DATA PROTECTION DECLARATION
We attach particular importance to protecting your privacy when you use our offers and services. It goes without saying that we are committed to observing both national and European legal regulations regarding the protection of your personal data. This data protection declaration is valid for the NILES-SIMMONS-HEGENSCHEIDT GmbH (NSH Group) website at www.nsh-group.de, as well as all appertaining sub-domains.
I. NAME AND ADDRESS OF THE REPSONSIBLE PARTY
The responsible party according to section 4 No 7 GDPR is:
The NILES-SIMMONS-HEGENSCHEIDT GmbH
Zwickauer Straße 355
09117 Chemnitz
Germany
Phone: +49 (0) 371 802–0
E mail: info[at]nshgroup.com
Website: www.nsh-group.com
II. NAME AND ADDRESS OF THE DATA PROTECTION OFFICER
Our data protection officer is:
Ms. Katy Seidel
Zwickauer Straße 355
09117 Chemnitz
Germany
Phone: + 49 (0) 371 802–250
E mail: dsb.nsh[at]nshgroup.com
III. GENERAL INFORMATION ON DATA PROCESSING
1. Scope of processing of personal data
In general, we collect and use our user’s personal data only if and to the extent required to make available a functional website, as well as our contents and services. Our users’ personal data are collected and used regularly, but only with the user’s consent. An exception to this occurs in cases in which previous consent could not be obtained for practical reasons, and if data processing is permitted by legal provisions. If the website is used exclusively for informational purposes, i.e., if you do not register or otherwise submit information, only the personal data your browser communicates to our server is collected (for more on this subject, see details in the Cookies section under V.).
2. Legal foundation for processing of personal data
Insofar as we obtain the consent of the individual concerned to process personal data, then section 6 paragraph 1 lit. a EU General Data Protection Regulation (GDPR) provides the legal foundation for processing personal data. If personal data must be processed in order to fulfill a contract in which a contractual party is the individual concerned, section 6 paragraph 1 lit. b GDPR provides the legal foundation. This also applies to processing activities required to carry out actions prior to and/ or after the date the contract was signed (such as customer support). To the extent that personal data must be processed to perform a legal obligation, our enterprise is subject to section 6 paragraph 1 lit. c GDPR, which provides the legal foundation. Should the essential interests of the individual concerned or another natural person make it necessary to process personal data, section 6 paragraph 1 lit. d GDPR provides the legal foundation. If processing is needed to guarantee a legitimate interest of our company or a third party, and if the interests, basic rights, and basic freedoms of the individual concerned do not take precedence over the abovementioned interest, then section 6 paragraph 1 lit. f GDPR legally justifies the processing.
3. Deletion of data and period of storage
The personal data of the individual concerned are deleted or blocked, as soon as the purpose of storage is no longer relevant. Storage may also be undertaken when required by European or national legislation in ordinances of the Union law, laws, or miscellaneous provisions we are not subject to. Data is also blocked or deleted, if the period of storage prescribed by the standards mentioned above expires, unless it is necessary to continue to store the data for a potential conclusion or fulfillment of a contract.
IV. PROVISION OF THE WEBSITE AND CREATION OF LOG FILES
1. Description and scope of data processing
When you visit our website, the browser used by your terminal device automatically sends information to our website’s server. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until it is deleted automatically:
- IP address of the computer making the request,
- Date and time of access,
- Name and URL of the file retrieved,
- Website, from which you access ours (referrer URL),
- Type and version of the browser and operational system used by your terminal device
- Volume of data sent
- Name of your access provider.
Immediately after processing and before storing, your IP address is anonymized (IP masking). Your IP address is stored separately in this form; it cannot be reproduced, and under no circumstances will it be linked with related data from other sources. We process the abovementioned stored data for the purposes detailed below:
- To guarantee a seamless connection with our websites,
- To provide a comfortable use of our websites,
- Analysis of system security and stability,
- Administrative purposes
- Statistical analyses
- To identify and trace spam, viruses, or attacks on our servers,
- Evaluation and improvement of our websites‘ content
We do not use the data otherwise. Under no circumstances will we use this data to trace back to your person.
2. Legal foundation for data processing
The abovementioned temporary data processing is legally approved in section 6 paragraph 1 p. 1 lit. f GDPR.
3. Purpose of data processing
It is necessary for the system to temporarily store IP addresses to allow websites to be made available to the user’s computer. For this purpose, the user’s IP address must be stored for the period of the session. Storage in log files guarantees the functioning of the websites. Furthermore, we use the data to optimize the websites and ensure our information technology system‘s security. In this context, data is not analyzed for marketing purposes. The abovementioned purposes also describe our justified interest in data processing according to section 6 paragraph 1 lit. f GDPR.
4. Period of storage
Data is deleted as soon as it is no longer necessary to achieve the purposes of its collection. In the case of data collected to make the websites available, it is deleted once the respective session ends. In the case of data stored in log files, deletion occurs within seven days. Extended storage is possible. In this case, the IP addresses of the users are deleted or anonymized, making it impossible to reassign the data to the original user.
5. Options for objection and removal
Collection of data to make the website available and storage of data in log files is mandatory for website operation. Consequently, the user cannot object.
V. USE OF COOKIES
1. Description and scope of data processing
Our websites use cookies. Cookies are text files that are stored in the internet browser or are stored on the user’s computer system by the internet browser. When a user accesses a website, a cookie may be stored in the user’s operational system. This cookie includes a specific sequence of characters that enables an unambiguous browser identification when the website is accessed subsequently. We apply cookies to design our websites to be more user-friendly. Some elements of our website require that the browser used for access can also be identified after another website is accessed. In the cookies, the following data is stored and transmitted:
Language settings
Log-in information
On our website, we also use cookies that make it possible to analyze the users’ practices in searching for information. Here, the following data can be transmitted:
- Input search words
- Frequency of site calls (statistics)
- Utilization of website functions
User data collected this way are pseudonymized by means of technical precautions. For this reason, it is no longer possible to reassign the data to the user accessing the site. These data are not stored together with miscellaneous personal data belonging to the users. When accessing our websites, users are informed of the use of cookies necessary for technical purposes, as well as cookies used for analytic purposes, by an information banner; at the same time, the users are referred to this data protection declaration. In this context, the users are also informed that they can prevent the storage of cookies in the browser settings. When accessing our websites, the user is informed of how we use cookies for analytic purposes, and we ask for the user’s consent to process the user’s personal data in this context. Agreement can be given by clicking a box in the cookie consent tool. Making available data to analyze the user behavior is, of course, voluntary, and does not affect the use of the website. Accordingly, the cookies for analytic purposes are only set if the user consents.
2. Legal foundation for data processing
The legal foundation for the processing of personal data through cookies required for technical reasons, is specified in section 6 paragraph 1 lit. f GDPR. Processing personal data through cookies for analytic purposes is, if the user’s consent is available, legally approved according to section 6 paragraph 1 lit. a GDPR.
3. Purpose of data processing
The purpose of using cookies required for technical reasons is to simplify the use of websites for the users. Some functions of our websites cannot be offered without using cookies. For these functions, it is necessary for the browser to be identified after the user moves to another site. We need cookies for the following applications:
Adopting language settings
Remembering search words
User data collected by cookies required for technical reasons are not applied for the creation of user profiles. We use analysis-related cookies in order to improve the quality and content of our websites. Thanks to analysis-related cookies, we learn how the websites are used, and can continuously optimize our offers accordingly. In this context, our legitimate interest consists in processing personal data according to section 6 paragraph 1 lit. f GDPR.
4. Period of storage, options for objection and removal
Cookies are stored on the user’s computer and transmitted from there to us. For this reason, you, as the user, have full control over how we use the cookies. By changing your browser settings, you can disable or limit the transmission of cookies. It is possible to delete stored cookies at any time. This can also be performed automatically. If cookies are disabled for our websites, it is possible that some of the websites’ functionality will be lost.
VI. CONTACT FORM AND E MAIL CONTACT
1. Description and scope of data processing
Our websites includes a form that can be used to contact us electronically. If this form is used, the data entered is sent to us and stored. This data is:
First name, last name, firm, salutation, postal code, location, e mail address, as well as the comment itself
When the message is sent, the following data is also stored:
- User’s IP address
- Date and time of registration
Before processing the data, we ask for your consent and refer to this data protection declaration before you submit your information. You can also contact us via the e‑mail address provided (see also under I.). In this case, the personal data of the user sent via e mail is stored. In this context, no data is transmitted to third parties. Data is used exclusively to process the communication.
2. Legal foundation for data processing
If the user’s consent is available, processing of data is legal according to section 6 paragraph 1 lit. a GDPR. Processing of data transmitted when sending an e mail is justified according to section 6 paragraph 1 lit. f GDPR. If the e‑mail contact is aimed at the fulfillment of a contract, then the data procession is additionally legally approved by section 6 paragraph 1 lit. b GDPR.
3. Purpose of data processing
Personal data from the entry screen is exclusively used to process the contact. Contact via e mail presupposes the required legitimate interest in processing the data. The miscellaneous personal data processed during the sending process are to avoid misuse of the contact form and to safeguard the security of our information technology systems.
4. Period of storage
Data are deleted as soon as they are no longer required to fulfill the purpose of collection. For personal data entered into the input screen of the contact form or sent via e mail, this is the case if the respective communication with the user is complete. Communication is complete if it can be assumed that the question has been answered. The personal data additionally collected during the sending process will be deleted within seven days.
5. Options for objection and removal
At any time, the user has the right to revoke their consent to process personal data. If the user contacts us via e mail, they may refuse storage of personal data any time. In these cases, communication cannot be continued. As a user, you may freely decline via the contact data given under I. All personal data stored during contact with us will be deleted in this case.
VIII. SOCIAL MEDIA AND INTEGRATED CONTENTS
Integration of YouTube videos
We have integrated YouTube videos into our online presentation that are stored on www.YouTube.com and which can be immediately played from our website. [They are all integrated in the “extended data protection mode”, meaning that no data about you as the user is transmitted to YouTube if you do not play the videos. If you play the videos, the data mentioned in paragraph 2 will be transmitted. We have no control over this data transmission.]
As a result of your visit to our website, YouTube (offered by the Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) is informed that you have accessed the respective subpage website. Moreover, the data mentioned in clause V. of this declaration are transferred. This transfer is executed independently of whether YouTube makes available a user account, through which you are logged in, or not. If you are logged into Google, then your data is immediately assigned to your account. If you do not wish to be identified by your profile at YouTube, then you must log out before activating the button. YouTube stores your data as user profiles and uses them for advertising purposes, market research and/or design of its website according to demand. An analysis like this is primarily done (even for users that are not logged in) to provide demand-driven advertising and to inform other users of the social network of your activities on our website. You are entitled to decline the creation of these user profiles, but to execute this right you must address your objection to YouTube. By using this service, your consent to the collection, processing, and use of the data collected by Google, as well as input by you.
Tools of Google Ireland Ltd. are integrated into the website. This company is part of the Google group headquartered in the USA. For this reason, it cannot be excluded that incoming user data may be transferred to the headquarters. This transfer is admissible according to the assumptions of section 46 GDPR and based on the standard contractual clauses (https://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=CELEX:32004D0915&from=DE) effectively included in the contractual relationship with Google Ireland Ltd.. The clauses were approved by the European Commission and guarantee adequate protection of your personal data even outside the EU and the EEA (European Economic Area).
Please find further information about the purpose and scope of data collection and processing by YouTube in the data protection declaration of Google Ireland Ltd, where you will also find further information relevant to your rights and setting options in order to protect your privacy: policies.google.com/privacy.
IX. WEB ANALYSIS BY MEANS OF MATOMO
On our website, data are collected and stored by using the web analysis software Matomo (www.matomo.org) based on our legitimate interest in the statistical analysis of user practices for optimization purposes according to section 6 paragraph 1 lit. f GDPR. For the same purposes, pseudonymized user profiles are created from this data, and are analyzed. For this process, no cookies are in use. The data collected by means of the Matomo technology (including your pseudonymized IP address) are processed on the servers of an order processor.
The information obtained from the pseudonymized user profiles cannot be used to personally identify the visitor to this website and are not linked with personal data through the alias carrier.
If you do not consent to the storage and analysis of data from your visit, you can disable the storage of tracking data (“Do not Track“) in your browser. In this case, our Matomo installation will not store any pseudonymized user data about your.
X. YOUR RIGHTS AS THE INDIVIDUAL CONCERNED
You are entitled to demand information (section 15 GDPR), correction (section 16 DSGVO), deletion (section 17 GDPR), limitation of processing (section 18 GDPR), and data transfer (section 20 GDPR), if the respectively legally defined preconditions are fulfilled, and no exception regulation is in effect.
If we process personal data to safeguard our legitimate interests according to section 6 paragraph 1 f) GDPR, then you are entitled to use a general right of refusal. As far as there exist specific reasons resulting from your special situation, and if we do not have a superordinate interest in processing the data, we will stop processing your data in case of refusal.
If we need your consent to processing your personal data, we will explicitly ask you for it. Consent can be revoked any time with effect for the future. However, previous data processing remains unaffected by this.
You have also the right to submit a complaint to the responsible data protection supervising authority any time.