Thank you very much for your interest in our company. Data protection has a particularly high priority for the management of Nussbaumer Projects. In principle, the Nussbaumer Projects website can be used without providing any personal data. However, if a data subject wishes to make use of special services of our company via our website, it may be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the data subject.
The processing of personal data, for example the name, address, e-mail address or telephone number of a data subject, is always carried out in accordance with the General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations applicable to Nussbaumer Projects. By means of this privacy statement, our company wishes to inform the public about the type, scope and purpose of the personal data collected, used and processed by us. In addition, this privacy statement will inform individuals about their rights.
As the data controller, Nussbaumer Projects shall ensure to the best of its knowledge that the service providers used implement appropriate technical and organizational measures for the provision of the Nussbaumer Projects website in order to ensure that the personal data processed via this website is protected as completely as possible. Nevertheless, Internet-based data transmissions can in principle have security gaps, so that absolute protection cannot be guaranteed. For this reason, each data subject is free to transmit personal data to us by alternative means, such as telephone.
Nussbaumer Projects’ Privacy statement is based on the terms used by the European Directive and Regulation authority in the adoption of the General Data Protection Regulation (GDPR). Our privacy statement should be easy to read and understand for the public as well as for our customers and business partners. In order to guarantee this, we would like to explain the terms used in advance.
We use the following terms in this privacy statement:
“Personal data” is any information relating to an identified or identifiable natural person (hereinafter “data subject”). A natural person shall be considered identifiable if he can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more specific characteristics expressing the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
“Data subject” means any identified or identifiable natural person whose personal data are processed by the controller.
Processing of Personal Data
“Processing” means any operation or set of operations which is carried out with or without the aid of automated processes and which relates to personal data, such as collection, recording, organization, sorting, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or association, qualification, erasure or destruction.
Restriction of Processing
“Restriction of processing” is the marking of stored personal data with the aim of limiting their future processing.
“Profiling” is any automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to the work performance, economic situation, health, personal preferences, interests, reliability, conduct, whereabouts or movement of that natural person.
“Pseudonymization” means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the provision of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures ensuring that the personal data are not attributed to an identified or identifiable natural person.
The controller shall be the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are laid down by Union law or by the law of the Member States, the controller or controllers may be designated in accordance with Union law or with the law of the Member States based on specific criteria.
“Processor” is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
The recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not that person is a third party. However, authorities which may receive personal data under a specific investigation mandate in accordance with Union law or the law of the Member States shall not be deemed to be recipients of such data.
“Third party” means any natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons who, under the direct responsibility of the controller or processor, are empowered to process the personal data.
“Consent” shall mean any voluntary, informed and unambiguous expression by the data subject of his or her will in the particular case, in the form of a statement or other unequivocal confirmatory act, indicating that he or she consents to the processing of his or her personal data.
2. Name and Address of the Controller
The controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is
Nussbaumer Projects GmbH
Tel.: +49 40 22865628
3. Name and Address of the Data Protection Officer
Name and Address of the Data Protection Officer
Dr. Frank Jestczemski
Nussbaumer Projects GmbH
Phone: +49 40 22865628
Data subjects may contact our data protection officer directly at any time with all questions and suggestions regarding data protection.
By cookies, the information and offers on our website can be optimized in the interests of the user and the website can be made more user-friendly. Cookies enable us to recognize the users of our website. The purpose of this recognition is to make it easier for users to use our website. For example, if the website is visited repeatedly, the last setting of the language selection is adopted and the reference to the privacy statement is not displayed again.
The data subject can prevent the setting of cookies by our website at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an Internet browser or other software programs. This is possible in all common Internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be fully usable under certain circumstances.
5. Collection of General Data and Information
The Nussbaumer Projects website collects a series of general data and information each time the website is accessed by a data subject or an automated system. This general data and information is stored in the log files of the server at the hosting partner Nethosting24 GmbH (http://www.nethosting24.de) for our homepage. Further information can be found in the privacy statement on the homepage of Nethosting24 GmbH (http://www.nethosting24.de/unternehmen.shtml).
When using this general data and information, Nussbaumer Projects neither draws conclusions about the data subject nor accesses this data for other purposes. Rather, this information is required by the hosting partner Nethosting24 GmbH on our homepage in order (1) to deliver the contents of our website correctly, (2) to optimize the contents of our website, (3) to guarantee the permanent functionality of the information technology systems and the technology for our website and (4) to provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyber-attack. This anonymously collected data and information is therefore evaluated by Nethosting24 GmbH both statistically and with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimum level of protection for the personal data processed by us.
6. Contact possibility via the website
Nussbaumer Projects offers users the opportunity to leave individual comments on individual blog posts on a blog located on the website of the data controller. A blog is a portal that is maintained on a website and is usually open to the public. One or more persons called bloggers or web bloggers can post articles or write thoughts in so-called blog posts in this portal. Blog posts can usually be commented on by third parties.
If a data subject leaves a comment on the blog published on this website, in addition to the comments left by the data subject, information about the time the comment was entered and the user name (pseudonym) chosen by the data subject is stored and published. In addition, the IP address assigned by the Internet Service Provider (ISP) to the data subject is logged. This IP address is stored for security reasons and if the data subject violates the rights of third parties by submitting a comment or posts illegal content. The storage of this personal data is therefore in the own interest of the data controller, so that in the event of a violation of the law, the data controller could exculpate himself. The personal data collected will not be disclosed to third parties unless such disclosure is required by law or serves the legal defense of the data controller.
Nussbaumer Projects uses the services of Automattic:
60 29th Street #343
San Francisco, CA 94110
These services are Wordpress.com (blog), Jetpack (design, marketing, security) and Akismet (spam filter).
7. Subscription to Comments in the Blog on the Website
Comments posted on the Nussbaumer Projects blog can be subscribed to by third parties. Especially, it is possible for a contributor to subscribe to the comments following his comment on a specific blog post.
If a data subject chooses the option to subscribe to comments, the data controller will send an automatic confirmation e-mail to check in the double opt-in procedure whether the real owner of the e-mail address specified has opted for this option. The option to subscribe to comments can be terminated at any time.
8. Routine Deletion and Blocking of Personal Data
The controller shall process and store the personal data of the data subject only for the period necessary to achieve the storage purpose or where provided for by the European directive and regulation authority or another legislator in laws or regulations to which the controller is subject.
If the storage purpose no longer applies or if a storage period prescribed by the European directive and regulation giver or another competent legislator expires, the personal data shall be blocked or deleted routinely and in accordance with the statutory provisions.
9. Rights of the Data Subject
Right to Obtain Confirmation
Every data subject shall have the right, granted by the European directive and regulation authority, to obtain from the controller confirmation as to whether personal data relating to him or her are being processed. If a data subject wishes to exercise this right of confirmation, he or she may at any time contact an employee of the controller.
Right to Obtain Communication
Any data subject involved in the processing of personal data has the right, granted by the European directive and regulation authority, to obtain at any time, free of charge, from the controller, information on the personal data relating to him which have been stored and a copy of that information. Furthermore, the European Data Protection Supervisor has granted the data subject access to the following information:
the processing purposes
the categories of personal data processed
the recipients or categories of recipients to whom the personal data have been or will be disclosed, particularly for recipients in third countries or international organizations
if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration
the existence of a right to rectify or erase personal data relating to him or her or to limit the processing carried out by the controller or of a right to object to such processing
the existence of a right of appeal to a supervisory authority
if the personal data are not collected from the data subject: All available information about the origin of the data
the existence of automated decision-making, including profiling, in accordance with art. 22 paras. 1 and 4 of the GDPR and, at least in these cases, meaningful information on the logic involved and the scope and intended impact of such processing on the data subject.
The data subject also has the right to know whether personal data have been transferred to a third country or to an international organization. If this is the case, the data subject shall also have the right to obtain information on the appropriate safeguards in connection with the transfer.
If a data subject wishes to exercise this right of access, he or she may at any time contact an employee of the controller for this purpose.
Right to Obtain Rectification
Any data subject involved in the processing of personal data has the right, granted by the European directive and regulation authority, to request the rectification without delay of inaccurate personal data concerning him or her. Furthermore, the data subject shall have the right, having regard to the purposes of the processing, to request the completion of incomplete personal data, including by means of a supplementary statement.
If a data subject wishes to exercise this right of rectification, he or she may at any time contact a member of staff of the controller.
Right to Obtain Erasure (Right to be Forgotten)
Any data subject who is involved in the processing of personal data shall have the right, granted by the European directive and regulation authority, to obtain from the controller the erasure without delay of the personal data concerning him or her, if one of the following reasons applies and if the processing is not necessary:
The personal data have been collected or otherwise processed for purposes for which they are no longer necessary.
The data subject revokes the consent on which the processing was based pursuant to art. 6 para. 1 letter a GDPR or art. 9 para. 2 letter a GDPR and there is no other legal basis for the processing.
The data subject objects to the processing pursuant to art. 21 para. 1 GDPR and there are no overriding legitimate reasons for the processing, or the data subject objects to the processing pursuant to art. 21 para. 2 GDPR.
The personal data were processed unlawfully.
The deletion of personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the controller is subject.
The personal data have been collected in relation to services offered by the information society in accordance with art. 8 para. 1 GDPR.
If one of the aforementioned reasons applies and a data subject wishes to have personal data stored at Nussbaumer Projects deleted, he or she can contact an employee of the data controller at any time. The employee of Nussbaumer Projects will arrange for the request for deletion to be complied with immediately.
If the personal data have been made public by Nussbaumer Projects and if our company is obliged to delete the personal data in accordance with art. 17 para. 1 GDPR, Nussbaumer Projects shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform other persons responsible for data processing who process the published personal data that the data subject has requested the deletion of all links to this personal data or copies or replications of this personal data from these other persons responsible for data processing, insofar as the processing is not necessary. The Nussbaumer Projects employee will take the necessary steps in individual cases.
Right to Restriction of Processing
Any data subject involved in the processing of personal data has the right, granted by the European directive and regulation authority, to request the controller to limit the processing if one of the following conditions is met:
The accuracy of the personal data is contested by the data subject for a period which allows the controller to verify the accuracy of the personal data.
The processing is unlawful, the data subject refuses the deletion of the personal data and instead requests the restriction of the use of the personal data.
The controller no longer needs the personal data for the purposes of processing, but the data subject needs them for the assertion, exercise or defense of legal rights.
The data subject has lodged an objection to the processing pursuant to art. 21 para. 1 GDPR and it is not yet clear whether the legitimate reasons of the data controller outweigh those of the data subject.
If one of the conditions mentioned above is met and a data subject wishes to request the restriction of personal data stored at Nussbaumer Projects, he or she can contact an employee of the data controller at any time. The Nussbaumer Projects employee will arrange for the processing to be restricted.
Right to Data Portability
Any data subject involved in the processing of personal data has the right, granted by the European directive and regulation authority, to obtain the personal data concerning him or her provided by the data subject to a controller in a structured, common and machine-readable format. It also has the right to communicate this data to another data controller without interference from the controller to whom the personal data have been provided, provided that the processing is based on the consent referred to in art. 6 para. 1 letter a GDPR or art. 9 para. 2 letter a GDPR or on a contract referred to in art. 6 para. 1 letter b GDPR and the processing is carried out by automated means, provided that the processing is not necessary for the performance of a task in the public interest or in the exercise of official authority entrusted to the controller.
Furthermore, the data subject has the right, when exercising his right to data transferability in accordance with art. 20 para. 1 GDPR, to obtain that the personal data be transferred directly from one controller to another controller, insofar as this is technically feasible and insofar as the rights and freedoms of other persons are not affected by this.
In order to assert the right to data transfer, the data subject can contact a Nussbaumer Projects employee at any time.
Right to Object
Any data subject involved in the processing of personal data has the right, granted by the European directive and regulation authority, to object at any time to the processing of personal data concerning him or her based on art. 6 para. 1 letters e or f of the GDPR for reasons related to his or her special situation. This also applies to profiling based on these provisions.
Nussbaumer Projects will no longer process personal data in the event of objection, unless we can prove compelling grounds for processing worthy of protection which outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.
If Nussbaumer Projects processes personal data in order to conduct direct advertising, the data subject has the right to object at any time to the processing of personal data for the purpose of such advertising. This also applies to profiling as far as it relates to such direct advertising. If the data subject objects to processing by Nussbaumer Projects for direct marketing purposes, Nussbaumer Projects will no longer process the personal data for these purposes.
In addition, the data subject has the right to object to the processing of personal data concerning him by Nussbaumer Projects for scientific or historical research purposes or for statistical purposes in accordance with art. 89 para. 1 GDPR for reasons arising from his particular situation, unless such processing is necessary for the performance of a task in the public interest.
In order to exercise the right to object, the data subject may contact any Nussbaumer Projects employee or any other employee directly. The data subject is also free to exercise his right of objection in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.
Automated Individual Decisions incl. Profiling
Any data subject involved in the processing of personal data has the right, granted by the European directive and regulation authority, not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects on him or her or significantly affects him or her in a similar manner, provided that the decision (1) is not necessary for the conclusion or performance of a contract between the data subject and the data controller, or (2) is authorized by Union or national law or by the Member States to which the data controller is subject and which provides for adequate measures to safeguard the rights and freedoms and the legitimate interests of the data subject, or (3) is taken with the express consent of the data subject.
If the decision (1) is necessary for the conclusion or performance of a contract between the data subject and the data controller or (2) is taken with the express consent of the data subject, Nussbaumer Projects shall take appropriate measures to safeguard the rights and freedoms and the legitimate interests of the data subject, including at least the right to have the data controller intervene, to present his or her point of view and to contest the decision.
If the data subject wishes to assert rights relating to automated decisions, he or she may at any time contact an employee of the controller for this purpose.
Right to withdraw Consent under Data Protection Law
Any data subject involved in the processing of personal data has the right, granted by the European directive and regulation authority, to revoke consent to the processing of personal data at any time.
If the data subject wishes to exercise his or her right to withdraw consent, he or she may at any time do so by contacting an employee of the controller.
10. Data Protection for Applications and in the Application Process
The data controller collects and processes the personal data of applicants for the purpose of processing the application procedure. Processing may also be carried out electronically. This is particularly the case if an applicant submits the relevant application documents electronically, for example by e-mail or via a web form on the website, to the data controller. If the data controller concludes an employment contract with an applicant, the data transmitted shall be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the controller does not conclude a contract of employment with the applicant, the application documents shall be automatically deleted two months after notification of the rejection decision, unless deletion conflicts with any other legitimate interests of the controller. Other legitimate interests in this sense include, for example, the duty to provide evidence in proceedings under the General Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz - AGG).
11. Privacy Statement regarding the Use of Google Maps
The data controller has integrated an API for the Google Maps map service on this website.
The operating company of the API for the Google Maps map service is Google Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.
In order to use the functions of Google Maps, it is necessary to store the IP address of the data subject. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.
More information on the handling of user data is published in Google's privacy statement: https://www.google.de/intl/de/policies/privacy/
12. Privacy Statement for Use of Jetpack and Akismet for WordPress
The data controller has integrated Jetpack into this website. Jetpack is a WordPress plug-in which offers additional functions to the operator of a website based on WordPress. Jetpack allows the website operator, among other things, an overview of the visitors to the website. The display of related articles and publications or the possibility to share content on the site can also increase the number of visitors. In addition, security features are integrated into Jetpack so that a website using Jetpack is better protected against brute force attacks. Jetpack also optimizes and accelerates the loading of images integrated into the site.
The operating company of the Jetpack plug-in for WordPress is Automattic Inc, 132 Hawthorne Street, San Francisco, CA 94107, USA. The operating company uses the tracking technology of Quantcast Inc., 201 Third Street, San Francisco, CA 94103, USA.
Jetpack places a cookie on the data subject's information technology system. What cookies are has already been explained above. Each time one of the individual pages of this Web site is accessed by the data controller and a Jetpack component is integrated, the Internet browser on the data subject's information technology system is automatically prompted by the respective Jetpack component to transmit data to Automattic for analysis. As part of this technical process, Automattic becomes aware of data that is subsequently used to create an overview of Web site visits. The data obtained in this way is used to analyze the behavior of the data subject who accessed the website of the data controller and is evaluated with the aim of optimizing the website. The data collected through the Jetpack component will not be used to identify the data subject without the prior express consent of the data subject. The data also becomes known to Quantcast. Quantcast uses the data for the same purposes as Automattic.
The data subject can prevent the setting of cookies by our website at any time, as described above, by means of an appropriate setting of the Internet browser used and can thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Automattic/Quantcast from setting a cookie on the information technology system of the data subject. In addition, cookies already set by Automattic can be deleted at any time via the Internet browser or other software programs.
Furthermore, the data subject may object to the collection and prevention of data generated by the Jetpack cookie and relating to the use of this website and the processing of such data by Automattic/Quantcast. For this purpose, the data subject must press the opt-out button under the link https://www.quantcast.com/opt-out/, which sets an opt-out cookie. The opt-out cookie set with the objection is stored on the information technology system used by the data subject. If the cookies on the system of the data subject are deleted after an objection, the data subject must call up the link again and set a new opt-out cookie.
With the setting of the opt-out cookie, however, it is possible that the website of the data controller may no longer be fully usable by the data subject.
Automattic's current data protection regulations can be found at https://automattic.com/privacy/. The current Quantcast data protection regulations can be found at https://www.quantcast.com/privacy/.
13. Legal Basis of the Processing
art. 6 para. 1 letter a GDPR serves our company as a legal basis for processing operations in which we obtain consent for a specific processing purpose.
If the processing of personal data is necessary for the fulfilment of a contract whose contracting party is the data subject, as is the case, for example, with processing operations which are necessary for the delivery of goods or the provision of other services or consideration, the processing is based on art. 6 para. 1 letter b GDPR. The same applies to such processing operations which are necessary for the implementation of pre-contractual measures, for example in cases of inquiries regarding our products or services.
If our company is subject to a legal obligation through which a processing of personal data becomes necessary, such as for example to fulfill tax obligations, the processing is based on art. 6 para. 1 letter c GDPR.
In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our business were injured and his name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on art. 6 para. 1 letter d GDPR.
Ultimately, processing operations could be based on art. 6 para. 1 letter f GDPR. On this legal basis processing operations are based, which are not seized by any of the aforementioned legal bases, if the processing is necessary for the protection of a justified interest of our enterprise or a third party, if the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh. Such processing operations are permitted to us especially because they have been specifically mentioned by the European legislator. In this respect, he took the view that a justified interest could be assumed if the data subject is a customer of the controller (recital 47 sentence 2 GDPR).
14. Legitimate Interests in the Processing pursued by the Controller or by a Third Party
If the processing of personal data is based on art. 6 para. 1 letter f GDPR, our legitimate interest is the conduct of our business for the benefit of all our employees and shareholders.
15. Duration for which the Personal Data will be stored
The criterion for the duration of the storage of personal data is the respective legal retention period. After this period has expired, the corresponding data will be routinely deleted unless they are no longer required for the fulfilment or initiation of the contract.
16. Legal or Contractual Provisions governing the Provision of Personal Data;
Necessity for the Conclusion of the Contract;
Obligation of the Data Subject to provide the Personal Data;
Possible Consequences of not providing the Data
We will inform you that the provision of personal data is partly required by law (e.g. tax regulations) or may result from contractual provisions (e.g. information on the contractual partner). Sometimes it may be necessary for a contract to be concluded that a data subject makes personal data available to us which must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with him or her. Failure to provide personal data would mean that the contract could not be concluded with the data subject. The data subject must contact one of our employees before providing personal data. Our employee will inform the data subject on a case-by-case basis whether the provision of personal data is required by law or contract or is necessary for the conclusion of a contract, whether there is an obligation to provide the personal data and the consequences of not providing the personal data.
17. Existence of an Automated Decision-making Process
As a responsible company, we refrain from automatic decision-making or profiling.
The basis for this privacy statement was created by the privacy statement generator of the DGD, Deutsche Gesellschaft für Datenschutz GmbH, which acts as an external data protection officer in Hanover, in cooperation with the Cologne IT and data protection lawyer Christian Solmecke.
The necessary adjustments were carried out by Nussbaumer Projects' data protection officer.