodge a complaint with a supervisory authority
Without prejudice to another administrative or judicial remedy, you have the right at any time to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of your personal data infringes upon the General Data Protection Regulation.

13. Data protection officer

If you have any questions about the processing of your personal data, you can contact our external data protection officer directly. This also applies if you wish to request information, make claims, or lodge complaints.

Personal/confidential
FAO: Data Protection Officer
c/o Novatec Consulting GmbH
Dieselstraße 18/1
D-70771 Leinfelden-Echterdingen

E-mail: datenschutz@novatec-gmbh.de

14. Responsible entity

Novatec Consulting GmbH
Dieselstraße 18/1
D-70771 Leinfelden-Echterdingen

Managing directors: Stefan Bleicher, Hans-Dieter Brenner, Konrad Pfeilsticker, Michael Schuchart

Valid as of: May 2018