Konsul-Smidt-Straße 24
28217 Bremen
1. GENERAL
We take the protection and security of your personal data very seriously and collect, process, store and use your personal data exclusively in accordance with the provisions of the European Data Protection Regulation (DSGVO) and the data protection laws in the Federal Republic of Germany.
In order for you to have the best possible control over your data, we would like to inform you with our data protection declaration which personal data we collect when you use our website "www.neusta-es.de" (hereinafter referred to as "website"), how we use this data and which rights and options you have.
Personal data is any information relating to identified or identifiable natural persons, e.g. first name, last name, email address.
2. COLLECTION, PROCESSING, STORAGE AND USE OF YOUR DATA
2.1. COLLECTION, PROCESSING, STORAGE AND USE OF YOUR DATA WHEN USING OUR WEBSITE
2.1.1. LOG DATA WHEN CALLING UP OUR WEBSITE
Our website is available to everyone without prior registration. For technical reasons, your internet browser or mobile device automatically transmits the following data to our web server when you access our website:
IP address of your device,
date and time of access,
URL of the requesting website,
http response code,
name of the retrieved file,
amount of data sent,
browser type and version, and
operating system of your device.
This data is stored by our web server in log files. This data is not stored together with other personal data.
The legal basis for the storage of this data is Art. 6 para. 1 lit. f DSGVO.
We use this data to enable the use of our website and its technical administration, to ensure the security of our information technology systems, to prevent the misuse of our website and to optimise our website. These purposes are the legitimate interests pursued by us with the data processing pursuant to Art. 6 (1) lit. f DSGVO.
We delete the data as soon as it is no longer required to achieve the purpose for which it was collected. If the data is stored in log files, the data will be deleted after seven days at the latest. Storage of log data beyond this period is possible if the IP address of your device is deleted or alienated in such a way that it is no longer possible to assign the IP address to you.
2.1.2 COOKIES
Our website uses cookies. Cookies are small files that are stored on the hard drive of the device you are using at the instigation of our web server. They make it possible to uniquely identify your computer system when you repeatedly visit our website.
On the one hand, we use technically necessary cookies to identify your web session. This is necessary to enable navigation through our web pages. In addition, we store the information whether you have consented to the use of non-essential cookies. The legal basis for processing your data using cookies is Art. 6 (1) lit. f DSGVO.
In addition, we use technically non-essential cookies to analyse your use of our website. This use only takes place with your consent. When you access our website, you will be informed by an information banner about the use of technically unnecessary cookies for analysis purposes and can consent to this use or reject it.
The legal basis for this processing of your data using cookies is Art. 6 para. 1 lit. a DSGVO.
Cookies are automatically accepted by most browsers or operating systems. If you do not want this functionality, you should configure your browser to prevent cookies from being set (deactivation). Cookies that have already been saved can also be deleted at any time. Please note that deactivating cookies may limit the functionality of our website, so that you may not be able to use all the functions of our website.
2.2. COLLECTION, PROCESSING, STORAGE AND USE OF YOUR DATA WHEN CONTACTING US
2.2.1. CONTACTING US BY EMAIL
Electronic contact is possible via our email address info@neusta-es.de. In this case, your personal data transmitted by email will be stored by us.
The legal basis for the processing of your personal data, which you transmit to us in the context of electronic contact by email, is Art. 6 Para. 1 lit. f DSGVO. If the aim of contacting us electronically by email is to conclude a contract with us, the legal basis for the processing of your personal data is also Art. 6 para. 1 lit. b DSGVO.
We use your data to process your request and to contact you. These purposes are the legitimate interests pursued by us with the data processing according to Art. 6 para. 1 lit. f DSGVO.
Your data will be deleted by us as soon as it is no longer required to achieve the aforementioned purposes, unless contractual or legal obligations prevent deletion; this is the case when the facts underlying your electronic contact have been fully clarified. If you conclude a contract with us as a result of your electronic contact, your data will only be deleted when it is no longer required for the fulfilment of the contract or the implementation of pre-contractual measures. We would like to point out that it may be necessary to store your data even after the contract has been fulfilled in order to comply with contractual or legal obligations.
You can object to the use of your personal data at any time without incurring any costs other than the transmission costs. In such a case, your data stored in the context of electronic contact will be deleted; the processing of your request cannot be continued. If your data is required for the fulfilment of a contract or for the implementation of pre-contractual measures, a (premature) deletion of your data is only possible insofar as contractual or legal obligations do not prevent a deletion.
2.2.2. LOG DATA WHEN CONTACTING US
When you access our website, the data pursuant to section 2.1. of this data protection declaration is also automatically collected and stored.
2.3. MATOMO
We use the services of Matomo (formerly Piwik), an open source web analytics software provided by InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand ("Matomo") on our website.
We use Matomo to statistically analyse the use of our website and to design, constantly improve and optimise our website according to demand.
Matomo uses cookies, which are small text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of our website is stored on our server. Your IP address is anonymised before being stored on our server.
The Matomo cookie is only used if you have consented to the use of the cookie for Google Maps in the cookie settings. The legal basis for the processing of your data is Art. 6 para. 1 lit. a DSGVO.
You can revoke your consent to the use of the Matomo cookie at any time via the cookie settings (see end of page); however, we would like to point out that in this case you may not be able to use all functions of our website to their full extent.
3. DISCLOSURE OF PERSONAL DATA
3.1 We do not pass on, sell or otherwise transfer your personal data to third parties unless this is necessary for the purpose of fulfilling a contract. Otherwise, we will only pass on your personal data to third parties within the framework of a legal permit or on the basis of your consent, which can be revoked at any time for the future, and only to the extent necessary for the fulfilment of our contractual obligations.
3.2 Our service partners (e.g. hosting service providers) require your personal data and process it exclusively on our behalf within the framework of order processing, which is expressly provided for in accordance with Art. 28 (3) DSGVO.
3.3 We will only transfer your personal data to state institutions or authorities if we are obliged to do so by law.
4. SOCIAL MEDIA PLUGINS
On our website, so-called social media plugins ("plugins") of the social networks Facebook, Google +, LinkedIn and XING, of the microblogging service Twitter as well as of the video portal YouTube ("provider") are integrated on the basis of Art. 6 para. 1 lit. f DSGVO. To increase the protection of your data when visiting our website, we integrate the plugins into our website using the so-called "2-click solution". This integration ensures that no connection is established with the provider's servers when you call up our website. Only when you activate the plugins and thus give your consent to the data transfer, your browser establishes a direct connection to the servers of the providers.
4.1 FACEBOOK
So-called social media plugins ("plugins") of the social network Facebook are integrated on our website. Facebook is operated by Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"). An overview of the Facebook plugins can be found here:
https://developers.facebook.com/docs/plugins
When you visit our website and activate the plugin, a direct connection is established between your browser and the Facebook server via the plugin. Facebook thereby receives the information that you have accessed our website with your browser, even if you do not have a profile on Facebook or are not currently logged in. This information (including your IP address) is transmitted by your browser directly to a Facebook server in the USA and stored there. If you are logged in to Facebook, Facebook can directly assign your visit to our website to your profile on Facebook. If you interact with the plugin, for example by clicking the "Like" button, the corresponding information is also transmitted directly to a Facebook server and stored there. The information is also published on the social network and displayed there to your contacts.
For the purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as your rights in this regard and setting options for protecting your privacy, please refer to Facebook's privacy policy at:
http://www.facebook.com/policy.php
If you do not want Facebook to be able to associate your visit to our website with your Facebook user account, please log out of your Facebook user account.
4.2 TWITTER
So-called social media plugins ("plugins") of the microblogging service Twitter are integrated on our website. Twitter is operated by Twitter Inc, 1355 Market St, Suite 900, San Francisco, CA 94103, USA ("Twitter"). An overview of the Twitter buttons and their appearance can be found here:
https://twitter.com/about/resources/buttons
When you visit our website and activate the plugin, a direct connection is established between your browser and the Twitter server via the plugin By integrating the plugin, Twitter receives the information that your browser has called up our website, even if you do not have a profile on Twitter or are not currently logged in. This information (including your IP address) is transmitted by your browser directly to a Twitter server in the USA and stored there. If you interact with the plugin, for example by clicking the "Tweet" button, the corresponding information is transmitted directly to a Twitter server and stored there. The information is also published on your Twitter account and displayed there to your contacts.
For the purpose and scope of data collection and the further processing and use of your data by Twitter, as well as your rights in this regard and setting options for protecting your privacy, please refer to Twitter's privacy policy at:
https://twitter.com/privacy
If you do not want Twitter to assign the data collected via our website directly to your Twitter profile, you must log out of Twitter before activating the plugin.
4.3 GOOGLE +
So-called social media plugins ("plugins") of the social network Google+ of Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA ("Google+") are also integrated on our website. An overview of the Google+ plugins can be found here:
https://developers.google.com/+/plugins
When you visit our website and activate the plugin, a direct connection is established between your browser and the Google servers in the USA via the plugin and the button is displayed on our website by informing your browser. By integrating the plugin, Google receives the information that your browser has called up our website. This information (including your IP address) is transmitted by your browser directly to a Google server in the USA and stored there. This applies regardless of whether you are registered or logged in to Google+. Google stores this information for about two weeks for system maintenance and troubleshooting purposes.
If you interact with the plugin while logged into Google+, the corresponding information will be transmitted directly to a Google server and stored there. The information collected will also be linked to your Google+ account and shared with other users.
For more information on the collection and use of your data by Google, your rights in this regard and settings options for protecting your privacy, please refer to Google's privacy policy at:
http://www.google.com/intl/de/policies/privacy/
If you do not want Google to assign the collected information directly to your Google+ profile, you must log out of Google+ before visiting our website.
4.4 YOU TUBE
So-called social media plugins ("plugins") of the video portal YouTube are also integrated on our website. YouTube is operated by YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA ("YouTube").
When you visit our website and activate the plugin, a direct connection is established between your browser and the YouTube server via the plugin. YouTube thereby receives the information that you have accessed our website with your browser, even if you do not have an account with YouTube or are not currently logged in. This information (including your IP address) is transmitted by your browser directly to a YouTube server in the USA and stored there. If you are logged in to YouTube, YouTube can directly assign your visit to our website to your YouTube account.
For more information on the collection and use of your data by YouTube, your rights in this regard and settings options for protecting your privacy, please refer to YouTube's privacy policy at:
https://www.google.de/intl/de/policies/privacy
If you do not want YouTube to assign the collected information directly to your YouTube account, you must log out of YouTube before visiting our website.
4.5 XING
So-called social media plugins ("plugins") of the social network XING are also integrated on our website. XING is operated by XING SE, Dammtorstraße 30, 20354 Hamburg, Germany ("XING").
When you access our website and activate the plugin, a direct connection between your browser and the XING server is established for a short time via your browser. XING does not store any personal data, in particular XING does not store your IP address. XING also does not analyse your use of our website by means of so-called "cookies".
For further information on the processing and use of data by XING, as well as your rights in this regard and setting options for protecting your privacy, please refer to XING's privacy policy at:
https://www.xing.com/app/share?op=data_protection
4.6 LINKED IN
Finally, so-called social media plugins ("plugins") of the social network LinkedIn are integrated on our website. LinkedIn is operated by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA ("LinkedIn").
When you visit our website and activate the plugin, a direct connection is established between your browser and the LinkedIn server via the plugin. LinkedIn thereby receives the information that you have accessed our website with your browser, even if you do not have a profile on LinkedIn or are not currently logged in. This information (including your IP address) is transmitted by your browser directly to a LinkedIn server in the USA and stored there. If you are logged in to LinkedIn, LinkedIn can directly assign your visit to our website to your profile on LinkedIn. If you interact with the plugin, for example by clicking on the LinkedIn "Recommend" button, the corresponding information is transmitted directly to a LinkedIn server and stored there.
For the purpose and scope of the data collection and the further processing and use of the data by LinkedIn, as well as your rights in this regard and setting options for protecting your privacy, please refer to LinkedIn's privacy policy at:
https://www.linkedin.com/legal/privacy-policy
5. RESPONSIBLE PARTY
Responsible for the processing of your personal data is:
neusta enterprise services GmbH
Konsul-Smidt-Strasse 24
28217 Bremen
Telephone: +49 421 / 69 69 90 - 0
Fax: +49 421 / 69 69 90 - 9
Email: info@neusta-es.de
6. DATA PROTECTION OFFICER
We have appointed as data protection officer
Mr. Günther Ewald
HEC GmbH
Consul-Smidt-Strasse 20
28217 Bremen
Telephone: +49 421 / 207500
Email: datenschutz@neusta.de
ORDERED.
7. LOCATION OF YOUR DATA / DATA SECURITY
7.1 Our servers and data centres are located at neusta infrastructure services GmbH in Bremen, where the data processing also takes place.
7.2 As a rule, we process your personal data within the European Union. However, we also use the services of some third-party providers. If these third party providers are located in areas that do not provide a level of data protection equivalent to that applicable within the European Union, we take all necessary steps to ensure that your personal data is adequately protected. We do this either by entering into data protection contracts or by ensuring that the third party providers are certified to appropriate security standards (e.g. the EU-US Privacy Shield).
7.3 We take various physical, technical, organisational and administrative security measures to protect the privacy of your data to the appropriate extent depending on the sensitivity of the data.
7.4 We use SSL encryption on our website for security reasons, in particular to protect your personal data. You can recognise the encrypted connection by the lock symbol in the address bar of your browser, among other things.
8. YOUR RIGHTS
8.1. RIGHT TO INFORMATION
8.1.1 You are entitled to request information from us at any time and free of charge as to whether personal data relating to you is being processed by us. If this is the case, you have the right to be informed about this personal data and the following information:
the purposes for which the personal data concerning you are processed;
the categories of personal data processed;
the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
the planned duration of the storage of the personal data concerning you or, if this is not possible, the criteria for determining the storage period;
the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by us as controller and a right to object to processing;
the existence of a right of appeal to a supervisory authority;
any available information about the origin of the data if the personal data is not collected from you;
the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and - at least in these cases - meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
You are also entitled to request information from us as to whether your personal data is transferred to a third country or to an international organisation. In this context, you may request to be informed by us about the appropriate safeguards pursuant to Article 46 of the GDPR.
8.1.2 We reserve the right to request proof of identity to protect your data.
8.1.3 We may provide the information required by data protection law in a standard electronic format.
8.2. RIGHT TO RECTIFICATION
You also have the right to request that we correct inaccurate personal data. Furthermore, taking into account the purposes of the processing of your personal data, you have the right to request us to complete incomplete personal data.
8.3. RIGHT TO RESTRICT PROCESSING
8.3.1 You have the right to request us to restrict the processing of your personal data if one of the following conditions is met:
if you contest the accuracy of the personal data concerning you, for a period of time which allows us to verify the accuracy of the personal data;
if the processing is unlawful and you object to the erasure of the personal data concerning you and request the restriction of the use of the personal data instead
we no longer need the personal data concerning you for the purposes of the processing, but you need it for the assertion, exercise or defence of legal claims;
or
you have objected to the processing in accordance with Art. 21 (1) DSGVO and it has not yet been determined whether our legitimate reasons outweigh yours.
8.3.2 If the processing of your personal data has been restricted, this data may - apart from being stored - only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the Union or a Member State.
8.3.3. if you have obtained a restriction on the processing of your personal data, we will inform you before the restriction is lifted.
8.4. RIGHT TO ERASURE ("RIGHT TO BE FORGOTTEN")
8.4.1 You have the right to request that we erase your personal data without undue delay if one of the following reasons applies:
The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed;
You withdraw your consent on which the processing was based pursuant to Art. 6 (1) a DSGVO or Art. 9 (2) a DSGVO and there is no other legal basis for the processing;
You object to the processing pursuant to Art. 21 (1) DSGVO and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) DSGVO;
The personal data concerning you have been processed unlawfully;
The erasure of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which we are subject;
The personal data concerning you has been collected in relation to information society services offered pursuant to Article 8(1) of the GDPR.
8.4.2 If we have made personal data public and we are obliged to erase it pursuant to Article 17(1) of the GDPR, we shall take reasonable measures, including technical measures, taking into account the available technology and the costs of implementation, to inform data controllers who process your personal data that you have requested us to erase all links to your personal data or copies or replications of your personal data.
8.4.3 The right to erasure of your personal data does not exist to the extent that the processing is necessary
for the exercise of the right to freedom of expression and information;
for compliance with a legal obligation which requires processing under Union or Member State law to which we are subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;
for reasons of public interest in the area of public health pursuant to Art. 9 (2) (h) and (i) and Art. 9 (3) DSGVO;
for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) DSGVO, insofar as the right to erasure is likely to render impossible or seriously prejudice the achievement of the purposes of such processing;
or
for the assertion, exercise or defence of legal claims.
8.4.4 If you have asserted your right to rectification, erasure or restriction of processing of your personal data against us, we are obliged to notify all recipients to whom your personal data has been disclosed of the rectification, erasure or restriction of processing of your personal data, unless this proves impossible or involves a disproportionate effort. You have the right to be informed by us about the recipients of your personal data.
8.5. RIGHT TO DATA PORTABILITY
8.5.1 You have the right to receive the personal data you have provided to us in a structured, common and machine-readable format. You also have the right to transfer this data - without hindrance from us - to another responsible party, provided that
the processing is based on consent pursuant to Art. 6 (1) lit. a DSGVO or Art. 9 (2) lit. a DSGVO or on a contract pursuant to Art. 6 (1) lit. b DSGVO and
the processing is carried out with the aid of automated procedures.
8.5.2 In exercising your right to data portability, you also have the right to have your personal data transferred - without hindrance from us - directly from us to another controller, insofar as this is technically feasible. The freedoms and rights of others must not be affected by this.
8.5.3. the right to data portability does not apply to processing of your personal data which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
8.6. RIGHT TO OBJECT
8.6.1 You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data carried out on the basis of Article 6(1)(e) or (f) of the GDPR; this also applies to profiling based on these provisions.
8.6.2 We will no longer process your personal data after your objection, unless we can demonstrate compelling legitimate grounds for the further processing of your personal data that override your interests, rights and freedoms, or the further processing of your personal data serves the assertion, exercise or defence of legal claims.
8.7. RIGHT TO REVOKE DATA PROTECTION CONSENT
You have the right to revoke your data protection consent at any time. Your revocation will not affect the lawfulness of the processing of your personal data carried out on the basis of your consent until revocation.
8.8. RIGHT OF COMPLAINT
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or place of the alleged infringement, if you consider that the processing of your personal data infringes the provisions of the GDPR. The supervisory authority to which you have submitted your complaint will inform you of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.
9. UPDATE
9.1 We reserve the right to change this Privacy Policy from time to time. We will inform you in advance if we make any significant changes to the data protection declaration.
9.2 The use of your personal data is subject to the current version of the data protection declaration, which can be accessed via "DATA PROTECTION" on our websites. If you continue to access our websites after the changes have come into effect, you declare your consent to the updated data protection declaration.
If you have any questions or comments about the above privacy policy, please do not hesitate to contact us. Please send an email to
datenschutz@neusta.de
Status: December 2018
