Imprint and privacy

Responsible person for processing personal data:

NX Technologies GmbH
Hohenzollernring 89-93
50672 Cologne

External data protection officer

Lawyer Dr. Karsten Kinast, LL.M,
KINAST Law Firm mbH,
Hohenzollernring 54, 50672 Cologne
web page: https://www.kinast.eu

1st preamble

1.1.

This privacy policy informs you about the type, scope and purpose of the processing of personal data (hereinafter referred to as “data”) within the offers provided by NX Technologies (hereinafter referred to as “services”), consisting of online offers/platforms, associated websites, apps, functions, content, and external online presences, such as our social media profiles.

With regard to the terms used, such as “processing” or “responsible person”, we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

We ask you to regularly check the content of our privacy policy. We will adjust the privacy policy as soon as changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.

2. Relevant legal bases

In accordance with Article 13 GDPR, we inform you of the legal basis for our data processing. If the legal basis is not mentioned in the data protection declaration, the following applies: The legal basis for obtaining consent is Art. 6 para. 1 lit. a and Art. 7 GDPR, the legal basis for processing to perform our services and carry out contractual measures and answer inquiries is Art. 6 para. 1 sec. 1 lit. b GDPR, the legal basis for processing to fulfill our legal obligations is Art. 6 para. 1 p. c GDPR, and the legal basis for processing to protect Our legitimate interests are Art. 6 (1) (f) GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6 (1) (d) GDPR serves as the legal basis.

2.1.

Cooperation with contract processors and third parties:

If, as part of our processing, we disclose data to other persons and companies (contract processors or third parties), transfer it to them or otherwise grant them access to the data (see 5.7), this is only done on the basis of legal permission (e.g. if a transfer of the data to third parties, such as payment service providers, is necessary in accordance with Article 6 (1) (b) GDPR), you have consented, a legal obligation to do so sees or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.). If we commission third parties to process data on the basis of a so-called “order processing contract,” this is done on the basis of Article 28 GDPR.

2.2.

Transfers to third countries:

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or this is done as part of the use of third-party services or disclosure or transfer of data to third parties, this is only done if it is done to fulfill our (pre) contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permits, we only process or allow the data to be processed in a third country if the special requirements of Art. 44 ff. GDPR are met. This means that processing is carried out, for example, on the basis of special guarantees, such as the officially recognized determination of a level of data protection corresponding to the EU (e.g. for Canada, Japan or Switzerland) or compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”). If we transfer your personal data to the USA, this will only be done to recipients who ensure an adequate level of protection through special measures, even if the transfer is based on standard contractual clauses.

2.3.

Hosting:

The hosting services we use are used to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we use for the purpose of operating the services. In doing so, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta and communication data from customers, interested parties and visitors to our services on the basis of our legitimate interests in efficiently and securely providing this online offer in accordance with Art. 6 (1) (f) GDPR in conjunction with Art. 28 GDPR (conclusion of order processing agreement).

2.4.

Processing of access data and log files:

We process or our hosting provider processes data on every access to the server on which this service is located (so-called server log files) on the basis of our legitimate interests within the meaning of Article 6 (1) (f) of the GDPR. The access data includes the name of the retrieved website, file, date and time of retrieval, amount of data transferred, message of successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider. Log file information is stored for a maximum of 7 days for security reasons (e.g. to investigate abusive or fraudulent acts) and then deleted. Data whose further storage is necessary for evidentiary purposes is excluded from deletion until the respective incident has been finally clarified.

2.5.

Administration, financial accounting, office organization, contact management:

We process data as part of administrative tasks, organization of our operations, financial accounting and compliance with legal obligations, such as archiving. In doing so, we process the same data that we process as part of the provision of our contractual services. The processing bases are Article 6 (1) (c) GDPR, Article 6 (1) (f) GDPR. Customers, interested parties, business partners and website visitors are affected by the processing. The purpose and our interest in processing lies in administration, financial accounting, office organization, archiving of data, i.e. tasks that serve to maintain our business activities, perform our tasks and provide our services. The deletion of data with regard to contractual services and contractual communication corresponds to the information provided for these processing activities. In doing so, we transfer data to tax authorities, consultants, such as tax advisors or auditors, as well as other fee offices and payment service providers. On the basis of our business interests, we also store information about suppliers, organizers and other business partners, e.g. for the purpose of contacting you later.

3. Terms used

3.1.

“Personal data” is any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is a natural person who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more special characteristics that express the physical, physiological, genetic, mental, economic, are the cultural or social identity of that natural person.

3.2.

“Processing” means any process carried out with or without the aid of automated procedures or any such series of processes in connection with personal data. The term is broad and covers virtually any handling of data.

3.3.

“Responsible person” is the natural or legal person, authority, agency or other body which, alone or together with others, decides on the purposes and means of processing personal data.

4. Processing of personal data when using our website for informational purposes

4.1.

When using our websites for informational purposes only, i.e. if you do not log in, register or otherwise provide us with information to use the services of NX Technologies GmbH, we do not process any personal data, with the exception of the data that your browser (e.g. Mozilla Firefox, Microsoft Internet Explorer or Apple Safari) transmits to enable you to visit our website. These are in particular:

4.1.1.

IP address

4.1.2.

Date and time of request

4.1.3.

Time zone difference to Greenwich Mean Time (GMT)

4.1.4.

Content of the request (specific page)

4.1.5.

Access status/HTTP status code

4.1.6.

Each amount of data transferred

4.1.7.

Website from which the request comes

4.1.8.

Source URL from which the user comes

4.1.9.

Browser type and version

4.1.10.

Operating system and its interface (mobile or desktop

4.1.11.

Set language and version of your browser.

4.2.

In addition, cookies are already stored on your computer during informational use of our website and other uses of our website and services. Cookies are small files with text information that are stored on your hard drive associated with the browser you are using. We use cookies to make navigating and using our website as user-friendly as possible. After successful login, we need cookies to identify you for the entire duration of your visit. We use cookies to make no reference to users. You can deactivate the option to save these cookies at any time in your browser's system settings and delete existing cookies. You can also view our online offer without cookies. However, if you do not accept cookies, this may restrict the functionality of the website.

4.3.

Our website uses the following cookies, web beacons, and related technologies:

4.3.1.

Transient cookies (short storage period)

4.3.2.

Persistent cookies (long-term storage period)

4.3.3.

Third party cookies (from third parties)

4.4.

Transient cookies are automatically deleted when you close your browser. In particular, this includes session cookies. These store a so-called session ID, which can be used to assign various requests from your browser to the joint session. This allows your computer to be recognized when you return to the website. Session cookies are deleted when you log out or close your browser.

4.5.

In addition, we also use persistent cookies, i.e. cookies that remain on your hard drive for a certain period of time after the browser session. On another visit, it is then automatically recognized which country and language you selected during your last visit to our website. These persistent cookies are stored on your hard drive and deleted by the browser after a specified period of time. You can delete persistent cookies at any time in your browser settings. The cookies may also be from third parties (Intercom Inc. and/or Google Inc.).

4.6.

A general objection to the use of cookies used for online marketing purposes can be made on a variety of services, especially in the case of tracking, via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/ be explained. Cookies can also be saved by switching them off in the browser settings. Please note that you may then not be able to use all functions of our services.
The data processed through cookies is required for the stated purposes to protect our legitimate interests and those of third parties in accordance with Article 6 (1) (f) GDPR, insofar as these are technically necessary cookies without which this website cannot be displayed. Cookies that are processed for marketing, statistical or other purposes are only used with your express consent (Art. 6 (1) (a) GDPR). You can find more information about the cookies used in the cookie settings on www.bezahl.de.

5. Processing of personal data when registering and using our services

5.1.

Users can create an account to use our services. As part of registration, the required mandatory information is provided to users. The data entered during registration will be used for the purpose of using the offer. Users can be informed by e-mail about information relevant to the offer or registration, such as changes to the scope of the offer or technical circumstances. If users block their user account, their data will be deleted with regard to the user account, unless their storage is necessary for commercial or tax reasons in accordance with Art. 6 (1) (c) GDPR. If blocked, it is the responsibility of users to secure their data before the end of the contract. We are entitled to irretrievably delete all user data stored during the contract period.

5.2.

When you register for our service, we do not process more than the following data as part of opening a user account with our services:

5.2.1.

Last name, first name

5.2.2.

company name

5.2.3.

company address

5.2.4.

email address

5.2.5.

address (street, house number, city, country)

5.2.6.

mobile number

5.2.7.

Bank details (IBAN, BIC)

5.3.

We use the so-called double opt-in procedure for registration, i.e. your registration is only complete if you have previously confirmed your registration via a confirmation email sent to you for this purpose by clicking on the link contained therein. If your confirmation is not received promptly, it is possible to delete your registration from our database.

5.4.

As part of the use of our registration and login functions and the use of user accounts, the IP address and the time of the respective user action are stored. The storage is based on our legitimate interests, as well as the user in protecting against misuse and other unauthorized use. In principle, this data will not be passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so in accordance with Art. 6 (1) (c) GDPR.

5.5.

Your personal data will only be passed on or otherwise transmitted to other third parties if this is necessary for the purpose of processing the contract, you have given your prior consent, this is necessary to fulfill a legal obligation and this corresponds to a legitimate interest (of the person responsible or a third party). The following transfers of your personal data to third parties take place on the basis of our legitimate interests in accordance with Article 6 (1) (f) GDPR:

5.5.1.

To host and operate our services, we work with Hosting provider Dembach Goo Informatik GmbH & Co. KG, Hohenzollernring 72, 50672 Cologne, Germany together. For this purpose, we will forward your data to Dembach Goo Informatik GmbH & Co. KG. Dembach Goo Informatik GmbH & Co. KG stores and processes your data exclusively for the purpose of carrying out payment transactions. The use of the services of Dembach Goo Informatik GmbH & Co. KG is based on our legitimate interests in providing our services efficiently and securely in accordance with Art. 6 (1) (f) GDPR.

5.5.2.

‍Use of the services of UniCredit Bank AG (Hypovereinsbank), Arabellastr. 12, 81925 Munich, Germany: Payment transactions initiated via the “Auto Assignment” product extension are processed by our partner UniCredit Bank AG. Instead of directly to the house bank, all payments are paid into a payment account (= dedicated virtual IBAN per transaction or sale) with UniCredit Bank AG. For this purpose, we forward transaction data to UniCredit Bank AG. UniCredit Bank AG will process your data exclusively for the purpose of carrying out payment transactions. Data will only be passed on to third parties — if it takes place at all — within the framework of legal requirements. Transfers of personal data to state institutions and authorities only take place within the framework of mandatory national legislation or if the transfer is necessary for legal or criminal prosecution in the event of acts of abuse or fraud. Disclosure for other purposes — in particular for address trading purposes — is excluded. Processing is carried out on the legal basis of Article 6 (1) (b) GDPR.

5.5.3.

‍Use of the services of Taunus Sparkasse Public Law Institute, Ludwig-Erhard-Anlage 6+7, 61352 Bad Homburg vor der Höhe, Germany: Payment transactions initiated via the “Auto Assignment” product extension can also be processed by our partner Taunus Sparkasse. Instead of directly to the house bank, all payments are paid into a payment account (= dedicated virtual IBAN per transaction or sale) at Taunus Sparkasse. For this purpose, we forward transaction data to Taunus Sparkasse. Taunussparkasse will process your data exclusively for the purpose of carrying out payment transactions. Data will only be passed on to third parties — if it takes place at all — within the framework of legal requirements. Transfers of personal data to state institutions and authorities only take place within the framework of mandatory national legislation or if the transfer is necessary for legal or criminal prosecution in the event of acts of abuse or fraud. Disclosure for other purposes — in particular for address trading purposes — is excluded. Processing is carried out on the legal basis of Article 6 (1) (b) GDPR.

5.5.4.

Use of the services of FinTecSystems GmbH, Gottfried-Keller-Straße 33, 81245 Munich, Germany: We use the services of FinTecSystems GmbH to carry out transfer orders, which establish a connection between FinTecSystems and your online banking. To do this, log into your online banking account via our interface. Based on this access, payments (=online transfer) can be carried out with additional authorization through a TAN. In this context, data (transaction data and online banking access data) is transferred to FinTecSystems. The data is not passed on to third parties and is used exclusively for internal purposes. FinTecSystems GmbH stores data exclusively in German data centers in accordance with ISO 27001. The use is based on our legitimate interests within the meaning of Art. 6 (1) (f) GDPR. For more information, please see FinTecSystems GmbH's privacy policy.

5.5.5.

Use of the services of Concardis GmbH, Helfmann-Park 7, 65760 Eschborn, Germany: To process payments via credit card or PayPal, we use the services and services of the payment service provider Concardis GmbH. Payment is processed directly via the Concardis GmbH platform. For this purpose, we forward transaction and payment data to Concardis GmbH. Concardis GmbH will process your data exclusively for the purpose of carrying out payment transactions. Concardis may transfer personal data to affiliated companies and other service providers or subcontractors, insofar as this is necessary to fulfill the contractual obligations entered into by Concardis or if the data is to be processed on behalf of Concardis. Users' personal data is processed on the basis of our legitimate interests in providing several payment options and thus the ability to carry out payment transactions by credit card or PayPal in accordance with Art. 6 (1) (f) GDPR.

5.5.6.

‍Use of the services of Adyen N.V., Carmiggeltstraat 5-60, 1011 DJ Amsterdam, the Netherlands: To process payments via credit card, Girocard or PayPal, we use the services and services of the payment service provider Adyen N.V.. Payment is processed directly via the Adyen platform. For this purpose, we forward transaction and payment data to Adyen N.V. Adyen N.V. will process your data exclusively for the purpose of carrying out payment transactions. Adyen N.V. may transfer personal data to affiliated companies and other service providers or subcontractors, insofar as this is necessary to fulfill the contractual obligations entered into by Adyen N.V., or if the data is to be processed on behalf of Adyen N.V. Users' personal data is processed on the basis of our legitimate interests in providing several payment options and thus the ability to carry out payment transactions by credit card, Girocard or PayPal in accordance with Art. 6 (1) (f) GDPR.

5.5.7.

Use of the services provided by Intercom Inc., Battery Street, Suite 402, San Francisco, CA 94111, USA: To organize customer service tasks, live chat and send information via email, we use the services of Intercom Inc. In this context, users' personal data is stored in Intercom Inc.'s systems in USA, San Francisco, CA94111, Battery Street, Suite 402. This is data that is provided by the user as part of customer service inquiries, such as name, email address, mobile phone number, transaction data and usage data. The appropriate level of data protection is ensured through the use of standard contractual clauses and, if applicable, further measures (see 2.2.). Users' personal data is processed on the basis of our legitimate interests in an efficient and fast communication platform for support inquiries in accordance with Art. 6 (1) (f) GDPR.

5.5.8.

Use of Pathwire services provided by Mailjet GmbH, Alt-Moabit 2, 10557 Berlin, Germany and Mailgun Technologies Inc., 112 E Pecan St #1135, San Antonio, TX 78205, United States: We use Pathwire services to parse data and send system emails. The sending of personal data is limited to the user's name, email address and transaction details. Your data is stored in secure data centers located exclusively in the European Union (Google Cloud Platform) in Frankfurt and Saint-Ghislain (Belgium) (Mailjet). The integration of Mailgun could result in calls to servers in the USA. The appropriate level of data protection is ensured through the use of standard contractual clauses and, if applicable, further measures (see 2.2.). For more information, please see the Pathwire Group Privacy Policy https://www.pathwire.com/de/privacypolicy The use of Pathwire to securely send system and communication emails is based on our legitimate interests within the meaning of Article 6 (1) (f) GDPR.

5.5.9.

Use of the services of HubSpot Inc., HubSpot Headquarters (Cambridge, MA) 25 First St., 2nd floor Cambridge, Massachusetts 02141, USA: We use the services of Hubspot Inc. to maintain and manage commercial contacts and cooperation partners, organize customer service tasks, live chat and send information via e-mail. In this context, users' personal data is stored in Hubspot Inc.'s systems. This includes in particular customer master data of commercial users and cooperation partners. With the integration of HubSpot, it is not ruled out that server calls will take place in the USA. The appropriate level of data protection is ensured through the use of standard contractual clauses and, if applicable, further measures (see 2.2.). Users' personal data is processed on the basis of our legitimate interests in efficient communication and information provision to users in accordance with Article 6 (1) (f) GDPR.

5.5.10.

Using Firebase services, Firebase is a service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA: We use Firebase services to host and operate our websites. In this context, usage data and content data (personal data) entered by users are stored in Firebase systems. In addition, other Firebase features are also used to improve NX Technologies' web presence. With the integration of Firebase, it is not ruled out that server calls will take place in the USA. The appropriate level of data protection is ensured through the use of standard contractual clauses and, if applicable, further measures (see 2.2.). Firebase is used on the basis of our legitimate interests in providing our services efficiently and securely in accordance with Art. 6 (1) (f) GDPR.

5.5.11.

Use of the services provided by DigitalOcean LLC, 101 Avenue of the Americas, 10th Floor, New York, NY 10013, USA: We use DigitalOcean services to notify external systems to update the status of transaction data. In this context, transaction data and personal data, such as name, email address and mobile phone number, are stored in DigitalOcean systems. All data is processed exclusively temporarily by a German cloud server. The appropriate level of data protection is ensured through the use of standard contractual clauses and, if applicable, further measures (see 2.2.). DigitalOcean is used on the basis of our legitimate interests in the efficient and secure provision of our services in accordance with Art. 6 (1) (f) GDPR.

5.5.12.

Using Google Cloud services. Google Cloud is a service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA: For communication (via Google Cloud Messaging) and storage of images (Google Cloud Storage), we use the services of Google Inc. In this context, usage data and transaction data are stored in the systems of Google Inc. In this context, there are calls to Google servers in the USA. Google only transfers data to third parties due to legal regulations or as part of order data processing. Under no circumstances will Google combine your data with other data collected by Google. Google is the “responsible party” for processing. The appropriate level of data protection is ensured through the use of standard contractual clauses and, if applicable, further measures (see 2.2.). The use of Google Cloud is based on our legitimate interests in the efficient and secure provision of our services in accordance with Art. 6 (1) (f) GDPR.

5.5.13.

Using Google Apps (GSuite) services. Google Apps is a product of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA: For the administration, creation and storage of documents, electronic communication and appointment management, we use the services of Google Inc. In this context, employee master data and personal user and transaction data entered by employees are stored in the systems of Google Inc. In this context, there are calls to Google servers in the USA. Google only transfers data to third parties due to legal regulations or as part of order data processing. Under no circumstances will Google combine your data with other data collected by Google. Google is “responsible” for processing. The appropriate level of data protection is ensured through the use of standard contractual clauses and, if applicable, further measures (see 2.2.). Users' personal data is processed on the basis of our legitimate interests in the secure and effective processing of customer concerns and an appealing presentation of our company to the outside world in accordance with Article 6 (1) (f) GDPR.

5.5.14.

Use of the services of BroadSoft Germany GmbH (Placetel), Lothringer Straße 56, 50677 Cologne, Germany: We use the services of BroadSoft GmbH to operate the NX Technologies telephone hotline. In this context, telephone numbers and call recordings are stored by BroadSoft Germany GmbH. The transfer of personal data to third countries is not intended, but is possible via the service provider's hosting partners and third-party providers. The services of BroadSoft Germany GmbH are used on the basis of our legitimate interests within the meaning of Article 6 (1) (f) GDPR.

5.5.15.

Use of Functional Software, Inc. dba Sentry, 132 Hawthorne Street, San Francisco, CA 94107, USA: We use the Sentry service from Functional Software Inc., to improve the system stability of our services by identifying code errors. This includes technical data, such as the IP address, device information, browser information, operating system information or times of errors. The appropriate level of data protection is ensured through the use of standard contractual clauses and, if applicable, further measures (see 2.2.). Users' personal data is processed on the basis of our legitimate interests in the security and optimization of our services in accordance with Article 6 (1) (f) GDPR.

5.5.16.

Use of the services provided by Netlify Inc., 2325 3rd Street, Suite 215, San Francisco, California 94107, USA: We use Netlify's services to host and operate our websites and services. In this context, usage data and content data (personal data) entered by users are stored in Netlify's systems. With the integration of Netlify, servers in the USA could be accessed. The appropriate level of data protection is ensured through the use of standard contractual clauses and, if applicable, further measures (see 2.2.). Users' personal data is processed on the basis of our legitimate interests in the efficient and secure provision of our services in accordance with Article 6 (1) (f) GDPR.

5.5.17.

Use of the services of Wix.com Inc., Namal 40, 6350671 Tel Aviv, Israel: We use the services of Wix.com to host and operate our websites. Non-personal data and personal data are processed by visiting our website. Non-personal data consists of usage data such as browsing and click activity, session heatmaps and scrolls, non-identifying data regarding device, operating system, Internet browser, screen resolution, language and keyboard settings, Internet service providers, referring/exit pages, and date/time stamp. Personal data is primarily contact data (first name, last name, telephone number and e-mail address), which are entered by the user via a contact form. In addition, browser or usage session data (IP address, geographical location and/or unique device identifier) and any other personal data provided to us by visitors through their access and use of our websites. With the integration of Wix.com, it is not ruled out that server calls may take place in third countries. The appropriate level of data protection is ensured through the use of standard contractual clauses and, if applicable, further measures (see 2.2.). The use of Wix.com is based on our legitimate interests in the efficient and secure provision of our services in accordance with Art. 6 (1) (f) GDPR.

5.5.18.

Using the services of Datadog Inc., 620 8th Avenue, Floor 45, New York, NY 10018, USA: We use the Datadog service to improve the system stability of our services by logging code errors and system requests. This includes technical data, such as the IP address, device information, browser information, operating system information or times of errors. In this context, personal and transaction-related data of our customers is also stored in Datadog Inc.'s systems. Datadog uses European servers so that data is stored within the EU. With the integration of Datadog, it is not ruled out that server calls will take place in the USA. The appropriate level of data protection is ensured through the use of standard contractual clauses and, if applicable, further measures (see 2.2.). Users' personal data is processed on the basis of our legitimate interests in efficient communication and information provision to users in accordance with Article 6 (1) (f) GDPR.

5.5.19.

Data transfer for the use of external value-added services: NX Technologies GmbH integrates offers from external partners in the areas of finance, insurance, vehicle ownership, care and repair and automotive clubs into its services. The purpose of this is to make it easier for you to use the external service. The transfer expressly does not include your bank details. The integration of these offers is marked with “ad.” We will obtain your consent separately for this data transfer.

6. (Personalized) profiling

When using our services as a registered user, NX Technologies processes click behavior profiles for the purpose of market research and service improvement.

7. Visibility of your personal data by other users

7.1.

In connection with payment transactions, it is useful for other users of NX Technologies services to be aware of your personal data in order to carry out payment transactions.

7.2.

While processing payment transactions, NX Technologies notifies the buyer and seller of the respective status of the transactions.

8. Use of social media

8.1.

We maintain online presences within social networks and platforms in order to be able to communicate with customers, interested parties and users active there and to inform them about our services there. When accessing the respective networks and platforms, the terms and conditions and data processing guidelines of the respective operators apply. Unless otherwise stated in our privacy policy, we process users' data if they communicate with us within social networks and platforms, e.g. write posts on our online presences or send us messages.

8.2.

We use social media plug-ins from Facebook, Xing, LinkedIn and Twitter on our website. We have integrated these social media plug-ins into our website, taking into account the so-called 2-click solution. This prevents your personal data from being transmitted to the providers of these social media plug-ins when you visit our website without your knowledge and stored there (with US providers in the USA). Your personal data will only be transmitted if you click on one of the plug-ins. We have no influence on the processed data and data processing procedures, nor are we aware of the full scope of data processing, the purposes and the storage periods. Since the plug-in providers process data using cookies in particular, we recommend that you delete all cookies using your browser's security settings before clicking on the greyed-out box.

8.3.

When you activate a plug-in, the plug-in provider receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned under 6.5 of this statement is transmitted, although in the case of Facebook, according to the respective provider in Germany, only an anonymized IP is collected. This is done regardless of whether you have an account with this plug-in provider and are logged in there. If you are logged in to the plug-in provider, this data is directly assigned to your account. If you click on the activated button and link to the page, for example, the plug-in provider also stores this information in your user account and publicly shares this with your contacts. If you do not want to be associated with your profile with the plug-in provider, you must log out before activating the button.

8.4.

The plug-in provider stores this data as user profiles and uses them for advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to display appropriate advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, although you must contact the respective plug-in provider to exercise this right.

8.5.

For more information on the purpose and scope of data processing by the plug-in provider, please see the privacy policies of these providers provided below. There you will also find further information about your rights in this regard and settings options to protect your privacy.

8.6.

Addresses of the respective providers and URLs with their privacy policies:

8.6.1.

Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, United States; http://www.facebook.com/policy.php

8.6.2.

Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, United States; https://twitter.com/privacy

8.6.3.

LinkedIn Inc., 1000 W Maude, Sunnyvale, CA 94085, United States; https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy

8.6.4.

Xing: New York SE, Germany

9. Use of third-party services and content

9.1.

On the basis of our legitimate interests (i.e. interest in analyzing, optimizing and operating our services economically within the meaning of Article 6 (1) (f) of the GDPR), we use content or service offerings from third parties to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”). This always requires that the third-party providers of this content recognize the users' IP addresses, as they could not send the content to their browser without the IP address. The IP address is therefore required to display this content. We make every effort to use only content whose respective providers only use the IP address to deliver the content. Third parties can also use so-called pixel tags (invisible graphics, web beacons) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the user's device and include technical information about the browser and operating system, referring websites, time of visit and other information about the use of our services, as well as be linked to such information from other sources.

9.2.

We integrate the videos from the “YouTube” platform from the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy statement: https://www.google.com/policies/privacy/.
Opt-out: https://adssettings.google.com/authenticated.

9.3.

We include the function to recognize bots, e.g. when entered into online forms (“reCAPTCHA”) from the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy statement: https://www.google.com/policies/privacy/, Opt-out: https://adssettings.google.com/authenticated.

9.4.

We integrate maps from the “Google Maps” service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The processed data may include, in particular, users' IP addresses and location data, which, however, cannot be processed without their consent (usually as part of the settings of their mobile devices). The data can be processed in the USA. Privacy statement: https://www.google.com/policies/privacy/.
Opt-out: https://adssettings.google.com/authenticated.

10. Use of analysis tools

10.1. Google Analytics

We use Google Analytics, a web analysis service provided by Google LLC (“Google”), to analyze, optimize and ensure the economic operation of our services. Google uses cookies. The information generated by the cookie about users' use of our services is usually transmitted to a Google server in the USA and stored there. The appropriate level of data protection is ensured through the use of standard contractual clauses and, if applicable, further measures (see 2.2.).

The legal basis for processing so-called technically necessary cookies is our legitimate interest in processing personal data in accordance with Article 6 (1) (f) GDPR. The personal data is deleted when they are no longer necessary for this purpose, in particular when cookies are deactivated. We need your consent for cookies that are not technically necessary or so-called third-party cookies. If you have given us your consent to use cookies on the basis of a notice provided by us on the website (“cookie banner”), the legality of their use is also governed by Article 6 (1) (a) GDPR. As soon as the data transmitted to us via the cookies is no longer required to achieve the purposes described above, this information will be deleted. Further storage may take place in individual cases if this is required by law.

10.1.1.

Google will use this information on our behalf to evaluate the use of our services by users, to compile reports on activities within the services and to provide us with other services related to the use of the services and Internet usage. Pseudonymous user profiles of users can be created from the processed data.

10.1.2.

We only use Google Analytics with activated IP anonymization. This means that the IP address of users is abbreviated by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and abbreviated there.

10.1.3.

The IP address transmitted by the user's browser is not combined with other data from Google. Users can prevent cookies from being stored by setting their browser software accordingly; users can also prevent the collection of data generated by the cookie and related to their use of the services by Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de. This sets a so-called opt-out cookie in your browser, which prevents the future collection of your data when using our service. This only applies to this browser and the device on which you execute the link.

10.1.4.

We use Google Analytics, including Universal Analytics features. Universal Analytics enables cross-device analysis of your activities when using our service. This is made possible by the pseudonymous assignment of a user ID to a user. Such an assignment is made upon registration for our service.

10.1.5.

Users' personal data will be deleted or anonymized after 14 months.

10.1.6.

For more information on Google's use of data, settings and objection options, please see Google's privacy policy (https://policies.google.com/technologies/ads) and in the settings for displaying advertisements by Google (https://adssettings.google.com/authenticated).

10.2. Google Tag Manager

We use Google Tag Manager. “Google” is a group of companies and consists of the companies Google Ireland Ltd. (provider of the service), Gordon House, Barrow Street, Dublin 4, Ireland and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA and other affiliated companies of Google LLC. Google Tag Manager is a help service that allows us to integrate code snippets such as tracking codes or conversion pixels on our website. He himself does not store cookies or create user profiles. Personal data is only stored for technically necessary purposes. The legal basis for processing so-called technically necessary cookies is our legitimate interest in processing personal data in accordance with Article 6 (1) (f) GDPR. The personal data is deleted when they are no longer necessary for this purpose, in particular when cookies are deactivated.

10.2.1. Browser plugin

You can prevent cookies from being saved by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website in full. You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de

10.3. Facebook Pixel

This website uses Facebook's visitor action pixel to measure conversion. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the collected data is also transferred to the USA and other third countries.

In this way, the behavior of site visitors can be tracked after they have been redirected to the provider's website by clicking on a Facebook ad. As a result, the effectiveness of Facebook ads can be evaluated for statistical and market research purposes and future advertising measures can be optimized.

The data collected is anonymous to us as the operator of this website; we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the Facebook data usage policy. This allows Facebook to place advertisements on Facebook pages and outside of Facebook. As the site operator, we cannot influence this use of data.

The use of Facebook pixels is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in effective advertising measures, including social media. If a corresponding consent has been requested (e.g. consent to the storage of cookies), processing is carried out exclusively on the basis of Article 6 (1) (a) GDPR; consent can be withdrawn at any time.

In Facebook's privacy policy, you can find further information on how to protect your privacy: https://de-de.facebook.com/about/privacy/

You can also use the “Custom Audiences” remarketing feature in the Ads Settings section under https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen deactivate. To do this, you must be logged in to Facebook.

If you do not have a Facebook account, you can deactivate usage-based advertising from Facebook on the European Interactive Digital Advertising Alliance website: http://www.youronlinechoices.com/de/praferenzmanagement/

10.4. LinkedIn Insight Day

This website uses the “LinkedIn Insight Tag”, an analysis and tracking tool from LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

The LinkedIn Insight Tag makes it possible to collect data about visits to this website, including URL, referrer URL, IP address, device and browser properties, timestamps, and page views. This data is encrypted, anonymized within seven days and the anonymized data is deleted within 90 days.

LinkedIn does not share any personal data with the owner of this website, but only provides summarized reports on the website audience and ad performance.

LinkedIn also offers retargeting for website visitors so that the owner of this website can use this data to display targeted advertising outside their website without identifying the member.

The purpose of data collection is to analyze visits to our website and campaign results in order to provide you with interesting information. The legal basis for processing personal data is Article 6 (1) (f) GDPR.

LinkedIn members can control the use of their personal data for advertising purposes in their account settings.

More information about privacy on LinkedIn can be found in LinkedIn's privacy policy.

10.5. Hubspot

We use the services of software manufacturer HubSpot. HubSpot is a software company from the USA with a branch in Ireland (HubSpot European Headquarters, Ground Floor, Two Dockland Central, Guild Street, Dublin 1, Ireland).

HubSpot is a service platform. The service used is an integrated software solution that allows us to manage customer data and cover various aspects of our online marketing. This includes the analysis of landing pages and reporting. So-called “web beacons” are used and cookies are stored on the device you are using.

For example, the following personal data may be collected:

• IP address,
• geographical location,
• type of browser,
• duration of the visit,
• pages viewed.

The information collected and the content of our website are stored on servers of our software partner HubSpot Ireland. We use HubSpot to analyze the use of our website. This allows us to constantly optimize our website and make it more user-friendly. We also use information to determine which services offered by our company are of interest to customers and newsletter subscribers and to contact them for advertising purposes.

However, we only use an abbreviated version of your IP address. This means that the IP address of users is abbreviated by HubSpot within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a HubSpot server in the USA and abbreviated there.

Cookies have a normal lifetime of 13 months. In addition, we delete the personal data collected via HubSpot as soon as the purpose for which it was collected has been achieved, unless the deletion is precluded by legal retention periods.

The information generated by the cookie about the use of the online offer by users can usually also be transmitted to a Google server in the USA and stored there.

Data processing is carried out on the basis of Article 6 (1) (a) GDPR, provided that you have given your consent via our cookie banner. You can withdraw your consent at any time. The transfer to a third country is based on Article 49 (1) (a) GDPR.

More information about how HubSpot works can be found in the HubSpot Inc. Privacy Policy.

11. Use of Google Re/Marketing Services

11.1.

We use the marketing and remarketing services (“Google Marketing Services” for short) from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”) to analyze, optimize and ensure the economic operation of our services. The appropriate level of data protection is ensured through the use of standard contractual clauses and, if applicable, further measures (see 2.2.).
The legal basis for processing so-called technically necessary cookies is our legitimate interest in processing personal data in accordance with Article 6 (1) (f) GDPR. The personal data is deleted when they are no longer necessary for this purpose, in particular when cookies are deactivated. We need your consent for cookies that are not technically necessary or so-called third-party cookies. If you have given us your consent to use cookies on the basis of a notice provided by us on the website (“cookie banner”), the legality of their use is also governed by Article 6 (1) (a) GDPR. As soon as the data transmitted to us via the cookies is no longer required to achieve the purposes described above, this information will be deleted. Further storage may take place in individual cases if this is required by law.

11.2.

Google marketing services allow us to display ads for and on our website in a more targeted manner in order to only present users with ads that potentially match their interests. For example, if a user is shown ads for products that they have shown interest in on other websites, this is referred to as “remarketing.” For these purposes, when our and other websites on which Google marketing services are active are accessed, Google directly executes a code from Google and so-called (re) marketing tags (invisible graphics or code, web beacons) are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user's device (comparable technologies can also be used instead of cookies). The cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file records which websites the user has visited, which content they are interested in and which offers they have clicked on, as well as technical information about the browser and operating system, referring websites, time of visit and further information on the use of the services. The IP address of users is also collected, and as part of Google Analytics, we report that the IP address is abbreviated within member states of the European Union or in other states party to the Agreement on the European Economic Area and only in exceptional cases transmitted in its entirety to a Google server in the USA and abbreviated there. The IP address is not combined with user data within other Google offers. Google may also combine the above information with such information from other sources. If the user then visits other websites, ads tailored to him can be shown according to his interests.

11.3.

User data is processed pseudonymously as part of Google marketing services. This means that Google, for example, does not process the user's name or email address, but processes the relevant data on a cookie-related basis within pseudonymous user profiles. In other words, from Google's point of view, the ads are not managed and displayed for a specifically identified person, but for the cookie owner, regardless of who that cookie owner is. This does not apply if a user has expressly allowed Google to process the data without this pseudonymization. The information collected about users by Google marketing services is transmitted to Google and stored on Google's servers in the USA.

11.4.

The Google marketing services we use include the “Google AdWords” online advertising program. In the case of Google AdWords, every AdWords customer receives a different “conversion cookie.” Cookies can therefore not be traced via the websites of AdWords customers. The information collected using the cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers learn the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information that personally identifies users.

11.5.

We can integrate third-party advertisements based on the Google marketing service “AdSense”. AdSense uses cookies, which enable Google and its partner websites to display ads based on users' visits to this website or other websites on the Internet.

11.6.

We can also use the “Google Tag Manager” to integrate and manage Google analysis and marketing services into our website.

11.7.

For more information about Google's use of data for marketing purposes, please visit the overview page: https://www.google.com/policies/technologies/ads, Google's privacy policy is available at https://www.google.com/policies/privacy retrievable.

11.8.

If you would like to object to interest-based advertising through Google marketing services, you can use the settings and opt-out options provided by Google: http://www.google.com/ads/preferences.

12. Business analyses and market research

12.1.

In order to be able to operate our business economically, to identify market trends, customer and user requests, we analyse the data available to us on business transactions, contracts, inquiries, etc. We process inventory data, contract data, payment data, usage data, metadata on the basis of Article 6 (1) (f) of the GDPR, with the persons concerned including customers, interested parties, business partners, visitors and users of the services.

12.2.

The analyses are carried out for the purpose of business evaluations, marketing and market research. In doing so, we can take into account the profiles of registered users with information about their purchase processes, for example. The analyses help us to increase user-friendliness, optimize our services and improve business efficiency. The analyses are for us alone and are not disclosed externally, unless they are anonymous analyses with summarized values.

12.3.

If these analyses or profiles are personal, they will be deleted or anonymized upon termination by the users, otherwise after two years from the conclusion of the contract.

13. Data protection information in the application process

13.1.

We process our applicants' personal data only for the purpose and as part of the application process in accordance with legal requirements. Applicant data is processed to fulfill our (pre-contractual obligations as part of the application process within the meaning of Article 6 (1) (b) GDPR Art. 6 (1) (f) GDPR Article 6 (1) (f) GDPR provided that data processing is necessary for us, for example as part of legal proceedings (in Germany, the processing of applicant data takes place on the basis of Section 26 (1) BDSG 2018).

13.2.

The application process requires that applicants provide us with the applicant data. The required applicant data is derived from the job descriptions and generally includes personal information, postal and contact addresses and the documents associated with the application, such as a cover letter, curriculum vitae and certificates. In addition, applicants can voluntarily provide us with additional information.

13.3.

Insofar as special categories of personal data within the meaning of Article 9 (1) GDPR are processed as part of the application process, their processing is also carried out in accordance with Article 9 (2) lit. b GDPR (e.g. health data, such as status of disabled persons or ethnic origin), for German applicants in accordance with Section 26 paragraph 3 BDSG 2018. Insofar as special categories of personal data within the meaning of Article 9 (1) GDPR are requested from applicants as part of the application process, their processing takes place in addition in accordance with Art. 9 para. 2 lit. a DSGVO (e.g. health data, if this is required for the exercise of the profession), for German applicants in accordance with Section 26 paragraph 3 BDSG 2018.

13.4.

If provided, applicants can submit their applications to us using an online form on our website. The data is transmitted to us in encrypted form in accordance with the state of the art.

13.5.

Applicants can also send us their applications via email. However, please note that emails are generally not sent in encrypted form and applicants must ensure that they are encrypted themselves. We can therefore assume no responsibility for the transmission path of the application between the sender and receipt on our server and therefore recommend that you use postal delivery. Because instead of applying via an online form and e-mail, applicants still have the option of sending us their application by post.

13.6.

In the event of a successful application, the data provided by applicants may be further processed by us for the purposes of the employment relationship. Otherwise, if the application for a job offer is not successful, the applicants' data will be deleted. Applicants' data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time.

13.7.

Subject to justified revocation by applicants, the deletion will take place after a period of six months so that we can answer any follow-up questions about the application and meet our obligations to provide evidence under the Equal Treatment Act. Invoices for any travel expenses reimbursement are archived in accordance with tax requirements.

14th newsletter

14.1.

With the following information, we will inform you about the content of our newsletter as well as the registration, shipping and statistical evaluation procedures as well as your corresponding rights of objection. You will only receive a newsletter from us if you subscribe to it and give us your express consent to do so.

14.2.

Content of the newsletter: We send newsletters, emails and other electronic notifications with promotional information (hereinafter “newsletter”) only with the consent of the recipients. If the content of the newsletter is specifically described as part of a subscription to the newsletter, they are decisive for the consent of the users. In addition, our newsletters contain information about our services and us.

14.3.

Double opt-in and logging: Registration for our newsletter takes place in a so-called double opt-in process. This means that after registration, you will receive an email asking you to confirm your registration. This confirmation is necessary so that no one can log in with foreign email addresses. Subscriptions to the newsletter are logged in order to be able to prove the registration process in accordance with legal requirements. This includes saving the time of registration and confirmation as well as the IP address. Changes to your data stored with the shipping service provider are also logged.

14.4.

Registration details: To sign up for the newsletter, it is sufficient to provide your email address. Optionally, we ask you to provide a name in the newsletter so that we can address you personally.

14.5.

Germany: The newsletter and the associated performance measurement are based on the consent of the recipients in accordance with Art. 6 para. 1 lit. a, Art. 7 DSGVO in conjunction with § 7 para. 2 no. 3 UWG or on the basis of legal permission in accordance with § 7 para. 3 UWG.

14.6.

You can unsubscribe from our newsletter at any time, i.e. withdraw your consent. A link to cancel the newsletter can be found at the end of each newsletter. We can store the unsubscribed email addresses for up to 1.5 years on the basis of our legitimate interests before we delete them in order to be able to prove a previously given consent. The processing of this data is limited to the purpose of possible defense against claims. An individual request for deletion is possible at any time, provided that the former existence of consent is confirmed at the same time.

14.7.

The newsletter is sent by an external shipping service provider (see section 4.6), Hubspot Germany GmbH (see 5.5.10). The shipping service provider can use the recipients' data in pseudonymous form, i.e. without attribution to a user, to optimize or improve its own services, e.g. to technically optimize the delivery and presentation of newsletters or for statistical purposes. However, the shipping service provider does not use the data of our newsletter recipients to write to them themselves or to pass on the data to third parties.

14.8.

The newsletters contain a so-called “web beacon”, i.e. a pixel-size file, which is retrieved from our server when the newsletter is opened or, if we use a shipping service provider, from its server. As part of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and the time of retrieval, are first processed. This information is used to technically improve the services based on technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined using the IP address) or access times. Statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. The evaluations help us to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

15. Deletion of data and storage obligations

15.1.

The data processed by us will be deleted or restricted in its processing in accordance with Articles 17 and 18 GDPR. Unless expressly stated in this privacy policy, the data stored by us will be deleted as soon as it is no longer required for its purpose and the deletion does not conflict with any legal storage requirements. If the data is not deleted because it is necessary for other and legally permitted purposes, its processing will be restricted. This means that the data is blocked and not processed for other purposes, as we are subject to various storage and documentation obligations, including the Commercial Code (HGB), the Tax Code (AO) and the Money Laundering Act (GwG). The storage and documentation periods specified there are two to ten years.

15.2.

According to legal requirements in Germany, storage takes place in particular for 10 years in accordance with Sections 147 Paragraph 1 AO, 257 Paragraph 1 No. 1 and 4, Paragraph 4 HGB (books, records, accounting documents, documents relevant to taxation, etc.) and 6 years in accordance with Section 257 Paragraph 1 No. 2 and 3, Paragraph 4 HGB (commercial letters).

16. Your rights (information, changes, corrections and updates)

16.1.

You have the right to request confirmation as to whether the relevant data is being processed and for information about this data as well as further information and a copy of the data in accordance with Article 15 GDPR.

16.2.

They have accordingly. Art. 16 GDPR, the right to request the completion of data concerning you or the correction of incorrect data concerning you.

16.3.

In accordance with Article 17 GDPR, you have the right to request that the relevant data be deleted immediately or, alternatively, to request that the processing of the data be restricted in accordance with Article 18 GDPR.

16.4.

You have the right to request that the data concerning you that you have provided to us be received in accordance with Article 20 GDPR and to request that it be transmitted to other responsible persons.

16.5.

To exercise your rights (including revocation and objection in sections 17 and 18) and if you have any further questions about data protection, please send an e-mail to datenschutz@nx-technologies.com.

16.6.

In accordance with Article 77 GDPR, you also have the right to lodge a complaint with the competent supervisory authority.

17. Right of withdrawal

You have the right at any time to withdraw any consent you have given in accordance with Article 7 (3) GDPR with effect for the future.

18. Right of objection

In the case of data processing based on our legitimate interests, you can object to the future processing of data concerning you in accordance with Article 21 GDPR at any time. The objection may also be made against processing for direct marketing purposes in particular.

19. Data security

We maintain current technical measures to ensure data security, in particular to protect your personal data from risks during data transfers and from becoming aware of it by third parties. These are adjusted in accordance with the current state of the art.