THE NSH GROUP

DATA PROTECTION DECLARATION

We attach particular importance to protecting your privacy when you use our offers and services. It goes without saying that we are committed to observing both national and European legal regulations regarding the protection of your personal data. This data protection declaration is valid for the NILES-SIMMONS-HEGENSCHEIDT GmbH (NSH Group) website at www.nsh-group.de, as well as all appertaining sub-domains.

 

I. NAME AND ADDRESS OF THE REPSONSIBLE PARTY

The responsible party according to section 4 No 7 GDPR is:

The NILES-SIMMONS-HEGENSCHEIDT GmbH
Zwickauer Straße 355
09117 Chemnitz
Germany

Phone: +49 (0) 371 802–0
E mail: info[at]nshgroup.com
Website: www.nsh-group.com

 

II. NAME AND ADDRESS OF THE DATA PROTECTION OFFICER

Our data protection officer is:

Ms. Katy Seidel
Zwickauer Straße 355
09117 Chemnitz
Germany

Phone: + 49 (0) 371 802–250
E mail: dsb.nsh[at]nshgroup.com

 

III. GENERAL INFORMATION ON DATA PROCESSING

1. Scope of processing of personal data

In general, we collect and use our user’s personal data only if and to the extent required to make available a functional website, as well as our contents and services. Our users’ personal data are collected and used regularly, but only with the user’s consent. An exception to this occurs in cases in which previous consent could not be obtained for practical reasons, and if data processing is permitted by legal provisions. If the website is used exclusively for informational purposes, i.e., if you do not register or otherwise submit information, only the personal data your browser communicates to our server is collected (for more on this subject, see details in the Cookies section under V.).

 

2. Legal foundation for processing of personal data

Insofar as we obtain the consent of the individual concerned to process personal data, then section 6 paragraph 1 lit. a EU General Data Protection Regulation (GDPR) provides the legal foundation for processing personal data. If personal data must be processed in order to fulfill a contract in which a contractual party is the individual concerned, section 6 paragraph 1 lit. b GDPR provides the legal foundation. This also applies to processing activities required to carry out actions prior to and/ or after the date the contract was signed (such as customer support). To the extent that personal data must be processed to perform a legal obligation, our enterprise is subject to section 6 paragraph 1 lit. c GDPR, which provides the legal foundation. Should the essential interests of the individual concerned or another natural person make it necessary to process personal data, section 6 paragraph 1 lit. d GDPR provides the legal foundation. If processing is needed to guarantee a legitimate interest of our company or a third party, and if the interests, basic rights, and basic freedoms of the individual concerned do not take precedence over the abovementioned interest, then section 6 paragraph 1 lit. f GDPR legally justifies the processing.

 

3. Deletion of data and period of storage

The personal data of the individual concerned are deleted or blocked, as soon as the purpose of storage is no longer relevant. Storage may also be undertaken when required by European or national legislation in ordinances of the Union law, laws, or miscellaneous provisions we are not subject to. Data is also blocked or deleted, if the period of storage prescribed by the standards mentioned above expires, unless it is necessary to continue to store the data for a potential conclusion or fulfillment of a contract.

 

IV. PROVISION OF THE WEBSITE AND CREATION OF LOG FILES

1. Description and scope of data processing

When you visit our website, the browser used by your terminal device automatically sends information to our website’s server. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until it is deleted automatically:

  • IP address of the computer making the request,
  • Date and time of access,
  • Name and URL of the file retrieved,
  • Website, from which you access ours (referrer URL),
  • Type and version of the browser and operational system used by your terminal device
  • Volume of data sent
  • Name of your access provider.

Immediately after processing and before storing, your IP address is anonymized (IP masking). Your IP address is stored separately in this form; it cannot be reproduced, and under no circumstances will it be linked with related data from other sources. We process the abovementioned stored data for the purposes detailed below:

  • To guarantee a seamless connection with our websites,
  • To provide a comfortable use of our websites,
  • Analysis of system security and stability,
  • Administrative purposes
  • Statistical analyses
  • To identify and trace spam, viruses, or attacks on our servers,
  • Evaluation and improvement of our websites‘ content

We do not use the data otherwise. Under no circumstances will we use this data to trace back to your person.

 

2. Legal foundation for data processing

The abovementioned temporary data processing is legally approved in section 6 paragraph 1 p. 1 lit. f GDPR.

 

3. Purpose of data processing

It is necessary for the system to temporarily store IP addresses to allow websites to be made available to the user’s computer. For this purpose, the user’s IP address must be stored for the period of the session. Storage in log files guarantees the functioning of the websites. Furthermore, we use the data to optimize the websites and ensure our information technology system‘s security. In this context, data is not analyzed for marketing purposes. The abovementioned purposes also describe our justified interest in data processing according to section 6 paragraph 1 lit. f GDPR.

 

4. Period of storage

Data is deleted as soon as it is no longer necessary to achieve the purposes of its collection. In the case of data collected to make the websites available, it is deleted once the respective session ends. In the case of data stored in log files, deletion occurs within seven days. Extended storage is possible. In this case, the IP addresses of the users are deleted or anonymized, making it impossible to reassign the data to the original user.

 

5. Options for objection and removal

Collection of data to make the website available and storage of data in log files is mandatory for website operation. Consequently, the user cannot object.

 

V. USE OF COOKIES

1. Description and scope of data processing

Our websites use cookies. Cookies are text files that are stored in the internet browser or are stored on the user’s computer system by the internet browser. When a user accesses a website, a cookie may be stored in the user’s operational system. This cookie includes a specific sequence of characters that enables an unambiguous browser identification when the website is accessed subsequently. We apply cookies to design our websites to be more user-friendly. Some elements of our website require that the browser used for access can also be identified after another website is accessed. In the cookies, the following data is stored and transmitted:

 

Language settings

Log-in information

On our website, we also use cookies that make it possible to analyze the users’ practices in searching for information. Here, the following data can be transmitted:

  • Input search words
  • Frequency of site calls (statistics)
  • Utilization of website functions

User data collected this way are pseudonymized by means of technical precautions. For this reason, it is no longer possible to reassign the data to the user accessing the site. These data are not stored together with miscellaneous personal data belonging to the users. When accessing our websites, users are informed of the use of cookies necessary for technical purposes, as well as cookies used for analytic purposes, by an information banner; at the same time, the users are referred to this data protection declaration. In this context, the users are also informed that they can prevent the storage of cookies in the browser settings. When accessing our websites, the user is informed of how we use cookies for analytic purposes, and we ask for the user’s consent to process the user’s personal data in this context. Agreement can be given by clicking a box in the cookie consent tool. Making available data to analyze the user behavior is, of course, voluntary, and does not affect the use of the website. Accordingly, the cookies for analytic purposes are only set if the user consents.

 

2. Legal foundation for data processing

The legal foundation for the processing of personal data through cookies required for technical reasons, is specified in section 6 paragraph 1 lit. f GDPR. Processing personal data through cookies for analytic purposes is, if the user’s consent is available, legally approved according to section 6 paragraph 1 lit. a GDPR.

 

3. Purpose of data processing

The purpose of using cookies required for technical reasons is to simplify the use of websites for the users. Some functions of our websites cannot be offered without using cookies. For these functions, it is necessary for the browser to be identified after the user moves to another site. We need cookies for the following applications:

 

Adopting language settings

Remembering search words

User data collected by cookies required for technical reasons are not applied for the creation of user profiles. We use analysis-related cookies in order to improve the quality and content of our websites. Thanks to analysis-related cookies, we learn how the websites are used, and can continuously optimize our offers accordingly. In this context, our legitimate interest consists in processing personal data according to section 6 paragraph 1 lit. f GDPR.

 

4. Period of storage, options for objection and removal

Cookies are stored on the user’s computer and transmitted from there to us. For this reason, you, as the user, have full control over how we use the cookies. By changing your browser settings, you can disable or limit the transmission of cookies. It is possible to delete stored cookies at any time. This can also be performed automatically. If cookies are disabled for our websites, it is possible that some of the websites’ functionality will be lost.

 

VI. CONTACT FORM AND E MAIL CONTACT

1. Description and scope of data processing

Our websites includes a form that can be used to contact us electronically. If this form is used, the data entered is sent to us and stored. This data is:

First name, last name, firm, salutation, postal code, location, e mail address, as well as the comment itself

When the message is sent, the following data is also stored:

  • User’s IP address
  • Date and time of registration

Before processing the data, we ask for your consent and refer to this data protection declaration before you submit your information. You can also contact us via the e‑mail address provided (see also under I.). In this case, the personal data of the user sent via e mail is stored. In this context, no data is transmitted to third parties. Data is used exclusively to process the communication.

 

2. Legal foundation for data processing

If the user’s consent is available, processing of data is legal according to section 6 paragraph 1 lit. a GDPR. Processing of data transmitted when sending an e mail is justified according to section 6 paragraph 1 lit. f GDPR. If the e‑mail contact is aimed at the fulfillment of a contract, then the data procession is additionally legally approved by section 6 paragraph 1 lit. b GDPR.

 

3. Purpose of data processing

Personal data from the entry screen is exclusively used to process the contact. Contact via e mail presupposes the required legitimate interest in processing the data. The miscellaneous personal data processed during the sending process are to avoid misuse of the contact form and to safeguard the security of our information technology systems.

 

4. Period of storage

Data are deleted as soon as they are no longer required to fulfill the purpose of collection. For personal data entered into the input screen of the contact form or sent via e mail, this is the case if the respective communication with the user is complete. Communication is complete if it can be assumed that the question has been answered. The personal data additionally collected during the sending process will be deleted within seven days.

 

5. Options for objection and removal

At any time, the user has the right to revoke their consent to process personal data. If the user contacts us via e mail, they may refuse storage of personal data any time. In these cases, communication cannot be continued. As a user, you may freely decline via the contact data given under I. All personal data stored during contact with us will be deleted in this case.

 

VII. Customer portal

NILES-SIMMONS-HEGENSCHEIDT GmbH provides the customer portal to be used additionally and voluntarily. Its legal foundation is the user’s consent (section 6 paragraph 1 lit. a GDPR), which is also provided as a supplement to your existing contract. You will be registered for the customer portal when you enter your personal data, customer number, an email address, and a password, and confirm the activation link sent via email.

We need your personal data to guarantee use, maintain safety and user limitation, and to link with your contracts and projects. In the customer portal, you can change your customer data, work on projects together with our employees, and view and print the project flow. Any changes to personal data made in the customer portal are only sent to the NILES-SIMMONS-HEGENSCHEIDT GmbH employees responsible for further processing.

Data will be deleted as soon they are no longer necessary to achieve the purpose they were collected for. For personal data used in registration for the customer portal and data entered there for projects, this is the case if the corresponding project has been completed and the respective communication with the user finished. Communication is considered to be complete if circumstances indicate that the matter is closed.

 

VIII. SWEEPSTAKES

 

We regularly offer sweepstakes through our website and our social media channels.

You may take part in the sweepstakes through our website, where you can enter your data into a sweepstakes entry form. Depending on the sweepstakes, we may need additional information. For instance, it may be necessary to send us a photo according to the conditions of participation.

As a rule, taking part in contests on social media channels requires publishing a comment on the award, liking an article, answering a contest question, or contacting us through a customer account.

To do this, information required to conduct the sweepstakes will be retrieved.

Processing this data conforms to section 6 paragraph 1 lit. b) GDPR (performance of a contract). The sweepstakes involves a reciprocal relationship between you as participant and us as organizer. We offer sweepstakes in order to introduce our products and attract new customers. You must provide your data to take part. If you do not provide your data, you cannot take part in the contest.

For contests run via social media, winners will be tagged on social media channels, such as Instagram. Permissibility of data processing conforms to section 6 paragraph 1 lit. a) GDPR (consent). By participating in the contest, you agree that if you win a prize, you may be tagged on the respective platform, and we may contact you for distribution of a reward.

For sweepstakes offered through our website, you can also make available images, which we can publish on our social media profiles. Permissibility of processing conforms to section 6 paragraph 1 lit. a) GDPR (consent). When taking part, you can state your consent.

Your data are first stored when you take part in the sweepstakes, for instance by liking an article, commenting on post, answering a consent question, participating via contest form, etc. We delete the data and any communication via social media channels, such as Instagram, if the winner is found and contacted by us to distribute the prize. The personal data of the winner will be deleted after the prize is distributed, provided there is no legal obligation to retain it. The comments on the receipt of the award on the profile will not be deleted.

 

IX. SOCIAL MEDIA AND INTEGRATED CONTENT

 

Embedding YouTube videos

 

1. Description and volume of data processing

We have incorporated YouTube videos stored at http://www.YouTube.com to be played directly on our website into our online offer. [These are all incorporated in the “extended data privacy mode“, meaning that no data about you as user are sent to YouTube if you do not play videos. Only if you play videos will the data mentioned in paragraph 2 are transferred. We have no control over this data transfer.]

When videos on the website are played, YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) is informed that you have accessed this feature of our website. Data are sent according to paragraph V. of this statement. Data are sent regardless of whether the user is logged into a YouTube account or whether a user account exists. If you are logged into Google, your data are immediately assigned to your account. If you do not wish to have this information associated with your YouTube profile, you must log off before clicking on the button. YouTube stores your data as user profiles and uses them for purposes of advertising, market research, and/or a needs-based design of its website. This analysis is done (even for users that are not logged in) primarily to provide needs-oriented advertising, and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, but you must exercise this right and its performance with YouTube. By using this service, you declare your consent to the collection, processing, and use of data entered and collected thereby by Google.

 

2. Purpose and legal foundation for data processing

Using YouTube is part of our justified interest in making available a user-friendly experience and optimizing and improving our content. Permissibility of processing in this context conforms to section 6 paragraph 1 lit. f) GDPR.

YouTube is a tool of Google Ireland Ltd.. belonging to the Google group headquartered in the USA. For this reason, it is not excluded that accrued user data may be transferred to the USA. This transfer is permissible under the preconditions of section 46 GDPR, and based on the standard contractual provisions incorporated into the contractual relationship with the Google Ireland Ltd. (https://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=CELEX:32004D0915&from=DE). The provisions were approved by the European commission and guarantee adequate protection of your personal data outside the EC and the European Economic Area as well.

 

3. Duration of storage, possible objection and removal options

For further information about the purpose and volume of data collection and processing by YouTube, please see the data protection declaration of Google Ireland Ltd.., where you will also find additional information concerning your rights and setting options to protect your privacy: policies.google.com/privacy.

 

Instagram

Based on our justified interest according to section 6 paragraph 1 lit. f GDPR, we maintain an online presence on the social network Instagram by Meta Platforms Ireland Limited. We do this to communicate with customers, prospective buyers, and users who are active on this platform, and to inform them about our enterprise and services there. Accessing Instagram indicates that the general terms and conditions and the data processing guidelines of Meta Platforms Ireland Limited are valid.

For other information about data protection on Instagram, please read our separate data protection declaration at www.nshgroup.com/datenschutz/datenschutzerklaerung-instagram/.

Unless specified otherwise within the scope of our data protection declaration, we process user data if they communicate with us on social media, such as by writing comments on our online presence and presenting them online on our channels, or by sending us messages.

 

LinkedIn

Based on our justified interest according to section 6 paragraph 1 lit. f GDPR, we maintain an online presence on the social network LinkedIn by LinkedIn Ireland Unlimited Company. We do this to communicate with customers, prospective buyers, and users who are active on this platform, and to inform them about our enterprise and services there. Accessing LinkedIn indicates that the general terms and conditions and the data processing guidelines of LinkedIn Ireland Unlimited Company are valid.

For other information about data protection at LinkedIn, please read our separate data protection declaration at www.nshgroup.com/datenschutz/datenschutzerklaerung-linkedin.

Unless specified otherwise within the scope of our data protection declaration, we process user data if they communicate with us on social media, such as by writing comments on our online presence and presenting them online on our channels, or by sending us messages.

 

X. YOUR RIGHTS AS THE INDIVIDUAL CONCERNED

You are entitled to demand information (section 15 GDPR), correction (section 16 DSGVO), deletion (section 17 GDPR), limitation of processing (section 18 GDPR), and data transfer (section 20 GDPR), if the respectively legally defined preconditions are fulfilled, and no exception regulation is in effect.

If we process personal data to safeguard our legitimate interests according to section 6 paragraph 1 f) GDPR, then you are entitled to use a general right of refusal. As far as there exist specific reasons resulting from your special situation, and if we do not have a superordinate interest in processing the data, we will stop processing your data in case of refusal.

If we need your consent to processing your personal data, we will explicitly ask you for it. Consent can be revoked any time with effect for the future. However, previous data processing remains unaffected by this.

You have also the right to submit a complaint to the responsible data protection supervising authority any time.

Customize cookie settings

You can change your cookie settings by clicking on the following link: Customize cookie settings