Data protection is very important to Nosta GmbH. Our efforts to meet the requirements of the European General Data Protection Regulation (GDPR) and the new version of the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) are primarily centred on respecting your privacy and personal sphere.
For modern companies like Nosta GmbH, using electronic data processing systems (IT) is a vital process today. When we do so, we do, of course, apply the highest standards when complying with legal regulations.
It is possible to use Nosta GmbH’s website without providing any personal data. If, however, a data subject wishes to use certain services that our company provides via the website, the processing of personal data might be required. If personal data must be processed and there is no legal basis for this, we generally obtain the data subject’s consent.
We never sell or loan your personal information to third parties for their marketing purposes or for other purposes. If you do not agree to the terms of the privacy policy, do not forward any personal data to us.
This privacy policy is based on the terms used in the GDPR and should be easy for anyone to read and understand. We would therefore like to clarify a number of terms first:
You may assert the following rights against us with respect to your personal data:
Right of access
Any data subject affected by the processing of personal data has the right under the GDPR to obtain from the controller responsible for processing information, at any time and free of charge, the personal data stored about them, and to receive a copy of that information. Furthermore, the European issuing body and regulator acknowledges that the data subject may obtain the following information:
In addition, the data subject has a right to obtain confirmation as to whether or not data has been transferred to a third country or an international organisation. If this is the
case, the data subject also has the right to obtain information about the appropriate guarantees in connection with the transfer.
If a data subject wishes to exercise this right of access, the data subject can contact an employee of the controller responsible for processing about this matter at any time.
Right to revoke consent under data protection law
Any data subject affected by the processing of personal data has the right to revoke consent to the processing of personal data at any time.
If a data subject wishes to exercise this right to revoke consent, the data subject can contact an employee of the controller responsible for processing about this matter at any time using any means of communication.
Right to rectification
The data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of processing, the data subject has the right to have incomplete personal data completed, also by means of a supplementary declaration.
If a data subject wishes to exercise this right of access, the data subject can contact an employee of the controller responsible for processing about this matter at any time.
Right to erasure/right to be forgotten
The data subject has the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller has the obligation to erase personal data without undue delay where one of the following grounds applies:
If a data subject wishes to exercise this right to erasure/right to be forgotten, he or she can contact an employee of the controller responsible for processing about this matter at any time.
If we have made the personal data public and are obliged pursuant to Article 17(1) of the GDPR to erase the personal data, taking account of available technology and the cost of implementation, we shall take reasonable steps, including technical measures, to inform controllers processing the personal data that a data subject has requested erasure by such controllers of any links to, or copy or replication of, such personal data. Our employees will take the necessary steps.
Right to restriction of processing
The data subject shall have the right to obtain from the controller restriction of processing where one of the following conditions applies:
If a data subject wishes to exercise this right to restriction of processing, he or she can contact an employee of the controller responsible for processing about this matter at any time.
The right to object against processing
Any data subject affected by the processing of personal data has the right under the GDPR to object, on grounds relating to his or her particular situation, at any time to the processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1) of the GDPR. This also applies to profiling based on those provisions.
If an objection has been lodged, we shall no longer process personal data unless we are able to demonstrate compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or processing serves the purpose of establishing, exercising or defending legal claims.
If we process personal data for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data for such marketing. This also applies to profiling if it relates to such direct marketing. If the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
If personal data is processed by us for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) of the GDPR, the data subject, on grounds relating to his or her particular situation, shall also have the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
The data subject may directly contact an employee to exercise his or her right to object. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may also exercise his or her right to object by automated means using technical processes.
Right to data portability
The data subject has the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used, and machine-readable format and has the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
In exercising his or her right to data portability pursuant to Article 20(1) of the GDPR, the data subject has the right to have the personal data transmitted directly from one controller to another, where technically feasible and provided that the rights and freedoms of another person are not compromised.
If a data subject wishes to exercise this right to data portability, he or she can contact an employee of the controller responsible for processing about this matter at any time.
Automated individual decision-making, including profiling
Any data subject affected by the processing of personal data shall have the right under the GDPR not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, provided that the decision
If the decision is necessary for entering into, or performance of, a contract between the data subject and the controller, or if it is carried out based on the data subject’s explicit consent, we shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
If a data subject wishes to exercise this right with respect to automated decisions, he or she can contact an employee of the controller responsible for processing about this matter at any time.
The controller collects and processes the personal data of applicants for the purpose of handling the application procedure. Processing may also take place electronically. This is the case, in particular, if an applicant submits relevant application documents to the controller by electronic means, for example by e-mail or via a contact form located on the website. If the controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment contract in compliance with the statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents will be deleted automatically unless otherwise justified by the legitimate interests of the controller. Other legitimate interest in this sense is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (GETA).
The processing of applicant data is carried out in order to fulfil our (pre)contractual obligations in the context of the application procedure within the meaning of Art. 6(1) lit. b. GDPR, Art. 6(1) lit. f. GDPR insofar as the data processing becomes necessary for us, e.g. within the scope of legal procedures (in Germany, § 26 Federal Data Protection Act (BDSG) also applies).
In keeping with legal requirements, data is stored in particular for 10 years in accordance with §§ 147 para. 1 German Fiscal Code (AO), 257 para. 1 nos. 1 and 4, para. 4 Commercial Code (HGB) (books, records, management reports, accounting vouchers, commercial books, documents relevant for taxation, etc.) and 6 years in accordance with § 257 para. 1 nos. 2 and 3, para. 4 Commercial Code (HGB) (commercial letters).
1. Using Matomo
1. We use a plugin on our website from the provider SaaS.group LLC (“Juicer”), 304 S. Jones Blvd #1205, Las Vegas NV 89107, USA, Tel: (323) 238-9740, Email: hello@juicer.io, Websites: https://saas.group/ and https://www.juicer.io/ to integrate a social media feed/channels. In this way, our activities from social media are integrated into the website or displayed aggregated on one page.
2. The use is in the interest of an appealing presentation of our online offer and to inform you and, by extension, other users of the social networks about our activities. The processing operations on the part of Juicer and the social networks are carried out to design the service to meet your needs. The legal basis is your consent pursuant to Art. 6(1) lit. a GDPR or our legitimate interests within the meaning of Art. 6(1) lit. f GDPR.
3. When you call up a page of our website that contains such a plugin, your browser establishes a direct connection to Juicer’s servers. This provides Juicer with the information that your browser has called up the corresponding page of our website and the content is provided by Juicer. This information (including your IP address) is transmitted by your browser directly to a Juicer server in the USA and is stored there. If you call up a specific feed, your browser may also establish a connection to the social network from which the integrated content originates in order to add further content. However, no cookies are set.
If you interact with the plugin, for example by sharing a feed with others via a social media channel, the corresponding information is also transmitted directly to a server of the provider and is stored there. In addition, the information about the shared feed is published in the respective social media and displayed there to your contacts. If you do not wish social media to directly assign the data collected via our website to your account there, you must log out before visiting our website.
4. For more information on the processing and use of data by the third parties, you can refer to the respective data protection notices of the respective social media provider.
5. Juicer’s privacy policy is available at https://www.juicer.io/eu-privacy. Juicer further states that no tracking mechanisms are used on the part of Juicer that make the behaviour of data subjects on the Internet traceable and/or create user profiles when a user views a feed on our website (https://help.juicer.io/hc/en-us/articles/360039934272-Juicer-and-the-EU-General-Data-Protection-Regulation-GDPR-).
Use of Google reCaptcha
1. To protect queries by form, we use the service reCAPTCHA of the company Google Inc (Google).
2. The query serves to distinguish whether the input is made by a human or abusively by automated, machine processing. The query includes sending of the IP address and possibly other data required by Google for the service reCAPTCHA to Google. For this purpose, your input is transmitted to Google and used there.
3. By using reCaptcha, you agree that the recognition you provide will be used for the digitisation of old works. However, in the event that IP anonymisation is activated on this website, your IP address will be truncated beforehand by Google within Member States of the European Union or in other contracting states to the Agreement in the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of this service.
4. The IP address transmitted by your browser as part of reCaptcha will not be merged with other data from Google. The deviating data protection provisions of the Google company apply to this data. For more information on Google’s privacy policy, please visit: https://www.google.com/intl/de/policies/privacy/.
5. Legal basis for processing your data is Art. 6(1) p. 1 lit. f GDPR.
Cookiebot
1. We use “Cookiebot” as our “cookie banner”. “Cookiebot” is a product of Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark, hereinafter “Cybot”.
2. Through the “Cookiebot” function, we inform the user about the use of cookies on the website and allow the user to make a decision about their use.
3. If the user gives his or her consent to the use of cookies, the following data will be automatically logged by Cybot:
• the user’s anonymized IP number;
• the date and time of consent;
• the user agent of the end user’s browser;
• the provider’s URL;
• an anonymous, random and encrypted key;
• the user’s permitted cookies (cookie status), which serves as proof of consent.
4. The encrypted key and the cookie status are stored on the user’s terminal device by means of a cookie in order to establish the corresponding cookie status in the event of future page visits. This cookie is automatically deleted after 12 months.
5. The use is made to fulfil a legal obligation based on Art. 6(1) lit. c GDPR as well as our legitimate interest according to Art. 6(1) lit. f GDPR. The legitimate interest consists in the user-friendliness of the website as well as in the fulfilment of the legal requirements from the GDPR.
6. The user can prevent or terminate the installation of the cookie as well as its storage, and thus his or her consent to cookies, at any time in the browser settings. Cybot offers further information via the following link: https://www.cookiebot.com/de/privacy-policy/