Welcome to the Internet site www.novatec-gmbh.de of Novatec Consulting GmbH. The protection of your personal data is really important to us. For this reason, we comply strictly with the relevant legislation when collecting and processing your personal data. Below, we provide details on the scope and purpose of data collection on our Website.
1. Principle of anonymous data usage
The use of our site is basically possible without providing any personal data. There might be different provisions for the use of individual services on our Website. Where this applies, these provisions are explained separately below. For legal provisions relating to data protection, see the Federal Data Protection Act (BDSG) and the Telemedia Act (TMG).
When you visit our Website, certain information such as your IP address is transmitted. This data also includes information on the used end device (computer, smartphone, tablet etc.), the used browser (Internet Explorer, Safari, Firefox etc.), the time of the access to the Website, the “referrer”, and the transmitted volume of data.
This data cannot be used by us to identify individual users. The information is used to determine the appeal of our Website and to improve its performance/content while making it even more interesting to our users.
Please note that it can be possible to identify a person from a static IP address in individual cases by means of a RIPE request, but this is not something that we do. However, this Website can be accessed by both static and dynamic IP addresses.
2. Personal data
Personal data is defined as follows by the EU General Data Protection Regulation (GDPR):
…”personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
3. Legal bases for the collection, processing, and use of personal data
Where we obtain your consent to the processing of personal data, Art. 6 Para. 1(a) of the GDPR shall form the legal basis for the processing of your personal data.
If we process your personal data in order to fulfill a contract between you and Novatec Consulting GmbH, Art. 6 Para. 1(b) of the GDPR shall form the legal basis for this. This applies also to processes required in order to implement pre-contractual measures.
If the processing of your personal data is required in order to meet a legal obligation of our company, Art. 6 Para. 1(c) of the GDPR shall apply as the legal basis.
If processing takes place in order to protect the legitimate interests of our company or a third party and if the interests, fundamental rights, and basic freedoms of the data subject do not override these legitimate interests, Art. 6 Para. 1(f) shall apply as the legal basis for processing.
4. Data deletion and duration of storage:
The personal data of the data subject shall be deleted or blocked as soon as the purpose of storing the data expires. Data might be stored for a longer period of time if this is required by EU or national legislators due to the provisions of Union law, legislation, or other regulations to which the data controller is subject. Data shall also be blocked or deleted once the retention period prescribed by the relevant regulations expires unless this data needs to be stored for a further period of time for the purpose of concluding or fulfilling a contract.
5. Collection and processing of personal data
Personal data is recorded by us only if you inform us of this data, e.g. when you register for a training course or contact us.
We use the personal data you give us only to the extent required to fulfill and handle your booking or our services.
Any other usage of your data e.g. for further services or for advertising purposes takes place only if you have given your express consent. You can revoke your consent at any time effective for the future.
Once the contract between us has been fully rendered, your data will be blocked from further use unless you have consented separately to further use. Once the tax and commerce retention periods have expired, this data will be deleted unless you have expressly consented to its further use.
The following provisions provide information on the type, scope, and purpose of the collection of personal data as well as on the use and processing of this data.
6. Contact options
You can contact us with your questions, requirements, and suggestions. You can do so by e-mail or telephone. If you contact us, the information you give us is stored so that we can handle your case. In addition, we synchronize data collected in this way with data we might have collected elsewhere as long as you have given your consent in advance. You can revoke your consent for the future at any time. If you wish to revoke your consent, please use the contact data provided at the end of this explanation.
7. Job applications
You can apply for a job at our company electronically. Naturally, we use your data only to process your application, and do not pass it on to third parties. Please note that e-mails transmitted without encryption are not protected against access by third parties.
8. Comments function
You can leave comments under each article in our blog. To do so, we require your name, a pseudonym, and your e-mail address. If you wish, you can specify your Website. We ask for this information in order to promote more transparent and personalized communication between authors and commentators.
The disclosure of data provided by you in this context takes place on a fully voluntary basis and with your consent. We use personal data transmitted in this way only for the purpose for which you provide it. Naturally, you can revoke your declaration of consent for the future at any time. To do so, please contact our data protection officers, whose contact data is provided below.
We reserve the right to delete comments with abusive or offensive content.
9. Transmission of data to third parties
a. Transmission of data to other group entities
The transmission of your data to third parties outside the Novatec Group does not take place unless we are legally required to do so or if the passing on of your data is required in order to fulfill our contractual relationship with you or if you have expressly consented to the passing on of your data in advance. External service providers and partner companies only receive your data to the extent to which this is required in order to handle your inquiry. In such cases, the scope of transmitted data is kept to the minimum required.
b. Transmission of data to external service providers
Your data is passed on to service partners if they are active on our behalf and are helping Novatec Consulting GmbH to render our services.
The processing of your personal data by commissioned service providers takes place in the context of order processing as per Art. 28 of the GDPR.
The aforementioned service providers obtain access only to the personal information they require in order to fulfill their tasks. These service providers are prohibited from passing on your personal information or from using it for any other purpose, particularly for advertising purposes.
Where external service providers come into contact with your personal data, we have taken legal, technical, and organizational measures and carry out regular checks to ensure that these service providers observe the applicable data protection regulations, too.
We do not pass on your personal data to other companies for commercial reasons.
10. Website optimization tools
In the context of the collection of personal data using Website optimization tools, we invoke our legitimate interest as per Art. 6 Para. 1(f) of the GDPR in conjunction with Recital 47. According to this, direct advertising constitutes legitimate interest. Your interests, fundamental rights, and basic freedoms do not override our advertising interests here because we inform you comprehensively about data collection in this data protection declaration and because you have the option of opting out (via a link or your browser settings) at any time. In addition, we only use pseudonym tracking.
b. Google Analytics
This Website uses Google Analytics by Google Inc (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). In accordance with the agreement between Google and the Hamburg Representative for Data Protection and Freedom of Information, the data-protection-compliant, objection-free use of Google Analytics is possible in certain circumstances.
Please note the following information about the use of Google Analytics:
The IP address transmitted by your browser for Google Analytics is not associated with other Google data. You can suppress the saving of cookies by making a setting in your browser software. However, note that if you do this, you might not be able to use full scope of the functions of our Website.
You can also prevent the recording of the data generated by the cookie in relation to your use of the Website (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plug-in available at this link (http://tools.google.com/dlpage/gaoptout?hl=de).
Alternatively, you can prevent data recording by Google Analytics by clicking the following link. It sets an opt-out cookie that prevents the future recording of your data when you visit this Website: Deactivate Google Analytics This opt-out cookie is valid only for this browser and only for this domain. If you delete your cookies in this browser, you must click this link again.
c. Social bookmarks
Social bookmarks (for example, from Facebook, Twitter, YouTube, LinkedIn, and Xing) are integrated into our Website and blog. Social bookmarks are Internet markers that users of a service of this kind can use to collect links and news items. They are integrated into our Website only as links to the services in question. Once you have clicked the associated graphic, you are forwarded to the site of the provider, and only then is user information transmitted to that provider. For information about the handling of your personal data when you use these Websites, please see the data protection conditions of the relevant provider.
We use technical and organizational security measures to protect data managed by us from manipulation, loss, destruction, and access by third parties. Our security measures are improved constantly in accordance with Internet technological development. Your data is encrypted using the most common and safest transmission processes in the Internet. We also have a firewall (security software) to protect internal information from the Internet.
12. Rights of the data subject
If your personal data is processed, you are the data subject in accordance with the GDPR. You are therefore entitled to the following from the data controller:
Right of access as per Article 15 GDPR
You have the right to obtain from us confirmation as to whether we are processing personal data concerning you. If we have processed data about you, you are entitled to further rights of access as specified in Article 15 GDPR.
Right to rectification
If your data as recorded by us is incorrect or incomplete, you can ask that it be rectified immediately in accordance with Article 16 GDPR.
Right to restriction of processing
In accordance with the prerequisites of Article 18 GDPR, in some circumstances you can demand that the processing of your personal data be restricted.
Where processing has been restricted, your data shall only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. We will inform you before the restriction is lifted.
Right to erasure
If one of the grounds from Art. 17 Para. 1 GDPR applies, you have the right to demand the immediate erasion of all of your personal data unless an exception from this duty to erase applies in accordance with Art. 17 Para. 3 GDPR.
Right to notification
If you have asserted your right to access, erasure, or the restriction of processing against us, we are obliged as per Art. 19 GDPR to communicate this to all recipients of your personal data unless this proves impossible or involves disproportionate effort. You also have the right to be informed about these recipients. You have the right to demand that the controller provide you with information about these recipients.
Right to data portability
In accordance with Art. 20 GDPR, you also have the right to receive your personal data from us in a machine-readable format and to transmit that data to another controller without hindrance as long as the prerequisites of Art. 20 Para. 1(a) are met or to have your personal data transmitted by us directly to another data controller where this is technically feasible and as long as doing so does not adversely affect the rights and freedoms of others. This right does not apply to processing required for the performance of a task carried out in the public interest or in the exercise of official authority.
Right to object
You have the right to object to Novatec Consulting GmbH at any time about the processing of your personal data in accordance with Art. 6 Para. 1(f) GDPR.
We shall then no longer process your personal data unless there are compelling grounds for the processing of this data that override your interests, rights, and freedoms or if the processing is necessary for the establishment, exercise, or defense of legal claims.
Right to revoke declaration of consent as per data protection law
You have the right to revoke your declaration of consent in accordance with data protection law by notifying Novatec Consulting GmbH at any time. Revoking consent does not affect the legality of the processing of data on the basis of the consent before consent is revoked.
Right to lodge a complaint with a supervisory authority
Without prejudice to another administrative or judicial remedy, you have the right at any time to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of your personal data infringes upon the General Data Protection Regulation.
13. Data protection officer
If you have any questions about the processing of your personal data, you can contact our external data protection officer directly. This also applies if you wish to request information, make claims, or lodge complaints.
FAO: Data Protection Officer
c/o Novatec Consulting GmbH
14. Responsible entity
Novatec Consulting GmbH
Managing directors: Stefan Bleicher, Hans-Dieter Brenner, Konrad Pfeilsticker, Michael Schuchart
Valid as of: May 2018