Privacy Policy
Datenschutzerklärung

Our privacy policy is structured as follows:

English version

German version can be found below.

1. Privacy Policy
2. Data protection rights and information on the right to object
3. General information
4. Hosting
5. Cookies
6. Data processing on the website
7. Third-party tools
8. Notes on our presence on social media

1. Privacy Policy

Thank you for visiting our website and for your interest in our company. When processing your data, we strive to take the greatest possible care. The following information provides a compact and simple overview of what happens to your personal data when you visit our website. Your personal data will be processed in accordance with the relevant legal provisions

Controller

The controller within the meaning of the European General Data Protection Regulation (GDPR) and other national data protection laws of the member states of the EU as well as other data protection regulations is:

Noyes Technologies GmbH
Leopoldstraße 37a
80802 Munich
Germany

Email: info@noyes-tech.com
Web: https://www.noyes-tech.com

Contact information for questions about data protection

We have appointed a data protection officer. For questions on the subject of data protection, please contact: datenschutz@confidentdata.de

Validity and changes of the privacy policy

This privacy policy is valid and is dated from

07.07.2022

Due to the further development of our website or the implementation of new technologies and features, it may become necessary to change this privacy policy. We reserve the right to make appropriate changes at any time

2. Data protection rights and information on the right to object

Your rights of access, rectification, restriction, erasure, data portability and to lodge a complaint with the supervisory authority

Every data subject has the right of access pursuant to Art. 15 GDPR, the right to rectification pursuant to Art. 16 GDPR, the right to erasure pursuant to Art. 17 GDPR, the right to restriction of processing pursuant to Art. 18 GDPR, the right to object pursuant to Art. 21GDPR and the right to data portability pursuant to Art. 20 GDPR.

With regard to the right of access and the right of erasure, the restrictions pursuant to §§34 and 35 BDSG apply.

You may object to the processing of your personal data at any time. This also applies to objections of declarations of consent given to us before the applicability of the General Data Protection Regulation, i.e. before May 25, 2018. Please note that the objection is only effective for the future. Processing that took place before the objection is not affected by it.

In addition, there is a right to lodge a compliant with the supervisory authority (Art. 77 GDPR in conjunction with § 19BDSG). A list of the supervisory authorities (for the non-public sector) with address can be found at: https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html

Information on the right to object pursuant to Art. 21 GDPR
Right to object to the collection of personal data in special cases and recipient of the request

You have the right to object at any time, based on reasons relating to your particular situation, to the processing of your personal data on the basis of Art. 6para. 1(f) GDPR (data processing on the basis of a balance of interests); this also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

The objection can be made informally with the subject "Objection" stating your name, address or other identification features to the contact data stored in the imprint.

3. General information

Data security

We use technical and organisational security measures to protect your personal data against misuse, loss, destruction or access by unauthorised persons. The security measures taken into account (such as encryption procedures, firewall and virus protection, back-up and recovery procedures) correspond to the current state of the art and are continuously updated.

Nevertheless, we would like to point out that there is always a certain residual risk when communicating on the Internet, which depends on the user's respective usage behavior and over which we consequently have no influence.

Scope (external links)

This privacy policy applies exclusively to visits to our own website.

At some points on our website, external websites of third parties are linked. These websites are subject to the liability of the respective operators. If you notice that links on the websites refer to Internet pages whose contents violate applicable law, please notify us via the e-mail address provided in the imprint.

We will then immediately remove these links from our website. The providers do not assume any liability for the topicality, correctness, completeness or quality of the information provided.

Data erasure routine

As a matter of principle, we only store your personal data for the period of time required to achieve the purpose of storage or if this is stipulated by national or European legislation.

In Germany there is an obligation to retain documents for 6 years in accordance with § 257 para. 1 HGB (Handelsgesetzbuch),which effects the e.g. the storage period of commercial books, inventories, opening balances, annual financial statements, business letters or accounting vouchers. And pursuant to § 147 para. 1 & 3 Abgabenordnung (AO), it is 10 years for books, records, management reports, accounting vouchers, documents relevant to taxation, and 6 years in particular for commercial and business letters.

If the purpose of storage no longer applies or if a legally prescribed storage period expires, your personal data will be deleted routinely and in accordance with the statutory provisions.

Please also be aware of the specific explanations on individual storage and deletion periods of the respective data processing in this data protection declaration.

Transfers to third countries

When browsing our website, personal data maybe transferred to servers in third countries outside the European Union through our hosting provider and the integration of individual plug-ins and tools. Details about these data transfers, if any, including the respective valid legal basis, can be found in the section Hosting and in the section about the respective third-party tool in this privacy policy.

Data processing by processors

Tools and plug-ins from third-party providers are used on our website as part of commissioned processing. A data processing agreement  has been duly concluded with all commissioned processors used, which ensures an appropriate level of data protection.

You can find more information about the data processing by the  processors used in thesection of the third-party tool in this privacy policy.

4. Hosting

External hosting provider:
We use an external provider to host our website.

Provider:
For an efficient hosting and content management our website is provided by:

Webflow
Webflow, Inc.,
398 11th Street, 2nd Floor,
San Francisco,
CA 94103,
USA

Purpose:
Reliable accessibility and presentation of our website.

Legal basis:
The use of our hoster is based on our legitimate interest in the most reliable accessibility and presentation of our website, pursuant to Art. 6 para. 1 lit. f GDPR.

Data processing agreement:
We have concluded a data processing agreement (DPA) with our hoster, which ensures that the personal data of our website visitors is only processed according to our instructions and in compliance with the GDPR.

Transfers to third countries:
When browsing our website it cannot be excluded that your browser information (e.g. your IP address) will be transmitted to Webflow's servers in the US. For that case, guarantees exist in the form of concluded Standard Contractual Clauses (SCC) of the European Commission, pursuant to Art. 46 para. 2 lit. c GDPR. Information on Webflow’s SCCs can be found here: https://webflow.com/legal/eu-privacy-policy.

Despite the completed SCCs we would like to point out that the European Court ofJustice is of the opinion that there is currently no GDPR-adequate level of data protection for data transfers to the USA and that there is still a theoretical risk that data traffic could be compromised by, for example, U.S.authorities.

We are aware of the legal uncertainty that arises from the use of Webflow.Therefore we have actively decided to embed all contact forms of the website via EU-hosted solutions, so that a transmission of personal data in the US in the event of contact is prevented by design.

SSL- / TLS:
To protect the security of your data during transmission, we use the SSL or TLS encryption method via HTTPS.

Server-Log-Files:
When you browse our website technical information of your browser session is automatically processed by our server. This data (so-called server log files)includes for example: the type of web browser, the operating system used, the domain name of your Internet service provider, your IP address and the like.

Purpose:
Ensuring a stable and smooth connection to the website, a responsive use of our website and the guarantee of system security and stability. We also reserve the right to check the server log files on a regular basis if there are concrete indications of illegal use.

Legal Basis:
The legal basis for the processing of the server log files is our legitimate interest in an error-free and secure presentation of our website, pursuant to Art. 6 para. 1 lit. f GDPR.

Provision of your data voluntary or mandatory:
The provision of server log files is neither legally nor contractually required. However, without the collection of the log files, the functionality of our website is not guaranteed.

Storage period:
The server-log-files are deleted as soon as it is no longer required for the purpose of collection.This is generally the case for the data used to provide the website when the respective session has ended.

5. Cookies

Cookies

Cookies are pieces of information that are transmitted from our web server or third-party web servers to users' web browsers, where they are stored for later retrieval. They are stored either temporarily for the duration of a session (session cookies) or permanently(permanent cookies) on your terminal device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or until they are automatically deleted by your web browser.

If you agree, cookies from third-party companies may also be stored on your end device (third-party cookies). These enable us or you to use certain services of the third-party company (e.g.,reach measurement and evaluation of the usage behavior of our website, etc.)

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. saving your cookie preferences). Other cookies are used to evaluate user behavior or, for example, to display advertising.

Cookies that are necessary to carry out the electronic communication process (necessary cookies) or to provide certain functions that you have requested (functional cookies, e.g. for storing your cookie preferences) or to optimize the website (e.g. cookies for measuring the web audience) are stored on the basis of Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies has been requested, the storage of the cookies in question is based exclusively on this consent (Art. 6 para. 1 lit. a GDPR and §25 para. 1 TTDSG); a given consent can be objected at any time.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be limited.

As far as cookies are used by third-party companies or for analysis purposes, we will inform you separately about this within the framework of this data protection declaration and, if necessary, ask for your consent.

Cookiebot by Usercentrics

Provider:
Cookiebot by Usercentrics - Cybot A/, Havnegade39, 1058 Copenhagen, Denmark.

Purpose:
Cookiebot is used to obtain consent from website users to store certain cookies and to use certain third-party tools, and to document this consent in compliant manner.

Description of data processing:
When you browse our website for the first time, you are asked for your cookie preferences in Cookiebot's consent manager. A cookie is then set in your browser, which stores your cookie preferences for further browsing on our site. No personal data is passed on to Cookiebot in this process.

Legal basis:
Obtaining legally required consent for the use of cookies according to Art. 6 para.1 lit. c GDPR.

Provision of data voluntarily or required:
Obtaining your cookie preferences is required by law.

Storage period:
The collected data is stored until you request us to delete it or delete the Cookiebot cookie yourself, or until the purpose for storing the data no longer applies.

Cookiebot is not a processor:
No personal data is transmitted to Cookiebot. Cookiebot is therefore not a processor in terms of GDPR. Further information: https://support.cookiebot.com/hc/en-us/articles/360003776534-Can-you-issue-a-DPA-as-per-GDPR-Article-28-

6. Data processing on the website

Contact requests

Purpose:
Processing of the request.

Description of data processing:
Requests by e-mail, telephone or fax, including all resulting personal data, are stored and processed for the purpose of processing. A passing on of the data does not take place without your consent.

Legal basis:
The processing of your request is based on our legitimate interest of pursuing our business interests pursuant to Art. 6 para. 1 lit. f GDPR. If you contact us to request a contractual offer, the processing is carried out for the implementation of pre-contractual measures pursuant to Art. 6 para. 1 lit. bGDPR.

Provision of data voluntarily or required:
The provision of your data is neither legally nor contractually required. However, without the information a processing of your request is not possible.

Storage period:
Your data will be deleted at the latest 6 months after processing the request. If a contractual relationship exists, we are subject to the statutory retention periods and delete your data after six or ten years.

Online contact form:
By providing an online contact form, we would like to enable you to contact us easily. The information you provide will be stored for the purpose of processing the request and for possible follow-up questions, taking into account the above-mentioned storage period.

Use of a third-party CRM-Tool:
The personal data resulting from your inquiry may be stored in our third-party Customer Relationship Management System (CRM). For more information on the CRM system that is used, please refer to the section Third-party tools.

Applications via the website

Purpose:
Processing of applications.

Description of data processing:
On our website, users have the possibility of applying to us either via our application form or directly by e-mail. In this context, we will inform you separately about the details of the processing of your application data with corresponding data protection information according to Art. 13, 14 and 21 GDPR.

Legal basis:
The processing of your application is primarily based on the decision on the establishment of an employment relationship (Art. 88 GDPR in conjunction with §26 BDSG).  Furthermore, we may process your data for the fulfillment of legal obligations if this is necessary (Art. 6para. 1 lit. c GDPR) and on the basis of our legitimate interests (Art. 6 para.1 lit. f GDPR), for example in the case of assertion of legal claims and defense in legal disputes.

Provision of data voluntarily or required:
The provision of your application is voluntary. However, we can only make a decision on the establishment of an employment relationship if you provide such personal data that is required for the execution of the application.

Storage period:
Your application documents will be deleted no later than six months after the end of the application process (e.g. notification of the rejection decision),unless longer storage is legally required or permitted.

Application pool:
In case we are unable to make you a job offer at the time of your application, we offer applicants the opportunity to be included in our applicant pool in order to be informed about suitable vacancies at a later date. Inclusion in the applicant pool is, of course, voluntary and has no effect on the current application process.

Legal basis and objection:
The processing is based on your consent in being part of our applicant pool according to Art. 6 para. 1 lit. a GDPR. This consent can be revoked at any time. Please read the information about your right to object according to Art. 21 GDPR in the section about your data protection rights above.

Storage period of personal data stored in our application pool:
Applications in our applicant pool will be irrevocably deleted no later than two years after consent has been given.

Use of a third-party HR Tool:
Your application data may be entered into our external HR software solution. For more information on the tool used, please refer to the section Third-party tools.

7. Third-party tools

Google Analytics

Provider:
Google - Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Purpose:
Analysis of the behavior of website visitors by evaluating, for example, page views, dwell time, operating system, etc., in order to optimise the website.

Description of data processing:
Google Analytics helps us to analyse the traffic of our website. For this to work, a tracking code provided by Google Analytics and integrated via the Google Tag Manager is implemented on our website. If you consent to tracking by Google Analytics, a cookie is set on your device, which gives your device an unique identifier (tracking ID). This cookie is linked to Google Analytics. It records the surfing behavior of our website visitors and the resulting statistics may provide information about which target groups feel addressed by our website.

Legal basis and objection:
The use of Google Analytics requires your consent. This consent is obtained via our Consent Management Tool. Legal basis is therefore Art. 6 para. 1 lit. a GDPR and §25 para. 1 TTDSG. The consent can be revoked at any time. Please read the information about your right to object according to Art. 21 GDPR in the section about your data protection rights above.

Provision of data voluntarily or required:
The provision of your data is voluntary.

Further notes on data protection:
Notes on data protection and Google Analytics:
https://support.google.com/analytics/answer/6004245?hl=de
.
General information about Google Analytics: https://marketingplatform.google.com/about/analytics/terms/de/.
Googles privacy policy: https://policies.google.com/privacy.
Browser Plug-In to Opt-Out: https://tools.google.com/dlpage/gaoptout?hl=en.

Storage period 14 months:
We have configured Google Analytics so that the stored data at user and event level is automatically deleted after 14 months. You can find more information about the storage period of the tool here: https://support.google.com/analytics/answer/7667196?hl=de.

Anonymise IP:
We have activated the IP anonymisation function. This means that no full IP addresses of visitors within the European Economic Area (EEA) are stored and transmitted unabbreviated to the USA. A transmission of unabbreviated IP addresses to servers in the USA can nevertheless not be completely ruled out and may occur in exceptional cases.

Data Processing Terms:
We have entered into a direct customer agreement with Google for the use of Google Analytics by accepting their "Data Processing Addendum" in the Google Analytics settings. You can find more information about these data processing conditions here: https://privacy.google.com/businesses/controllerterms/mccs/.

Transfers to third countries:
Processing also takes place outside the EU, namely in the USA. Guarantees exist in the form of concluded Standard Contractual Clauses (SCC) of the European Commission, pursuant to Art. 46 para. 2 lit. c GDPR. Information on Googles SCCs can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

Google Tag Manager

Provider:
Google - Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Purpose:
Efficient organisation and integration of Google tools on our website.

Description of data processing:
The Google Tag Manager allows us to centrally integrate and manage various Google tools. For this purpose, small sections of code (so-called tags) of the various Google products (such as Google Analytics, Google Ads, etc.), but also tags from other companies are integrated into the Google Tag Manager and managed from there. The Google Tag Manager itself does not store any personal data, so it only acts as an "intermediary". The situation is different for the tools that are integrated via the Tag Manager. The data protection relevance of these tools is indicated in the corresponding text passages.

Legal basis and objection:
The use of the Google Tag Manager requires your consent. This consent is obtained via our Consent Management Tool. Legal basis is therefore Art. 6 para. 1 lit. a GDPR and §25 para. 1 TTDSG. The consent can be revoked at any time. Please read the information about your right to object according to Art. 21 GDPR in the section about your data protection rights above.

Provision of data voluntarily or required:
The provision of your data is voluntary.

Storage period:
The Google Tag Manager itself does not store cookies, user profiles, analyses, etc. How long the analysis tools integrated via the Google Tag Manager store your data can therefore be found in the respective text passages.

Further notes on data protection:
How the Google TagManager works: https://support.google.com/tagmanager/?hl=de#topic=3441530.
Googles privacy policy: https://policies.google.com/privacy?hl=de.

Personio HR Software

Provider:
Personio – Personio GmbH, Rundfunkplatz 4, 80335 Munich, Germany.

Purpose:
Efficient HR-Management and application management.

Description of data processing:
Our Human Resources Management uses the cloud-based HR operating system Personio. The tool helps us to deal with HR processes, such as the applications via our website. When you apply for a job at our company, your data can be transferred in to the Personio HR Operating System. There we can centrally manage your application and control and analyse HR-related processes. All applicants will, of course, be informed separately about the data processing in the context of their application.

Legal basis and objection:
The processing of applicant data with Personio is based on our legitimate interest in the most efficient HR-Management possible, pursuant to Art. 6 lit. f GDPR.

Provision of data voluntarily or required:
The provision of your data is voluntary. Without the provision of your data, however, we may not be able to enter into a contractual relationship with you.

Storage period:
The applicant data transmitted to Personio is deleted as soon as it is no longer required (after 6 months the latest) or you request us to delete it. If the application leads to an employment relationship, other retention periods apply.

Further notes on data protection:
Personio: https://www.personio.com/privacy-policy/

Contractdata processing:
We have concluded Personios data processing agreement, which ensures that the personal data of our website visitors is only processed according to our instructions and in compliance with the GDPR.

Salesforce Sales Cloud

Provider:
Salesforce – salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich, Germany.

Purpose:
Efficient customer communication and customer management.

Description of data processing:
To manage our customers, we use the customer relationship management system (CRM) Salesforce Sales Cloud. When you contact us, for example by filling out one of our website forms, your data can be transferred to the Salesforce CRM system. There we can centrally manage your request and control and analyse customer-related processes. This happens in the Salesforce Sales Cloud, which means that personal data is transmitted to Salesforce's servers. Salesforce has assured us that our customer data is hosted exclusively on servers in the EU. In exceptional cases - for example, in the event of technical problems - data may nevertheless be transferred to the parent company of Salesforce in the USA, salesforce.com inc, Salesforce Tower,415 Mission Street, San Francisco, CA 94105, USA.

Legal basis and objection:
The processing of customer data with Salesforce SalesCloud is based on our legitimate interest in the most efficient customer management and customer communication possible, pursuant to Art. 6 lit. f GDPR.The storage of Salesforces` third-party cookies on the other hand requires your consent. This consent is obtained via our Consent Management Tool. Legal basis is therefore Art. 6 para. 1 lit. a GDPR and §25 para. 1 TTDSG. The consent can be revoked at any time. Please read the information about your right to object according to Art. 21 GDPR in the section about your data protection rights above.

Provision of data voluntarily or required:
The provision of your data is voluntary. Without the provision of your data, however, we may not be able to enter into a contractual relationship with you.

Storage period:
The customer data transmitted to Salesforce is deleted as soon as it is no longer required or you request us to delete it. If there is a contractual relationship, we are subject to the statutory retention periods and delete your data after six or ten years.

Further notes on data protection:
Salesforce privacy policy: https://www.salesforce.com/de/company/privacy/.

Contractdata processing:
We have concluded Salesforces data processing agreement, which ensures that the personal data of our website visitors is only processed according to our instructions and in compliance with the GDPR. Salesforces DPA can be found here: https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/Agreements/data-processing-addendum.pdf.

Transfers to third countries:
In exceptional cases, processing also takes place outside the EU, namely in the USA. Guarantees exist in the form of binding corporate rules (BCR) in accordance with Article 47 of the GDPR, to which Salesforce has committed itself and which have been approved by the French data protection authority and also in the form of concluded Standard Contractual Clauses (SCC) of the European Commission, pursuant to Art. 46 para. 2 lit. c GDPR. Salesforces SCC Ammendment can be found here: https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/Agreements/scc-amendment.pdf

Vimeo

Provider:
Vimeo – Vimeo Inc., 555 West 18th Street, New York 10011, USA.

Purpose:
Improving our website by displaying video content.

Description of data processing:
We have embedded videos from the video portal Vimeo on our website, using the"Do-Not-Track" setting. If you choose to play a Vimeo video on our website, a connection to the servers of Vimeo is established. Hereby the provider is informed about your IP address and the information on which of our pages you clicked on the video. The do-not-track setting of the tool, which we have deliberately chosen, ensures that Vimeo itself will not set any analysis cookies that track your user activity.

Legal basis and objection:
The use of Vimeo requires your consent. This consent is obtained via ourConsent Management Tool, respectively will be obtained before clicking on the displayed Vimeo content. Legal basis is therefore Art. 6 para. 1 lit. a GDPR and §25 para. 1 TTDSG. The consent can be revoked at any time. Please read the information about your right to object according to Art. 21 GDPR in the section about your data protection rights above.

Provision of data voluntarily or required:
The provision of your data is voluntary.

Storage period:
By embedding video content from Vimeo, we do not consciously collect user data. How long Vimeo stores your data, on the other hand, can not be clearly quantified from our side.

Transfers to third countries:
The processing also takes place outside the EU, namely in the USA. Vimeo relies here on its "legitimate business interests"as well as on appropriate safeguards in the form of standard contractual clauses, pursuant to Art. 46 para. 2 lit. c GDPR. You can find more information here: https://vimeo.com/privacy#international_data_transfers_and_certain_user_rights

Further notes on data protection:
Vimeo privacy policy: https://vimeo.com/privacy.

8. Notes on our presence on social media

Data processing resulting from our presence on social media platforms

We are having profiles on various social media platforms. Details on the individual platforms we use can be found in this section.

Purpose:
We are having profiles on various social media platforms. Details on the individual platforms we use can be found in this section.

Description of data processing:
The type of data processing differs from platform to platform. Social networks such as Facebook, Instagram, Twitter, etc. can comprehensively analyse user behavior when you visit the respective platform or a website with integrated social media content (e.g. share/like buttons or banners). Visiting our profiles on the platforms triggers numerous processing operations relevant to data protection.

For example:
If you are logged into your account and visit our profile, the operator of the platform can assign this visit to your user account. Your personal data transmitted when you visit our profile may also be collected if you are not logged in or do not have an account with the respective social media platform.This is done, for example, via cookies that are stored on your terminal device or by recording your IP address.

The data collected in this way enables the platforms to create user profiles of the visitors, in which the preferences and interests of the users are stored. This helps the operators of the platforms to show you advertising tailored to your respective interests inside and outside platforms.This is how the platforms earn money. Provided you have an account with the respective platform, this advertising can be displayed on all devices on which you are or were logged in.

The data processing that takes place on the individual platforms is very difficult for outsiders to understand:  It is therefore not possible for us to trace all the processing operations that actually take place on the individual networks. When visiting the platforms, it is therefore quite possible that further processing operations of your data are carried out by the operators. You can find more information on this in the terms of use and data protection provisions of the individual services.

Legal basis:
The legal basis is our legitimate interest in a comprehensive presence on social media platforms pursuant to Art. 6 para. 1 lit. f GDPR. The data processing on the social media platforms themselves is based on other legal bases for which the operators themselves are responsible.

Storage period:
Personal data that we have collected directly via the individual platforms will be deleted from our systems as soon as you request us to do so, revoke your consent to storage or the purpose for storing the data no longer applies. Cookies remain on your device until you delete them. We have no direct influence on the storage period of your data on the individual social media platforms.

We have profiles on the following platforms:

Instagram

Provider:
Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA.

Data transfers to the US:
Whilst visiting our Instagram profile, personal data is transferred to servers of Facebook (Meta), as Instagram's parent company, in the USA. The data transfer to the USA is based on the concluded standard contractual clauses of the EU Commission. These can be viewed here: https://www.facebook.com/legal/EU_data_transfer_addendum.

Information on Instagram and privacy:
Instagrams privacy policy: https://help.instagram.com/519522125107875.
Information on the Standard Contractual Clauses: https://de-de.facebook.com/help/566994660333381.

LinkedIn

Provider:
LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

Contract data processing:  
We have concluded LinkedIns' contract data processing, which ensures that the personal data of our website visitors are processed only according to our instructions and in compliance with the GDPR. LinkedIn's Contract data processing can be found here: https://www.LinkedIn.com/legal/l/dpa.

Data transfers to the US:
Whilst visiting our LinkedIn profile, data is transferred to LinkedIn servers in the USA. The transfer of data to the USA is based on the standard contractual clauses of the EU Commission. These can be viewed here: https://www.linkedin.com/legal/l/eu-sccs.

Information on LinkedIn and privacy:
LinkedIns privacy policy: https://www.linkedin.com/legal/privacy-policy.
Opt-out cookie to disable LinkedIn retargeting: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Youtube

Provider:
Google – Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Purpose:
Improving our website by displaying video content.

Description of data processing:
We have embedded YouTube videos on our website using the so called "extended data protection mode". This embedding method ensures that YouTube does not store any information about our visitors before they watch the video on our website. However, the transfer of data to the Google DoubleClick network cannot necessarily be excluded by the extended data protection mode. As soon as you start a YouTube video on our website, your browser establishes a connection to YouTube's servers. This tells YouTube which page you have visited. If you are logged into your YouTube account at this time, the data is merged. In addition, YouTube sets cookies on your end device when you start a video. In summary, it can be said that after starting a YouTube video, data processing operations are triggered over which we have no influence.

Legal basis and objection:
The use of YouTube requires your consent. This consent is obtained via our Consent Management Tool, respectively will be obtained before clicking on the displayed Vimeo content. Legal basis is therefore Art. 6 para. 1 lit. a GDPR and §25 para. 1 TTDSG. The consent can be revoked at any time. Please read the information about your right to object according to Art. 21 GDPR in the section about your data protection rights above.

Provision of data voluntarily or required:
The provision of your data is voluntary.

Storage period:
By embedding video content from YouTube, we do not consciously collect user data. How long Vimeo stores your data, on the other hand, can not be clearly quantified from our side.

Transfers to third countries:
A transfer of your data also takes place outside the EU, namely in the USA. The European Court of Justice is of the opinion that there is currently no adequate level of data protection for data transfers to the USA. The data transfer in case of viewing YouTube videos on our website is not secured by an effective transfer mechanism that would guarantee a data protection level which is adequate with GDRP. Thus, the transferred data may not be processed anonymously, may be viewed by U.S. government authorities, and may be linked to other Google services with which you have an account.

Further notes on data protection:
Googles privacy policy, as YouTubes parent company: https://policies.google.com/privacy?hl=de.
For owners of a Google Account:
Link to disable the recording of your YouTube history: https://myactivity.google.com/myactivity.
Link to the data and privacy settings: https://myaccount.google.com/data-and-privacy.

Revolutionize
Urban Nano Fulfillment now