Privacy statement

Your privacy is very important to us. This means that we store your data securely and protect it from misuse. In this statement, we explain what we do with your data and how we use it to optimise our services for you.

We believe that everyone should have control over their personal data and be free to decide whether or not to share it with us. In this privacy policy, you can read what personal data we collect from you, how we use it and with whom we may share it. We explain what we do to protect your privacy, how you can view and change your personal data and how compliance with this policy is monitored.

This privacy policy applies to the collection, management, use and disclosure of your data by Nomios. The privacy policy should be read in conjunction with our terms of use and our cookie policy. We may change our privacy policy at any time and will post the current version on our website.

1. Data protection at a glance

General information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to identify you personally. For detailed information on data protection, please refer to our privacy policy listed below this text.

Data collection on this website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. You can find their contact details in the ‘Information on the responsible body’ section of this privacy policy.

How do we collect your data?

Your data is collected when you provide it to us. This may include data that you enter in a contact form. Other data is collected automatically or with your consent when you visit the website by our IT systems. This is primarily technical data (e.g. Internet browser, operating system or time of page view). This data is collected automatically as soon as you enter this website.

What do we use your data for?

Some of the data is collected to ensure that the website is provided without errors. Other data may be used to analyse your user behaviour.

What rights do you have regarding your data?

You have the right to obtain information about the origin, recipient and purpose of your stored personal data free of charge at any time. You also have the right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time with future effect. You also have the right to request the restriction of the processing of your personal data under certain circumstances. Furthermore, you have the right to lodge a complaint with the competent supervisory authority. You can contact us at any time if you have any questions about this or other data protection issues.

Analysis tools and third-party tools

When you visit this website, your surfing behaviour may be statistically evaluated. This is mainly done using so-called analysis programmes. Detailed information about these analysis programmes can be found in the following privacy policy.

2. General information and mandatory information on data protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy. When you use this website, various pieces of personal data are collected. Personal data is data with which you can be personally identified. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done. We would like to point out that data transmission over the Internet (e.g. when communicating by email) can have security gaps. Complete protection of data against access by third parties is not possible.

Information about the responsible body

The responsible body for data processing on this website is: Nomios Germany GmbH (formerly known as Infradata GmbH) Zum Lonnenhohl 40 44319 Dortmund Germany Telephone: +49 (231) 206 25 400 Email: [email protected] The responsible body is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g. names, email addresses, etc.).

Storage period

Unless a more specific storage period is specified in this privacy policy, your personal data will remain with us until the purpose for which it was collected no longer applies. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. tax or commercial law retention periods); in the latter case, deletion will take place after these reasons cease to apply.

General information on the legal basis for data processing on this website

If you have consented to data processing, we process your personal data on the basis of Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, provided that special categories of data are processed in accordance with Art. 9 para. 1 GDPR.

In the event of express consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Art. 49 para. 1 lit. a GDPR. If you have consented to the storage of cookies or access to information on your end device (e.g. via device fingerprinting), data processing will also be carried out on the basis of Section 25(1) TTDSG. Consent can be revoked at any time. If your data is necessary for the performance of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b GDPR. Furthermore, we process your data if this is necessary to fulfil a legal obligation on the basis of Art. 6 para. 1 lit. c GDPR. Data processing may also be carried out on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. The relevant legal basis in each individual case is provided in the following paragraphs of this privacy policy.

Information on data transfer to third countries that are not secure under data protection law and transfer to US companies that are not DPF-certified

We use tools from companies based in third countries that are not secure under data protection law, as well as US tools whose providers are not certified under the EU-US Data Privacy Framework (DPF). When these tools are active, your personal data may be transferred to these countries and processed there. We would like to point out that a level of data protection comparable to that in the EU cannot be guaranteed in third countries that are not secure under data protection law. We would like to point out that the USA, as a safe third country, generally has a level of data protection comparable to that of the EU. Data transfers to the USA are therefore permissible if the recipient has certification under the EU-US Data Privacy Framework (DPF) or has appropriate additional safeguards in place. Information on transfers to third countries, including data recipients, can be found in this privacy policy.

Recipients of personal data

We work with various external parties in the course of our business activities. This sometimes requires the transfer of personal data to these external parties. We only pass on personal data to external parties if this is necessary for the fulfilment of a contract, if we are legally obliged to do so (e.g. disclosure of data to tax authorities), if we have a legitimate interest in the disclosure in accordance with Art. 6 para. 1 lit. f GDPR or if another legal basis permits the disclosure of data. When using contract processors, we only pass on personal data of our customers on the basis of a valid contract for order processing. In the event of joint processing, a joint processing agreement is concluded.

Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke your consent at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to object to data collection in special cases and to direct marketing (Art. 21 GDPR)

IF DATA PROCESSING IS BASED ON ART. 6 PAR. 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS DATA PROTECTION DECLARATION. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA, UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS OR THE PROCESSING IS NECESSARY FOR THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21(1) GDPR). EXERCISE OR DEFENCE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21(1) GDPR). IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA RELATING TO YOU FOR SUCH MARKETING PURPOSES; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION PURSUANT TO ART. 21(2) GDPR).

Right to lodge a complaint with the competent supervisory authority

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged violation. The right to lodge a complaint exists without prejudice to any other administrative or judicial remedies.

Right to data portability

You have the right to have data that we process based on your consent or in fulfilment of a contract delivered to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done to the extent that it is technically feasible.

Information, correction and deletion

Within the scope of the applicable legal provisions, you have the right to obtain information free of charge about your stored personal data, its origin and recipients and the purpose of data processing and, if applicable, a right to correction or deletion of this data. You can contact us at any time for this purpose or if you have any further questions on the subject of personal data.

Right to restriction of processing

You have the right to request the restriction of the processing of your personal data. You can contact us at any time for this purpose. The right to restriction of processing exists in the following cases:

  • If you dispute the accuracy of your personal data stored by us, we will generally need time to verify this. For the duration of the verification, you have the right to request the restriction of the processing of your personal data.
  • If the processing of your personal data was/is unlawful, you can request the restriction of data processing instead of erasure.
  • If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request the restriction of the processing of your personal data instead of erasure.
  • If you have lodged an objection pursuant to Art. 21 (1) GDPR, a balance must be struck between your interests and ours. As long as it is not yet clear whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, this data – apart from its storage – may only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or of a Member State.

SSL or TLS encryption

This website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the website operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from ‘http://’ to ‘https://’ and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Objection to advertising emails

We hereby object to the use of contact data published within the scope of the imprint obligation for the purpose of sending unsolicited advertising and information material. The operators of the pages expressly reserve the right to take legal action in the event of unsolicited sending of advertising information, for example through spam emails.

3. Data collection on this website

Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Browser type and browser version
  • Operating system
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP

This data is not merged with other data sources. This data is collected on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of its website – for this purpose, the server log files must be collected.

Contact

If you send us requests via the contact form, your details from the request form, including the contact details you provided there, will be stored by us for the purpose of processing the request and in the event of follow-up questions. We will not pass on this data without your consent.

The processing of this data is based on Art. 6 para. 1 lit. b GDPR, provided that your request is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of enquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested; consent can be revoked at any time.

The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to its storage or the purpose for which it was collected no longer applies (e.g. after your request has been processed). Mandatory legal provisions – in particular retention periods – remain unaffected.

Request by email, telephone or fax

If you contact us by email, telephone or fax, your request, including all personal data resulting from it (name, request), will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent. The processing of this data is based on Art. 6 para. 1 lit. b GDPR, provided that your request is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of enquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested; consent can be revoked at any time. The data you send us via contact enquiries will remain with us until you request us to delete it, revoke your consent to its storage or the purpose for which it was stored no longer applies (e.g. after your enquiry has been processed). Mandatory legal provisions – in particular statutory retention periods – remain unaffected.

Hubspot CRM

We use Hubspot CRM on this website. The provider is Hubspot Inc. 25 Street, Cambridge, MA 02141 USA (hereinafter Hubspot CRM). Hubspot CRM enables us, among other things, to manage existing and potential customers and customer contacts. With the help of Hubspot CRM, we are able to record, sort and analyse customer interactions via email, social media or telephone across various channels. The personal data collected in this way can be evaluated and used for communication with the potential customer or for marketing measures (e.g. newsletter mailings). Hubspot CRM also enables us to record and analyse the user behaviour of our contacts on our website. The use of Hubspot CRM is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the most efficient possible customer management and customer communication. If the relevant consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time. For details, please refer to Hubspot's privacy policy: https://legal.hubspot.com/de/privacy-policy.

Data transfers to the United States are based on the standard contractual clauses of the European Commission. Details can be found here: https://www.hubspot.de/data-privacy/privacy-shield.

The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards when data is processed in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt0000000TN8pAAG&status=Active.

Order processing

We have concluded a contract for order processing (AVV) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that the personal data of our website visitors is only processed in accordance with our instructions and in compliance with the GDPR.

4. Analysis tools and advertising

Google Tag Manager

We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is a tool that allows us to integrate tracking or statistics tools and other technologies on our website. Google Tag Manager itself does not create user profiles, store cookies or perform independent analyses. It is used solely to manage and deliver the tools integrated through it. However, Google Tag Manager collects your IP address, which may also be transferred to Google's parent company in the United States. The use of Google Tag Manager is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the quick and uncomplicated integration and management of various tools on its website. If consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards when data is processed in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt000000001L5AAI&status=Active.

Google Analytics

This website uses functions of the web analytics service Google Analytics. The provider is Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics enables the website operator to analyse the behaviour of website visitors. The website operator receives various usage data, such as page views, length of stay, operating systems used and the origin of the user. This data is aggregated in a user ID and assigned to the respective end device of the website visitor. Furthermore, with Google Analytics we can, among other things record your mouse and scroll movements and clicks. Google Analytics also uses various modelling approaches to supplement the data sets collected and uses machine learning technologies in data analysis. Google Analytics uses technologies that enable the recognition of users for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there. The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be revoked at any time. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards when data is processed in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt000000001L5AAI&status=Active.

Browser plugin

You can prevent Google from collecting and processing your data by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpag.... For more information on how Google Analytics handles user data, please refer to Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

Google Signals

We use Google Signals. When you visit our website, Google Analytics collects, among other things, your location, search history and YouTube history, as well as demographic data (visitor data). This data can be used for personalised advertising with the help of Google Signals. If you have a Google account, the visitor data from Google Signal will be linked to your Google account and used for personalised advertising messages. The data is also used to create anonymous statistics on the user behaviour of our users.

Order processing

We have concluded a contract with Google for order processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Google

The website operator uses Google Ads. Google Ads is an online advertising programme provided by Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads enables us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms in Google (keyword targeting). Furthermore, targeted advertisements can be displayed based on user data available to Google (e.g. location data and interests) (target group targeting). As the website operator, we can evaluate this data quantitatively, for example by analysing which search terms led to the display of our advertisements and how many advertisements led to corresponding clicks. The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.

The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards when data is processed in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt000000001L5AAI&status=Active.

Google Ads Remarketing

This website uses the functions of Google Ads Remarketing. The provider is Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland. With Google Ads Remarketing, we can assign people who interact with our online offer to specific target groups in order to subsequently display interest-based advertising to them in the Google advertising network (remarketing or retargeting). Furthermore, the advertising target groups created with Google Ads Remarketing can be linked to Google's cross-device functions. This allows interest-based, personalised advertising messages that have been tailored to you based on your previous usage and surfing behaviour on one device (e.g. mobile phone) to also be displayed on another of your devices (e.g. tablet or PC). If you have a Google account, you can object to personalised advertising at the following link: https://www.google.com/settings/ads/onweb/.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be revoked at any time. Further information and the privacy policy can be found in Google's privacy policy at: https://policies.google.com/technologies/ads?hl=de.

The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards when data is processed in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt000000001L5AAI&status=Active.

Google Conversion Tracking

This website uses Google Conversion Tracking. The provider is Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland. With the help of Google Conversion Tracking, Google and we can recognise whether the user has performed certain actions. For example, we can evaluate which buttons on our website are clicked how often and which products are viewed or purchased particularly frequently. This information is used to compile conversion statistics. We learn the total number of users who clicked on our ads and what actions they took. We do not receive any information that can be used to personally identify the user. Google itself uses cookies or similar recognition technologies for identification purposes. The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be revoked at any time. For more information about Google Conversion Tracking, please refer to Google's privacy policy:

https://policies.google.com/privacy?hl=de. The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards when data is processed in the USA.

Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt000000001L5AAI&status=Active

Meta Pixel (formerly Facebook Pixel)

This website uses Facebook/Meta's visitor action pixels to measure conversion. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries. This allows the behaviour of website visitors to be tracked after they have been redirected to the provider's website by clicking on a Facebook advertisement. This allows the effectiveness of Facebook advertisements to be evaluated for statistical and market research purposes and future advertising measures to be optimised. The data collected is anonymous to us as the operator of this website; we cannot draw any conclusions about the identity of users. However, the data is stored and processed by Facebook, so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the Facebook data usage policy ( https://de-de.facebook.com/abo...). This enables Facebook to display advertisements on Facebook pages and outside Facebook. As the website operator, we have no influence on this use of data. The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be revoked at any time. We use the extended matching function within Meta Pixel. Extended matching enables us to transfer various types of data (e.g. place of residence, state, postcode, hashed email addresses, names, gender, date of birth or telephone number) of our customers and interested parties that we collect via our website to Meta (Facebook). By activating this feature, we can tailor our advertising campaigns on Facebook even more precisely to people who are interested in our quotes. In addition, the extended matching improves the allocation of website conversions and expands Custom Audiences.

Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of data and its transfer to Facebook. The processing by Facebook after the transfer is not part of the joint responsibility. The obligations incumbent upon us have been set out in a joint processing agreement. The wording of the agreement can be found at: https://www.facebook.com/legal/controller_addendum According to this agreement, we are responsible for providing data protection information when using the Facebook tool and for the data protection-compliant implementation of the tool on our website. Facebook is responsible for the data security of Facebook products. You can assert your rights as a data subject (e.g. requests for information) regarding the data processed by Facebook directly with Facebook. If you assert your rights as a data subject with us, we are obliged to forward them to Facebook. The transfer of data to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal... and https://de-de.facebook.com/help/566994660333381.

You can find further information on the protection of your privacy in Facebook's privacy policy: https://de-de.facebook.com/about/privacy/.

You can also disable the ‘Custom Audiences’ remarketing feature in the ad settings at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you must be logged in to Facebook. If you do not have a Facebook account, you can disable usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.

The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States that aims to ensure compliance with European data protection standards when data is processed in the United States. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt0000000GnywAAC&status=Active.

Facebook Conversion API

We have integrated Facebook Conversion API on this website. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries. Facebook Conversion API enables us to record the interactions of website visitors with our website and pass them on to Facebook in order to improve advertising performance on Facebook. In particular, the time of the visit, the website visited, your IP address and your user agent, as well as other specific data (e.g. products purchased, value of the shopping basket and currency) are collected. A complete overview of the data that can be collected can be found here: https://developers.facebook.com/docs/marketing-api/conversions-api/parameters.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be revoked at any time. Insofar as personal data is collected on our website using the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). Joint responsibility is limited exclusively to the collection of data and its transfer to Facebook. The processing by Facebook after the transfer is not part of the joint responsibility. The obligations incumbent upon us jointly have been set out in a joint processing agreement. The wording of the agreement can be found at:

https://www.facebook.com/legal/controller_addendum.

According to this agreement, we are responsible for providing data protection information when using the Facebook tool and for the data protection-compliant implementation of the tool on our website. Facebook is responsible for the data security of Facebook products. You can assert your rights as a data subject (e.g. requests for information) regarding the data processed by Facebook directly with Facebook. If you assert your rights as a data subject with us, we are obliged to forward them to Facebook. The transfer of data to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

You can find further information on the protection of your privacy in Facebook's privacy policy: https://de-de.facebook.com/about/privacy/.

The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States that aims to ensure compliance with European data protection standards when data is processed in the United States. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt0000000GnywAAC&status=Active.

Order processing

We have concluded an order processing agreement (AVV) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that the personal data of our website visitors is only processed in accordance with our instructions and in compliance with the GDPR.

LinkedIn Insight Tag

This website uses the Insight Tag from LinkedIn. The provider of this service is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

Data processing by LinkedIn Insight Tag

With the help of the LinkedIn Insight Tag, we receive information about visitors to our website. If a website visitor is registered with LinkedIn, we can analyse the key professional data (e.g. career level, company size, country, location, industry and job title) of our website visitors and thus better tailor our site to the respective target groups. Furthermore, with the help of LinkedIn Insight Tags, we can measure whether visitors to our websites make a purchase or take other actions (conversion measurement). Conversion measurement can also be carried out across devices (e.g. from PC to tablet). LinkedIn Insight Tag also offers a retargeting function that allows us to display targeted advertising to visitors to our website outside the website, whereby, according to LinkedIn, the advertising recipient is not identified.

LinkedIn itself also collects so-called log files (URL, referrer URL, IP address, device and browser properties, and time of access). The IP addresses are shortened or (if they are used to reach LinkedIn members across devices) hashed (pseudonymised). The direct identifiers of LinkedIn members are deleted by LinkedIn after seven days. The remaining pseudonymised data is then deleted within 180 days. As the website operator, we cannot assign the data collected by LinkedIn to specific individuals. LinkedIn will store the personal data collected from website visitors on its servers in the USA and use it for its own advertising purposes. For details, please refer to LinkedIn's privacy policy at https://www.linkedin.com/legal/privacy-policy#choices-oblig.

Legal basis

If consent has been obtained, the use of the above-mentioned service is based exclusively on Art. 6 para. 1 lit. a GDPR and § 25 TTDSG. Consent can be revoked at any time. If no consent has been obtained, the use of this service is based on Art. 6 para. 1 lit. f GDPR; the website operator has a legitimate interest in effective advertising measures, including social media. The transfer of data to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.

Objection to the use of LinkedIn Insight Tag You can object to the analysis of your usage behaviour and targeted advertising by LinkedIn at the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Furthermore, LinkedIn members can control the use of their personal data for advertising purposes in their account settings. To prevent LinkedIn from linking data collected on our website to your LinkedIn account, you must log out of your LinkedIn account before visiting our website. Order processing We have concluded an order processing agreement (AVV) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that the personal data of our website visitors is only processed in accordance with our instructions and in compliance with the GDPR.

Microsoft Advertising

The website operator uses Microsoft Advertising. Microsoft Advertising is an online advertising programme provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

Microsoft Advertising enables us to display advertisements in the Bing search engine or on third-party websites when the user enters certain search terms in Bing (keyword targeting). Furthermore, targeted advertisements can be displayed based on user data available to Microsoft (e.g. location data and interests) (target group targeting). As the website operator, we can evaluate this data quantitatively, for example by analysing which search terms led to the display of our advertisements and how many advertisements led to corresponding clicks.

We use Microsoft Advertising's Universal Event Tracking (UET) on this page. This collects pseudonymised data to track what actions you take on our websites after you click on an advertisement on Microsoft Advertising. UET collects your IP address (anonymised), device identifiers, information about device and browser settings, Microsoft Click ID (stored in a cookie), time spent on the website, which areas of the website were accessed, which advertisement led you to the website, and which keyword was clicked.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://learn.microsoft.com/de-de/compliance/regulatory/offering-eu-model-clauses.

The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards when data is processed in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/6474.

Order processing

We have concluded a contract for order processing (AVV) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that the personal data of our website visitors is only processed in accordance with our instructions and in compliance with the GDPR.

Reddit

Our website uses the ‘Reddit Conversion Pixel’, a service provided by Reddit Inc., 520 Third Street, Suite 305, San Francisco, CA 94107, USA. The pixel is used to analyse and statistically evaluate the effectiveness of our advertising measures on Reddit. When you access our website via a Reddit advertisement, the conversion pixel sets a cookie on your device. This cookie is not used for personal identification. It only enables us and Reddit to recognise that someone has clicked on an advertisement and subsequently been redirected to our website.

The data collected in this way is used exclusively to compile anonymous conversion statistics. We only learn the total number of users who clicked on an ad and were redirected to a page tagged with the pixel. No information that can be used to personally identify users is transmitted.

Processing is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR, provided that you have given it via our cookie banner. You can revoke your consent at any time with effect for the future, e.g. by making the appropriate settings in the cookie banner or by deactivating cookies in your browser.

Please note that data may also be transferred to the USA during processing. Reddit uses standard contractual clauses of the EU Commission in accordance with Art. 46 para. 2 lit. c GDPR to secure this transfer. Further information on data protection at Reddit can be found at: https://www.reddit.com/help/privacypolicy/

5. Newsletter

Newsletter data

If you would like to receive the newsletter offered on the website, we require an email address from you as well as information that allows us to verify that you are the owner of the email address provided and that you agree to receive the newsletter.

Further data is not collected or is collected only on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties. The processing of the data entered in the newsletter registration form is based exclusively on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent to the storage of data, your email address and its use for sending the newsletter at any time, for example via the ‘Unsubscribe’ link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation. The data you provide us with for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter or until the purpose for which it was collected no longer applies. We reserve the right to delete or block email addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. Data stored by us for other purposes remains unaffected by this. After you unsubscribe from the newsletter distribution list, your email address may be stored by us or the newsletter service provider in a blacklist if this is necessary to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interests and our interests in complying with the legal requirements for sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). Storage in the blacklist is not limited in time. You can object to storage if your interests outweigh our legitimate interest.

6. Plugins and tools

YouTube with extended data protection

This website embeds videos from the YouTube website. The operator of the site is Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland. We use YouTube in extended data protection mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they view the video. However, the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode 17 / 23. YouTube establishes a connection to the Google Marketing Network regardless of whether you watch a video. As soon as you start a YouTube video on this website, a connection to the YouTube servers is established. The YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to associate your browsing behaviour directly with your personal profile. You can prevent this by logging out of your YouTube account. Furthermore, YouTube may store various cookies on your device or use similar recognition technologies (e.g. device fingerprinting) after you start a video. This allows YouTube to obtain information about visitors to this website. This information is used, among other things, to compile video statistics, improve user-friendliness and prevent fraud. After a YouTube video has been started, further data processing operations may be triggered over which we have no influence. YouTube is used in the interest of an appealing presentation of our online quote. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's end device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time. Further information on data protection at YouTube can be found in their privacy policy at: https://policies.google.com/privacy?hl=de.

The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards when data is processed in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt000000001L5AAI&status=Active.

Vimeo without tracking (Do Not Track)

This website uses plugins from the video portal Vimeo. The provider is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA. When you visit one of our pages equipped with Vimeo videos, a connection to the Vimeo servers is established. This tells the Vimeo server which of our pages you have visited. Vimeo also obtains your IP address. However, we have set Vimeo so that Vimeo will not track your user activities and will not set any cookies. The use of Vimeo is in the interest of an appealing presentation of our online quote. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; consent can be revoked at any time. Data transfer to the USA is based on the standard contractual clauses of the EU Commission and, according to Vimeo, on ‘legitimate business interests’. Details can be found here: https://vimeo.com/privacy.

Further information on the handling of user data can be found in Vimeo's privacy policy at: https://vimeo.com/privacy.

Google Fonts (local hosting)

This site uses Google Fonts, which are provided by Google, to ensure uniform font presentation. Google Fonts are installed locally. No connection to Google servers is established. Further information on Google Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy: https://policies.google.com/privacy?hl=de.

Google

This website uses the Google Maps map service. The provider is Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland.

To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer. If Google Maps is activated, Google may use Google Fonts for the purpose of uniform font display. When you access Google Maps, your browser loads the required web fonts into your browser cache to display texts and fonts correctly. The use of Google Maps is in the interest of an appealing presentation of our online offerings and to make it easy to find the locations we have indicated on our website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's end device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.

For more information on how user data is handled, please refer to Google's privacy policy: https://policies.google.com/privacy?hl=de

The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards when data is processed in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt000000001L5AAI&status=Active.

Google reCAPTCHA We use ‘Google reCAPTCHA’ (hereinafter “reCAPTCHA”) on this website. The provider is Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland. 19 / 23 reCAPTCHA is used to check whether the data entered on this website (e.g. in a contact form) is entered by a human or by an automated program. To do this, reCAPTCHA analyses the behaviour of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, length of time spent on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google. The reCAPTCHA analyses run completely in the background. Website visitors are not informed that an analysis is taking place. The storage and analysis of the data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its web offerings from abusive automated spying and from SPAM. If consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time. Further information on Google reCAPTCHA can be found in Google's privacy policy and Google's terms of use at the following links: https://policies.google.com/pr... and https://policies.google.com/terms?hl=de.

The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards when data is processed in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt000000001L5AAI&status=Active.

7. Audio and video conferences

Data processing

We use online conference tools, among other things, to communicate with our customers. The specific tools we use are listed below. If you communicate with us via video or audio conference over the Internet, your personal data will be collected and processed by us and the provider of the respective conference tool. The conference tools collect all data that you provide/use to use the tools (e-mail address and/or your telephone number). Furthermore, the conference tools process the duration of the conference, the start and end (time) of participation in the conference, the number of participants and other ‘context information’ related to the communication process (metadata). Furthermore, the tool provider processes all technical data required for the processing of online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker, and the type of connection. If content is exchanged, uploaded or otherwise made available within the tool, it will also be stored on the tool provider's servers. Such content includes, in particular, cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards and other information shared during the use of the service. Please note that we do not have full control over the data processing operations of the tools used. Our options are largely determined by the company policy of the respective provider. For further information on data processing by the conference tools, please refer to the privacy policies of the respective tools, which we have listed below this text.

Purpose and legal basis

The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6 para. 1 lit. b GDPR). Furthermore, the use of the tools serves to generally simplify and speed up communication with us or our company (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). If consent has been requested, the use of the relevant tools is based on this consent; consent can be revoked at any time with effect for the future.

Storage period

The data collected directly by us via the video and conference tools will be deleted from our systems as soon as you request us to delete it, revoke your consent to its storage or the purpose for which it was stored no longer applies. Stored cookies remain on your device until you delete them. Mandatory legal retention periods remain unaffected. We have no influence on the storage period of your data stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools directly.

Conference tools used

Microsoft Teams We use Microsoft Teams. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Details on data processing can be found in the Microsoft Teams privacy policy: https://privacy.microsoft.com/de-de/privacystatement The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards when data is processed in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt0000000KzNaAAK&status=Active.

Order processing

We have concluded an order processing agreement (AVV) for the use of the above-mentioned service. This is a contract required by data protection law which ensures that the personal data of our website visitors is only processed in accordance with our instructions and in compliance with the GDPR.

8. Our own services

Handling of applicant data

We offer you the opportunity to apply for a position with us (e.g. by email, post or via our online application form). Below, we provide information about the scope, purpose and use of your personal data collected during the application process. We assure you that the collection, processing and use of your data will be carried out in accordance with applicable data protection law and all other legal provisions and that your data will be treated as strictly confidential.

Scope and purpose of data collection

When you send us an application, we process your associated personal data (e.g. contact and communication data, application documents, notes made during job interviews, etc.) to the extent necessary to decide whether to establish an employment relationship. The legal basis for this is Section 26 of the German Federal Data Protection Act (BDSG) (initiation of an employment relationship), Article 6(1)(b) of the GDPR (general contract initiation) and – if you have given your consent – Article 6(1)(a) of the GDPR. Consent can be revoked at any time. Your personal data will only be passed on within our company to persons who are involved in processing your application. If your application is successful, the data you submit will be stored in our data processing systems on the basis of Section 26 BDSG and Art. 6 (1) lit. b GDPR for the purpose of implementing the employment relationship.

Data retention period

If we are unable to offer you a position, you decline a job offer or withdraw your application, we reserve the right to store the data you have provided on the basis of our legitimate interests (Art. 6 para. 1 lit. f GDPR) for up to 6 months from the end of the application process (rejection or withdrawal of the application). The data will then be deleted and the physical application documents destroyed. The storage serves in particular for verification purposes in the event of a legal dispute. If it is apparent that the data will be required after the expiry of the 6-month period (e.g. due to an impending or pending legal dispute), deletion will only take place when the purpose for further storage no longer applies. Longer storage may also take place if you have given your consent (Art. 6 para. 1 lit. a GDPR) or if statutory retention obligations prevent deletion.

Inclusion in the applicant pool

If we do not offer you a position, you may be included in our applicant pool. If you are included, all documents and information from your application will be transferred to the applicant pool so that we can contact you if a suitable vacancy arises. Inclusion in the applicant pool is based exclusively on your express consent (Art. 6 para. 1 lit. a GDPR). The provision of consent is voluntary and is not related to the current application process. The data subject may revoke their consent at any time. In this case, the data will be irrevocably deleted from the applicant pool, unless there are legal reasons for retention. The data from the applicant pool will be irrevocably deleted no later than two years after consent has been given.

Questions

If you have any questions about our privacy policy or would like to contact us to change certain data, please do not hesitate to contact us. You can reach us in writing, by email or by telephone using the contact details below.

You can also use these details to send us any complaints or grievances, which we will deal with as quickly as possible. If you are not satisfied with our response, you can contact the Privacy Commission.

This privacy statement was last reviewed and updated on 23/11/2023.

Our contact details:

Nomios Group B.V.
Stadhouderslaan 900
2382 BL Zoeterwoude
Netherlands

Tel.: +31 (0)71-7501525
Email: [email protected]

Updates

Latest news and blog posts